From f9bf7ba7317a25052592e421a54518530783ecec Mon Sep 17 00:00:00 2001 From: Pulumi Bot <30351955+pulumi-bot@users.noreply.github.com> Date: Mon, 11 Mar 2024 04:34:59 -0700 Subject: [PATCH] Upgrade pulumi-terraform-bridge to v3.77.0 (#424) This PR was generated via `$ upgrade-provider pulumi/pulumi-keycloak --kind=bridge --pr-reviewers=iwahbe`. --- - Upgrading pulumi-terraform-bridge from v3.76.0 to v3.77.0. --- examples/go.mod | 4 +- examples/go.sum | 8 +- .../cmd/pulumi-resource-keycloak/schema.json | 3326 +++++++---------- provider/go.mod | 40 +- provider/go.sum | 822 +++- ...AttributeImporterIdentityProviderMapper.cs | 118 +- sdk/dotnet/AttributeToRoleIdentityMapper.cs | 8 +- sdk/dotnet/Authentication/Bindings.cs | 2 + sdk/dotnet/Authentication/Execution.cs | 6 +- sdk/dotnet/Authentication/ExecutionConfig.cs | 10 +- sdk/dotnet/Authentication/Flow.cs | 14 +- sdk/dotnet/Authentication/Subflow.cs | 16 +- sdk/dotnet/CustomIdentityProviderMapping.cs | 14 +- sdk/dotnet/CustomUserFederation.cs | 101 +- sdk/dotnet/DefaultGroups.cs | 48 +- sdk/dotnet/DefaultRoles.cs | 11 +- sdk/dotnet/GenericClientProtocolMapper.cs | 79 +- sdk/dotnet/GenericClientRoleMapper.cs | 20 +- sdk/dotnet/GenericProtocolMapper.cs | 6 +- sdk/dotnet/GenericRoleMapper.cs | 20 +- sdk/dotnet/GetAuthenticationExecution.cs | 12 +- sdk/dotnet/GetAuthenticationFlow.cs | 12 +- sdk/dotnet/GetClientDescriptionConverter.cs | 12 +- sdk/dotnet/GetGroup.cs | 106 +- sdk/dotnet/GetRealm.cs | 50 +- sdk/dotnet/GetRealmKeys.cs | 40 +- sdk/dotnet/GetRole.cs | 113 +- sdk/dotnet/GetUser.cs | 12 +- sdk/dotnet/GetUserRealmRoles.cs | 12 +- sdk/dotnet/Group.cs | 95 +- sdk/dotnet/GroupMemberships.cs | 72 +- sdk/dotnet/GroupRoles.cs | 156 +- ...ardcodedAttributeIdentityProviderMapper.cs | 2 + sdk/dotnet/HardcodedRoleIdentityMapper.cs | 2 + ...ityProviderTokenExchangeScopePermission.cs | 8 +- .../Inputs/RealmInternationalizationArgs.cs | 7 - .../RealmInternationalizationGetArgs.cs | 7 - sdk/dotnet/Inputs/RealmOtpPolicyArgs.cs | 16 +- sdk/dotnet/Inputs/RealmOtpPolicyGetArgs.cs | 16 +- ...SecurityDefensesBruteForceDetectionArgs.cs | 19 - ...urityDefensesBruteForceDetectionGetArgs.cs | 19 - .../RealmSecurityDefensesHeadersArgs.cs | 24 - .../RealmSecurityDefensesHeadersGetArgs.cs | 24 - sdk/dotnet/Inputs/RealmSmtpServerArgs.cs | 30 - sdk/dotnet/Inputs/RealmSmtpServerAuthArgs.cs | 7 - .../Inputs/RealmSmtpServerAuthGetArgs.cs | 7 - sdk/dotnet/Inputs/RealmSmtpServerGetArgs.cs | 30 - .../RealmWebAuthnPasswordlessPolicyArgs.cs | 26 +- .../RealmWebAuthnPasswordlessPolicyGetArgs.cs | 26 +- sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs | 26 +- .../Inputs/RealmWebAuthnPolicyGetArgs.cs | 26 +- .../Inputs/UserFederatedIdentityArgs.cs | 9 - .../Inputs/UserFederatedIdentityGetArgs.cs | 9 - sdk/dotnet/Inputs/UserInitialPasswordArgs.cs | 7 - .../Inputs/UserInitialPasswordGetArgs.cs | 7 - sdk/dotnet/Ldap/CustomMapper.cs | 8 +- sdk/dotnet/Ldap/FullNameMapper.cs | 97 +- sdk/dotnet/Ldap/GroupMapper.cs | 225 +- sdk/dotnet/Ldap/HardcodedAttributeMapper.cs | 8 +- sdk/dotnet/Ldap/HardcodedGroupMapper.cs | 8 +- sdk/dotnet/Ldap/HardcodedRoleMapper.cs | 120 +- .../Ldap/Inputs/UserFederationCacheArgs.cs | 5 +- .../Ldap/Inputs/UserFederationCacheGetArgs.cs | 5 +- .../Ldap/Inputs/UserFederationKerberosArgs.cs | 2 +- .../Inputs/UserFederationKerberosGetArgs.cs | 2 +- .../Ldap/MsadLdsUserAccountControlMapper.cs | 8 +- .../Ldap/MsadUserAccountControlMapper.cs | 68 +- .../Ldap/Outputs/UserFederationCache.cs | 5 +- .../Ldap/Outputs/UserFederationKerberos.cs | 2 +- sdk/dotnet/Ldap/RoleMapper.cs | 8 +- sdk/dotnet/Ldap/UserAttributeMapper.cs | 107 +- sdk/dotnet/Ldap/UserFederation.cs | 221 +- sdk/dotnet/Oidc/GoogleIdentityProvider.cs | 6 +- sdk/dotnet/Oidc/IdentityProvider.cs | 6 +- sdk/dotnet/OpenId/AudienceProtocolMapper.cs | 111 +- .../OpenId/AudienceResolveProtocolMapper.cs | 14 +- .../OpenId/AudienceResolveProtocolMappter.cs | 14 +- sdk/dotnet/OpenId/Client.cs | 488 +-- .../OpenId/ClientAuthorizationPermission.cs | 4 +- sdk/dotnet/OpenId/ClientDefaultScopes.cs | 52 +- sdk/dotnet/OpenId/ClientOptionalScopes.cs | 53 +- sdk/dotnet/OpenId/ClientPolicy.cs | 2 + sdk/dotnet/OpenId/ClientScope.cs | 94 +- .../OpenId/ClientServiceAccountRealmRole.cs | 6 +- sdk/dotnet/OpenId/ClientServiceAccountRole.cs | 6 +- sdk/dotnet/OpenId/FullNameProtocolMapper.cs | 114 +- sdk/dotnet/OpenId/GetClient.cs | 54 +- .../OpenId/GetClientAuthorizationPolicy.cs | 12 +- sdk/dotnet/OpenId/GetClientScope.cs | 12 +- .../OpenId/GetClientServiceAccountUser.cs | 12 +- .../OpenId/GroupMembershipProtocolMapper.cs | 138 +- .../OpenId/HardcodedClaimProtocolMapper.cs | 136 +- .../OpenId/HardcodedRoleProtocolMapper.cs | 95 +- ...tAuthenticationFlowBindingOverridesArgs.cs | 6 - ...thenticationFlowBindingOverridesGetArgs.cs | 6 - .../OpenId/Inputs/ClientAuthorizationArgs.cs | 12 - .../Inputs/ClientAuthorizationGetArgs.cs | 12 - ...lientAuthenticationFlowBindingOverrides.cs | 6 - .../OpenId/Outputs/ClientAuthorization.cs | 12 - sdk/dotnet/OpenId/ScriptProtocolMapper.cs | 14 +- .../OpenId/UserAttributeProtocolMapper.cs | 149 +- .../OpenId/UserClientRoleProtocolMapper.cs | 14 +- .../OpenId/UserPropertyProtocolMapper.cs | 137 +- .../OpenId/UserRealmRoleProtocolMapper.cs | 140 +- .../OpenId/UserSessionNoteProtocolMapper.cs | 14 +- sdk/dotnet/Outputs/GetRealmKeysKeyResult.cs | 24 - .../Outputs/RealmInternationalization.cs | 6 - sdk/dotnet/Outputs/RealmOtpPolicy.cs | 16 +- ...ealmSecurityDefensesBruteForceDetection.cs | 19 - .../Outputs/RealmSecurityDefensesHeaders.cs | 24 - sdk/dotnet/Outputs/RealmSmtpServer.cs | 30 - sdk/dotnet/Outputs/RealmSmtpServerAuth.cs | 6 - .../RealmWebAuthnPasswordlessPolicy.cs | 25 +- sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs | 25 +- sdk/dotnet/Outputs/UserFederatedIdentity.cs | 9 - sdk/dotnet/Outputs/UserInitialPassword.cs | 6 - sdk/dotnet/Realm.cs | 562 +-- sdk/dotnet/RealmEvents.cs | 96 +- sdk/dotnet/RealmKeystoreAesGenerated.cs | 6 +- sdk/dotnet/RealmKeystoreEcdsaGenerated.cs | 6 +- sdk/dotnet/RealmKeystoreHmacGenerated.cs | 6 +- sdk/dotnet/RealmKeystoreJavaGenerated.cs | 6 +- sdk/dotnet/RealmKeystoreRsa.cs | 4 +- sdk/dotnet/RealmKeystoreRsaGenerated.cs | 6 +- sdk/dotnet/RealmUserProfile.cs | 2 + sdk/dotnet/RequiredAction.cs | 6 +- sdk/dotnet/Role.cs | 185 +- sdk/dotnet/Saml/Client.cs | 375 +- sdk/dotnet/Saml/ClientDefaultScope.cs | 4 +- sdk/dotnet/Saml/ClientScope.cs | 8 +- sdk/dotnet/Saml/GetClient.cs | 12 +- .../Saml/GetClientInstallationProvider.cs | 12 +- sdk/dotnet/Saml/IdentityProvider.cs | 282 +- ...tAuthenticationFlowBindingOverridesArgs.cs | 6 - ...thenticationFlowBindingOverridesGetArgs.cs | 6 - ...lientAuthenticationFlowBindingOverrides.cs | 6 - sdk/dotnet/Saml/ScriptProtocolMapper.cs | 10 +- .../Saml/UserAttributeProtocolMapper.cs | 127 +- sdk/dotnet/Saml/UserPropertyProtocolMapper.cs | 127 +- sdk/dotnet/User.cs | 164 +- sdk/dotnet/UserGroups.cs | 8 +- sdk/dotnet/UserRoles.cs | 9 +- ...rTemplateImporterIdentityProviderMapper.cs | 8 +- sdk/dotnet/UsersPermissions.cs | 29 - sdk/go.mod | 3 +- sdk/go.sum | 6 +- ...attributeImporterIdentityProviderMapper.go | 169 +- .../keycloak/attributeToRoleIdentityMapper.go | 8 +- sdk/go/keycloak/authentication/bindings.go | 2 + sdk/go/keycloak/authentication/execution.go | 6 +- .../authentication/executionConfig.go | 10 +- sdk/go/keycloak/authentication/flow.go | 14 +- sdk/go/keycloak/authentication/subflow.go | 16 +- .../keycloak/customIdentityProviderMapping.go | 20 +- sdk/go/keycloak/customUserFederation.go | 148 +- sdk/go/keycloak/defaultGroups.go | 50 +- sdk/go/keycloak/defaultRoles.go | 11 +- .../keycloak/genericClientProtocolMapper.go | 120 +- sdk/go/keycloak/genericClientRoleMapper.go | 20 +- sdk/go/keycloak/genericProtocolMapper.go | 6 +- sdk/go/keycloak/genericRoleMapper.go | 20 +- sdk/go/keycloak/getAuthenticationExecution.go | 2 + sdk/go/keycloak/getAuthenticationFlow.go | 2 + .../keycloak/getClientDescriptionConverter.go | 2 + sdk/go/keycloak/getGroup.go | 59 +- sdk/go/keycloak/getRealm.go | 66 +- sdk/go/keycloak/getRealmKeys.go | 32 +- sdk/go/keycloak/getRole.go | 69 +- sdk/go/keycloak/getUser.go | 2 + sdk/go/keycloak/getUserRealmRoles.go | 2 + sdk/go/keycloak/group.go | 117 +- sdk/go/keycloak/groupMemberships.go | 73 +- sdk/go/keycloak/groupRoles.go | 191 +- ...ardcodedAttributeIdentityProviderMapper.go | 2 + .../keycloak/hardcodedRoleIdentityMapper.go | 2 + ...ityProviderTokenExchangeScopePermission.go | 8 +- sdk/go/keycloak/ldap/customMapper.go | 8 +- sdk/go/keycloak/ldap/fullNameMapper.go | 138 +- sdk/go/keycloak/ldap/groupMapper.go | 354 +- .../keycloak/ldap/hardcodedAttributeMapper.go | 8 +- sdk/go/keycloak/ldap/hardcodedGroupMapper.go | 8 +- sdk/go/keycloak/ldap/hardcodedRoleMapper.go | 157 +- .../ldap/msadLdsUserAccountControlMapper.go | 8 +- .../ldap/msadUserAccountControlMapper.go | 87 +- sdk/go/keycloak/ldap/pulumiTypes.go | 24 +- sdk/go/keycloak/ldap/roleMapper.go | 8 +- sdk/go/keycloak/ldap/userAttributeMapper.go | 171 +- sdk/go/keycloak/ldap/userFederation.go | 379 +- .../keycloak/oidc/googleIdentityProvider.go | 6 +- sdk/go/keycloak/oidc/identityProvider.go | 6 +- .../keycloak/openid/audienceProtocolMapper.go | 159 +- .../openid/audienceResolveProtocolMapper.go | 14 +- .../openid/audienceResolveProtocolMappter.go | 14 +- sdk/go/keycloak/openid/client.go | 812 ++-- .../openid/clientAuthorizationPermission.go | 4 +- sdk/go/keycloak/openid/clientDefaultScopes.go | 61 +- .../keycloak/openid/clientOptionalScopes.go | 62 +- sdk/go/keycloak/openid/clientPolicy.go | 2 + sdk/go/keycloak/openid/clientScope.go | 134 +- .../openid/clientServiceAccountRealmRole.go | 6 +- .../openid/clientServiceAccountRole.go | 6 +- .../keycloak/openid/fullNameProtocolMapper.go | 149 +- sdk/go/keycloak/openid/getClient.go | 25 +- .../openid/getClientAuthorizationPolicy.go | 2 + sdk/go/keycloak/openid/getClientScope.go | 2 + .../openid/getClientServiceAccountUser.go | 2 + .../openid/groupMembershipProtocolMapper.go | 191 +- .../openid/hardcodedClaimProtocolMapper.go | 202 +- .../openid/hardcodedRoleProtocolMapper.go | 126 +- sdk/go/keycloak/openid/pulumiTypes.go | 44 +- .../keycloak/openid/scriptProtocolMapper.go | 14 +- .../openid/userAttributeProtocolMapper.go | 227 +- .../openid/userClientRoleProtocolMapper.go | 14 +- .../openid/userPropertyProtocolMapper.go | 203 +- .../openid/userRealmRoleProtocolMapper.go | 211 +- .../openid/userSessionNoteProtocolMapper.go | 14 +- sdk/go/keycloak/pulumiTypes.go | 515 +-- sdk/go/keycloak/realm.go | 968 ++--- sdk/go/keycloak/realmEvents.go | 137 +- sdk/go/keycloak/realmKeystoreAesGenerated.go | 6 +- .../keycloak/realmKeystoreEcdsaGenerated.go | 6 +- sdk/go/keycloak/realmKeystoreHmacGenerated.go | 6 +- sdk/go/keycloak/realmKeystoreJavaGenerated.go | 6 +- sdk/go/keycloak/realmKeystoreRsa.go | 4 +- sdk/go/keycloak/realmKeystoreRsaGenerated.go | 6 +- sdk/go/keycloak/realmUserProfile.go | 2 + sdk/go/keycloak/requiredAction.go | 6 +- sdk/go/keycloak/role.go | 215 +- sdk/go/keycloak/saml/client.go | 616 ++- sdk/go/keycloak/saml/clientDefaultScope.go | 4 +- sdk/go/keycloak/saml/clientScope.go | 8 +- sdk/go/keycloak/saml/getClient.go | 2 + .../saml/getClientInstallationProvider.go | 2 + sdk/go/keycloak/saml/identityProvider.go | 491 +-- sdk/go/keycloak/saml/pulumiTypes.go | 12 +- sdk/go/keycloak/saml/scriptProtocolMapper.go | 10 +- .../saml/userAttributeProtocolMapper.go | 179 +- .../saml/userPropertyProtocolMapper.go | 179 +- sdk/go/keycloak/user.go | 224 +- sdk/go/keycloak/userGroups.go | 8 +- sdk/go/keycloak/userRoles.go | 9 +- ...rTemplateImporterIdentityProviderMapper.go | 8 +- sdk/go/keycloak/usersPermissions.go | 29 - ...tributeImporterIdentityProviderMapper.java | 97 +- ...uteImporterIdentityProviderMapperArgs.java | 76 +- .../AttributeToRoleIdentityMapper.java | 9 +- .../CustomIdentityProviderMapping.java | 13 +- .../CustomIdentityProviderMappingArgs.java | 8 +- .../pulumi/keycloak/CustomUserFederation.java | 83 +- .../keycloak/CustomUserFederationArgs.java | 96 +- .../com/pulumi/keycloak/DefaultGroups.java | 45 +- .../pulumi/keycloak/DefaultGroupsArgs.java | 46 - .../com/pulumi/keycloak/DefaultRoles.java | 12 +- .../keycloak/GenericClientProtocolMapper.java | 67 +- .../GenericClientProtocolMapperArgs.java | 60 +- .../keycloak/GenericClientRoleMapper.java | 24 +- .../keycloak/GenericProtocolMapper.java | 7 +- .../pulumi/keycloak/GenericRoleMapper.java | 24 +- .../main/java/com/pulumi/keycloak/Group.java | 92 +- .../java/com/pulumi/keycloak/GroupArgs.java | 80 - .../com/pulumi/keycloak/GroupMemberships.java | 66 +- .../pulumi/keycloak/GroupMembershipsArgs.java | 66 - .../java/com/pulumi/keycloak/GroupRoles.java | 161 +- .../com/pulumi/keycloak/GroupRolesArgs.java | 86 - ...dcodedAttributeIdentityProviderMapper.java | 3 + .../keycloak/HardcodedRoleIdentityMapper.java | 3 + ...yProviderTokenExchangeScopePermission.java | 9 +- .../pulumi/keycloak/KeycloakFunctions.java | 412 +- .../main/java/com/pulumi/keycloak/Realm.java | 498 +-- .../java/com/pulumi/keycloak/RealmArgs.java | 944 +---- .../java/com/pulumi/keycloak/RealmEvents.java | 86 +- .../com/pulumi/keycloak/RealmEventsArgs.java | 152 - .../keycloak/RealmKeystoreAesGenerated.java | 7 +- .../keycloak/RealmKeystoreEcdsaGenerated.java | 7 +- .../keycloak/RealmKeystoreHmacGenerated.java | 7 +- .../keycloak/RealmKeystoreJavaGenerated.java | 7 +- .../com/pulumi/keycloak/RealmKeystoreRsa.java | 6 +- .../keycloak/RealmKeystoreRsaGenerated.java | 7 +- .../com/pulumi/keycloak/RealmUserProfile.java | 3 + .../com/pulumi/keycloak/RequiredAction.java | 7 +- .../main/java/com/pulumi/keycloak/Role.java | 148 +- .../java/com/pulumi/keycloak/RoleArgs.java | 126 - .../main/java/com/pulumi/keycloak/User.java | 147 +- .../java/com/pulumi/keycloak/UserArgs.java | 232 -- .../java/com/pulumi/keycloak/UserGroups.java | 8 +- .../java/com/pulumi/keycloak/UserRoles.java | 10 +- ...emplateImporterIdentityProviderMapper.java | 9 +- .../com/pulumi/keycloak/UsersPermissions.java | 3 + .../keycloak/authentication/Bindings.java | 3 + .../keycloak/authentication/Execution.java | 7 +- .../authentication/ExecutionConfig.java | 11 +- .../pulumi/keycloak/authentication/Flow.java | 15 +- .../keycloak/authentication/Subflow.java | 17 +- ...teImporterIdentityProviderMapperState.java | 76 +- .../CustomIdentityProviderMappingState.java | 8 +- .../inputs/CustomUserFederationState.java | 96 +- .../keycloak/inputs/DefaultGroupsState.java | 46 - .../GenericClientProtocolMapperState.java | 60 +- .../pulumi/keycloak/inputs/GetGroupArgs.java | 40 - .../keycloak/inputs/GetGroupPlainArgs.java | 28 - .../pulumi/keycloak/inputs/GetRealmArgs.java | 20 - .../keycloak/inputs/GetRealmKeysArgs.java | 72 - .../inputs/GetRealmKeysPlainArgs.java | 54 - .../keycloak/inputs/GetRealmPlainArgs.java | 14 - .../pulumi/keycloak/inputs/GetRoleArgs.java | 60 - .../keycloak/inputs/GetRolePlainArgs.java | 42 - .../inputs/GroupMembershipsState.java | 66 - .../keycloak/inputs/GroupRolesState.java | 86 - .../pulumi/keycloak/inputs/GroupState.java | 100 - .../keycloak/inputs/RealmEventsState.java | 152 - .../inputs/RealmInternationalizationArgs.java | 46 - .../keycloak/inputs/RealmOtpPolicyArgs.java | 96 +- ...curityDefensesBruteForceDetectionArgs.java | 124 - .../RealmSecurityDefensesHeadersArgs.java | 160 - .../keycloak/inputs/RealmSmtpServerArgs.java | 200 - .../inputs/RealmSmtpServerAuthArgs.java | 40 - .../pulumi/keycloak/inputs/RealmState.java | 944 +---- .../RealmWebAuthnPasswordlessPolicyArgs.java | 148 +- .../inputs/RealmWebAuthnPolicyArgs.java | 148 +- .../com/pulumi/keycloak/inputs/RoleState.java | 126 - .../inputs/UserFederatedIdentityArgs.java | 60 - .../inputs/UserInitialPasswordArgs.java | 40 - .../com/pulumi/keycloak/inputs/UserState.java | 232 -- .../pulumi/keycloak/ldap/CustomMapper.java | 9 +- .../pulumi/keycloak/ldap/FullNameMapper.java | 89 +- .../keycloak/ldap/FullNameMapperArgs.java | 84 +- .../com/pulumi/keycloak/ldap/GroupMapper.java | 201 +- .../pulumi/keycloak/ldap/GroupMapperArgs.java | 336 +- .../ldap/HardcodedAttributeMapper.java | 9 +- .../keycloak/ldap/HardcodedGroupMapper.java | 9 +- .../keycloak/ldap/HardcodedRoleMapper.java | 127 +- .../ldap/HardcodedRoleMapperArgs.java | 32 +- .../ldap/MsadLdsUserAccountControlMapper.java | 9 +- .../ldap/MsadUserAccountControlMapper.java | 62 +- .../MsadUserAccountControlMapperArgs.java | 44 +- .../com/pulumi/keycloak/ldap/RoleMapper.java | 9 +- .../keycloak/ldap/UserAttributeMapper.java | 88 +- .../ldap/UserAttributeMapperArgs.java | 80 +- .../pulumi/keycloak/ldap/UserFederation.java | 175 +- .../keycloak/ldap/UserFederationArgs.java | 206 +- .../ldap/inputs/FullNameMapperState.java | 84 +- .../ldap/inputs/GroupMapperState.java | 336 +- .../ldap/inputs/HardcodedRoleMapperState.java | 32 +- .../MsadUserAccountControlMapperState.java | 44 +- .../ldap/inputs/UserAttributeMapperState.java | 80 +- .../ldap/inputs/UserFederationCacheArgs.java | 28 +- .../inputs/UserFederationKerberosArgs.java | 8 +- .../ldap/inputs/UserFederationState.java | 206 +- .../ldap/outputs/UserFederationCache.java | 12 +- .../ldap/outputs/UserFederationKerberos.java | 4 +- .../keycloak/oidc/GoogleIdentityProvider.java | 7 +- .../keycloak/oidc/IdentityProvider.java | 7 +- .../openid/AudienceProtocolMapper.java | 97 +- .../openid/AudienceProtocolMapperArgs.java | 64 +- .../openid/AudienceResolveProtocolMapper.java | 16 +- .../AudienceResolveProtocolMappter.java | 16 +- .../com/pulumi/keycloak/openid/Client.java | 435 +-- .../pulumi/keycloak/openid/ClientArgs.java | 904 ----- .../openid/ClientAuthorizationPermission.java | 4 +- .../keycloak/openid/ClientDefaultScopes.java | 48 +- .../openid/ClientDefaultScopesArgs.java | 66 - .../keycloak/openid/ClientOptionalScopes.java | 49 +- .../openid/ClientOptionalScopesArgs.java | 66 - .../pulumi/keycloak/openid/ClientPolicy.java | 3 + .../pulumi/keycloak/openid/ClientScope.java | 89 +- .../keycloak/openid/ClientScopeArgs.java | 120 - .../openid/ClientServiceAccountRealmRole.java | 7 +- .../openid/ClientServiceAccountRole.java | 7 +- .../openid/FullNameProtocolMapper.java | 105 +- .../openid/FullNameProtocolMapperArgs.java | 92 +- .../openid/GroupMembershipProtocolMapper.java | 127 +- .../GroupMembershipProtocolMapperArgs.java | 132 +- .../openid/HardcodedClaimProtocolMapper.java | 120 +- .../HardcodedClaimProtocolMapperArgs.java | 104 +- .../openid/HardcodedRoleProtocolMapper.java | 88 +- .../HardcodedRoleProtocolMapperArgs.java | 52 +- .../keycloak/openid/OpenidFunctions.java | 108 +- .../keycloak/openid/ScriptProtocolMapper.java | 16 +- .../openid/UserAttributeProtocolMapper.java | 129 +- .../UserAttributeProtocolMapperArgs.java | 120 +- .../openid/UserClientRoleProtocolMapper.java | 16 +- .../openid/UserPropertyProtocolMapper.java | 121 +- .../UserPropertyProtocolMapperArgs.java | 104 +- .../openid/UserRealmRoleProtocolMapper.java | 119 +- .../UserRealmRoleProtocolMapperArgs.java | 100 +- .../openid/UserSessionNoteProtocolMapper.java | 16 +- .../inputs/AudienceProtocolMapperState.java | 64 +- ...uthenticationFlowBindingOverridesArgs.java | 40 - .../inputs/ClientAuthorizationArgs.java | 80 - .../inputs/ClientDefaultScopesState.java | 66 - .../inputs/ClientOptionalScopesState.java | 66 - .../openid/inputs/ClientScopeState.java | 120 - .../keycloak/openid/inputs/ClientState.java | 944 ----- .../inputs/FullNameProtocolMapperState.java | 92 +- .../keycloak/openid/inputs/GetClientArgs.java | 40 - .../openid/inputs/GetClientPlainArgs.java | 28 - .../GroupMembershipProtocolMapperState.java | 132 +- .../HardcodedClaimProtocolMapperState.java | 104 +- .../HardcodedRoleProtocolMapperState.java | 52 +- .../UserAttributeProtocolMapperState.java | 120 +- .../UserPropertyProtocolMapperState.java | 104 +- .../UserRealmRoleProtocolMapperState.java | 100 +- ...entAuthenticationFlowBindingOverrides.java | 16 - .../openid/outputs/ClientAuthorization.java | 32 - .../keycloak/outputs/GetRealmKeysKey.java | 64 - .../keycloak/outputs/GetRealmKeysResult.java | 16 - .../keycloak/outputs/GetRoleResult.java | 8 - .../outputs/RealmInternationalization.java | 16 - .../keycloak/outputs/RealmOtpPolicy.java | 40 +- ...lmSecurityDefensesBruteForceDetection.java | 50 - .../outputs/RealmSecurityDefensesHeaders.java | 64 - .../keycloak/outputs/RealmSmtpServer.java | 80 - .../keycloak/outputs/RealmSmtpServerAuth.java | 16 - .../RealmWebAuthnPasswordlessPolicy.java | 60 +- .../keycloak/outputs/RealmWebAuthnPolicy.java | 60 +- .../outputs/UserFederatedIdentity.java | 24 - .../keycloak/outputs/UserInitialPassword.java | 16 - .../java/com/pulumi/keycloak/saml/Client.java | 347 +- .../com/pulumi/keycloak/saml/ClientArgs.java | 666 ---- .../keycloak/saml/ClientDefaultScope.java | 5 +- .../com/pulumi/keycloak/saml/ClientScope.java | 9 +- .../keycloak/saml/IdentityProvider.java | 215 +- .../keycloak/saml/IdentityProviderArgs.java | 280 +- .../pulumi/keycloak/saml/SamlFunctions.java | 24 + .../keycloak/saml/ScriptProtocolMapper.java | 11 +- .../saml/UserAttributeProtocolMapper.java | 120 +- .../saml/UserAttributeProtocolMapperArgs.java | 160 - .../saml/UserPropertyProtocolMapper.java | 118 +- .../saml/UserPropertyProtocolMapperArgs.java | 160 - ...uthenticationFlowBindingOverridesArgs.java | 40 - .../keycloak/saml/inputs/ClientState.java | 726 ---- .../saml/inputs/IdentityProviderState.java | 280 +- .../UserAttributeProtocolMapperState.java | 160 - .../UserPropertyProtocolMapperState.java | 160 - ...entAuthenticationFlowBindingOverrides.java | 16 - ...attributeImporterIdentityProviderMapper.ts | 109 +- sdk/nodejs/attributeToRoleIdentityMapper.ts | 8 +- sdk/nodejs/authentication/bindings.ts | 2 + sdk/nodejs/authentication/execution.ts | 6 +- sdk/nodejs/authentication/executionConfig.ts | 10 +- sdk/nodejs/authentication/flow.ts | 14 +- sdk/nodejs/authentication/subflow.ts | 16 +- sdk/nodejs/customIdentityProviderMapping.ts | 14 +- sdk/nodejs/customUserFederation.ts | 98 +- sdk/nodejs/defaultGroups.ts | 46 +- sdk/nodejs/defaultRoles.ts | 11 +- sdk/nodejs/genericClientProtocolMapper.ts | 77 +- sdk/nodejs/genericClientRoleMapper.ts | 20 +- sdk/nodejs/genericProtocolMapper.ts | 6 +- sdk/nodejs/genericRoleMapper.ts | 20 +- sdk/nodejs/getAuthenticationExecution.ts | 4 + sdk/nodejs/getAuthenticationFlow.ts | 4 + sdk/nodejs/getClientDescriptionConverter.ts | 4 + sdk/nodejs/getGroup.ts | 66 +- sdk/nodejs/getRealm.ts | 42 +- sdk/nodejs/getRealmKeys.ts | 36 +- sdk/nodejs/getRole.ts | 69 +- sdk/nodejs/getUser.ts | 4 + sdk/nodejs/getUserRealmRoles.ts | 4 + sdk/nodejs/group.ts | 93 +- sdk/nodejs/groupMemberships.ts | 70 +- sdk/nodejs/groupRoles.ts | 129 +- ...ardcodedAttributeIdentityProviderMapper.ts | 2 + sdk/nodejs/hardcodedRoleIdentityMapper.ts | 2 + ...ityProviderTokenExchangeScopePermission.ts | 8 +- sdk/nodejs/ldap/customMapper.ts | 8 +- sdk/nodejs/ldap/fullNameMapper.ts | 97 +- sdk/nodejs/ldap/groupMapper.ts | 221 +- sdk/nodejs/ldap/hardcodedAttributeMapper.ts | 8 +- sdk/nodejs/ldap/hardcodedGroupMapper.ts | 8 +- sdk/nodejs/ldap/hardcodedRoleMapper.ts | 99 +- .../ldap/msadLdsUserAccountControlMapper.ts | 8 +- .../ldap/msadUserAccountControlMapper.ts | 68 +- sdk/nodejs/ldap/roleMapper.ts | 8 +- sdk/nodejs/ldap/userAttributeMapper.ts | 107 +- sdk/nodejs/ldap/userFederation.ts | 220 +- sdk/nodejs/oidc/googleIdentityProvider.ts | 6 +- sdk/nodejs/oidc/identityProvider.ts | 6 +- sdk/nodejs/openid/audienceProtocolMapper.ts | 111 +- .../openid/audienceResolveProtocolMapper.ts | 14 +- .../openid/audienceResolveProtocolMappter.ts | 14 +- sdk/nodejs/openid/client.ts | 479 +-- .../openid/clientAuthorizationPermission.ts | 4 +- sdk/nodejs/openid/clientDefaultScopes.ts | 50 +- sdk/nodejs/openid/clientOptionalScopes.ts | 51 +- sdk/nodejs/openid/clientPolicy.ts | 2 + sdk/nodejs/openid/clientScope.ts | 94 +- .../openid/clientServiceAccountRealmRole.ts | 6 +- sdk/nodejs/openid/clientServiceAccountRole.ts | 6 +- sdk/nodejs/openid/fullNameProtocolMapper.ts | 114 +- sdk/nodejs/openid/getClient.ts | 46 +- .../openid/getClientAuthorizationPolicy.ts | 4 + sdk/nodejs/openid/getClientScope.ts | 4 + .../openid/getClientServiceAccountUser.ts | 4 + .../openid/groupMembershipProtocolMapper.ts | 138 +- .../openid/hardcodedClaimProtocolMapper.ts | 136 +- .../openid/hardcodedRoleProtocolMapper.ts | 95 +- sdk/nodejs/openid/scriptProtocolMapper.ts | 14 +- .../openid/userAttributeProtocolMapper.ts | 149 +- .../openid/userClientRoleProtocolMapper.ts | 14 +- .../openid/userPropertyProtocolMapper.ts | 137 +- .../openid/userRealmRoleProtocolMapper.ts | 140 +- .../openid/userSessionNoteProtocolMapper.ts | 14 +- sdk/nodejs/realm.ts | 543 +-- sdk/nodejs/realmEvents.ts | 94 +- sdk/nodejs/realmKeystoreAesGenerated.ts | 6 +- sdk/nodejs/realmKeystoreEcdsaGenerated.ts | 6 +- sdk/nodejs/realmKeystoreHmacGenerated.ts | 6 +- sdk/nodejs/realmKeystoreJavaGenerated.ts | 6 +- sdk/nodejs/realmKeystoreRsa.ts | 4 +- sdk/nodejs/realmKeystoreRsaGenerated.ts | 6 +- sdk/nodejs/realmUserProfile.ts | 2 + sdk/nodejs/requiredAction.ts | 6 +- sdk/nodejs/role.ts | 183 +- sdk/nodejs/saml/client.ts | 373 +- sdk/nodejs/saml/clientDefaultScope.ts | 4 +- sdk/nodejs/saml/clientScope.ts | 8 +- sdk/nodejs/saml/getClient.ts | 4 + .../saml/getClientInstallationProvider.ts | 4 + sdk/nodejs/saml/identityProvider.ts | 280 +- sdk/nodejs/saml/scriptProtocolMapper.ts | 10 +- .../saml/userAttributeProtocolMapper.ts | 127 +- sdk/nodejs/saml/userPropertyProtocolMapper.ts | 127 +- sdk/nodejs/types/input.ts | 197 +- sdk/nodejs/types/output.ts | 221 +- sdk/nodejs/user.ts | 157 +- sdk/nodejs/userGroups.ts | 8 +- sdk/nodejs/userRoles.ts | 9 +- ...rTemplateImporterIdentityProviderMapper.ts | 8 +- sdk/nodejs/usersPermissions.ts | 29 - sdk/python/pulumi_keycloak/_inputs.py | 252 +- ...ibute_importer_identity_provider_mapper.py | 223 +- .../attribute_to_role_identity_mapper.py | 16 +- .../authentication/bindings.py | 4 + .../authentication/execution.py | 12 +- .../authentication/execution_config.py | 20 +- .../pulumi_keycloak/authentication/flow.py | 28 +- .../pulumi_keycloak/authentication/subflow.py | 32 +- .../custom_identity_provider_mapping.py | 30 +- .../pulumi_keycloak/custom_user_federation.py | 204 +- sdk/python/pulumi_keycloak/default_groups.py | 90 +- sdk/python/pulumi_keycloak/default_roles.py | 22 +- .../generic_client_protocol_mapper.py | 171 +- .../generic_client_role_mapper.py | 40 +- .../generic_protocol_mapper.py | 12 +- .../pulumi_keycloak/generic_role_mapper.py | 40 +- .../get_authentication_execution.py | 4 + .../get_authentication_flow.py | 4 + .../get_client_description_converter.py | 4 + sdk/python/pulumi_keycloak/get_group.py | 50 +- sdk/python/pulumi_keycloak/get_realm.py | 34 +- sdk/python/pulumi_keycloak/get_realm_keys.py | 28 +- sdk/python/pulumi_keycloak/get_role.py | 53 +- sdk/python/pulumi_keycloak/get_user.py | 4 + .../pulumi_keycloak/get_user_realm_roles.py | 4 + sdk/python/pulumi_keycloak/group.py | 174 +- .../pulumi_keycloak/group_memberships.py | 133 +- sdk/python/pulumi_keycloak/group_roles.py | 238 +- ...oded_attribute_identity_provider_mapper.py | 4 + .../hardcoded_role_identity_mapper.py | 4 + ...rovider_token_exchange_scope_permission.py | 16 +- sdk/python/pulumi_keycloak/ldap/_inputs.py | 12 +- .../pulumi_keycloak/ldap/custom_mapper.py | 16 +- .../pulumi_keycloak/ldap/full_name_mapper.py | 189 +- .../pulumi_keycloak/ldap/group_mapper.py | 389 +- .../ldap/hardcoded_attribute_mapper.py | 16 +- .../ldap/hardcoded_group_mapper.py | 16 +- .../ldap/hardcoded_role_mapper.py | 190 +- .../msad_lds_user_account_control_mapper.py | 16 +- .../ldap/msad_user_account_control_mapper.py | 145 +- sdk/python/pulumi_keycloak/ldap/outputs.py | 12 +- .../pulumi_keycloak/ldap/role_mapper.py | 16 +- .../ldap/user_attribute_mapper.py | 242 +- .../pulumi_keycloak/ldap/user_federation.py | 497 +-- .../oidc/google_identity_provider.py | 12 +- .../pulumi_keycloak/oidc/identity_provider.py | 12 +- sdk/python/pulumi_keycloak/openid/_inputs.py | 28 - .../openid/audience_protocol_mapper.py | 254 +- .../audience_resolve_protocol_mapper.py | 28 +- .../audience_resolve_protocol_mappter.py | 28 +- sdk/python/pulumi_keycloak/openid/client.py | 761 +--- .../openid/client_authorization_permission.py | 8 +- .../openid/client_default_scopes.py | 93 +- .../openid/client_optional_scopes.py | 95 +- .../pulumi_keycloak/openid/client_policy.py | 4 + .../pulumi_keycloak/openid/client_scope.py | 162 +- .../client_service_account_realm_role.py | 12 +- .../openid/client_service_account_role.py | 12 +- .../openid/full_name_protocol_mapper.py | 237 +- .../pulumi_keycloak/openid/get_client.py | 34 +- .../openid/get_client_authorization_policy.py | 4 + .../openid/get_client_scope.py | 4 + .../openid/get_client_service_account_user.py | 4 + .../group_membership_protocol_mapper.py | 267 +- .../openid/hardcoded_claim_protocol_mapper.py | 294 +- .../openid/hardcoded_role_protocol_mapper.py | 201 +- sdk/python/pulumi_keycloak/openid/outputs.py | 28 - .../openid/script_protocol_mapper.py | 28 +- .../openid/user_attribute_protocol_mapper.py | 324 +- .../user_client_role_protocol_mapper.py | 28 +- .../openid/user_property_protocol_mapper.py | 296 +- .../openid/user_realm_role_protocol_mapper.py | 303 +- .../user_session_note_protocol_mapper.py | 28 +- sdk/python/pulumi_keycloak/outputs.py | 286 +- sdk/python/pulumi_keycloak/realm.py | 900 +---- sdk/python/pulumi_keycloak/realm_events.py | 155 +- .../realm_keystore_aes_generated.py | 12 +- .../realm_keystore_ecdsa_generated.py | 12 +- .../realm_keystore_hmac_generated.py | 12 +- .../realm_keystore_java_generated.py | 12 +- .../pulumi_keycloak/realm_keystore_rsa.py | 8 +- .../realm_keystore_rsa_generated.py | 12 +- .../pulumi_keycloak/realm_user_profile.py | 4 + sdk/python/pulumi_keycloak/required_action.py | 12 +- sdk/python/pulumi_keycloak/role.py | 340 +- sdk/python/pulumi_keycloak/saml/_inputs.py | 10 - sdk/python/pulumi_keycloak/saml/client.py | 585 +-- .../saml/client_default_scope.py | 8 +- .../pulumi_keycloak/saml/client_scope.py | 16 +- sdk/python/pulumi_keycloak/saml/get_client.py | 4 + .../saml/get_client_installation_provider.py | 4 + .../pulumi_keycloak/saml/identity_provider.py | 639 ++-- sdk/python/pulumi_keycloak/saml/outputs.py | 10 - .../saml/script_protocol_mapper.py | 20 +- .../saml/user_attribute_protocol_mapper.py | 222 +- .../saml/user_property_protocol_mapper.py | 222 +- sdk/python/pulumi_keycloak/user.py | 271 +- sdk/python/pulumi_keycloak/user_groups.py | 16 +- sdk/python/pulumi_keycloak/user_roles.py | 18 +- ...plate_importer_identity_provider_mapper.py | 16 +- .../pulumi_keycloak/users_permissions.py | 58 - 631 files changed, 17412 insertions(+), 39492 deletions(-) diff --git a/examples/go.mod b/examples/go.mod index e5088b94..6f455ac3 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -2,7 +2,7 @@ module github.com/pulumi/pulumi-keycloak/examples/v4 go 1.21 -require github.com/pulumi/pulumi/pkg/v3 v3.107.0 +require github.com/pulumi/pulumi/pkg/v3 v3.108.1 require ( cloud.google.com/go v0.110.10 // indirect @@ -135,7 +135,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect github.com/pulumi/esc v0.6.2 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.107.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.108.1 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect diff --git a/examples/go.sum b/examples/go.sum index bf363e56..e3010fb1 100644 --- a/examples/go.sum +++ b/examples/go.sum @@ -1467,10 +1467,10 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= -github.com/pulumi/pulumi/pkg/v3 v3.107.0 h1:HRyIl1c9ur0PVQW+GuFL1APBEuGa/fQQMp3F+WluxW8= -github.com/pulumi/pulumi/pkg/v3 v3.107.0/go.mod h1:7edfZu4FlrXdIn4339tJ+SQX5VKGqbFntmpc8cai0Zg= -github.com/pulumi/pulumi/sdk/v3 v3.107.0 h1:bef+ayh9+4KkAqXih4EjlHfQXRY24NWPwWBIQhBxTjg= -github.com/pulumi/pulumi/sdk/v3 v3.107.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/pkg/v3 v3.108.1 h1:K1UK40v5IpEPIaJ2un3WNOTBbLQaKR26HbLLh5EmMHY= +github.com/pulumi/pulumi/pkg/v3 v3.108.1/go.mod h1:48uCfxkPXUq/XTBqei9VuR0CRWObnSVlqcLkD6DhII8= +github.com/pulumi/pulumi/sdk/v3 v3.108.1 h1:5idjc3JmzToYVizRPbFyjJ5UU4AbExd04pcSP9AhPEc= +github.com/pulumi/pulumi/sdk/v3 v3.108.1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= github.com/rakyll/embedmd v0.0.0-20171029212350-c8060a0752a2/go.mod h1:7jOTMgqac46PZcF54q6l2hkLEG8op93fZu61KmxWDV4= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= diff --git a/provider/cmd/pulumi-resource-keycloak/schema.json b/provider/cmd/pulumi-resource-keycloak/schema.json index 5673458a..ff789b30 100644 --- a/provider/cmd/pulumi-resource-keycloak/schema.json +++ b/provider/cmd/pulumi-resource-keycloak/schema.json @@ -208,15 +208,13 @@ "keycloak:index/RealmInternationalization:RealmInternationalization": { "properties": { "defaultLocale": { - "type": "string", - "description": "The locale to use by default. This locale code must be present within the `supported_locales` list.\n" + "type": "string" }, "supportedLocales": { "type": "array", "items": { "type": "string" - }, - "description": "A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support.\n" + } } }, "type": "object", @@ -229,27 +227,23 @@ "properties": { "algorithm": { "type": "string", - "description": "What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`.\n" + "description": "What hashing algorithm should be used to generate the OTP.\n" }, "digits": { - "type": "integer", - "description": "How many digits the OTP have. Defaults to `6`.\n" + "type": "integer" }, "initialCounter": { - "type": "integer", - "description": "What should the initial counter value be. Defaults to `2`.\n" + "type": "integer" }, "lookAheadWindow": { - "type": "integer", - "description": "How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`.\n" + "type": "integer" }, "period": { - "type": "integer", - "description": "How many seconds should an OTP token be valid. Defaults to `30`.\n" + "type": "integer" }, "type": { "type": "string", - "description": "One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`.\n" + "description": "OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password\n" } }, "type": "object" @@ -268,31 +262,25 @@ "keycloak:index/RealmSecurityDefensesBruteForceDetection:RealmSecurityDefensesBruteForceDetection": { "properties": { "failureResetTimeSeconds": { - "type": "integer", - "description": "When will failure count be reset?\n" + "type": "integer" }, "maxFailureWaitSeconds": { "type": "integer" }, "maxLoginFailures": { - "type": "integer", - "description": "How many failures before wait is triggered.\n" + "type": "integer" }, "minimumQuickLoginWaitSeconds": { - "type": "integer", - "description": "How long to wait after a quick login failure.\n- `max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out.\n" + "type": "integer" }, "permanentLockout": { - "type": "boolean", - "description": "When `true`, this will lock the user permanently when the user exceeds the maximum login failures.\n" + "type": "boolean" }, "quickLoginCheckMilliSeconds": { - "type": "integer", - "description": "Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.\n" + "type": "integer" }, "waitIncrementSeconds": { - "type": "integer", - "description": "This represents the amount of time a user should be locked out when the login failure threshold has been met.\n" + "type": "integer" } }, "type": "object" @@ -300,36 +288,28 @@ "keycloak:index/RealmSecurityDefensesHeaders:RealmSecurityDefensesHeaders": { "properties": { "contentSecurityPolicy": { - "type": "string", - "description": "Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract.\n" + "type": "string" }, "contentSecurityPolicyReportOnly": { - "type": "string", - "description": "Used for testing Content Security Policies.\n" + "type": "string" }, "referrerPolicy": { - "type": "string", - "description": "The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.\n" + "type": "string" }, "strictTransportSecurity": { - "type": "string", - "description": "The Script-Transport-Security HTTP header tells browsers to always use HTTPS.\n" + "type": "string" }, "xContentTypeOptions": { - "type": "string", - "description": "Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type\n" + "type": "string" }, "xFrameOptions": { - "type": "string", - "description": "Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034)\n" + "type": "string" }, "xRobotsTag": { - "type": "string", - "description": "Prevent pages from appearing in search engines.\n" + "type": "string" }, "xXssProtection": { - "type": "string", - "description": "This header configures the Cross-site scripting (XSS) filter in your browser.\n" + "type": "string" } }, "type": "object" @@ -337,44 +317,34 @@ "keycloak:index/RealmSmtpServer:RealmSmtpServer": { "properties": { "auth": { - "$ref": "#/types/keycloak:index/RealmSmtpServerAuth:RealmSmtpServerAuth", - "description": "Enables authentication to the SMTP server. This block supports the following arguments:\n" + "$ref": "#/types/keycloak:index/RealmSmtpServerAuth:RealmSmtpServerAuth" }, "envelopeFrom": { - "type": "string", - "description": "The email address uses for bounces.\n" + "type": "string" }, "from": { - "type": "string", - "description": "The email address for the sender.\n" + "type": "string" }, "fromDisplayName": { - "type": "string", - "description": "The display name of the sender email address.\n" + "type": "string" }, "host": { - "type": "string", - "description": "The host of the SMTP server.\n" + "type": "string" }, "port": { - "type": "string", - "description": "The port of the SMTP server (defaults to 25).\n" + "type": "string" }, "replyTo": { - "type": "string", - "description": "The \"reply to\" email address.\n" + "type": "string" }, "replyToDisplayName": { - "type": "string", - "description": "The display name of the \"reply to\" email address.\n" + "type": "string" }, "ssl": { - "type": "boolean", - "description": "When `true`, enables SSL. Defaults to `false`.\n" + "type": "boolean" }, "starttls": { - "type": "boolean", - "description": "When `true`, enables StartTLS. Defaults to `false`.\n" + "type": "boolean" } }, "type": "object", @@ -387,12 +357,10 @@ "properties": { "password": { "type": "string", - "description": "The SMTP server password.\n", "secret": true }, "username": { - "type": "string", - "description": "The SMTP server username.\n" + "type": "string" } }, "type": "object", @@ -535,47 +503,42 @@ "type": "array", "items": { "type": "string" - }, - "description": "A set of AAGUIDs for which an authenticator can be registered.\n" + } }, "attestationConveyancePreference": { "type": "string", - "description": "The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`.\n" + "description": "Either none, indirect or direct\n" }, "authenticatorAttachment": { "type": "string", - "description": "The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`.\n" + "description": "Either platform or cross-platform\n" }, "avoidSameAuthenticatorRegister": { - "type": "boolean", - "description": "When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`.\n" + "type": "boolean" }, "createTimeout": { - "type": "integer", - "description": "The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`.\n" + "type": "integer" }, "relyingPartyEntityName": { - "type": "string", - "description": "A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`.\n" + "type": "string" }, "relyingPartyId": { - "type": "string", - "description": "The WebAuthn relying party ID.\n" + "type": "string" }, "requireResidentKey": { "type": "string", - "description": "Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`.\n" + "description": "Either Yes or No\n" }, "signatureAlgorithms": { "type": "array", "items": { "type": "string" }, - "description": "A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`.\n" + "description": "Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing\n" }, "userVerificationRequirement": { "type": "string", - "description": "Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`.\n" + "description": "Either required, preferred or discouraged\n" } }, "type": "object", @@ -593,47 +556,42 @@ "type": "array", "items": { "type": "string" - }, - "description": "A set of AAGUIDs for which an authenticator can be registered.\n" + } }, "attestationConveyancePreference": { "type": "string", - "description": "The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`.\n" + "description": "Either none, indirect or direct\n" }, "authenticatorAttachment": { "type": "string", - "description": "The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`.\n" + "description": "Either platform or cross-platform\n" }, "avoidSameAuthenticatorRegister": { - "type": "boolean", - "description": "When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`.\n" + "type": "boolean" }, "createTimeout": { - "type": "integer", - "description": "The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`.\n" + "type": "integer" }, "relyingPartyEntityName": { - "type": "string", - "description": "A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`.\n" + "type": "string" }, "relyingPartyId": { - "type": "string", - "description": "The WebAuthn relying party ID.\n" + "type": "string" }, "requireResidentKey": { "type": "string", - "description": "Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`.\n" + "description": "Either Yes or No\n" }, "signatureAlgorithms": { "type": "array", "items": { "type": "string" }, - "description": "A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`.\n" + "description": "Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing\n" }, "userVerificationRequirement": { "type": "string", - "description": "Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`.\n" + "description": "Either required, preferred or discouraged\n" } }, "type": "object", @@ -648,16 +606,13 @@ "keycloak:index/UserFederatedIdentity:UserFederatedIdentity": { "properties": { "identityProvider": { - "type": "string", - "description": "The name of the identity provider\n" + "type": "string" }, "userId": { - "type": "string", - "description": "The ID of the user defined in the identity provider\n" + "type": "string" }, "userName": { - "type": "string", - "description": "The user name of the user defined in the identity provider\n" + "type": "string" } }, "type": "object", @@ -670,12 +625,10 @@ "keycloak:index/UserInitialPassword:UserInitialPassword": { "properties": { "temporary": { - "type": "boolean", - "description": "If set to `true`, the initial password is set up for renewal on first use. Default to `false`.\n" + "type": "boolean" }, "value": { "type": "string", - "description": "The initial password.\n", "secret": true } }, @@ -847,36 +800,28 @@ "keycloak:index/getRealmKeysKey:getRealmKeysKey": { "properties": { "algorithm": { - "type": "string", - "description": "Key algorithm (string)\n" + "type": "string" }, "certificate": { - "type": "string", - "description": "Key certificate (string)\n" + "type": "string" }, "kid": { - "type": "string", - "description": "Key ID (string)\n" + "type": "string" }, "providerId": { - "type": "string", - "description": "Key provider ID (string)\n" + "type": "string" }, "providerPriority": { - "type": "integer", - "description": "Key provider priority (int64)\n" + "type": "integer" }, "publicKey": { - "type": "string", - "description": "Key public key (string)\n" + "type": "string" }, "status": { - "type": "string", - "description": "When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`.\n" + "type": "string" }, "type": { - "type": "string", - "description": "Key type (string)\n" + "type": "string" } }, "type": "object", @@ -1248,7 +1193,7 @@ "properties": { "evictionDay": { "type": "integer", - "description": "Day of the week the entry will become invalid on\n" + "description": "Day of the week the entry will become invalid on.\n" }, "evictionHour": { "type": "integer", @@ -1263,8 +1208,7 @@ "description": "Max lifespan of cache entry (duration string).\n" }, "policy": { - "type": "string", - "description": "Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n" + "type": "string" } }, "type": "object" @@ -1273,7 +1217,7 @@ "properties": { "kerberosRealm": { "type": "string", - "description": "The name of the kerberos realm, e.g. FOO.LOCAL.\n" + "description": "The name of the kerberos realm, e.g. FOO.LOCAL\n" }, "keyTab": { "type": "string", @@ -1298,12 +1242,10 @@ "keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides": { "properties": { "browserId": { - "type": "string", - "description": "Browser flow id, (flow needs to exist)\n" + "type": "string" }, "directGrantId": { - "type": "string", - "description": "Direct grant flow id (flow needs to exist)\n" + "type": "string" } }, "type": "object" @@ -1311,20 +1253,16 @@ "keycloak:openid/ClientAuthorization:ClientAuthorization": { "properties": { "allowRemoteResourceManagement": { - "type": "boolean", - "description": "When `true`, resources can be managed remotely by the resource server. Defaults to `false`.\n" + "type": "boolean" }, "decisionStrategy": { - "type": "string", - "description": "Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions.\n" + "type": "string" }, "keepDefaults": { - "type": "boolean", - "description": "When `true`, defaults set by Keycloak will be respected. Defaults to `false`.\n" + "type": "boolean" }, "policyEnforcementMode": { - "type": "string", - "description": "Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`.\n" + "type": "string" } }, "type": "object", @@ -1560,12 +1498,10 @@ "keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides": { "properties": { "browserId": { - "type": "string", - "description": "Browser flow id, (flow needs to exist)\n" + "type": "string" }, "directGrantId": { - "type": "string", - "description": "Direct grant flow id (flow needs to exist)\n" + "type": "string" } }, "type": "object" @@ -1710,7 +1646,7 @@ }, "resources": { "keycloak:authentication/bindings:Bindings": { - "description": "Allows for creating and managing realm authentication flow bindings within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\nRealms assign authentication flows to supported user flows such as `registration` and `browser`. This resource allows the\nupdating of realm authentication flow bindings to custom authentication flows created by `keycloak.authentication.Flow`.\n\nNote that you can also use the `keycloak.Realm` resource to assign authentication flow bindings at the realm level. This\nresource is useful if you would like to create a realm and an authentication flow, and assign this flow to the realm within\na single run of `pulumi up`. In any case, do not attempt to use both the arguments within the `keycloak.Realm` resource\nand this resource to manage authentication flow bindings, you should choose one or the other.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\nconst browserAuthenticationBinding = new keycloak.authentication.Bindings(\"browserAuthenticationBinding\", {\n realmId: realm.id,\n browserFlow: flow.alias,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\nbrowser_authentication_binding = keycloak.authentication.Bindings(\"browserAuthenticationBinding\",\n realm_id=realm.id,\n browser_flow=flow.alias)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n executionOne,\n },\n });\n\n var browserAuthenticationBinding = new Keycloak.Authentication.Bindings(\"browserAuthenticationBinding\", new()\n {\n RealmId = realm.Id,\n BrowserFlow = flow.Alias,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewBindings(ctx, \"browserAuthenticationBinding\", \u0026authentication.BindingsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBrowserFlow: flow.Alias,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.Bindings;\nimport com.pulumi.keycloak.authentication.BindingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n var browserAuthenticationBinding = new Bindings(\"browserAuthenticationBinding\", BindingsArgs.builder() \n .realmId(realm.id())\n .browserFlow(flow.alias())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n browserAuthenticationBinding:\n type: keycloak:authentication:Bindings\n properties:\n realmId: ${realm.id}\n browserFlow: ${flow.alias}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Allows for creating and managing realm authentication flow bindings within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\nRealms assign authentication flows to supported user flows such as `registration` and `browser`. This resource allows the\nupdating of realm authentication flow bindings to custom authentication flows created by `keycloak.authentication.Flow`.\n\nNote that you can also use the `keycloak.Realm` resource to assign authentication flow bindings at the realm level. This\nresource is useful if you would like to create a realm and an authentication flow, and assign this flow to the realm within\na single run of `pulumi up`. In any case, do not attempt to use both the arguments within the `keycloak.Realm` resource\nand this resource to manage authentication flow bindings, you should choose one or the other.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\nconst browserAuthenticationBinding = new keycloak.authentication.Bindings(\"browserAuthenticationBinding\", {\n realmId: realm.id,\n browserFlow: flow.alias,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\nbrowser_authentication_binding = keycloak.authentication.Bindings(\"browserAuthenticationBinding\",\n realm_id=realm.id,\n browser_flow=flow.alias)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n executionOne,\n },\n });\n\n var browserAuthenticationBinding = new Keycloak.Authentication.Bindings(\"browserAuthenticationBinding\", new()\n {\n RealmId = realm.Id,\n BrowserFlow = flow.Alias,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewBindings(ctx, \"browserAuthenticationBinding\", \u0026authentication.BindingsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBrowserFlow: flow.Alias,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.Bindings;\nimport com.pulumi.keycloak.authentication.BindingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n var browserAuthenticationBinding = new Bindings(\"browserAuthenticationBinding\", BindingsArgs.builder() \n .realmId(realm.id())\n .browserFlow(flow.alias())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n browserAuthenticationBinding:\n type: keycloak:authentication:Bindings\n properties:\n realmId: ${realm.id}\n browserFlow: ${flow.alias}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "browserFlow": { "type": "string", @@ -1821,7 +1757,7 @@ } }, "keycloak:authentication/execution:Execution": { - "description": "Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n executionOne,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n ", + "description": "Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n executionOne,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n", "properties": { "authenticator": { "type": "string", @@ -1898,7 +1834,7 @@ } }, "keycloak:authentication/executionConfig:ExecutionConfig": { - "description": "Allows for managing an authentication execution's configuration. If a particular authentication execution supports additional\nconfiguration (such as with the `identity-provider-redirector` execution), this can be managed with this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst execution = new keycloak.authentication.Execution(\"execution\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n});\nconst config = new keycloak.authentication.ExecutionConfig(\"config\", {\n realmId: realm.id,\n executionId: execution.id,\n alias: \"my-config-alias\",\n config: {\n defaultProvider: \"my-config-default-idp\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nexecution = keycloak.authentication.Execution(\"execution\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\")\nconfig = keycloak.authentication.ExecutionConfig(\"config\",\n realm_id=realm.id,\n execution_id=execution.id,\n alias=\"my-config-alias\",\n config={\n \"defaultProvider\": \"my-config-default-idp\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var execution = new Keycloak.Authentication.Execution(\"execution\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n });\n\n var config = new Keycloak.Authentication.ExecutionConfig(\"config\", new()\n {\n RealmId = realm.Id,\n ExecutionId = execution.Id,\n Alias = \"my-config-alias\",\n Config = \n {\n { \"defaultProvider\", \"my-config-default-idp\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texecution, err := authentication.NewExecution(ctx, \"execution\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewExecutionConfig(ctx, \"config\", \u0026authentication.ExecutionConfigArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tExecutionId: execution.ID(),\n\t\t\tAlias: pulumi.String(\"my-config-alias\"),\n\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\"defaultProvider\": pulumi.String(\"my-config-default-idp\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.ExecutionConfig;\nimport com.pulumi.keycloak.authentication.ExecutionConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var execution = new Execution(\"execution\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .build());\n\n var config = new ExecutionConfig(\"config\", ExecutionConfigArgs.builder() \n .realmId(realm.id())\n .executionId(execution.id())\n .alias(\"my-config-alias\")\n .config(Map.of(\"defaultProvider\", \"my-config-default-idp\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n execution:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n config:\n type: keycloak:authentication:ExecutionConfig\n properties:\n realmId: ${realm.id}\n executionId: ${execution.id}\n alias: my-config-alias\n config:\n defaultProvider: my-config-default-idp\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfigurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`.\n\n If the `authenticationExecutionId` is incorrect, the import will still be successful.\n\n A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:authentication/executionConfig:ExecutionConfig config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n ", + "description": "Allows for managing an authentication execution's configuration. If a particular authentication execution supports additional\nconfiguration (such as with the `identity-provider-redirector` execution), this can be managed with this resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst execution = new keycloak.authentication.Execution(\"execution\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n});\nconst config = new keycloak.authentication.ExecutionConfig(\"config\", {\n realmId: realm.id,\n executionId: execution.id,\n alias: \"my-config-alias\",\n config: {\n defaultProvider: \"my-config-default-idp\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nexecution = keycloak.authentication.Execution(\"execution\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\")\nconfig = keycloak.authentication.ExecutionConfig(\"config\",\n realm_id=realm.id,\n execution_id=execution.id,\n alias=\"my-config-alias\",\n config={\n \"defaultProvider\": \"my-config-default-idp\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var execution = new Keycloak.Authentication.Execution(\"execution\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n });\n\n var config = new Keycloak.Authentication.ExecutionConfig(\"config\", new()\n {\n RealmId = realm.Id,\n ExecutionId = execution.Id,\n Alias = \"my-config-alias\",\n Config = \n {\n { \"defaultProvider\", \"my-config-default-idp\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texecution, err := authentication.NewExecution(ctx, \"execution\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewExecutionConfig(ctx, \"config\", \u0026authentication.ExecutionConfigArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tExecutionId: execution.ID(),\n\t\t\tAlias: pulumi.String(\"my-config-alias\"),\n\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\"defaultProvider\": pulumi.String(\"my-config-default-idp\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.ExecutionConfig;\nimport com.pulumi.keycloak.authentication.ExecutionConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var execution = new Execution(\"execution\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .build());\n\n var config = new ExecutionConfig(\"config\", ExecutionConfigArgs.builder() \n .realmId(realm.id())\n .executionId(execution.id())\n .alias(\"my-config-alias\")\n .config(Map.of(\"defaultProvider\", \"my-config-default-idp\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n execution:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n config:\n type: keycloak:authentication:ExecutionConfig\n properties:\n realmId: ${realm.id}\n executionId: ${execution.id}\n alias: my-config-alias\n config:\n defaultProvider: my-config-default-idp\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConfigurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`.\n\nIf the `authenticationExecutionId` is incorrect, the import will still be successful.\n\nA subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/executionConfig:ExecutionConfig config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n", "properties": { "alias": { "type": "string", @@ -1986,7 +1922,7 @@ } }, "keycloak:authentication/flow:Flow": { - "description": "Allows for creating and managing an authentication flow within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/11.0/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst execution = new keycloak.authentication.Execution(\"execution\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"REQUIRED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nexecution = keycloak.authentication.Execution(\"execution\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"REQUIRED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var execution = new Keycloak.Authentication.Execution(\"execution\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"REQUIRED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewExecution(ctx, \"execution\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"REQUIRED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var execution = new Execution(\"execution\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"REQUIRED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n execution:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: REQUIRED\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAuthentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is\n\n typically a GUID which is autogenerated when the flow is created via Keycloak.\n\n Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the\n\n \"Authentication\" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`,\n\n which will be a list of authentication flows.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:authentication/flow:Flow flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1\n```\n\n ", + "description": "Allows for creating and managing an authentication flow within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/11.0/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst execution = new keycloak.authentication.Execution(\"execution\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"REQUIRED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nexecution = keycloak.authentication.Execution(\"execution\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"REQUIRED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var execution = new Keycloak.Authentication.Execution(\"execution\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"REQUIRED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewExecution(ctx, \"execution\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"REQUIRED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var execution = new Execution(\"execution\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"REQUIRED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n execution:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: REQUIRED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is\n\ntypically a GUID which is autogenerated when the flow is created via Keycloak.\n\nUnfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the\n\n\"Authentication\" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`,\n\nwhich will be a list of authentication flows.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/flow:Flow flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1\n```\n\n", "properties": { "alias": { "type": "string", @@ -2057,7 +1993,7 @@ } }, "keycloak:authentication/subflow:Subflow": { - "description": "Allows for creating and managing an authentication subflow within Keycloak.\n\nLike authentication flows, authentication subflows are containers for authentication executions.\nAs its name implies, an authentication subflow is contained in an authentication flow.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst subflow = new keycloak.authentication.Subflow(\"subflow\", {\n realmId: realm.id,\n alias: \"my-subflow-alias\",\n parentFlowAlias: flow.alias,\n providerId: \"basic-flow\",\n requirement: \"ALTERNATIVE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nsubflow = keycloak.authentication.Subflow(\"subflow\",\n realm_id=realm.id,\n alias=\"my-subflow-alias\",\n parent_flow_alias=flow.alias,\n provider_id=\"basic-flow\",\n requirement=\"ALTERNATIVE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var subflow = new Keycloak.Authentication.Subflow(\"subflow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-subflow-alias\",\n ParentFlowAlias = flow.Alias,\n ProviderId = \"basic-flow\",\n Requirement = \"ALTERNATIVE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewSubflow(ctx, \"subflow\", \u0026authentication.SubflowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-subflow-alias\"),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tProviderId: pulumi.String(\"basic-flow\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Subflow;\nimport com.pulumi.keycloak.authentication.SubflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var subflow = new Subflow(\"subflow\", SubflowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-subflow-alias\")\n .parentFlowAlias(flow.alias())\n .providerId(\"basic-flow\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n subflow:\n type: keycloak:authentication:Subflow\n properties:\n realmId: ${realm.id}\n alias: my-subflow-alias\n parentFlowAlias: ${flow.alias}\n providerId: basic-flow\n requirement: ALTERNATIVE\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAuthentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`.\n\n The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak.\n\n Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the\n\n \"Authentication\" page in Keycloak, and use the network tab of your browser to view the response of the API call to\n\n `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be.\n\n __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field).\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/\"Parent Flow\"/3bad1172-bb5c-4a77-9615-c2606eb03081\n```\n\n ", + "description": "Allows for creating and managing an authentication subflow within Keycloak.\n\nLike authentication flows, authentication subflows are containers for authentication executions.\nAs its name implies, an authentication subflow is contained in an authentication flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst subflow = new keycloak.authentication.Subflow(\"subflow\", {\n realmId: realm.id,\n alias: \"my-subflow-alias\",\n parentFlowAlias: flow.alias,\n providerId: \"basic-flow\",\n requirement: \"ALTERNATIVE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nsubflow = keycloak.authentication.Subflow(\"subflow\",\n realm_id=realm.id,\n alias=\"my-subflow-alias\",\n parent_flow_alias=flow.alias,\n provider_id=\"basic-flow\",\n requirement=\"ALTERNATIVE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var subflow = new Keycloak.Authentication.Subflow(\"subflow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-subflow-alias\",\n ParentFlowAlias = flow.Alias,\n ProviderId = \"basic-flow\",\n Requirement = \"ALTERNATIVE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewSubflow(ctx, \"subflow\", \u0026authentication.SubflowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-subflow-alias\"),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tProviderId: pulumi.String(\"basic-flow\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Subflow;\nimport com.pulumi.keycloak.authentication.SubflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var subflow = new Subflow(\"subflow\", SubflowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-subflow-alias\")\n .parentFlowAlias(flow.alias())\n .providerId(\"basic-flow\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n subflow:\n type: keycloak:authentication:Subflow\n properties:\n realmId: ${realm.id}\n alias: my-subflow-alias\n parentFlowAlias: ${flow.alias}\n providerId: basic-flow\n requirement: ALTERNATIVE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`.\n\nThe authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak.\n\nUnfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the\n\n\"Authentication\" page in Keycloak, and use the network tab of your browser to view the response of the API call to\n\n`/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be.\n\n__The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field).\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/\"Parent Flow\"/3bad1172-bb5c-4a77-9615-c2606eb03081\n```\n\n", "properties": { "alias": { "type": "string", @@ -2170,42 +2106,41 @@ } }, "keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper": { - "description": "Allows for creating and managing an attribute importer identity provider mapper within Keycloak.\n\nThe attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user:\n- For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user.\n- For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user.\n- For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst oidcAttributeImporterIdentityProviderMapper = new keycloak.AttributeImporterIdentityProviderMapper(\"oidcAttributeImporterIdentityProviderMapper\", {\n realm: realm.id,\n claimName: \"my-email-claim\",\n identityProviderAlias: oidcIdentityProvider.alias,\n userAttribute: \"email\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\noidc_attribute_importer_identity_provider_mapper = keycloak.AttributeImporterIdentityProviderMapper(\"oidcAttributeImporterIdentityProviderMapper\",\n realm=realm.id,\n claim_name=\"my-email-claim\",\n identity_provider_alias=oidc_identity_provider.alias,\n user_attribute=\"email\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var oidcAttributeImporterIdentityProviderMapper = new Keycloak.AttributeImporterIdentityProviderMapper(\"oidcAttributeImporterIdentityProviderMapper\", new()\n {\n Realm = realm.Id,\n ClaimName = \"my-email-claim\",\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n UserAttribute = \"email\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewAttributeImporterIdentityProviderMapper(ctx, \"oidcAttributeImporterIdentityProviderMapper\", \u0026keycloak.AttributeImporterIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tClaimName: pulumi.String(\"my-email-claim\"),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tUserAttribute: pulumi.String(\"email\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var oidcAttributeImporterIdentityProviderMapper = new AttributeImporterIdentityProviderMapper(\"oidcAttributeImporterIdentityProviderMapper\", AttributeImporterIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .claimName(\"my-email-claim\")\n .identityProviderAlias(oidcIdentityProvider.alias())\n .userAttribute(\"email\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n oidcAttributeImporterIdentityProviderMapper:\n type: keycloak:AttributeImporterIdentityProviderMapper\n properties:\n realm: ${realm.id}\n claimName: my-email-claim\n identityProviderAlias: ${oidcIdentityProvider.alias}\n userAttribute: email\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\n assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n ", + "description": "## # keycloak.AttributeImporterIdentityProviderMapper\n\nAllows to create and manage identity provider mappers within Keycloak.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst testMapper = new keycloak.AttributeImporterIdentityProviderMapper(\"testMapper\", {\n attributeName: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n identityProviderAlias: \"idp_alias\",\n realm: \"my-realm\",\n userAttribute: \"lastName\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntest_mapper = keycloak.AttributeImporterIdentityProviderMapper(\"testMapper\",\n attribute_name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n identity_provider_alias=\"idp_alias\",\n realm=\"my-realm\",\n user_attribute=\"lastName\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testMapper = new Keycloak.AttributeImporterIdentityProviderMapper(\"testMapper\", new()\n {\n AttributeName = \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n IdentityProviderAlias = \"idp_alias\",\n Realm = \"my-realm\",\n UserAttribute = \"lastName\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewAttributeImporterIdentityProviderMapper(ctx, \"testMapper\", \u0026keycloak.AttributeImporterIdentityProviderMapperArgs{\n\t\t\tAttributeName: pulumi.String(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\"),\n\t\t\tIdentityProviderAlias: pulumi.String(\"idp_alias\"),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tUserAttribute: pulumi.String(\"lastName\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testMapper = new AttributeImporterIdentityProviderMapper(\"testMapper\", AttributeImporterIdentityProviderMapperArgs.builder() \n .attributeName(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\")\n .identityProviderAlias(\"idp_alias\")\n .realm(\"my-realm\")\n .userAttribute(\"lastName\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testMapper:\n type: keycloak:AttributeImporterIdentityProviderMapper\n properties:\n attributeName: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\n identityProviderAlias: idp_alias\n realm: my-realm\n userAttribute: lastName\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The name of the realm.\n- `name` - (Required) The name of the mapper.\n- `identity_provider_alias` - (Required) The alias of the associated identity provider.\n- `user_attribute` - (Required) The user attribute name to store SAML attribute.\n- `attribute_name` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead.\n- `attribute_friendly_name` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead.\n- `claim_name` - (Optional) The claim name.\n\n### Import\n\nIdentity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_attribute_importer_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n", "properties": { "attributeFriendlyName": { "type": "string", - "description": "For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`.\n" + "description": "Attribute Friendly Name\n" }, "attributeName": { "type": "string", - "description": "For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`.\n" + "description": "Attribute Name\n" }, "claimName": { "type": "string", - "description": "For OIDC based providers, this is the name of the claim to use.\n" + "description": "Claim Name\n" }, "extraConfig": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n" + } }, "identityProviderAlias": { "type": "string", - "description": "The alias of the associated identity provider.\n" + "description": "IDP Alias\n" }, "name": { "type": "string", - "description": "The name of the mapper.\n" + "description": "IDP Mapper Name\n" }, "realm": { "type": "string", - "description": "The name of the realm.\n" + "description": "Realm Name\n" }, "userAttribute": { "type": "string", - "description": "The user attribute or property name to store the mapped result.\n" + "description": "User Attribute\n" } }, "required": [ @@ -2217,41 +2152,40 @@ "inputProperties": { "attributeFriendlyName": { "type": "string", - "description": "For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`.\n" + "description": "Attribute Friendly Name\n" }, "attributeName": { "type": "string", - "description": "For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`.\n" + "description": "Attribute Name\n" }, "claimName": { "type": "string", - "description": "For OIDC based providers, this is the name of the claim to use.\n" + "description": "Claim Name\n" }, "extraConfig": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n" + } }, "identityProviderAlias": { "type": "string", - "description": "The alias of the associated identity provider.\n", + "description": "IDP Alias\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The name of the mapper.\n", + "description": "IDP Mapper Name\n", "willReplaceOnChanges": true }, "realm": { "type": "string", - "description": "The name of the realm.\n", + "description": "Realm Name\n", "willReplaceOnChanges": true }, "userAttribute": { "type": "string", - "description": "The user attribute or property name to store the mapped result.\n" + "description": "User Attribute\n" } }, "requiredInputs": [ @@ -2264,48 +2198,47 @@ "properties": { "attributeFriendlyName": { "type": "string", - "description": "For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`.\n" + "description": "Attribute Friendly Name\n" }, "attributeName": { "type": "string", - "description": "For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`.\n" + "description": "Attribute Name\n" }, "claimName": { "type": "string", - "description": "For OIDC based providers, this is the name of the claim to use.\n" + "description": "Claim Name\n" }, "extraConfig": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n" + } }, "identityProviderAlias": { "type": "string", - "description": "The alias of the associated identity provider.\n", + "description": "IDP Alias\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The name of the mapper.\n", + "description": "IDP Mapper Name\n", "willReplaceOnChanges": true }, "realm": { "type": "string", - "description": "The name of the realm.\n", + "description": "Realm Name\n", "willReplaceOnChanges": true }, "userAttribute": { "type": "string", - "description": "The user attribute or property name to store the mapped result.\n" + "description": "User Attribute\n" } }, "type": "object" } }, "keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper": { - "description": "Allows for creating and managing an attribute to role identity provider mapper within Keycloak.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst oidcAttributeToRoleIdentityMapper = new keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n role: \"my-realm-role\",\n claimName: \"my-claim\",\n claimValue: \"my-value\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\noidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n role=\"my-realm-role\",\n claim_name=\"my-claim\",\n claim_value=\"my-value\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var oidcAttributeToRoleIdentityMapper = new Keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n Role = \"my-realm-role\",\n ClaimName = \"my-claim\",\n ClaimValue = \"my-value\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewAttributeToRoleIdentityMapper(ctx, \"oidcAttributeToRoleIdentityMapper\", \u0026keycloak.AttributeToRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tClaimName: pulumi.String(\"my-claim\"),\n\t\t\tClaimValue: pulumi.String(\"my-value\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapper;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var oidcAttributeToRoleIdentityMapper = new AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", AttributeToRoleIdentityMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .role(\"my-realm-role\")\n .claimName(\"my-claim\")\n .claimValue(\"my-value\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n oidcAttributeToRoleIdentityMapper:\n type: keycloak:AttributeToRoleIdentityMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n role: my-realm-role\n claimName: my-claim\n claimValue: my-value\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\n assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n ", + "description": "Allows for creating and managing an attribute to role identity provider mapper within Keycloak.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst oidcAttributeToRoleIdentityMapper = new keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n role: \"my-realm-role\",\n claimName: \"my-claim\",\n claimValue: \"my-value\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\noidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n role=\"my-realm-role\",\n claim_name=\"my-claim\",\n claim_value=\"my-value\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var oidcAttributeToRoleIdentityMapper = new Keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n Role = \"my-realm-role\",\n ClaimName = \"my-claim\",\n ClaimValue = \"my-value\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewAttributeToRoleIdentityMapper(ctx, \"oidcAttributeToRoleIdentityMapper\", \u0026keycloak.AttributeToRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tClaimName: pulumi.String(\"my-claim\"),\n\t\t\tClaimValue: pulumi.String(\"my-value\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapper;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var oidcAttributeToRoleIdentityMapper = new AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", AttributeToRoleIdentityMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .role(\"my-realm-role\")\n .claimName(\"my-claim\")\n .claimValue(\"my-value\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n oidcAttributeToRoleIdentityMapper:\n type: keycloak:AttributeToRoleIdentityMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n role: my-realm-role\n claimName: my-claim\n claimValue: my-value\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", "properties": { "attributeFriendlyName": { "type": "string", @@ -2464,7 +2397,7 @@ } }, "keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst oidcCustomIdentityProviderMapping = new keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n identityProviderMapper: \"%s-user-attribute-idp-mapper\",\n extraConfig: {\n syncMode: \"INHERIT\",\n Claim: \"my-email-claim\",\n UserAttribute: \"email\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\noidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n identity_provider_mapper=\"%s-user-attribute-idp-mapper\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n \"Claim\": \"my-email-claim\",\n \"UserAttribute\": \"email\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var oidcCustomIdentityProviderMapping = new Keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n IdentityProviderMapper = \"%s-user-attribute-idp-mapper\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n { \"Claim\", \"my-email-claim\" },\n { \"UserAttribute\", \"email\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomIdentityProviderMapping(ctx, \"oidcCustomIdentityProviderMapping\", \u0026keycloak.CustomIdentityProviderMappingArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tIdentityProviderMapper: pulumi.String(\"%s-user-attribute-idp-mapper\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t\t\"Claim\": pulumi.Any(\"my-email-claim\"),\n\t\t\t\t\"UserAttribute\": pulumi.Any(\"email\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.CustomIdentityProviderMapping;\nimport com.pulumi.keycloak.CustomIdentityProviderMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var oidcCustomIdentityProviderMapping = new CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", CustomIdentityProviderMappingArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .identityProviderMapper(\"%s-user-attribute-idp-mapper\")\n .extraConfig(Map.ofEntries(\n Map.entry(\"syncMode\", \"INHERIT\"),\n Map.entry(\"Claim\", \"my-email-claim\"),\n Map.entry(\"UserAttribute\", \"email\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n oidcCustomIdentityProviderMapping:\n type: keycloak:CustomIdentityProviderMapping\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n identityProviderMapper: '%s-user-attribute-idp-mapper'\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n Claim: my-email-claim\n UserAttribute: email\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\n assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n ", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst oidcCustomIdentityProviderMapping = new keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n identityProviderMapper: \"%s-user-attribute-idp-mapper\",\n extraConfig: {\n syncMode: \"INHERIT\",\n Claim: \"my-email-claim\",\n UserAttribute: \"email\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\noidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n identity_provider_mapper=\"%s-user-attribute-idp-mapper\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n \"Claim\": \"my-email-claim\",\n \"UserAttribute\": \"email\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var oidcCustomIdentityProviderMapping = new Keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n IdentityProviderMapper = \"%s-user-attribute-idp-mapper\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n { \"Claim\", \"my-email-claim\" },\n { \"UserAttribute\", \"email\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomIdentityProviderMapping(ctx, \"oidcCustomIdentityProviderMapping\", \u0026keycloak.CustomIdentityProviderMappingArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tIdentityProviderMapper: pulumi.String(\"%s-user-attribute-idp-mapper\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t\t\"Claim\": pulumi.Any(\"my-email-claim\"),\n\t\t\t\t\"UserAttribute\": pulumi.Any(\"email\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.CustomIdentityProviderMapping;\nimport com.pulumi.keycloak.CustomIdentityProviderMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var oidcCustomIdentityProviderMapping = new CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", CustomIdentityProviderMappingArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .identityProviderMapper(\"%s-user-attribute-idp-mapper\")\n .extraConfig(Map.ofEntries(\n Map.entry(\"syncMode\", \"INHERIT\"),\n Map.entry(\"Claim\", \"my-email-claim\"),\n Map.entry(\"UserAttribute\", \"email\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n oidcCustomIdentityProviderMapping:\n type: keycloak:CustomIdentityProviderMapping\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n identityProviderMapper: '%s-user-attribute-idp-mapper'\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n Claim: my-email-claim\n UserAttribute: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", "properties": { "extraConfig": { "type": "object", @@ -2479,7 +2412,7 @@ }, "identityProviderMapper": { "type": "string", - "description": "The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id.\n" + "description": "The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id.\n" }, "name": { "type": "string", @@ -2511,7 +2444,7 @@ }, "identityProviderMapper": { "type": "string", - "description": "The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id.\n" + "description": "The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id.\n" }, "name": { "type": "string", @@ -2546,7 +2479,7 @@ }, "identityProviderMapper": { "type": "string", - "description": "The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id.\n" + "description": "The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id.\n" }, "name": { "type": "string", @@ -2563,26 +2496,24 @@ } }, "keycloak:index/customUserFederation:CustomUserFederation": { - "description": "Allows for creating and managing custom user federation providers within Keycloak.\n\nA custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi).\nAn example of this implementation can be found here.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst customUserFederation = new keycloak.CustomUserFederation(\"customUserFederation\", {\n realmId: realm.id,\n providerId: \"custom\",\n enabled: true,\n config: {\n dummyString: \"foobar\",\n dummyBool: true,\n multivalue: \"value1##value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\ncustom_user_federation = keycloak.CustomUserFederation(\"customUserFederation\",\n realm_id=realm.id,\n provider_id=\"custom\",\n enabled=True,\n config={\n \"dummyString\": \"foobar\",\n \"dummyBool\": True,\n \"multivalue\": \"value1##value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var customUserFederation = new Keycloak.CustomUserFederation(\"customUserFederation\", new()\n {\n RealmId = realm.Id,\n ProviderId = \"custom\",\n Enabled = true,\n Config = \n {\n { \"dummyString\", \"foobar\" },\n { \"dummyBool\", true },\n { \"multivalue\", \"value1##value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomUserFederation(ctx, \"customUserFederation\", \u0026keycloak.CustomUserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tProviderId: pulumi.String(\"custom\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"dummyString\": pulumi.Any(\"foobar\"),\n\t\t\t\t\"dummyBool\": pulumi.Any(true),\n\t\t\t\t\"multivalue\": pulumi.Any(\"value1##value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.CustomUserFederation;\nimport com.pulumi.keycloak.CustomUserFederationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var customUserFederation = new CustomUserFederation(\"customUserFederation\", CustomUserFederationArgs.builder() \n .realmId(realm.id())\n .providerId(\"custom\")\n .enabled(true)\n .config(Map.ofEntries(\n Map.entry(\"dummyString\", \"foobar\"),\n Map.entry(\"dummyBool\", true),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n customUserFederation:\n type: keycloak:CustomUserFederation\n properties:\n realmId: ${realm.id}\n providerId: custom\n enabled: true\n config:\n dummyString: foobar\n dummyBool: true\n multivalue: value1##value2\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCustom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`.\n\n The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/customUserFederation:CustomUserFederation custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n\n ", + "description": "## # keycloak.CustomUserFederation\n\nAllows for creating and managing custom user federation providers within Keycloak.\n\nA custom user federation provider is an implementation of Keycloak's\n[User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi).\nAn example of this implementation can be found here.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst customUserFederation = new keycloak.CustomUserFederation(\"customUserFederation\", {\n enabled: true,\n providerId: \"custom\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\ncustom_user_federation = keycloak.CustomUserFederation(\"customUserFederation\",\n enabled=True,\n provider_id=\"custom\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var customUserFederation = new Keycloak.CustomUserFederation(\"customUserFederation\", new()\n {\n Enabled = true,\n ProviderId = \"custom\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomUserFederation(ctx, \"customUserFederation\", \u0026keycloak.CustomUserFederationArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tProviderId: pulumi.String(\"custom\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.CustomUserFederation;\nimport com.pulumi.keycloak.CustomUserFederationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var customUserFederation = new CustomUserFederation(\"customUserFederation\", CustomUserFederationArgs.builder() \n .enabled(true)\n .providerId(\"custom\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n customUserFederation:\n type: keycloak:CustomUserFederation\n properties:\n enabled: true\n providerId: custom\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this provider will provide user federation for.\n- `name` - (Required) Display name of the provider when displayed in the console.\n- `provider_id` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n- `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n- `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n- `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n\n### Import\n\nCustom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`.\nThe ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n```bash\n$ terraform import keycloak_custom_user_federation.custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n", "properties": { "cachePolicy": { - "type": "string", - "description": "Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n" + "type": "string" }, "changedSyncPeriod": { "type": "integer", - "description": "How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync.\n" + "description": "How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users\nsync.\n" }, "config": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values.\n" + } }, "enabled": { "type": "boolean", - "description": "When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n" + "description": "When false, this provider will not be used when performing queries for users.\n" }, "fullSyncPeriod": { "type": "integer", @@ -2594,19 +2525,19 @@ }, "parentId": { "type": "string", - "description": "Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state.\n" + "description": "The parent_id of the generated component. will use realm_id if not specified.\n" }, "priority": { "type": "integer", - "description": "Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n" + "description": "Priority of this provider when looking up users. Lower values are first.\n" }, "providerId": { "type": "string", - "description": "The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n" + "description": "The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory\ninterface\n" }, "realmId": { "type": "string", - "description": "The realm that this provider will provide user federation for.\n" + "description": "The realm (name) this provider will provide user federation for.\n" } }, "required": [ @@ -2617,23 +2548,21 @@ ], "inputProperties": { "cachePolicy": { - "type": "string", - "description": "Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n" + "type": "string" }, "changedSyncPeriod": { "type": "integer", - "description": "How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync.\n" + "description": "How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users\nsync.\n" }, "config": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values.\n" + } }, "enabled": { "type": "boolean", - "description": "When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n" + "description": "When false, this provider will not be used when performing queries for users.\n" }, "fullSyncPeriod": { "type": "integer", @@ -2645,21 +2574,21 @@ }, "parentId": { "type": "string", - "description": "Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state.\n", + "description": "The parent_id of the generated component. will use realm_id if not specified.\n", "willReplaceOnChanges": true }, "priority": { "type": "integer", - "description": "Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n" + "description": "Priority of this provider when looking up users. Lower values are first.\n" }, "providerId": { "type": "string", - "description": "The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n", + "description": "The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory\ninterface\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm that this provider will provide user federation for.\n", + "description": "The realm (name) this provider will provide user federation for.\n", "willReplaceOnChanges": true } }, @@ -2671,23 +2600,21 @@ "description": "Input properties used for looking up and filtering CustomUserFederation resources.\n", "properties": { "cachePolicy": { - "type": "string", - "description": "Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n" + "type": "string" }, "changedSyncPeriod": { "type": "integer", - "description": "How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync.\n" + "description": "How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users\nsync.\n" }, "config": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values.\n" + } }, "enabled": { "type": "boolean", - "description": "When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n" + "description": "When false, this provider will not be used when performing queries for users.\n" }, "fullSyncPeriod": { "type": "integer", @@ -2699,21 +2626,21 @@ }, "parentId": { "type": "string", - "description": "Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state.\n", + "description": "The parent_id of the generated component. will use realm_id if not specified.\n", "willReplaceOnChanges": true }, "priority": { "type": "integer", - "description": "Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n" + "description": "Priority of this provider when looking up users. Lower values are first.\n" }, "providerId": { "type": "string", - "description": "The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n", + "description": "The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory\ninterface\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm that this provider will provide user federation for.\n", + "description": "The realm (name) this provider will provide user federation for.\n", "willReplaceOnChanges": true } }, @@ -2721,18 +2648,16 @@ } }, "keycloak:index/defaultGroups:DefaultGroups": { - "description": "Allows for managing a realm's default groups.\n\n\u003e You should not use `keycloak.DefaultGroups` with a group whose members are managed by `keycloak.GroupMemberships`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst _default = new keycloak.DefaultGroups(\"default\", {\n realmId: realm.id,\n groupIds: [group.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\ndefault = keycloak.DefaultGroups(\"default\",\n realm_id=realm.id,\n group_ids=[group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var @default = new Keycloak.DefaultGroups(\"default\", new()\n {\n RealmId = realm.Id,\n GroupIds = new[]\n {\n @group.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultGroups(ctx, \"default\", \u0026keycloak.DefaultGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.DefaultGroups;\nimport com.pulumi.keycloak.DefaultGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var default_ = new DefaultGroups(\"default\", DefaultGroupsArgs.builder() \n .realmId(realm.id())\n .groupIds(group.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n default:\n type: keycloak:DefaultGroups\n properties:\n realmId: ${realm.id}\n groupIds:\n - ${group.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDefault groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/defaultGroups:DefaultGroups default my-realm\n```\n\n ", + "description": "## # keycloak.DefaultGroups\n\nAllows for managing a realm's default groups.\n\nNote that you should not use `keycloak.DefaultGroups` with a group with memberships managed\nby `keycloak.GroupMemberships`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst _default = new keycloak.DefaultGroups(\"default\", {\n groupIds: [group.id],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\ndefault = keycloak.DefaultGroups(\"default\",\n group_ids=[group.id],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var @default = new Keycloak.DefaultGroups(\"default\", new()\n {\n GroupIds = new[]\n {\n @group.Id,\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultGroups(ctx, \"default\", \u0026keycloak.DefaultGroupsArgs{\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.DefaultGroups;\nimport com.pulumi.keycloak.DefaultGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var default_ = new DefaultGroups(\"default\", DefaultGroupsArgs.builder() \n .groupIds(group.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n default:\n type: keycloak:DefaultGroups\n properties:\n groupIds:\n - ${group.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_ids` - (Required) A set of group ids that should be default groups on the realm referenced by `realm_id`.\n\n### Import\n\nGroups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in.\n\nExample:\n\n```bash\n$ terraform import keycloak_default_groups.default my-realm\n```\n", "properties": { "groupIds": { "type": "array", "items": { "type": "string" - }, - "description": "A set of group ids that should be default groups on the realm referenced by `realm_id`.\n" + } }, "realmId": { - "type": "string", - "description": "The realm this group exists in.\n" + "type": "string" } }, "required": [ @@ -2744,12 +2669,10 @@ "type": "array", "items": { "type": "string" - }, - "description": "A set of group ids that should be default groups on the realm referenced by `realm_id`.\n" + } }, "realmId": { "type": "string", - "description": "The realm this group exists in.\n", "willReplaceOnChanges": true } }, @@ -2764,12 +2687,10 @@ "type": "array", "items": { "type": "string" - }, - "description": "A set of group ids that should be default groups on the realm referenced by `realm_id`.\n" + } }, "realmId": { "type": "string", - "description": "The realm this group exists in.\n", "willReplaceOnChanges": true } }, @@ -2777,7 +2698,7 @@ } }, "keycloak:index/defaultRoles:DefaultRoles": { - "description": "Allows managing default realm roles within Keycloak.\n\nNote: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Realm Role)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst defaultRoles = new keycloak.DefaultRoles(\"defaultRoles\", {\n realmId: realm.id,\n defaultRoles: [\"uma_authorization\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ndefault_roles = keycloak.DefaultRoles(\"defaultRoles\",\n realm_id=realm.id,\n default_roles=[\"uma_authorization\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var defaultRoles = new Keycloak.DefaultRoles(\"defaultRoles\", new()\n {\n RealmId = realm.Id,\n RoleNames = new[]\n {\n \"uma_authorization\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultRoles(ctx, \"defaultRoles\", \u0026keycloak.DefaultRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDefaultRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"uma_authorization\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.DefaultRoles;\nimport com.pulumi.keycloak.DefaultRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var defaultRoles = new DefaultRoles(\"defaultRoles\", DefaultRolesArgs.builder() \n .realmId(realm.id())\n .defaultRoles(\"uma_authorization\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n defaultRoles:\n type: keycloak:DefaultRoles\n properties:\n realmId: ${realm.id}\n defaultRoles:\n - uma_authorization\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDefault roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite\n\n role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing\n\n the default roles.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d\n```\n\n ", + "description": "Allows managing default realm roles within Keycloak.\n\nNote: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak.\n\n## Example Usage\n\n### Realm Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst defaultRoles = new keycloak.DefaultRoles(\"defaultRoles\", {\n realmId: realm.id,\n defaultRoles: [\"uma_authorization\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ndefault_roles = keycloak.DefaultRoles(\"defaultRoles\",\n realm_id=realm.id,\n default_roles=[\"uma_authorization\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var defaultRoles = new Keycloak.DefaultRoles(\"defaultRoles\", new()\n {\n RealmId = realm.Id,\n RoleNames = new[]\n {\n \"uma_authorization\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultRoles(ctx, \"defaultRoles\", \u0026keycloak.DefaultRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDefaultRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"uma_authorization\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.DefaultRoles;\nimport com.pulumi.keycloak.DefaultRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var defaultRoles = new DefaultRoles(\"defaultRoles\", DefaultRolesArgs.builder() \n .realmId(realm.id())\n .defaultRoles(\"uma_authorization\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n defaultRoles:\n type: keycloak:DefaultRoles\n properties:\n realmId: ${realm.id}\n defaultRoles:\n - uma_authorization\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDefault roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite\n\nrole that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing\n\nthe default roles.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d\n```\n\n", "properties": { "defaultRoles": { "type": "array", @@ -2848,11 +2769,11 @@ } }, "keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper": { - "description": "!\u003e **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `keycloak.GenericProtocolMapper` instead.\n\nAllows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors.\nTherefore, if possible, a specific mapper should be used.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"test-client\",\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"test-client\")\nsaml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientProtocolMapper(ctx, \"samlHardcodeAttributeMapper\", \u0026keycloak.GenericClientProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.Any(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.Any(\"display name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericClientProtocolMapper;\nimport com.pulumi.keycloak.GenericClientProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .build());\n\n var samlHardcodeAttributeMapper = new GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", GenericClientProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n samlHardcodeAttributeMapper:\n type: keycloak:GenericClientProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.GenericClientProtocolMapper\n\nAllows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. \nTherefore, if possible, a specific mapper should be used.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n clientId: \"test-client\",\n realmId: realm.id,\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", {\n clientId: samlClient.id,\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nsaml_client = keycloak.saml.Client(\"samlClient\",\n client_id=\"test-client\",\n realm_id=realm.id)\nsaml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\",\n client_id=saml_client.id,\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n ClientId = \"test-client\",\n RealmId = realm.Id,\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", new()\n {\n ClientId = samlClient.Id,\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientProtocolMapper(ctx, \"samlHardcodeAttributeMapper\", \u0026keycloak.GenericClientProtocolMapperArgs{\n\t\t\tClientId: samlClient.ID(),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.Any(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.Any(\"display name\"),\n\t\t\t},\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericClientProtocolMapper;\nimport com.pulumi.keycloak.GenericClientProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .clientId(\"test-client\")\n .realmId(realm.id())\n .build());\n\n var samlHardcodeAttributeMapper = new GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", GenericClientProtocolMapperArgs.builder() \n .clientId(samlClient.id())\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n samlClient:\n type: keycloak:saml:Client\n properties:\n clientId: test-client\n realmId: ${realm.id}\n samlHardcodeAttributeMapper:\n type: keycloak:GenericClientProtocolMapper\n properties:\n clientId: ${samlClient.id}\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required) The client this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client.\n- `protocol_mapper` - (Required) The name of the protocol mapper. The protocol mapper must be\n compatible with the specified client.\n- `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n\n### Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_generic_client_protocol_mapper.saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "clientId": { "type": "string", - "description": "The client this protocol mapper is attached to.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", @@ -2862,24 +2783,23 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n" + } }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "protocol": { "type": "string", - "description": "The type of client (either `openid-connect` or `saml`). The type must match the type of the client.\n" + "description": "The protocol of the client (openid-connect / saml).\n" }, "protocolMapper": { "type": "string", - "description": "The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n" + "description": "The type of the protocol mapper.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" } }, "required": [ @@ -2892,7 +2812,7 @@ "inputProperties": { "clientId": { "type": "string", - "description": "The client this protocol mapper is attached to.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { @@ -2904,27 +2824,26 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n" + } }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n", + "description": "A human-friendly name that will appear in the Keycloak console.\n", "willReplaceOnChanges": true }, "protocol": { "type": "string", - "description": "The type of client (either `openid-connect` or `saml`). The type must match the type of the client.\n", + "description": "The protocol of the client (openid-connect / saml).\n", "willReplaceOnChanges": true }, "protocolMapper": { "type": "string", - "description": "The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n", + "description": "The type of the protocol mapper.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -2939,7 +2858,7 @@ "properties": { "clientId": { "type": "string", - "description": "The client this protocol mapper is attached to.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { @@ -2951,27 +2870,26 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n" + } }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n", + "description": "A human-friendly name that will appear in the Keycloak console.\n", "willReplaceOnChanges": true }, "protocol": { "type": "string", - "description": "The type of client (either `openid-connect` or `saml`). The type must match the type of the client.\n", + "description": "The protocol of the client (openid-connect / saml).\n", "willReplaceOnChanges": true }, "protocolMapper": { "type": "string", - "description": "The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n", + "description": "The type of the protocol mapper.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -2979,7 +2897,7 @@ } }, "keycloak:index/genericClientRoleMapper:GenericClientRoleMapper": { - "description": "!\u003e **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `keycloak.GenericRoleMapper` instead.\n\nAllow for creating and managing a client's scope mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n`full_scope_allowed` is set to `false` for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Realm Role To Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Role To Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"clientA\", {\n realmId: realm.id,\n clientId: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"clientRoleA\", {\n realmId: realm.id,\n clientId: clientA.id,\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"clientB\", {\n realmId: realm.id,\n clientId: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"clientRoleB\", {\n realmId: realm.id,\n clientId: clientB.id,\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"clientA\",\n realm_id=realm.id,\n client_id=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"clientRoleA\",\n realm_id=realm.id,\n client_id=client_a.id,\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"clientB\",\n realm_id=realm.id,\n client_id=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"clientRoleB\",\n realm_id=realm.id,\n client_id=client_b.id,\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"clientA\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"clientRoleA\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"clientB\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"clientRoleB\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"clientA\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"clientRoleA\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"clientB\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRoleB\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientA.id())\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-a\n enabled: true\n accessType: BEARER-ONLY\n # disable full scope, roles are assigned via keycloak_generic_client_role_mapper\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Realm Role To Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Role To Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: client.id,\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=client.id,\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n ", + "description": "!\u003e **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `keycloak.GenericRoleMapper` instead.\n\nAllow for creating and managing a client's scope mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n`full_scope_allowed` is set to `false` for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n## Example Usage\n\n### Realm Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"clientA\", {\n realmId: realm.id,\n clientId: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"clientRoleA\", {\n realmId: realm.id,\n clientId: clientA.id,\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"clientB\", {\n realmId: realm.id,\n clientId: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"clientRoleB\", {\n realmId: realm.id,\n clientId: clientB.id,\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"clientA\",\n realm_id=realm.id,\n client_id=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"clientRoleA\",\n realm_id=realm.id,\n client_id=client_a.id,\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"clientB\",\n realm_id=realm.id,\n client_id=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"clientRoleB\",\n realm_id=realm.id,\n client_id=client_b.id,\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"clientA\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"clientRoleA\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"clientB\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"clientRoleB\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"clientA\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"clientRoleA\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"clientB\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRoleB\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientA.id())\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-a\n enabled: true\n accessType: BEARER-ONLY\n # disable full scope, roles are assigned via keycloak_generic_client_role_mapper\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Realm Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: client.id,\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=client.id,\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n- When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n- When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n", "properties": { "clientId": { "type": "string", @@ -3056,7 +2974,7 @@ } }, "keycloak:index/genericProtocolMapper:GenericProtocolMapper": { - "description": "Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors.\nTherefore, if possible, a specific mapper should be used instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"test-client\",\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"test-client\")\nsaml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericProtocolMapper(ctx, \"samlHardcodeAttributeMapper\", \u0026keycloak.GenericProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.Any(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.Any(\"display name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericProtocolMapper;\nimport com.pulumi.keycloak.GenericProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .build());\n\n var samlHardcodeAttributeMapper = new GenericProtocolMapper(\"samlHardcodeAttributeMapper\", GenericProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n samlHardcodeAttributeMapper:\n type: keycloak:GenericProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors.\nTherefore, if possible, a specific mapper should be used instead.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"test-client\",\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"test-client\")\nsaml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericProtocolMapper(ctx, \"samlHardcodeAttributeMapper\", \u0026keycloak.GenericProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.Any(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.Any(\"display name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericProtocolMapper;\nimport com.pulumi.keycloak.GenericProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .build());\n\n var samlHardcodeAttributeMapper = new GenericProtocolMapper(\"samlHardcodeAttributeMapper\", GenericProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n samlHardcodeAttributeMapper:\n type: keycloak:GenericProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "clientId": { "type": "string", @@ -3187,7 +3105,7 @@ } }, "keycloak:index/genericRoleMapper:GenericRoleMapper": { - "description": "Allow for creating and managing a client's or client scope's role mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n`full_scope_allowed` is set to `false` for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Realm Role To Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Role To Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"clientA\", {\n realmId: realm.id,\n clientId: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"clientRoleA\", {\n realmId: realm.id,\n clientId: clientA.id,\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"clientB\", {\n realmId: realm.id,\n clientId: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"clientRoleB\", {\n realmId: realm.id,\n clientId: clientB.id,\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"clientA\",\n realm_id=realm.id,\n client_id=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"clientRoleA\",\n realm_id=realm.id,\n client_id=client_a.id,\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"clientB\",\n realm_id=realm.id,\n client_id=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"clientRoleB\",\n realm_id=realm.id,\n client_id=client_b.id,\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"clientA\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"clientRoleA\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"clientB\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"clientRoleB\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"clientA\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"clientRoleA\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"clientB\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRoleB\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientA.id())\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-a\n enabled: true\n accessType: BEARER-ONLY\n # disable full scope, roles are assigned via keycloak_generic_role_mapper\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Realm Role To Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Role To Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: client.id,\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=client.id,\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n ", + "description": "Allow for creating and managing a client's or client scope's role mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n`full_scope_allowed` is set to `false` for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n## Example Usage\n\n### Realm Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"clientA\", {\n realmId: realm.id,\n clientId: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"clientRoleA\", {\n realmId: realm.id,\n clientId: clientA.id,\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"clientB\", {\n realmId: realm.id,\n clientId: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"clientRoleB\", {\n realmId: realm.id,\n clientId: clientB.id,\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"clientA\",\n realm_id=realm.id,\n client_id=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"clientRoleA\",\n realm_id=realm.id,\n client_id=client_a.id,\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"clientB\",\n realm_id=realm.id,\n client_id=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"clientRoleB\",\n realm_id=realm.id,\n client_id=client_b.id,\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"clientA\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"clientRoleA\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"clientB\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"clientRoleB\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"clientA\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"clientRoleA\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"clientB\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRoleB\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientA.id())\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-a\n enabled: true\n accessType: BEARER-ONLY\n # disable full scope, roles are assigned via keycloak_generic_role_mapper\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Realm Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: client.id,\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=client.id,\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n- When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n- When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n", "properties": { "clientId": { "type": "string", @@ -3264,30 +3182,25 @@ } }, "keycloak:index/group:Group": { - "description": "Allows for creating and managing Groups within Keycloak.\n\nGroups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and\ngroup membership can be mapped to a claim.\n\nAttributes can also be defined on Groups.\n\nGroups can also be federated from external data sources, such as LDAP or Active Directory. This resource **should not**\nbe used to manage groups that were created this way.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst parentGroup = new keycloak.Group(\"parentGroup\", {realmId: realm.id});\nconst childGroup = new keycloak.Group(\"childGroup\", {\n realmId: realm.id,\n parentId: parentGroup.id,\n});\nconst childGroupWithOptionalAttributes = new keycloak.Group(\"childGroupWithOptionalAttributes\", {\n realmId: realm.id,\n parentId: parentGroup.id,\n attributes: {\n foo: \"bar\",\n multivalue: \"value1##value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nparent_group = keycloak.Group(\"parentGroup\", realm_id=realm.id)\nchild_group = keycloak.Group(\"childGroup\",\n realm_id=realm.id,\n parent_id=parent_group.id)\nchild_group_with_optional_attributes = keycloak.Group(\"childGroupWithOptionalAttributes\",\n realm_id=realm.id,\n parent_id=parent_group.id,\n attributes={\n \"foo\": \"bar\",\n \"multivalue\": \"value1##value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var parentGroup = new Keycloak.Group(\"parentGroup\", new()\n {\n RealmId = realm.Id,\n });\n\n var childGroup = new Keycloak.Group(\"childGroup\", new()\n {\n RealmId = realm.Id,\n ParentId = parentGroup.Id,\n });\n\n var childGroupWithOptionalAttributes = new Keycloak.Group(\"childGroupWithOptionalAttributes\", new()\n {\n RealmId = realm.Id,\n ParentId = parentGroup.Id,\n Attributes = \n {\n { \"foo\", \"bar\" },\n { \"multivalue\", \"value1##value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparentGroup, err := keycloak.NewGroup(ctx, \"parentGroup\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"childGroup\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentId: parentGroup.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"childGroupWithOptionalAttributes\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t\t\"multivalue\": pulumi.Any(\"value1##value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var parentGroup = new Group(\"parentGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var childGroup = new Group(\"childGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .parentId(parentGroup.id())\n .build());\n\n var childGroupWithOptionalAttributes = new Group(\"childGroupWithOptionalAttributes\", GroupArgs.builder() \n .realmId(realm.id())\n .parentId(parentGroup.id())\n .attributes(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n parentGroup:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n childGroup:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n parentId: ${parentGroup.id}\n childGroupWithOptionalAttributes:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n parentId: ${parentGroup.id}\n attributes:\n foo: bar\n multivalue: value1##value2\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGroups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak\n\n assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/group:Group child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd\n```\n\n ", + "description": "## # keycloak.Group\n\nAllows for creating and managing Groups within Keycloak.\n\nGroups provide a logical wrapping for users within Keycloak. Users within a\ngroup can share attributes and roles, and group membership can be mapped\nto a claim.\n\nAttributes can also be defined on Groups.\n\nGroups can also be federated from external data sources, such as LDAP or Active Directory.\nThis resource **should not** be used to manage groups that were created this way.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst parentGroup = new keycloak.Group(\"parentGroup\", {realmId: realm.id});\nconst childGroup = new keycloak.Group(\"childGroup\", {\n parentId: parentGroup.id,\n realmId: realm.id,\n});\nconst childGroupWithOptionalAttributes = new keycloak.Group(\"childGroupWithOptionalAttributes\", {\n attributes: {\n key1: \"value1\",\n key2: \"value2\",\n },\n parentId: parentGroup.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nparent_group = keycloak.Group(\"parentGroup\", realm_id=realm.id)\nchild_group = keycloak.Group(\"childGroup\",\n parent_id=parent_group.id,\n realm_id=realm.id)\nchild_group_with_optional_attributes = keycloak.Group(\"childGroupWithOptionalAttributes\",\n attributes={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n },\n parent_id=parent_group.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var parentGroup = new Keycloak.Group(\"parentGroup\", new()\n {\n RealmId = realm.Id,\n });\n\n var childGroup = new Keycloak.Group(\"childGroup\", new()\n {\n ParentId = parentGroup.Id,\n RealmId = realm.Id,\n });\n\n var childGroupWithOptionalAttributes = new Keycloak.Group(\"childGroupWithOptionalAttributes\", new()\n {\n Attributes = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n ParentId = parentGroup.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparentGroup, err := keycloak.NewGroup(ctx, \"parentGroup\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"childGroup\", \u0026keycloak.GroupArgs{\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"childGroupWithOptionalAttributes\", \u0026keycloak.GroupArgs{\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key1\": pulumi.Any(\"value1\"),\n\t\t\t\t\"key2\": pulumi.Any(\"value2\"),\n\t\t\t},\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var parentGroup = new Group(\"parentGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var childGroup = new Group(\"childGroup\", GroupArgs.builder() \n .parentId(parentGroup.id())\n .realmId(realm.id())\n .build());\n\n var childGroupWithOptionalAttributes = new Group(\"childGroupWithOptionalAttributes\", GroupArgs.builder() \n .attributes(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .parentId(parentGroup.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n parentGroup:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n childGroup:\n type: keycloak:Group\n properties:\n parentId: ${parentGroup.id}\n realmId: ${realm.id}\n childGroupWithOptionalAttributes:\n type: keycloak:Group\n properties:\n attributes:\n key1: value1\n key2: value2\n parentId: ${parentGroup.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `parent_id` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level.\n- `name` - (Required) The name of the group.\n- `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`.\n\n### Import\n\nGroups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak\nassigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_group.child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd\n```\n", "properties": { "attributes": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "name": { - "type": "string", - "description": "The name of the group.\n" + "type": "string" }, "parentId": { - "type": "string", - "description": "The ID of this group's parent. If omitted, this group will be defined at the root level.\n" + "type": "string" }, "path": { - "type": "string", - "description": "(Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this group exists in.\n" + "type": "string" } }, "required": [ @@ -3300,21 +3213,17 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "name": { - "type": "string", - "description": "The name of the group.\n" + "type": "string" }, "parentId": { "type": "string", - "description": "The ID of this group's parent. If omitted, this group will be defined at the root level.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this group exists in.\n", "willReplaceOnChanges": true } }, @@ -3328,25 +3237,20 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "name": { - "type": "string", - "description": "The name of the group.\n" + "type": "string" }, "parentId": { "type": "string", - "description": "The ID of this group's parent. If omitted, this group will be defined at the root level.\n", "willReplaceOnChanges": true }, "path": { - "type": "string", - "description": "(Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this group exists in.\n", "willReplaceOnChanges": true } }, @@ -3354,22 +3258,19 @@ } }, "keycloak:index/groupMemberships:GroupMemberships": { - "description": "Allows for managing a Keycloak group's members.\n\nNote that this resource attempts to be an **authoritative** source over group members. When this resource takes control\nover a group's members, users that are manually added to the group will be removed, and users that are manually removed\nfrom the group will be added upon the next run of `pulumi up`.\n\nAlso note that you should not use `keycloak.GroupMemberships` with a group has been assigned as a default group via\n`keycloak.DefaultGroups`.\n\nThis resource **should not** be used to control membership of a group that has its members federated from an external\nsource via group mapping.\n\nTo non-exclusively manage the group's of a user, see the [`keycloak.UserGroups` resource][1]\n\nThis resource paginates its data loading on refresh by 50 items.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst groupMembers = new keycloak.GroupMemberships(\"groupMembers\", {\n realmId: realm.id,\n groupId: group.id,\n members: [user.username],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\ngroup_members = keycloak.GroupMemberships(\"groupMembers\",\n realm_id=realm.id,\n group_id=group.id,\n members=[user.username])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var groupMembers = new Keycloak.GroupMemberships(\"groupMembers\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Members = new[]\n {\n user.Username,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupMemberships(ctx, \"groupMembers\", \u0026keycloak.GroupMembershipsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tuser.Username,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.GroupMemberships;\nimport com.pulumi.keycloak.GroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var groupMembers = new GroupMemberships(\"groupMembers\", GroupMembershipsArgs.builder() \n .realmId(realm.id())\n .groupId(group.id())\n .members(user.username())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n groupMembers:\n type: keycloak:GroupMemberships\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n members:\n - ${user.username}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\n\n as if it did not already exist on the server.\n\n [1]: providers/mrparkers/keycloak/latest/docs/resources/group_memberships\n\n ", + "description": "## # keycloak.GroupMemberships\n\nAllows for managing a Keycloak group's members.\n\nNote that this resource attempts to be an **authoritative** source over group members.\nWhen this resource takes control over a group's members, users that are manually added\nto the group will be removed, and users that are manually removed from the group will\nbe added upon the next run of `pulumi up`. Eventually, a non-authoritative resource\nfor group membership will be added to this provider.\n\nAlso note that you should not use `keycloak.GroupMemberships` with a group has been assigned\nas a default group via `keycloak.DefaultGroups`.\n\nThis resource **should not** be used to control membership of a group that has its members\nfederated from an external source via group mapping.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst groupMembers = new keycloak.GroupMemberships(\"groupMembers\", {\n groupId: group.id,\n members: [user.username],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\ngroup_members = keycloak.GroupMemberships(\"groupMembers\",\n group_id=group.id,\n members=[user.username],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var groupMembers = new Keycloak.GroupMemberships(\"groupMembers\", new()\n {\n GroupId = @group.Id,\n Members = new[]\n {\n user.Username,\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupMemberships(ctx, \"groupMembers\", \u0026keycloak.GroupMembershipsArgs{\n\t\t\tGroupId: group.ID(),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tuser.Username,\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.GroupMemberships;\nimport com.pulumi.keycloak.GroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var groupMembers = new GroupMemberships(\"groupMembers\", GroupMembershipsArgs.builder() \n .groupId(group.id())\n .members(user.username())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n groupMembers:\n type: keycloak:GroupMemberships\n properties:\n groupId: ${group.id}\n members:\n - ${user.username}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_id` - (Required) The ID of the group this resource should manage memberships for.\n- `members` - (Required) An array of usernames that belong to this group.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", "properties": { "groupId": { - "type": "string", - "description": "The ID of the group this resource should manage memberships for.\n" + "type": "string" }, "members": { "type": "array", "items": { "type": "string" - }, - "description": "A list of usernames that belong to this group.\n" + } }, "realmId": { - "type": "string", - "description": "The realm this group exists in.\n" + "type": "string" } }, "required": [ @@ -3379,19 +3280,16 @@ "inputProperties": { "groupId": { "type": "string", - "description": "The ID of the group this resource should manage memberships for.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - }, - "description": "A list of usernames that belong to this group.\n" + } }, "realmId": { "type": "string", - "description": "The realm this group exists in.\n", "willReplaceOnChanges": true } }, @@ -3404,19 +3302,16 @@ "properties": { "groupId": { "type": "string", - "description": "The ID of the group this resource should manage memberships for.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - }, - "description": "A list of usernames that belong to this group.\n" + } }, "realmId": { "type": "string", - "description": "The realm this group exists in.\n", "willReplaceOnChanges": true } }, @@ -3528,26 +3423,22 @@ } }, "keycloak:index/groupRoles:GroupRoles": { - "description": "Allows you to manage roles assigned to a Keycloak group.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the\ngroup will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple `keycloak.GroupRoles` for the same `group_id`.\n\nNote that when assigning composite roles to a group, you may see a non-empty plan following a `pulumi up` if you\nassign a role and a composite that includes that role to the same group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Exhaustive Roles)\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst groupRoles = new keycloak.GroupRoles(\"groupRoles\", {\n realmId: realm.id,\n groupId: group.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\")\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\ngroup_roles = keycloak.GroupRoles(\"groupRoles\",\n realm_id=realm.id,\n group_id=group.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"groupRoles\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"groupRoles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .realmId(realm.id())\n .groupId(group.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Non Exhaustive Roles)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst groupRoleAssociation1 = new keycloak.GroupRoles(\"groupRoleAssociation1\", {\n realmId: realm.id,\n groupId: group.id,\n exhaustive: false,\n roleIds: [realmRole.id],\n});\nconst groupRoleAssociation2 = new keycloak.GroupRoles(\"groupRoleAssociation2\", {\n realmId: realm.id,\n groupId: group.id,\n exhaustive: false,\n roleIds: [clientRole.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\")\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\ngroup_role_association1 = keycloak.GroupRoles(\"groupRoleAssociation1\",\n realm_id=realm.id,\n group_id=group.id,\n exhaustive=False,\n role_ids=[realm_role.id])\ngroup_role_association2 = keycloak.GroupRoles(\"groupRoleAssociation2\",\n realm_id=realm.id,\n group_id=group.id,\n exhaustive=False,\n role_ids=[client_role.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupRoleAssociation1 = new Keycloak.GroupRoles(\"groupRoleAssociation1\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Exhaustive = false,\n RoleIds = new[]\n {\n realmRole.Id,\n },\n });\n\n var groupRoleAssociation2 = new Keycloak.GroupRoles(\"groupRoleAssociation2\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Exhaustive = false,\n RoleIds = new[]\n {\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"groupRoleAssociation1\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"groupRoleAssociation2\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupRoleAssociation1 = new GroupRoles(\"groupRoleAssociation1\", GroupRolesArgs.builder() \n .realmId(realm.id())\n .groupId(group.id())\n .exhaustive(false)\n .roleIds(realmRole.id())\n .build());\n\n var groupRoleAssociation2 = new GroupRoles(\"groupRoleAssociation2\", GroupRolesArgs.builder() \n .realmId(realm.id())\n .groupId(group.id())\n .exhaustive(false)\n .roleIds(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupRoleAssociation1:\n type: keycloak:GroupRoles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n exhaustive: false\n roleIds:\n - ${realmRole.id}\n groupRoleAssociation2:\n type: keycloak:GroupRoles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n exhaustive: false\n roleIds:\n - ${clientRole.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak\n\n assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically\n\n a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/groupRoles:GroupRoles group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94\n```\n\n ", + "description": "## # keycloak.GroupRoles\n\nAllows you to manage roles assigned to a Keycloak group.\n\nNote that this resource attempts to be an **authoritative** source over\ngroup roles. When this resource takes control over a group's roles,\nroles that are manually added to the group will be removed, and roles\nthat are manually removed from the group will be added upon the next run\nof `pulumi up`.\n\nNote that when assigning composite roles to a group, you may see a\nnon-empty plan following a `pulumi up` if you assign a role and a\ncomposite that includes that role to the same group.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n description: \"My Realm Role\",\n realmId: realm.id,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"BEARER-ONLY\",\n clientId: \"client\",\n enabled: true,\n realmId: realm.id,\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n realmId: realm.id,\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst groupRoles = new keycloak.GroupRoles(\"groupRoles\", {\n groupId: group.id,\n realmId: realm.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nrealm_role = keycloak.Role(\"realmRole\",\n description=\"My Realm Role\",\n realm_id=realm.id)\nclient = keycloak.openid.Client(\"client\",\n access_type=\"BEARER-ONLY\",\n client_id=\"client\",\n enabled=True,\n realm_id=realm.id)\nclient_role = keycloak.Role(\"clientRole\",\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\",\n realm_id=realm.id)\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\ngroup_roles = keycloak.GroupRoles(\"groupRoles\",\n group_id=group.id,\n realm_id=realm.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n Description = \"My Realm Role\",\n RealmId = realm.Id,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"BEARER-ONLY\",\n ClientId = \"client\",\n Enabled = true,\n RealmId = realm.Id,\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n RealmId = realm.Id,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"groupRoles\", new()\n {\n GroupId = @group.Id,\n RealmId = realm.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"groupRoles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tGroupId: group.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .description(\"My Realm Role\")\n .realmId(realm.id())\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"BEARER-ONLY\")\n .clientId(\"client\")\n .enabled(true)\n .realmId(realm.id())\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .realmId(realm.id())\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .groupId(group.id())\n .realmId(realm.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n realmRole:\n type: keycloak:Role\n properties:\n description: My Realm Role\n realmId: ${realm.id}\n client:\n type: keycloak:openid:Client\n properties:\n accessType: BEARER-ONLY\n clientId: client\n enabled: true\n realmId: ${realm.id}\n clientRole:\n type: keycloak:Role\n properties:\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n realmId: ${realm.id}\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n groupId: ${group.id}\n realmId: ${realm.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_id` - (Required) The ID of the group this resource should\n manage roles for.\n- `role_ids` - (Required) A list of role IDs to map to the group\n\n### Import\n\nThis resource can be imported using the format\n`{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that\nKeycloak assigns to the group upon creation. This value can be found in\nthe URI when editing this group in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_group_roles.group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94\n```\n", "properties": { "exhaustive": { - "type": "boolean", - "description": "Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`.\n" + "type": "boolean" }, "groupId": { - "type": "string", - "description": "The ID of the group this resource should manage roles for.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this group exists in.\n" + "type": "string" }, "roleIds": { "type": "array", "items": { "type": "string" - }, - "description": "A list of role IDs to map to the group.\n" + } } }, "required": [ @@ -3557,25 +3448,21 @@ ], "inputProperties": { "exhaustive": { - "type": "boolean", - "description": "Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`.\n" + "type": "boolean" }, "groupId": { "type": "string", - "description": "The ID of the group this resource should manage roles for.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this group exists in.\n", "willReplaceOnChanges": true }, "roleIds": { "type": "array", "items": { "type": "string" - }, - "description": "A list of role IDs to map to the group.\n" + } } }, "requiredInputs": [ @@ -3587,32 +3474,28 @@ "description": "Input properties used for looking up and filtering GroupRoles resources.\n", "properties": { "exhaustive": { - "type": "boolean", - "description": "Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`.\n" + "type": "boolean" }, "groupId": { "type": "string", - "description": "The ID of the group this resource should manage roles for.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this group exists in.\n", "willReplaceOnChanges": true }, "roleIds": { "type": "array", "items": { "type": "string" - }, - "description": "A list of role IDs to map to the group.\n" + } } }, "type": "object" } }, "keycloak:index/hardcodedAttributeIdentityProviderMapper:HardcodedAttributeIdentityProviderMapper": { - "description": "Allows for creating and managing hardcoded attribute mappers for Keycloak identity provider.\n\nThe identity provider hardcoded attribute mapper will set the specified value to the IDP attribute.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst oidcHardcodedAttributeIdentityProviderMapper = new keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n attributeName: \"attribute\",\n attributeValue: \"value\",\n userSession: true,\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\noidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n attribute_name=\"attribute\",\n attribute_value=\"value\",\n user_session=True,\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var oidcHardcodedAttributeIdentityProviderMapper = new Keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n AttributeName = \"attribute\",\n AttributeValue = \"value\",\n UserSession = true,\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedAttributeIdentityProviderMapper(ctx, \"oidcHardcodedAttributeIdentityProviderMapper\", \u0026keycloak.HardcodedAttributeIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tAttributeName: pulumi.String(\"attribute\"),\n\t\t\tAttributeValue: pulumi.String(\"value\"),\n\t\t\tUserSession: pulumi.Bool(true),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapper;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var oidcHardcodedAttributeIdentityProviderMapper = new HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", HardcodedAttributeIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .attributeName(\"attribute\")\n .attributeValue(\"value\")\n .userSession(true)\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n oidcHardcodedAttributeIdentityProviderMapper:\n type: keycloak:HardcodedAttributeIdentityProviderMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n attributeName: attribute\n attributeValue: value\n userSession: true\n extraConfig:\n syncMode: INHERIT\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Allows for creating and managing hardcoded attribute mappers for Keycloak identity provider.\n\nThe identity provider hardcoded attribute mapper will set the specified value to the IDP attribute.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst oidcHardcodedAttributeIdentityProviderMapper = new keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n attributeName: \"attribute\",\n attributeValue: \"value\",\n userSession: true,\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\noidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n attribute_name=\"attribute\",\n attribute_value=\"value\",\n user_session=True,\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var oidcHardcodedAttributeIdentityProviderMapper = new Keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n AttributeName = \"attribute\",\n AttributeValue = \"value\",\n UserSession = true,\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedAttributeIdentityProviderMapper(ctx, \"oidcHardcodedAttributeIdentityProviderMapper\", \u0026keycloak.HardcodedAttributeIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tAttributeName: pulumi.String(\"attribute\"),\n\t\t\tAttributeValue: pulumi.String(\"value\"),\n\t\t\tUserSession: pulumi.Bool(true),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapper;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var oidcHardcodedAttributeIdentityProviderMapper = new HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", HardcodedAttributeIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .attributeName(\"attribute\")\n .attributeValue(\"value\")\n .userSession(true)\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n oidcHardcodedAttributeIdentityProviderMapper:\n type: keycloak:HardcodedAttributeIdentityProviderMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n attributeName: attribute\n attributeValue: value\n userSession: true\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "attributeName": { "type": "string", @@ -3734,7 +3617,7 @@ } }, "keycloak:index/hardcodedRoleIdentityMapper:HardcodedRoleIdentityMapper": { - "description": "Allows for creating and managing hardcoded role mappers for Keycloak identity provider.\n\nThe identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst oidcHardcodedRoleIdentityMapper = new keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n role: \"my-realm-role\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\noidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n role=\"my-realm-role\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var oidcHardcodedRoleIdentityMapper = new Keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n Role = \"my-realm-role\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedRoleIdentityMapper(ctx, \"oidcHardcodedRoleIdentityMapper\", \u0026keycloak.HardcodedRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapper;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var oidcHardcodedRoleIdentityMapper = new HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", HardcodedRoleIdentityMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .role(\"my-realm-role\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n oidcHardcodedRoleIdentityMapper:\n type: keycloak:HardcodedRoleIdentityMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n role: my-realm-role\n extraConfig:\n syncMode: INHERIT\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Allows for creating and managing hardcoded role mappers for Keycloak identity provider.\n\nThe identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst oidcHardcodedRoleIdentityMapper = new keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n role: \"my-realm-role\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\noidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n role=\"my-realm-role\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var oidcHardcodedRoleIdentityMapper = new Keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n Role = \"my-realm-role\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedRoleIdentityMapper(ctx, \"oidcHardcodedRoleIdentityMapper\", \u0026keycloak.HardcodedRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapper;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var oidcHardcodedRoleIdentityMapper = new HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", HardcodedRoleIdentityMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .role(\"my-realm-role\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n oidcHardcodedRoleIdentityMapper:\n type: keycloak:HardcodedRoleIdentityMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n role: my-realm-role\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "extraConfig": { "type": "object", @@ -3828,7 +3711,7 @@ } }, "keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst tokenExchangeRealm = new keycloak.Realm(\"tokenExchangeRealm\", {\n realm: \"token-exchange_destination_realm\",\n enabled: true,\n});\nconst tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", {\n realm: tokenExchangeRealm.id,\n alias: \"myIdp\",\n authorizationUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n tokenUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n clientId: \"clientId\",\n clientSecret: \"secret\",\n defaultScopes: \"openid\",\n});\nconst token_exchangeWebappClient = new keycloak.openid.Client(\"token-exchangeWebappClient\", {\n realmId: tokenExchangeRealm.id,\n clientId: \"webapp_client\",\n clientSecret: \"secret\",\n description: \"a webapp client on the destination realm\",\n accessType: \"CONFIDENTIAL\",\n standardFlowEnabled: true,\n validRedirectUris: [\"http://localhost:8080/*\"],\n});\n//relevant part\nconst oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", {\n realmId: tokenExchangeRealm.id,\n providerAlias: tokenExchangeMyOidcIdp.alias,\n policyType: \"client\",\n clients: [token_exchangeWebappClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntoken_exchange_realm = keycloak.Realm(\"tokenExchangeRealm\",\n realm=\"token-exchange_destination_realm\",\n enabled=True)\ntoken_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\",\n realm=token_exchange_realm.id,\n alias=\"myIdp\",\n authorization_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n token_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n client_id=\"clientId\",\n client_secret=\"secret\",\n default_scopes=\"openid\")\ntoken_exchange_webapp_client = keycloak.openid.Client(\"token-exchangeWebappClient\",\n realm_id=token_exchange_realm.id,\n client_id=\"webapp_client\",\n client_secret=\"secret\",\n description=\"a webapp client on the destination realm\",\n access_type=\"CONFIDENTIAL\",\n standard_flow_enabled=True,\n valid_redirect_uris=[\"http://localhost:8080/*\"])\n#relevant part\noidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\",\n realm_id=token_exchange_realm.id,\n provider_alias=token_exchange_my_oidc_idp.alias,\n policy_type=\"client\",\n clients=[token_exchange_webapp_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tokenExchangeRealm = new Keycloak.Realm(\"tokenExchangeRealm\", new()\n {\n RealmName = \"token-exchange_destination_realm\",\n Enabled = true,\n });\n\n var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", new()\n {\n Realm = tokenExchangeRealm.Id,\n Alias = \"myIdp\",\n AuthorizationUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n TokenUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n ClientId = \"clientId\",\n ClientSecret = \"secret\",\n DefaultScopes = \"openid\",\n });\n\n var token_exchangeWebappClient = new Keycloak.OpenId.Client(\"token-exchangeWebappClient\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ClientId = \"webapp_client\",\n ClientSecret = \"secret\",\n Description = \"a webapp client on the destination realm\",\n AccessType = \"CONFIDENTIAL\",\n StandardFlowEnabled = true,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/*\",\n },\n });\n\n //relevant part\n var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ProviderAlias = tokenExchangeMyOidcIdp.Alias,\n PolicyType = \"client\",\n Clients = new[]\n {\n token_exchangeWebappClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttokenExchangeRealm, err := keycloak.NewRealm(ctx, \"tokenExchangeRealm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"token-exchange_destination_realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, \"tokenExchangeMyOidcIdp\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: tokenExchangeRealm.ID(),\n\t\t\tAlias: pulumi.String(\"myIdp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\"),\n\t\t\tClientId: pulumi.String(\"clientId\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"token-exchangeWebappClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tClientId: pulumi.String(\"webapp_client\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDescription: pulumi.String(\"a webapp client on the destination realm\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tStandardFlowEnabled: pulumi.Bool(true),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/*\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// relevant part\n\t\t_, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, \"oidcIdpPermission\", \u0026keycloak.IdentityProviderTokenExchangeScopePermissionArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tProviderAlias: tokenExchangeMyOidcIdp.Alias,\n\t\t\tPolicyType: pulumi.String(\"client\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\ttoken_exchangeWebappClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermission;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tokenExchangeRealm = new Realm(\"tokenExchangeRealm\", RealmArgs.builder() \n .realm(\"token-exchange_destination_realm\")\n .enabled(true)\n .build());\n\n var tokenExchangeMyOidcIdp = new IdentityProvider(\"tokenExchangeMyOidcIdp\", IdentityProviderArgs.builder() \n .realm(tokenExchangeRealm.id())\n .alias(\"myIdp\")\n .authorizationUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\")\n .tokenUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\")\n .clientId(\"clientId\")\n .clientSecret(\"secret\")\n .defaultScopes(\"openid\")\n .build());\n\n var token_exchangeWebappClient = new Client(\"token-exchangeWebappClient\", ClientArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .clientId(\"webapp_client\")\n .clientSecret(\"secret\")\n .description(\"a webapp client on the destination realm\")\n .accessType(\"CONFIDENTIAL\")\n .standardFlowEnabled(true)\n .validRedirectUris(\"http://localhost:8080/*\")\n .build());\n\n var oidcIdpPermission = new IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", IdentityProviderTokenExchangeScopePermissionArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .providerAlias(tokenExchangeMyOidcIdp.alias())\n .policyType(\"client\")\n .clients(token_exchangeWebappClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tokenExchangeRealm:\n type: keycloak:Realm\n properties:\n realm: token-exchange_destination_realm\n enabled: true\n tokenExchangeMyOidcIdp:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${tokenExchangeRealm.id}\n alias: myIdp\n authorizationUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\n tokenUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\n clientId: clientId\n clientSecret: secret\n defaultScopes: openid\n token-exchangeWebappClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${tokenExchangeRealm.id}\n clientId: webapp_client\n clientSecret: secret\n description: a webapp client on the destination realm\n accessType: CONFIDENTIAL\n standardFlowEnabled: true\n validRedirectUris:\n - http://localhost:8080/*\n # relevant part\n oidcIdpPermission:\n type: keycloak:IdentityProviderTokenExchangeScopePermission\n properties:\n realmId: ${tokenExchangeRealm.id}\n providerAlias: ${tokenExchangeMyOidcIdp.alias}\n policyType: client\n clients:\n - ${[\"token-exchangeWebappClient\"].id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that\n\n you assign to the identity provider upon creation.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp\n```\n\n ", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst tokenExchangeRealm = new keycloak.Realm(\"tokenExchangeRealm\", {\n realm: \"token-exchange_destination_realm\",\n enabled: true,\n});\nconst tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", {\n realm: tokenExchangeRealm.id,\n alias: \"myIdp\",\n authorizationUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n tokenUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n clientId: \"clientId\",\n clientSecret: \"secret\",\n defaultScopes: \"openid\",\n});\nconst token_exchangeWebappClient = new keycloak.openid.Client(\"token-exchangeWebappClient\", {\n realmId: tokenExchangeRealm.id,\n clientId: \"webapp_client\",\n clientSecret: \"secret\",\n description: \"a webapp client on the destination realm\",\n accessType: \"CONFIDENTIAL\",\n standardFlowEnabled: true,\n validRedirectUris: [\"http://localhost:8080/*\"],\n});\n//relevant part\nconst oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", {\n realmId: tokenExchangeRealm.id,\n providerAlias: tokenExchangeMyOidcIdp.alias,\n policyType: \"client\",\n clients: [token_exchangeWebappClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntoken_exchange_realm = keycloak.Realm(\"tokenExchangeRealm\",\n realm=\"token-exchange_destination_realm\",\n enabled=True)\ntoken_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\",\n realm=token_exchange_realm.id,\n alias=\"myIdp\",\n authorization_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n token_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n client_id=\"clientId\",\n client_secret=\"secret\",\n default_scopes=\"openid\")\ntoken_exchange_webapp_client = keycloak.openid.Client(\"token-exchangeWebappClient\",\n realm_id=token_exchange_realm.id,\n client_id=\"webapp_client\",\n client_secret=\"secret\",\n description=\"a webapp client on the destination realm\",\n access_type=\"CONFIDENTIAL\",\n standard_flow_enabled=True,\n valid_redirect_uris=[\"http://localhost:8080/*\"])\n#relevant part\noidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\",\n realm_id=token_exchange_realm.id,\n provider_alias=token_exchange_my_oidc_idp.alias,\n policy_type=\"client\",\n clients=[token_exchange_webapp_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tokenExchangeRealm = new Keycloak.Realm(\"tokenExchangeRealm\", new()\n {\n RealmName = \"token-exchange_destination_realm\",\n Enabled = true,\n });\n\n var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", new()\n {\n Realm = tokenExchangeRealm.Id,\n Alias = \"myIdp\",\n AuthorizationUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n TokenUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n ClientId = \"clientId\",\n ClientSecret = \"secret\",\n DefaultScopes = \"openid\",\n });\n\n var token_exchangeWebappClient = new Keycloak.OpenId.Client(\"token-exchangeWebappClient\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ClientId = \"webapp_client\",\n ClientSecret = \"secret\",\n Description = \"a webapp client on the destination realm\",\n AccessType = \"CONFIDENTIAL\",\n StandardFlowEnabled = true,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/*\",\n },\n });\n\n //relevant part\n var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ProviderAlias = tokenExchangeMyOidcIdp.Alias,\n PolicyType = \"client\",\n Clients = new[]\n {\n token_exchangeWebappClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttokenExchangeRealm, err := keycloak.NewRealm(ctx, \"tokenExchangeRealm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"token-exchange_destination_realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, \"tokenExchangeMyOidcIdp\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: tokenExchangeRealm.ID(),\n\t\t\tAlias: pulumi.String(\"myIdp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\"),\n\t\t\tClientId: pulumi.String(\"clientId\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"token-exchangeWebappClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tClientId: pulumi.String(\"webapp_client\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDescription: pulumi.String(\"a webapp client on the destination realm\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tStandardFlowEnabled: pulumi.Bool(true),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/*\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// relevant part\n\t\t_, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, \"oidcIdpPermission\", \u0026keycloak.IdentityProviderTokenExchangeScopePermissionArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tProviderAlias: tokenExchangeMyOidcIdp.Alias,\n\t\t\tPolicyType: pulumi.String(\"client\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\ttoken_exchangeWebappClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermission;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tokenExchangeRealm = new Realm(\"tokenExchangeRealm\", RealmArgs.builder() \n .realm(\"token-exchange_destination_realm\")\n .enabled(true)\n .build());\n\n var tokenExchangeMyOidcIdp = new IdentityProvider(\"tokenExchangeMyOidcIdp\", IdentityProviderArgs.builder() \n .realm(tokenExchangeRealm.id())\n .alias(\"myIdp\")\n .authorizationUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\")\n .tokenUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\")\n .clientId(\"clientId\")\n .clientSecret(\"secret\")\n .defaultScopes(\"openid\")\n .build());\n\n var token_exchangeWebappClient = new Client(\"token-exchangeWebappClient\", ClientArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .clientId(\"webapp_client\")\n .clientSecret(\"secret\")\n .description(\"a webapp client on the destination realm\")\n .accessType(\"CONFIDENTIAL\")\n .standardFlowEnabled(true)\n .validRedirectUris(\"http://localhost:8080/*\")\n .build());\n\n var oidcIdpPermission = new IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", IdentityProviderTokenExchangeScopePermissionArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .providerAlias(tokenExchangeMyOidcIdp.alias())\n .policyType(\"client\")\n .clients(token_exchangeWebappClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tokenExchangeRealm:\n type: keycloak:Realm\n properties:\n realm: token-exchange_destination_realm\n enabled: true\n tokenExchangeMyOidcIdp:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${tokenExchangeRealm.id}\n alias: myIdp\n authorizationUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\n tokenUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\n clientId: clientId\n clientSecret: secret\n defaultScopes: openid\n token-exchangeWebappClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${tokenExchangeRealm.id}\n clientId: webapp_client\n clientSecret: secret\n description: a webapp client on the destination realm\n accessType: CONFIDENTIAL\n standardFlowEnabled: true\n validRedirectUris:\n - http://localhost:8080/*\n # relevant part\n oidcIdpPermission:\n type: keycloak:IdentityProviderTokenExchangeScopePermission\n properties:\n realmId: ${tokenExchangeRealm.id}\n providerAlias: ${tokenExchangeMyOidcIdp.alias}\n policyType: client\n clients:\n - ${[\"token-exchangeWebappClient\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that\n\nyou assign to the identity provider upon creation.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp\n```\n\n", "properties": { "authorizationIdpResourceId": { "type": "string", @@ -3948,66 +3831,53 @@ } }, "keycloak:index/realm:Realm": { - "description": "Allows for creating and managing Realms within Keycloak.\n\nA realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated\nfrom multiple sources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n accessCodeLifespan: \"1h\",\n attributes: {\n mycustomAttribute: \"myCustomValue\",\n },\n displayName: \"my realm\",\n displayNameHtml: \"\u003cb\u003emy realm\u003c/b\u003e\",\n enabled: true,\n internationalization: {\n defaultLocale: \"en\",\n supportedLocales: [\n \"en\",\n \"de\",\n \"es\",\n ],\n },\n loginTheme: \"base\",\n passwordPolicy: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n realm: \"my-realm\",\n securityDefenses: {\n bruteForceDetection: {\n failureResetTimeSeconds: 43200,\n maxFailureWaitSeconds: 900,\n maxLoginFailures: 30,\n minimumQuickLoginWaitSeconds: 60,\n permanentLockout: false,\n quickLoginCheckMilliSeconds: 1000,\n waitIncrementSeconds: 60,\n },\n headers: {\n contentSecurityPolicy: \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n contentSecurityPolicyReportOnly: \"\",\n strictTransportSecurity: \"max-age=31536000; includeSubDomains\",\n xContentTypeOptions: \"nosniff\",\n xFrameOptions: \"DENY\",\n xRobotsTag: \"none\",\n xXssProtection: \"1; mode=block\",\n },\n },\n smtpServer: {\n auth: {\n password: \"password\",\n username: \"tom\",\n },\n from: \"example@example.com\",\n host: \"smtp.example.com\",\n },\n sslRequired: \"external\",\n webAuthnPolicy: {\n relyingPartyEntityName: \"Example\",\n relyingPartyId: \"keycloak.example.com\",\n signatureAlgorithms: [\n \"ES256\",\n \"RS256\",\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n access_code_lifespan=\"1h\",\n attributes={\n \"mycustomAttribute\": \"myCustomValue\",\n },\n display_name=\"my realm\",\n display_name_html=\"\u003cb\u003emy realm\u003c/b\u003e\",\n enabled=True,\n internationalization=keycloak.RealmInternationalizationArgs(\n default_locale=\"en\",\n supported_locales=[\n \"en\",\n \"de\",\n \"es\",\n ],\n ),\n login_theme=\"base\",\n password_policy=\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n realm=\"my-realm\",\n security_defenses=keycloak.RealmSecurityDefensesArgs(\n brute_force_detection=keycloak.RealmSecurityDefensesBruteForceDetectionArgs(\n failure_reset_time_seconds=43200,\n max_failure_wait_seconds=900,\n max_login_failures=30,\n minimum_quick_login_wait_seconds=60,\n permanent_lockout=False,\n quick_login_check_milli_seconds=1000,\n wait_increment_seconds=60,\n ),\n headers=keycloak.RealmSecurityDefensesHeadersArgs(\n content_security_policy=\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n content_security_policy_report_only=\"\",\n strict_transport_security=\"max-age=31536000; includeSubDomains\",\n x_content_type_options=\"nosniff\",\n x_frame_options=\"DENY\",\n x_robots_tag=\"none\",\n x_xss_protection=\"1; mode=block\",\n ),\n ),\n smtp_server=keycloak.RealmSmtpServerArgs(\n auth=keycloak.RealmSmtpServerAuthArgs(\n password=\"password\",\n username=\"tom\",\n ),\n from_=\"example@example.com\",\n host=\"smtp.example.com\",\n ),\n ssl_required=\"external\",\n web_authn_policy=keycloak.RealmWebAuthnPolicyArgs(\n relying_party_entity_name=\"Example\",\n relying_party_id=\"keycloak.example.com\",\n signature_algorithms=[\n \"ES256\",\n \"RS256\",\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n AccessCodeLifespan = \"1h\",\n Attributes = \n {\n { \"mycustomAttribute\", \"myCustomValue\" },\n },\n DisplayName = \"my realm\",\n DisplayNameHtml = \"\u003cb\u003emy realm\u003c/b\u003e\",\n Enabled = true,\n Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs\n {\n DefaultLocale = \"en\",\n SupportedLocales = new[]\n {\n \"en\",\n \"de\",\n \"es\",\n },\n },\n LoginTheme = \"base\",\n PasswordPolicy = \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n RealmName = \"my-realm\",\n SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs\n {\n BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs\n {\n FailureResetTimeSeconds = 43200,\n MaxFailureWaitSeconds = 900,\n MaxLoginFailures = 30,\n MinimumQuickLoginWaitSeconds = 60,\n PermanentLockout = false,\n QuickLoginCheckMilliSeconds = 1000,\n WaitIncrementSeconds = 60,\n },\n Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs\n {\n ContentSecurityPolicy = \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n ContentSecurityPolicyReportOnly = \"\",\n StrictTransportSecurity = \"max-age=31536000; includeSubDomains\",\n XContentTypeOptions = \"nosniff\",\n XFrameOptions = \"DENY\",\n XRobotsTag = \"none\",\n XXssProtection = \"1; mode=block\",\n },\n },\n SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs\n {\n Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs\n {\n Password = \"password\",\n Username = \"tom\",\n },\n From = \"example@example.com\",\n Host = \"smtp.example.com\",\n },\n SslRequired = \"external\",\n WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs\n {\n RelyingPartyEntityName = \"Example\",\n RelyingPartyId = \"keycloak.example.com\",\n SignatureAlgorithms = new[]\n {\n \"ES256\",\n \"RS256\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tAccessCodeLifespan: pulumi.String(\"1h\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"mycustomAttribute\": pulumi.Any(\"myCustomValue\"),\n\t\t\t},\n\t\t\tDisplayName: pulumi.String(\"my realm\"),\n\t\t\tDisplayNameHtml: pulumi.String(\"\u003cb\u003emy realm\u003c/b\u003e\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tInternationalization: \u0026keycloak.RealmInternationalizationArgs{\n\t\t\t\tDefaultLocale: pulumi.String(\"en\"),\n\t\t\t\tSupportedLocales: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"en\"),\n\t\t\t\t\tpulumi.String(\"de\"),\n\t\t\t\t\tpulumi.String(\"es\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLoginTheme: pulumi.String(\"base\"),\n\t\t\tPasswordPolicy: pulumi.String(\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\"),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tSecurityDefenses: \u0026keycloak.RealmSecurityDefensesArgs{\n\t\t\t\tBruteForceDetection: \u0026keycloak.RealmSecurityDefensesBruteForceDetectionArgs{\n\t\t\t\t\tFailureResetTimeSeconds: pulumi.Int(43200),\n\t\t\t\t\tMaxFailureWaitSeconds: pulumi.Int(900),\n\t\t\t\t\tMaxLoginFailures: pulumi.Int(30),\n\t\t\t\t\tMinimumQuickLoginWaitSeconds: pulumi.Int(60),\n\t\t\t\t\tPermanentLockout: pulumi.Bool(false),\n\t\t\t\t\tQuickLoginCheckMilliSeconds: pulumi.Int(1000),\n\t\t\t\t\tWaitIncrementSeconds: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tHeaders: \u0026keycloak.RealmSecurityDefensesHeadersArgs{\n\t\t\t\t\tContentSecurityPolicy: pulumi.String(\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\"),\n\t\t\t\t\tContentSecurityPolicyReportOnly: pulumi.String(\"\"),\n\t\t\t\t\tStrictTransportSecurity: pulumi.String(\"max-age=31536000; includeSubDomains\"),\n\t\t\t\t\tXContentTypeOptions: pulumi.String(\"nosniff\"),\n\t\t\t\t\tXFrameOptions: pulumi.String(\"DENY\"),\n\t\t\t\t\tXRobotsTag: pulumi.String(\"none\"),\n\t\t\t\t\tXXssProtection: pulumi.String(\"1; mode=block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSmtpServer: \u0026keycloak.RealmSmtpServerArgs{\n\t\t\t\tAuth: \u0026keycloak.RealmSmtpServerAuthArgs{\n\t\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\t\tUsername: pulumi.String(\"tom\"),\n\t\t\t\t},\n\t\t\t\tFrom: pulumi.String(\"example@example.com\"),\n\t\t\t\tHost: pulumi.String(\"smtp.example.com\"),\n\t\t\t},\n\t\t\tSslRequired: pulumi.String(\"external\"),\n\t\t\tWebAuthnPolicy: \u0026keycloak.RealmWebAuthnPolicyArgs{\n\t\t\t\tRelyingPartyEntityName: pulumi.String(\"Example\"),\n\t\t\t\tRelyingPartyId: pulumi.String(\"keycloak.example.com\"),\n\t\t\t\tSignatureAlgorithms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ES256\"),\n\t\t\t\t\tpulumi.String(\"RS256\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.inputs.RealmInternationalizationArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesBruteForceDetectionArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesHeadersArgs;\nimport com.pulumi.keycloak.inputs.RealmSmtpServerArgs;\nimport com.pulumi.keycloak.inputs.RealmSmtpServerAuthArgs;\nimport com.pulumi.keycloak.inputs.RealmWebAuthnPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .accessCodeLifespan(\"1h\")\n .attributes(Map.of(\"mycustomAttribute\", \"myCustomValue\"))\n .displayName(\"my realm\")\n .displayNameHtml(\"\u003cb\u003emy realm\u003c/b\u003e\")\n .enabled(true)\n .internationalization(RealmInternationalizationArgs.builder()\n .defaultLocale(\"en\")\n .supportedLocales( \n \"en\",\n \"de\",\n \"es\")\n .build())\n .loginTheme(\"base\")\n .passwordPolicy(\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\")\n .realm(\"my-realm\")\n .securityDefenses(RealmSecurityDefensesArgs.builder()\n .bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()\n .failureResetTimeSeconds(43200)\n .maxFailureWaitSeconds(900)\n .maxLoginFailures(30)\n .minimumQuickLoginWaitSeconds(60)\n .permanentLockout(false)\n .quickLoginCheckMilliSeconds(1000)\n .waitIncrementSeconds(60)\n .build())\n .headers(RealmSecurityDefensesHeadersArgs.builder()\n .contentSecurityPolicy(\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\")\n .contentSecurityPolicyReportOnly(\"\")\n .strictTransportSecurity(\"max-age=31536000; includeSubDomains\")\n .xContentTypeOptions(\"nosniff\")\n .xFrameOptions(\"DENY\")\n .xRobotsTag(\"none\")\n .xXssProtection(\"1; mode=block\")\n .build())\n .build())\n .smtpServer(RealmSmtpServerArgs.builder()\n .auth(RealmSmtpServerAuthArgs.builder()\n .password(\"password\")\n .username(\"tom\")\n .build())\n .from(\"example@example.com\")\n .host(\"smtp.example.com\")\n .build())\n .sslRequired(\"external\")\n .webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()\n .relyingPartyEntityName(\"Example\")\n .relyingPartyId(\"keycloak.example.com\")\n .signatureAlgorithms( \n \"ES256\",\n \"RS256\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n accessCodeLifespan: 1h\n attributes:\n mycustomAttribute: myCustomValue\n displayName: my realm\n displayNameHtml: \u003cb\u003emy realm\u003c/b\u003e\n enabled: true\n internationalization:\n defaultLocale: en\n supportedLocales:\n - en\n - de\n - es\n loginTheme: base\n passwordPolicy: upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\n realm: my-realm\n securityDefenses:\n bruteForceDetection:\n failureResetTimeSeconds: 43200\n maxFailureWaitSeconds: 900\n maxLoginFailures: 30\n minimumQuickLoginWaitSeconds: 60\n permanentLockout: false\n quickLoginCheckMilliSeconds: 1000\n waitIncrementSeconds: 60\n headers:\n contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';\n contentSecurityPolicyReportOnly:\n strictTransportSecurity: max-age=31536000; includeSubDomains\n xContentTypeOptions: nosniff\n xFrameOptions: DENY\n xRobotsTag: none\n xXssProtection: 1; mode=block\n smtpServer:\n auth:\n password: password\n username: tom\n from: example@example.com\n host: smtp.example.com\n sslRequired: external\n webAuthnPolicy:\n relyingPartyEntityName: Example\n relyingPartyId: keycloak.example.com\n signatureAlgorithms:\n - ES256\n - RS256\n```\n{{% /example %}}\n{{% /examples %}}\n## Default Client Scopes\n\n- `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes.\n- `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes.\n\n\n## Import\n\nRealms can be imported using their name.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/realm:Realm realm my-realm\n```\n\n ", "properties": { "accessCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the authorization code flow.\n" + "type": "string" }, "accessCodeLifespanLogin": { - "type": "string", - "description": "The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.\n" + "type": "string" }, "accessCodeLifespanUserAction": { - "type": "string", - "description": "The maximum amount of time a user has to complete login related actions, such as updating a password.\n" + "type": "string" }, "accessTokenLifespan": { - "type": "string", - "description": "The amount of time an access token can be used before it expires.\n" + "type": "string" }, "accessTokenLifespanForImplicitFlow": { - "type": "string", - "description": "The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.\n" + "type": "string" }, "accountTheme": { - "type": "string", - "description": "Used for account management pages.\n" + "type": "string" }, "actionTokenGeneratedByAdminLifespan": { - "type": "string", - "description": "The maximum time a user has to use an admin-generated permit before it expires.\n" + "type": "string" }, "actionTokenGeneratedByUserLifespan": { - "type": "string", - "description": "The maximum time a user has to use a user-generated permit before it expires.\n" + "type": "string" }, "adminTheme": { - "type": "string", - "description": "Used for the admin console.\n" + "type": "string" }, "attributes": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map of custom attributes to add to the realm.\n" + } }, "browserFlow": { "type": "string", - "description": "The desired flow for browser authentication. Defaults to `browser`.\n" + "description": "Which flow should be used for BrowserFlow\n" }, "clientAuthenticationFlow": { "type": "string", - "description": "The desired flow for client authentication. Defaults to `clients`.\n" + "description": "Which flow should be used for ClientAuthenticationFlow\n" }, "clientSessionIdleTimeout": { - "type": "string", - "description": "The amount of time a session can be idle before it expires. Users can override it for individual clients.\n" + "type": "string" }, "clientSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.\n" + "type": "string" }, "defaultDefaultClientScopes": { "type": "array", @@ -4022,86 +3892,70 @@ } }, "defaultSignatureAlgorithm": { - "type": "string", - "description": "Default algorithm used to sign tokens for the realm.\n" + "type": "string" }, "directGrantFlow": { "type": "string", - "description": "The desired flow for direct access authentication. Defaults to `direct grant`.\n" + "description": "Which flow should be used for DirectGrantFlow\n" }, "displayName": { - "type": "string", - "description": "The display name for the realm that is shown when logging in to the admin console.\n" + "type": "string" }, "displayNameHtml": { - "type": "string", - "description": "The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.\n" + "type": "string" }, "dockerAuthenticationFlow": { "type": "string", - "description": "The desired flow for Docker authentication. Defaults to `docker auth`.\n" + "description": "Which flow should be used for DockerAuthenticationFlow\n" }, "duplicateEmailsAllowed": { - "type": "boolean", - "description": "When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`.\n" + "type": "boolean" }, "editUsernameAllowed": { - "type": "boolean", - "description": "When true, the username field is editable.\n" + "type": "boolean" }, "emailTheme": { - "type": "string", - "description": "Used for emails that are sent by Keycloak.\n" + "type": "string" }, "enabled": { - "type": "boolean", - "description": "When `false`, users and clients will not be able to access this realm. Defaults to `true`.\n" + "type": "boolean" }, "internalId": { - "type": "string", - "description": "When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.\n" + "type": "string" }, "internationalization": { "$ref": "#/types/keycloak:index/RealmInternationalization:RealmInternationalization" }, "loginTheme": { - "type": "string", - "description": "Used for the login, forgot password, and registration pages.\n" + "type": "string" }, "loginWithEmailAllowed": { - "type": "boolean", - "description": "When true, users may log in with their email address.\n" + "type": "boolean" }, "oauth2DeviceCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the device code flow before it expires.\n\nThe attributes below should be specified in seconds.\n" + "type": "string" }, "oauth2DevicePollingInterval": { - "type": "integer", - "description": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n" + "type": "integer" }, "offlineSessionIdleTimeout": { - "type": "string", - "description": "The amount of time an offline session can be idle before it expires.\n" + "type": "string" }, "offlineSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before an offline session expires regardless of activity.\n" + "type": "string" }, "offlineSessionMaxLifespanEnabled": { - "type": "boolean", - "description": "Enable `offline_session_max_lifespan`.\n" + "type": "boolean" }, "otpPolicy": { "$ref": "#/types/keycloak:index/RealmOtpPolicy:RealmOtpPolicy" }, "passwordPolicy": { "type": "string", - "description": "The password policy for users within the realm.\n\nThe arguments below can be used to configure authentication flow bindings:\n" + "description": "String that represents the passwordPolicies that are in place. Each policy is separated with \" and \". Supported policies\ncan be found in the server-info providers page. example: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365)\nand notUsername(undefined)\"\n" }, "realm": { "type": "string", - "description": "The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.\n", "language": { "csharp": { "name": "RealmName" @@ -4109,36 +3963,30 @@ } }, "refreshTokenMaxReuse": { - "type": "integer", - "description": "Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.\n\nThe arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.\n" + "type": "integer" }, "registrationAllowed": { - "type": "boolean", - "description": "When true, user registration will be enabled, and a link for registration will be displayed on the login page.\n" + "type": "boolean" }, "registrationEmailAsUsername": { - "type": "boolean", - "description": "When true, the user's email will be used as their username during registration.\n" + "type": "boolean" }, "registrationFlow": { "type": "string", - "description": "The desired flow for user registration. Defaults to `registration`.\n" + "description": "Which flow should be used for RegistrationFlow\n" }, "rememberMe": { - "type": "boolean", - "description": "When true, a \"remember me\" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.\n" + "type": "boolean" }, "resetCredentialsFlow": { "type": "string", - "description": "The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`.\n" + "description": "Which flow should be used for ResetCredentialsFlow\n" }, "resetPasswordAllowed": { - "type": "boolean", - "description": "When true, a \"forgot password\" link will be displayed on the login page.\n" + "type": "boolean" }, "revokeRefreshToken": { - "type": "boolean", - "description": "If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.\n" + "type": "boolean" }, "securityDefenses": { "$ref": "#/types/keycloak:index/RealmSecurityDefenses:RealmSecurityDefenses" @@ -4148,39 +3996,31 @@ }, "sslRequired": { "type": "string", - "description": "Can be one of following values: 'none, 'external' or 'all'\n" + "description": "SSL Required: Values can be 'none', 'external' or 'all'.\n" }, "ssoSessionIdleTimeout": { - "type": "string", - "description": "The amount of time a session can be idle before it expires.\n" + "type": "string" }, "ssoSessionIdleTimeoutRememberMe": { - "type": "string", - "description": "Similar to `sso_session_idle_timeout`, but used when a user clicks \"Remember Me\". If not set, Keycloak will default to the value of `sso_session_idle_timeout`.\n" + "type": "string" }, "ssoSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before a session expires regardless of activity.\n" + "type": "string" }, "ssoSessionMaxLifespanRememberMe": { - "type": "string", - "description": "Similar to `sso_session_max_lifespan`, but used when a user clicks \"Remember Me\". If not set, Keycloak will default to the value of `sso_session_max_lifespan`.\n" + "type": "string" }, "userManagedAccess": { - "type": "boolean", - "description": "When `true`, users are allowed to manage their own resources. Defaults to `false`.\n" + "type": "boolean" }, "verifyEmail": { - "type": "boolean", - "description": "When true, users are required to verify their email address after registration and after email address changes.\n" + "type": "boolean" }, "webAuthnPasswordlessPolicy": { - "$ref": "#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy", - "description": "Configuration for WebAuthn Passwordless Policy authentication.\n\nEach of these attributes are blocks with the following attributes:\n" + "$ref": "#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy" }, "webAuthnPolicy": { - "$ref": "#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy", - "description": "Configuration for WebAuthn Policy authentication.\n" + "$ref": "#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy" } }, "required": [ @@ -4223,63 +4063,51 @@ ], "inputProperties": { "accessCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the authorization code flow.\n" + "type": "string" }, "accessCodeLifespanLogin": { - "type": "string", - "description": "The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.\n" + "type": "string" }, "accessCodeLifespanUserAction": { - "type": "string", - "description": "The maximum amount of time a user has to complete login related actions, such as updating a password.\n" + "type": "string" }, "accessTokenLifespan": { - "type": "string", - "description": "The amount of time an access token can be used before it expires.\n" + "type": "string" }, "accessTokenLifespanForImplicitFlow": { - "type": "string", - "description": "The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.\n" + "type": "string" }, "accountTheme": { - "type": "string", - "description": "Used for account management pages.\n" + "type": "string" }, "actionTokenGeneratedByAdminLifespan": { - "type": "string", - "description": "The maximum time a user has to use an admin-generated permit before it expires.\n" + "type": "string" }, "actionTokenGeneratedByUserLifespan": { - "type": "string", - "description": "The maximum time a user has to use a user-generated permit before it expires.\n" + "type": "string" }, "adminTheme": { - "type": "string", - "description": "Used for the admin console.\n" + "type": "string" }, "attributes": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map of custom attributes to add to the realm.\n" + } }, "browserFlow": { "type": "string", - "description": "The desired flow for browser authentication. Defaults to `browser`.\n" + "description": "Which flow should be used for BrowserFlow\n" }, "clientAuthenticationFlow": { "type": "string", - "description": "The desired flow for client authentication. Defaults to `clients`.\n" + "description": "Which flow should be used for ClientAuthenticationFlow\n" }, "clientSessionIdleTimeout": { - "type": "string", - "description": "The amount of time a session can be idle before it expires. Users can override it for individual clients.\n" + "type": "string" }, "clientSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.\n" + "type": "string" }, "defaultDefaultClientScopes": { "type": "array", @@ -4294,87 +4122,71 @@ } }, "defaultSignatureAlgorithm": { - "type": "string", - "description": "Default algorithm used to sign tokens for the realm.\n" + "type": "string" }, "directGrantFlow": { "type": "string", - "description": "The desired flow for direct access authentication. Defaults to `direct grant`.\n" + "description": "Which flow should be used for DirectGrantFlow\n" }, "displayName": { - "type": "string", - "description": "The display name for the realm that is shown when logging in to the admin console.\n" + "type": "string" }, "displayNameHtml": { - "type": "string", - "description": "The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.\n" + "type": "string" }, "dockerAuthenticationFlow": { "type": "string", - "description": "The desired flow for Docker authentication. Defaults to `docker auth`.\n" + "description": "Which flow should be used for DockerAuthenticationFlow\n" }, "duplicateEmailsAllowed": { - "type": "boolean", - "description": "When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`.\n" + "type": "boolean" }, "editUsernameAllowed": { - "type": "boolean", - "description": "When true, the username field is editable.\n" + "type": "boolean" }, "emailTheme": { - "type": "string", - "description": "Used for emails that are sent by Keycloak.\n" + "type": "string" }, "enabled": { - "type": "boolean", - "description": "When `false`, users and clients will not be able to access this realm. Defaults to `true`.\n" + "type": "boolean" }, "internalId": { "type": "string", - "description": "When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.\n", "willReplaceOnChanges": true }, "internationalization": { "$ref": "#/types/keycloak:index/RealmInternationalization:RealmInternationalization" }, "loginTheme": { - "type": "string", - "description": "Used for the login, forgot password, and registration pages.\n" + "type": "string" }, "loginWithEmailAllowed": { - "type": "boolean", - "description": "When true, users may log in with their email address.\n" + "type": "boolean" }, "oauth2DeviceCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the device code flow before it expires.\n\nThe attributes below should be specified in seconds.\n" + "type": "string" }, "oauth2DevicePollingInterval": { - "type": "integer", - "description": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n" + "type": "integer" }, "offlineSessionIdleTimeout": { - "type": "string", - "description": "The amount of time an offline session can be idle before it expires.\n" + "type": "string" }, "offlineSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before an offline session expires regardless of activity.\n" + "type": "string" }, "offlineSessionMaxLifespanEnabled": { - "type": "boolean", - "description": "Enable `offline_session_max_lifespan`.\n" + "type": "boolean" }, "otpPolicy": { "$ref": "#/types/keycloak:index/RealmOtpPolicy:RealmOtpPolicy" }, "passwordPolicy": { "type": "string", - "description": "The password policy for users within the realm.\n\nThe arguments below can be used to configure authentication flow bindings:\n" + "description": "String that represents the passwordPolicies that are in place. Each policy is separated with \" and \". Supported policies\ncan be found in the server-info providers page. example: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365)\nand notUsername(undefined)\"\n" }, "realm": { "type": "string", - "description": "The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.\n", "language": { "csharp": { "name": "RealmName" @@ -4383,36 +4195,30 @@ "willReplaceOnChanges": true }, "refreshTokenMaxReuse": { - "type": "integer", - "description": "Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.\n\nThe arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.\n" + "type": "integer" }, "registrationAllowed": { - "type": "boolean", - "description": "When true, user registration will be enabled, and a link for registration will be displayed on the login page.\n" + "type": "boolean" }, "registrationEmailAsUsername": { - "type": "boolean", - "description": "When true, the user's email will be used as their username during registration.\n" + "type": "boolean" }, "registrationFlow": { "type": "string", - "description": "The desired flow for user registration. Defaults to `registration`.\n" + "description": "Which flow should be used for RegistrationFlow\n" }, "rememberMe": { - "type": "boolean", - "description": "When true, a \"remember me\" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.\n" + "type": "boolean" }, "resetCredentialsFlow": { "type": "string", - "description": "The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`.\n" + "description": "Which flow should be used for ResetCredentialsFlow\n" }, "resetPasswordAllowed": { - "type": "boolean", - "description": "When true, a \"forgot password\" link will be displayed on the login page.\n" + "type": "boolean" }, "revokeRefreshToken": { - "type": "boolean", - "description": "If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.\n" + "type": "boolean" }, "securityDefenses": { "$ref": "#/types/keycloak:index/RealmSecurityDefenses:RealmSecurityDefenses" @@ -4422,39 +4228,31 @@ }, "sslRequired": { "type": "string", - "description": "Can be one of following values: 'none, 'external' or 'all'\n" + "description": "SSL Required: Values can be 'none', 'external' or 'all'.\n" }, "ssoSessionIdleTimeout": { - "type": "string", - "description": "The amount of time a session can be idle before it expires.\n" + "type": "string" }, "ssoSessionIdleTimeoutRememberMe": { - "type": "string", - "description": "Similar to `sso_session_idle_timeout`, but used when a user clicks \"Remember Me\". If not set, Keycloak will default to the value of `sso_session_idle_timeout`.\n" + "type": "string" }, "ssoSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before a session expires regardless of activity.\n" + "type": "string" }, "ssoSessionMaxLifespanRememberMe": { - "type": "string", - "description": "Similar to `sso_session_max_lifespan`, but used when a user clicks \"Remember Me\". If not set, Keycloak will default to the value of `sso_session_max_lifespan`.\n" + "type": "string" }, "userManagedAccess": { - "type": "boolean", - "description": "When `true`, users are allowed to manage their own resources. Defaults to `false`.\n" + "type": "boolean" }, "verifyEmail": { - "type": "boolean", - "description": "When true, users are required to verify their email address after registration and after email address changes.\n" + "type": "boolean" }, "webAuthnPasswordlessPolicy": { - "$ref": "#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy", - "description": "Configuration for WebAuthn Passwordless Policy authentication.\n\nEach of these attributes are blocks with the following attributes:\n" + "$ref": "#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy" }, "webAuthnPolicy": { - "$ref": "#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy", - "description": "Configuration for WebAuthn Policy authentication.\n" + "$ref": "#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy" } }, "requiredInputs": [ @@ -4464,63 +4262,51 @@ "description": "Input properties used for looking up and filtering Realm resources.\n", "properties": { "accessCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the authorization code flow.\n" + "type": "string" }, "accessCodeLifespanLogin": { - "type": "string", - "description": "The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.\n" + "type": "string" }, "accessCodeLifespanUserAction": { - "type": "string", - "description": "The maximum amount of time a user has to complete login related actions, such as updating a password.\n" + "type": "string" }, "accessTokenLifespan": { - "type": "string", - "description": "The amount of time an access token can be used before it expires.\n" + "type": "string" }, "accessTokenLifespanForImplicitFlow": { - "type": "string", - "description": "The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.\n" + "type": "string" }, "accountTheme": { - "type": "string", - "description": "Used for account management pages.\n" + "type": "string" }, "actionTokenGeneratedByAdminLifespan": { - "type": "string", - "description": "The maximum time a user has to use an admin-generated permit before it expires.\n" + "type": "string" }, "actionTokenGeneratedByUserLifespan": { - "type": "string", - "description": "The maximum time a user has to use a user-generated permit before it expires.\n" + "type": "string" }, "adminTheme": { - "type": "string", - "description": "Used for the admin console.\n" + "type": "string" }, "attributes": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map of custom attributes to add to the realm.\n" + } }, "browserFlow": { "type": "string", - "description": "The desired flow for browser authentication. Defaults to `browser`.\n" + "description": "Which flow should be used for BrowserFlow\n" }, "clientAuthenticationFlow": { "type": "string", - "description": "The desired flow for client authentication. Defaults to `clients`.\n" + "description": "Which flow should be used for ClientAuthenticationFlow\n" }, "clientSessionIdleTimeout": { - "type": "string", - "description": "The amount of time a session can be idle before it expires. Users can override it for individual clients.\n" + "type": "string" }, "clientSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.\n" + "type": "string" }, "defaultDefaultClientScopes": { "type": "array", @@ -4535,87 +4321,71 @@ } }, "defaultSignatureAlgorithm": { - "type": "string", - "description": "Default algorithm used to sign tokens for the realm.\n" + "type": "string" }, "directGrantFlow": { "type": "string", - "description": "The desired flow for direct access authentication. Defaults to `direct grant`.\n" + "description": "Which flow should be used for DirectGrantFlow\n" }, "displayName": { - "type": "string", - "description": "The display name for the realm that is shown when logging in to the admin console.\n" + "type": "string" }, "displayNameHtml": { - "type": "string", - "description": "The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.\n" + "type": "string" }, "dockerAuthenticationFlow": { "type": "string", - "description": "The desired flow for Docker authentication. Defaults to `docker auth`.\n" + "description": "Which flow should be used for DockerAuthenticationFlow\n" }, "duplicateEmailsAllowed": { - "type": "boolean", - "description": "When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`.\n" + "type": "boolean" }, "editUsernameAllowed": { - "type": "boolean", - "description": "When true, the username field is editable.\n" + "type": "boolean" }, "emailTheme": { - "type": "string", - "description": "Used for emails that are sent by Keycloak.\n" + "type": "string" }, "enabled": { - "type": "boolean", - "description": "When `false`, users and clients will not be able to access this realm. Defaults to `true`.\n" + "type": "boolean" }, "internalId": { "type": "string", - "description": "When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.\n", "willReplaceOnChanges": true }, "internationalization": { "$ref": "#/types/keycloak:index/RealmInternationalization:RealmInternationalization" }, "loginTheme": { - "type": "string", - "description": "Used for the login, forgot password, and registration pages.\n" + "type": "string" }, "loginWithEmailAllowed": { - "type": "boolean", - "description": "When true, users may log in with their email address.\n" + "type": "boolean" }, "oauth2DeviceCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the device code flow before it expires.\n\nThe attributes below should be specified in seconds.\n" + "type": "string" }, "oauth2DevicePollingInterval": { - "type": "integer", - "description": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n" + "type": "integer" }, "offlineSessionIdleTimeout": { - "type": "string", - "description": "The amount of time an offline session can be idle before it expires.\n" + "type": "string" }, "offlineSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before an offline session expires regardless of activity.\n" + "type": "string" }, "offlineSessionMaxLifespanEnabled": { - "type": "boolean", - "description": "Enable `offline_session_max_lifespan`.\n" + "type": "boolean" }, "otpPolicy": { "$ref": "#/types/keycloak:index/RealmOtpPolicy:RealmOtpPolicy" }, "passwordPolicy": { "type": "string", - "description": "The password policy for users within the realm.\n\nThe arguments below can be used to configure authentication flow bindings:\n" + "description": "String that represents the passwordPolicies that are in place. Each policy is separated with \" and \". Supported policies\ncan be found in the server-info providers page. example: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365)\nand notUsername(undefined)\"\n" }, "realm": { "type": "string", - "description": "The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.\n", "language": { "csharp": { "name": "RealmName" @@ -4624,36 +4394,30 @@ "willReplaceOnChanges": true }, "refreshTokenMaxReuse": { - "type": "integer", - "description": "Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.\n\nThe arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.\n" + "type": "integer" }, "registrationAllowed": { - "type": "boolean", - "description": "When true, user registration will be enabled, and a link for registration will be displayed on the login page.\n" + "type": "boolean" }, "registrationEmailAsUsername": { - "type": "boolean", - "description": "When true, the user's email will be used as their username during registration.\n" + "type": "boolean" }, "registrationFlow": { "type": "string", - "description": "The desired flow for user registration. Defaults to `registration`.\n" + "description": "Which flow should be used for RegistrationFlow\n" }, "rememberMe": { - "type": "boolean", - "description": "When true, a \"remember me\" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.\n" + "type": "boolean" }, "resetCredentialsFlow": { "type": "string", - "description": "The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`.\n" + "description": "Which flow should be used for ResetCredentialsFlow\n" }, "resetPasswordAllowed": { - "type": "boolean", - "description": "When true, a \"forgot password\" link will be displayed on the login page.\n" + "type": "boolean" }, "revokeRefreshToken": { - "type": "boolean", - "description": "If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.\n" + "type": "boolean" }, "securityDefenses": { "$ref": "#/types/keycloak:index/RealmSecurityDefenses:RealmSecurityDefenses" @@ -4663,80 +4427,65 @@ }, "sslRequired": { "type": "string", - "description": "Can be one of following values: 'none, 'external' or 'all'\n" + "description": "SSL Required: Values can be 'none', 'external' or 'all'.\n" }, "ssoSessionIdleTimeout": { - "type": "string", - "description": "The amount of time a session can be idle before it expires.\n" + "type": "string" }, "ssoSessionIdleTimeoutRememberMe": { - "type": "string", - "description": "Similar to `sso_session_idle_timeout`, but used when a user clicks \"Remember Me\". If not set, Keycloak will default to the value of `sso_session_idle_timeout`.\n" + "type": "string" }, "ssoSessionMaxLifespan": { - "type": "string", - "description": "The maximum amount of time before a session expires regardless of activity.\n" + "type": "string" }, "ssoSessionMaxLifespanRememberMe": { - "type": "string", - "description": "Similar to `sso_session_max_lifespan`, but used when a user clicks \"Remember Me\". If not set, Keycloak will default to the value of `sso_session_max_lifespan`.\n" + "type": "string" }, "userManagedAccess": { - "type": "boolean", - "description": "When `true`, users are allowed to manage their own resources. Defaults to `false`.\n" + "type": "boolean" }, "verifyEmail": { - "type": "boolean", - "description": "When true, users are required to verify their email address after registration and after email address changes.\n" + "type": "boolean" }, "webAuthnPasswordlessPolicy": { - "$ref": "#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy", - "description": "Configuration for WebAuthn Passwordless Policy authentication.\n\nEach of these attributes are blocks with the following attributes:\n" + "$ref": "#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy" }, "webAuthnPolicy": { - "$ref": "#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy", - "description": "Configuration for WebAuthn Policy authentication.\n" + "$ref": "#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy" } }, "type": "object" } }, "keycloak:index/realmEvents:RealmEvents": { - "description": "Allows for managing Realm Events settings within Keycloak.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmEvents = new keycloak.RealmEvents(\"realmEvents\", {\n realmId: realm.id,\n eventsEnabled: true,\n eventsExpiration: 3600,\n adminEventsEnabled: true,\n adminEventsDetailsEnabled: true,\n enabledEventTypes: [\n \"LOGIN\",\n \"LOGOUT\",\n ],\n eventsListeners: [\"jboss-logging\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_events = keycloak.RealmEvents(\"realmEvents\",\n realm_id=realm.id,\n events_enabled=True,\n events_expiration=3600,\n admin_events_enabled=True,\n admin_events_details_enabled=True,\n enabled_event_types=[\n \"LOGIN\",\n \"LOGOUT\",\n ],\n events_listeners=[\"jboss-logging\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmEvents = new Keycloak.RealmEvents(\"realmEvents\", new()\n {\n RealmId = realm.Id,\n EventsEnabled = true,\n EventsExpiration = 3600,\n AdminEventsEnabled = true,\n AdminEventsDetailsEnabled = true,\n EnabledEventTypes = new[]\n {\n \"LOGIN\",\n \"LOGOUT\",\n },\n EventsListeners = new[]\n {\n \"jboss-logging\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmEvents(ctx, \"realmEvents\", \u0026keycloak.RealmEventsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEventsEnabled: pulumi.Bool(true),\n\t\t\tEventsExpiration: pulumi.Int(3600),\n\t\t\tAdminEventsEnabled: pulumi.Bool(true),\n\t\t\tAdminEventsDetailsEnabled: pulumi.Bool(true),\n\t\t\tEnabledEventTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"LOGIN\"),\n\t\t\t\tpulumi.String(\"LOGOUT\"),\n\t\t\t},\n\t\t\tEventsListeners: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"jboss-logging\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmEvents;\nimport com.pulumi.keycloak.RealmEventsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmEvents = new RealmEvents(\"realmEvents\", RealmEventsArgs.builder() \n .realmId(realm.id())\n .eventsEnabled(true)\n .eventsExpiration(3600)\n .adminEventsEnabled(true)\n .adminEventsDetailsEnabled(true)\n .enabledEventTypes( \n \"LOGIN\",\n \"LOGOUT\")\n .eventsListeners(\"jboss-logging\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmEvents:\n type: keycloak:RealmEvents\n properties:\n realmId: ${realm.id}\n eventsEnabled: true\n eventsExpiration: 3600\n adminEventsEnabled: true\n adminEventsDetailsEnabled: true\n # When omitted or left empty, keycloak will enable all event types\n enabledEventTypes:\n - LOGIN\n - LOGOUT\n eventsListeners:\n - jboss-logging\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource currently does not support importing.\n\n ", + "description": "## # keycloak.RealmEvents\n\nAllows for managing Realm Events settings within Keycloak.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"test\"});\nconst realmEvents = new keycloak.RealmEvents(\"realmEvents\", {\n adminEventsDetailsEnabled: true,\n adminEventsEnabled: true,\n enabledEventTypes: [\n \"LOGIN\",\n \"LOGOUT\",\n ],\n eventsEnabled: true,\n eventsExpiration: 3600,\n eventsListeners: [\"jboss-logging\"],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"test\")\nrealm_events = keycloak.RealmEvents(\"realmEvents\",\n admin_events_details_enabled=True,\n admin_events_enabled=True,\n enabled_event_types=[\n \"LOGIN\",\n \"LOGOUT\",\n ],\n events_enabled=True,\n events_expiration=3600,\n events_listeners=[\"jboss-logging\"],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n });\n\n var realmEvents = new Keycloak.RealmEvents(\"realmEvents\", new()\n {\n AdminEventsDetailsEnabled = true,\n AdminEventsEnabled = true,\n EnabledEventTypes = new[]\n {\n \"LOGIN\",\n \"LOGOUT\",\n },\n EventsEnabled = true,\n EventsExpiration = 3600,\n EventsListeners = new[]\n {\n \"jboss-logging\",\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmEvents(ctx, \"realmEvents\", \u0026keycloak.RealmEventsArgs{\n\t\t\tAdminEventsDetailsEnabled: pulumi.Bool(true),\n\t\t\tAdminEventsEnabled: pulumi.Bool(true),\n\t\t\tEnabledEventTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"LOGIN\"),\n\t\t\t\tpulumi.String(\"LOGOUT\"),\n\t\t\t},\n\t\t\tEventsEnabled: pulumi.Bool(true),\n\t\t\tEventsExpiration: pulumi.Int(3600),\n\t\t\tEventsListeners: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"jboss-logging\"),\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmEvents;\nimport com.pulumi.keycloak.RealmEventsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .build());\n\n var realmEvents = new RealmEvents(\"realmEvents\", RealmEventsArgs.builder() \n .adminEventsDetailsEnabled(true)\n .adminEventsEnabled(true)\n .enabledEventTypes( \n \"LOGIN\",\n \"LOGOUT\")\n .eventsEnabled(true)\n .eventsExpiration(3600)\n .eventsListeners(\"jboss-logging\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n realmEvents:\n type: keycloak:RealmEvents\n properties:\n adminEventsDetailsEnabled: true\n adminEventsEnabled: true\n # When omitted or left empty, keycloak will enable all event types\n enabledEventTypes:\n - LOGIN\n - LOGOUT\n eventsEnabled: true\n eventsExpiration: 3600\n eventsListeners:\n - jboss-logging\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The name of the realm the event settings apply to.\n- `admin_events_enabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`.\n- `admin_events_details_enabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`.\n- `events_enabled` - (Optional) When true, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`.\n- `events_expiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never.\n- `enabled_event_types` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n- `events_listeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n", "properties": { "adminEventsDetailsEnabled": { - "type": "boolean", - "description": "When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`.\n" + "type": "boolean" }, "adminEventsEnabled": { - "type": "boolean", - "description": "When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`.\n" + "type": "boolean" }, "enabledEventTypes": { "type": "array", "items": { "type": "string" - }, - "description": "The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n" + } }, "eventsEnabled": { - "type": "boolean", - "description": "When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`.\n" + "type": "boolean" }, "eventsExpiration": { - "type": "integer", - "description": "The amount of time in seconds events will be saved in the database. Defaults to `0` or never.\n" + "type": "integer" }, "eventsListeners": { "type": "array", "items": { "type": "string" - }, - "description": "The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n" + } }, "realmId": { - "type": "string", - "description": "The name of the realm the event settings apply to.\n" + "type": "string" } }, "required": [ @@ -4744,38 +4493,31 @@ ], "inputProperties": { "adminEventsDetailsEnabled": { - "type": "boolean", - "description": "When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`.\n" + "type": "boolean" }, "adminEventsEnabled": { - "type": "boolean", - "description": "When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`.\n" + "type": "boolean" }, "enabledEventTypes": { "type": "array", "items": { "type": "string" - }, - "description": "The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n" + } }, "eventsEnabled": { - "type": "boolean", - "description": "When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`.\n" + "type": "boolean" }, "eventsExpiration": { - "type": "integer", - "description": "The amount of time in seconds events will be saved in the database. Defaults to `0` or never.\n" + "type": "integer" }, "eventsListeners": { "type": "array", "items": { "type": "string" - }, - "description": "The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n" + } }, "realmId": { "type": "string", - "description": "The name of the realm the event settings apply to.\n", "willReplaceOnChanges": true } }, @@ -4786,38 +4528,31 @@ "description": "Input properties used for looking up and filtering RealmEvents resources.\n", "properties": { "adminEventsDetailsEnabled": { - "type": "boolean", - "description": "When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`.\n" + "type": "boolean" }, "adminEventsEnabled": { - "type": "boolean", - "description": "When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`.\n" + "type": "boolean" }, "enabledEventTypes": { "type": "array", "items": { "type": "string" - }, - "description": "The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n" + } }, "eventsEnabled": { - "type": "boolean", - "description": "When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`.\n" + "type": "boolean" }, "eventsExpiration": { - "type": "integer", - "description": "The amount of time in seconds events will be saved in the database. Defaults to `0` or never.\n" + "type": "integer" }, "eventsListeners": { "type": "array", "items": { "type": "string" - }, - "description": "The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n" + } }, "realmId": { "type": "string", - "description": "The name of the realm the event settings apply to.\n", "willReplaceOnChanges": true } }, @@ -4825,7 +4560,7 @@ } }, "keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated": { - "description": "Allows for creating and managing `aes-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreAesGenerated = new keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n secretSize: 16,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_aes_generated = keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n secret_size=16)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreAesGenerated = new Keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n SecretSize = 16,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreAesGenerated(ctx, \"keystoreAesGenerated\", \u0026keycloak.RealmKeystoreAesGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tSecretSize: pulumi.Int(16),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreAesGenerated;\nimport com.pulumi.keycloak.RealmKeystoreAesGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreAesGenerated = new RealmKeystoreAesGenerated(\"keystoreAesGenerated\", RealmKeystoreAesGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .secretSize(16)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreAesGenerated:\n type: keycloak:RealmKeystoreAesGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n secretSize: 16\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n ", + "description": "Allows for creating and managing `aes-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreAesGenerated = new keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n secretSize: 16,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_aes_generated = keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n secret_size=16)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreAesGenerated = new Keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n SecretSize = 16,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreAesGenerated(ctx, \"keystoreAesGenerated\", \u0026keycloak.RealmKeystoreAesGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tSecretSize: pulumi.Int(16),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreAesGenerated;\nimport com.pulumi.keycloak.RealmKeystoreAesGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreAesGenerated = new RealmKeystoreAesGenerated(\"keystoreAesGenerated\", RealmKeystoreAesGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .secretSize(16)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreAesGenerated:\n type: keycloak:RealmKeystoreAesGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n secretSize: 16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -4919,7 +4654,7 @@ } }, "keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated": { - "description": "Allows for creating and managing `acdsa_generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreEcdsaGenerated = new keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n ellipticCurveKey: \"P-256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n elliptic_curve_key=\"P-256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreEcdsaGenerated = new Keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n EllipticCurveKey = \"P-256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreEcdsaGenerated(ctx, \"keystoreEcdsaGenerated\", \u0026keycloak.RealmKeystoreEcdsaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tEllipticCurveKey: pulumi.String(\"P-256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreEcdsaGenerated = new RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", RealmKeystoreEcdsaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .ellipticCurveKey(\"P-256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreEcdsaGenerated:\n type: keycloak:RealmKeystoreEcdsaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n ellipticCurveKey: P-256\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n ", + "description": "Allows for creating and managing `acdsa_generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreEcdsaGenerated = new keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n ellipticCurveKey: \"P-256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n elliptic_curve_key=\"P-256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreEcdsaGenerated = new Keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n EllipticCurveKey = \"P-256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreEcdsaGenerated(ctx, \"keystoreEcdsaGenerated\", \u0026keycloak.RealmKeystoreEcdsaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tEllipticCurveKey: pulumi.String(\"P-256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreEcdsaGenerated = new RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", RealmKeystoreEcdsaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .ellipticCurveKey(\"P-256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreEcdsaGenerated:\n type: keycloak:RealmKeystoreEcdsaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n ellipticCurveKey: P-256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -5013,7 +4748,7 @@ } }, "keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated": { - "description": "Allows for creating and managing `hmac-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreHmacGenerated = new keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"HS256\",\n secretSize: 64,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"HS256\",\n secret_size=64)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreHmacGenerated = new Keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"HS256\",\n SecretSize = 64,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreHmacGenerated(ctx, \"keystoreHmacGenerated\", \u0026keycloak.RealmKeystoreHmacGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"HS256\"),\n\t\t\tSecretSize: pulumi.Int(64),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreHmacGenerated;\nimport com.pulumi.keycloak.RealmKeystoreHmacGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreHmacGenerated = new RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", RealmKeystoreHmacGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"HS256\")\n .secretSize(64)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreHmacGenerated:\n type: keycloak:RealmKeystoreHmacGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: HS256\n secretSize: 64\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n ", + "description": "Allows for creating and managing `hmac-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreHmacGenerated = new keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"HS256\",\n secretSize: 64,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"HS256\",\n secret_size=64)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreHmacGenerated = new Keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"HS256\",\n SecretSize = 64,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreHmacGenerated(ctx, \"keystoreHmacGenerated\", \u0026keycloak.RealmKeystoreHmacGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"HS256\"),\n\t\t\tSecretSize: pulumi.Int(64),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreHmacGenerated;\nimport com.pulumi.keycloak.RealmKeystoreHmacGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreHmacGenerated = new RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", RealmKeystoreHmacGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"HS256\")\n .secretSize(64)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreHmacGenerated:\n type: keycloak:RealmKeystoreHmacGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: HS256\n secretSize: 64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -5119,7 +4854,7 @@ } }, "keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated": { - "description": "Allows for creating and managing `java-keystore` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst javaKeystore = new keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n keystore: \"\u003cpath to your keystore\u003e\",\n keystorePassword: \"\u003cpassword for keystore\u003e\",\n keyAlias: \"\u003calias for the private key\u003e\",\n keyPassword: \"\u003cpassword for the private key\u003e\",\n priority: 100,\n algorithm: \"RS256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\njava_keystore = keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n keystore=\"\u003cpath to your keystore\u003e\",\n keystore_password=\"\u003cpassword for keystore\u003e\",\n key_alias=\"\u003calias for the private key\u003e\",\n key_password=\"\u003cpassword for the private key\u003e\",\n priority=100,\n algorithm=\"RS256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var javaKeystore = new Keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Keystore = \"\u003cpath to your keystore\u003e\",\n KeystorePassword = \"\u003cpassword for keystore\u003e\",\n KeyAlias = \"\u003calias for the private key\u003e\",\n KeyPassword = \"\u003cpassword for the private key\u003e\",\n Priority = 100,\n Algorithm = \"RS256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreJavaGenerated(ctx, \"javaKeystore\", \u0026keycloak.RealmKeystoreJavaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tKeystore: pulumi.String(\"\u003cpath to your keystore\u003e\"),\n\t\t\tKeystorePassword: pulumi.String(\"\u003cpassword for keystore\u003e\"),\n\t\t\tKeyAlias: pulumi.String(\"\u003calias for the private key\u003e\"),\n\t\t\tKeyPassword: pulumi.String(\"\u003cpassword for the private key\u003e\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreJavaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreJavaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var javaKeystore = new RealmKeystoreJavaGenerated(\"javaKeystore\", RealmKeystoreJavaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .keystore(\"\u003cpath to your keystore\u003e\")\n .keystorePassword(\"\u003cpassword for keystore\u003e\")\n .keyAlias(\"\u003calias for the private key\u003e\")\n .keyPassword(\"\u003cpassword for the private key\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n javaKeystore:\n type: keycloak:RealmKeystoreJavaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n keystore: \u003cpath to your keystore\u003e\n keystorePassword: \u003cpassword for keystore\u003e\n keyAlias: \u003calias for the private key\u003e\n keyPassword: \u003cpassword for the private key\u003e\n priority: 100\n algorithm: RS256\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n ", + "description": "Allows for creating and managing `java-keystore` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst javaKeystore = new keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n keystore: \"\u003cpath to your keystore\u003e\",\n keystorePassword: \"\u003cpassword for keystore\u003e\",\n keyAlias: \"\u003calias for the private key\u003e\",\n keyPassword: \"\u003cpassword for the private key\u003e\",\n priority: 100,\n algorithm: \"RS256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\njava_keystore = keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n keystore=\"\u003cpath to your keystore\u003e\",\n keystore_password=\"\u003cpassword for keystore\u003e\",\n key_alias=\"\u003calias for the private key\u003e\",\n key_password=\"\u003cpassword for the private key\u003e\",\n priority=100,\n algorithm=\"RS256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var javaKeystore = new Keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Keystore = \"\u003cpath to your keystore\u003e\",\n KeystorePassword = \"\u003cpassword for keystore\u003e\",\n KeyAlias = \"\u003calias for the private key\u003e\",\n KeyPassword = \"\u003cpassword for the private key\u003e\",\n Priority = 100,\n Algorithm = \"RS256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreJavaGenerated(ctx, \"javaKeystore\", \u0026keycloak.RealmKeystoreJavaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tKeystore: pulumi.String(\"\u003cpath to your keystore\u003e\"),\n\t\t\tKeystorePassword: pulumi.String(\"\u003cpassword for keystore\u003e\"),\n\t\t\tKeyAlias: pulumi.String(\"\u003calias for the private key\u003e\"),\n\t\t\tKeyPassword: pulumi.String(\"\u003cpassword for the private key\u003e\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreJavaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreJavaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var javaKeystore = new RealmKeystoreJavaGenerated(\"javaKeystore\", RealmKeystoreJavaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .keystore(\"\u003cpath to your keystore\u003e\")\n .keystorePassword(\"\u003cpassword for keystore\u003e\")\n .keyAlias(\"\u003calias for the private key\u003e\")\n .keyPassword(\"\u003cpassword for the private key\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n javaKeystore:\n type: keycloak:RealmKeystoreJavaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n keystore: \u003cpath to your keystore\u003e\n keystorePassword: \u003cpassword for keystore\u003e\n keyAlias: \u003calias for the private key\u003e\n keyPassword: \u003cpassword for the private key\u003e\n priority: 100\n algorithm: RS256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -5269,7 +5004,7 @@ } }, "keycloak:index/realmKeystoreRsa:RealmKeystoreRsa": { - "description": "Allows for creating and managing `rsa` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsa;\nimport com.pulumi.keycloak.RealmKeystoreRsaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreRsa = new RealmKeystoreRsa(\"keystoreRsa\", RealmKeystoreRsaArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .privateKey(\"\u003cyour rsa private key\u003e\")\n .certificate(\"\u003cyour certificate\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .keystoreSize(2048)\n .providerId(\"rsa\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsa:\n type: keycloak:RealmKeystoreRsa\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n privateKey: \u003cyour rsa private key\u003e\n certificate: \u003cyour certificate\u003e\n priority: 100\n algorithm: RS256\n keystoreSize: 2048\n providerId: rsa\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n ", + "description": "Allows for creating and managing `rsa` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsa;\nimport com.pulumi.keycloak.RealmKeystoreRsaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreRsa = new RealmKeystoreRsa(\"keystoreRsa\", RealmKeystoreRsaArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .privateKey(\"\u003cyour rsa private key\u003e\")\n .certificate(\"\u003cyour certificate\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .keystoreSize(2048)\n .providerId(\"rsa\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsa:\n type: keycloak:RealmKeystoreRsa\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n privateKey: \u003cyour rsa private key\u003e\n certificate: \u003cyour certificate\u003e\n priority: 100\n algorithm: RS256\n keystoreSize: 2048\n providerId: rsa\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -5405,7 +5140,7 @@ } }, "keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated": { - "description": "Allows for creating and managing `rsa-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreRsaGenerated = new keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"RS256\",\n keySize: 2048,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"RS256\",\n key_size=2048)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreRsaGenerated = new Keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"RS256\",\n KeySize = 2048,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreRsaGenerated(ctx, \"keystoreRsaGenerated\", \u0026keycloak.RealmKeystoreRsaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t\tKeySize: pulumi.Int(2048),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreRsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreRsaGenerated = new RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", RealmKeystoreRsaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"RS256\")\n .keySize(2048)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsaGenerated:\n type: keycloak:RealmKeystoreRsaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: RS256\n keySize: 2048\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n ", + "description": "Allows for creating and managing `rsa-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreRsaGenerated = new keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"RS256\",\n keySize: 2048,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"RS256\",\n key_size=2048)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreRsaGenerated = new Keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"RS256\",\n KeySize = 2048,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreRsaGenerated(ctx, \"keystoreRsaGenerated\", \u0026keycloak.RealmKeystoreRsaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t\tKeySize: pulumi.Int(2048),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreRsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreRsaGenerated = new RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", RealmKeystoreRsaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"RS256\")\n .keySize(2048)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsaGenerated:\n type: keycloak:RealmKeystoreRsaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: RS256\n keySize: 2048\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -5511,7 +5246,7 @@ } }, "keycloak:index/realmUserProfile:RealmUserProfile": { - "description": "Allows for managing Realm User Profiles within Keycloak.\n\nA user profile defines a schema for representing user attributes and how they are managed within a realm.\nThis is a preview feature, hence not fully supported and disabled by default.\nTo enable it, start the server with one of the following flags:\n- WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled`\n- Quarkus distribution: `--features=preview` or `--features=declarative-user-profile`\n\nThe realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled.\nIt can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n attributes: {\n userProfileEnabled: true,\n },\n});\nconst userprofile = new keycloak.RealmUserProfile(\"userprofile\", {\n realmId: keycloak_realm.my_realm.id,\n attributes: [\n {\n name: \"field1\",\n displayName: \"Field 1\",\n group: \"group1\",\n enabledWhenScopes: [\"offline_access\"],\n requiredForRoles: [\"user\"],\n requiredForScopes: [\"offline_access\"],\n permissions: {\n views: [\n \"admin\",\n \"user\",\n ],\n edits: [\n \"admin\",\n \"user\",\n ],\n },\n validators: [\n {\n name: \"person-name-prohibited-characters\",\n },\n {\n name: \"pattern\",\n config: {\n pattern: \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n annotations: {\n foo: \"bar\",\n },\n },\n {\n name: \"field2\",\n validators: [{\n name: \"options\",\n config: {\n options: JSON.stringify([\"opt1\"]),\n },\n }],\n annotations: {\n foo: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n ],\n groups: [\n {\n name: \"group1\",\n displayHeader: \"Group 1\",\n displayDescription: \"A first group\",\n annotations: {\n foo: \"bar\",\n foo2: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n {\n name: \"group2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n attributes={\n \"userProfileEnabled\": True,\n })\nuserprofile = keycloak.RealmUserProfile(\"userprofile\",\n realm_id=keycloak_realm[\"my_realm\"][\"id\"],\n attributes=[\n keycloak.RealmUserProfileAttributeArgs(\n name=\"field1\",\n display_name=\"Field 1\",\n group=\"group1\",\n enabled_when_scopes=[\"offline_access\"],\n required_for_roles=[\"user\"],\n required_for_scopes=[\"offline_access\"],\n permissions=keycloak.RealmUserProfileAttributePermissionsArgs(\n views=[\n \"admin\",\n \"user\",\n ],\n edits=[\n \"admin\",\n \"user\",\n ],\n ),\n validators=[\n keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"person-name-prohibited-characters\",\n ),\n keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"pattern\",\n config={\n \"pattern\": \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n ),\n ],\n annotations={\n \"foo\": \"bar\",\n },\n ),\n keycloak.RealmUserProfileAttributeArgs(\n name=\"field2\",\n validators=[keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"options\",\n config={\n \"options\": json.dumps([\"opt1\"]),\n },\n )],\n annotations={\n \"foo\": json.dumps({\n \"key\": \"val\",\n }),\n },\n ),\n ],\n groups=[\n keycloak.RealmUserProfileGroupArgs(\n name=\"group1\",\n display_header=\"Group 1\",\n display_description=\"A first group\",\n annotations={\n \"foo\": \"bar\",\n \"foo2\": json.dumps({\n \"key\": \"val\",\n }),\n },\n ),\n keycloak.RealmUserProfileGroupArgs(\n name=\"group2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Attributes = \n {\n { \"userProfileEnabled\", true },\n },\n });\n\n var userprofile = new Keycloak.RealmUserProfile(\"userprofile\", new()\n {\n RealmId = keycloak_realm.My_realm.Id,\n Attributes = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field1\",\n DisplayName = \"Field 1\",\n Group = \"group1\",\n EnabledWhenScopes = new[]\n {\n \"offline_access\",\n },\n RequiredForRoles = new[]\n {\n \"user\",\n },\n RequiredForScopes = new[]\n {\n \"offline_access\",\n },\n Permissions = new Keycloak.Inputs.RealmUserProfileAttributePermissionsArgs\n {\n Views = new[]\n {\n \"admin\",\n \"user\",\n },\n Edits = new[]\n {\n \"admin\",\n \"user\",\n },\n },\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"person-name-prohibited-characters\",\n },\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"pattern\",\n Config = \n {\n { \"pattern\", \"^[a-z]+$\" },\n { \"error-message\", \"Nope\" },\n },\n },\n },\n Annotations = \n {\n { \"foo\", \"bar\" },\n },\n },\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field2\",\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"options\",\n Config = \n {\n { \"options\", JsonSerializer.Serialize(new[]\n {\n \"opt1\",\n }) },\n },\n },\n },\n Annotations = \n {\n { \"foo\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n },\n Groups = new[]\n {\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group1\",\n DisplayHeader = \"Group 1\",\n DisplayDescription = \"A first group\",\n Annotations = \n {\n { \"foo\", \"bar\" },\n { \"foo2\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"userProfileEnabled\": pulumi.Any(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\"opt1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\ttmpJSON2, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson2 := string(tmpJSON2)\n\t\t_, err = keycloak.NewRealmUserProfile(ctx, \"userprofile\", \u0026keycloak.RealmUserProfileArgs{\n\t\t\tRealmId: pulumi.Any(keycloak_realm.My_realm.Id),\n\t\t\tAttributes: keycloak.RealmUserProfileAttributeArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field1\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Field 1\"),\n\t\t\t\t\tGroup: pulumi.String(\"group1\"),\n\t\t\t\t\tEnabledWhenScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tPermissions: \u0026keycloak.RealmUserProfileAttributePermissionsArgs{\n\t\t\t\t\t\tViews: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEdits: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"person-name-prohibited-characters\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"pattern\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"pattern\": pulumi.String(\"^[a-z]+$\"),\n\t\t\t\t\t\t\t\t\"error-message\": pulumi.String(\"Nope\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field2\"),\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"options\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"options\": pulumi.String(json0),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(json1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroups: keycloak.RealmUserProfileGroupArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group1\"),\n\t\t\t\t\tDisplayHeader: pulumi.String(\"Group 1\"),\n\t\t\t\t\tDisplayDescription: pulumi.String(\"A first group\"),\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\t\"foo2\": pulumi.String(json2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmUserProfile;\nimport com.pulumi.keycloak.RealmUserProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributeArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributePermissionsArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .attributes(Map.of(\"userProfileEnabled\", true))\n .build());\n\n var userprofile = new RealmUserProfile(\"userprofile\", RealmUserProfileArgs.builder() \n .realmId(keycloak_realm.my_realm().id())\n .attributes( \n RealmUserProfileAttributeArgs.builder()\n .name(\"field1\")\n .displayName(\"Field 1\")\n .group(\"group1\")\n .enabledWhenScopes(\"offline_access\")\n .requiredForRoles(\"user\")\n .requiredForScopes(\"offline_access\")\n .permissions(RealmUserProfileAttributePermissionsArgs.builder()\n .views( \n \"admin\",\n \"user\")\n .edits( \n \"admin\",\n \"user\")\n .build())\n .validators( \n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"person-name-prohibited-characters\")\n .build(),\n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"pattern\")\n .config(Map.ofEntries(\n Map.entry(\"pattern\", \"^[a-z]+$\"),\n Map.entry(\"error-message\", \"Nope\")\n ))\n .build())\n .annotations(Map.of(\"foo\", \"bar\"))\n .build(),\n RealmUserProfileAttributeArgs.builder()\n .name(\"field2\")\n .validators(RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"options\")\n .config(Map.of(\"options\", serializeJson(\n jsonArray(\"opt1\"))))\n .build())\n .annotations(Map.of(\"foo\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n ))))\n .build())\n .groups( \n RealmUserProfileGroupArgs.builder()\n .name(\"group1\")\n .displayHeader(\"Group 1\")\n .displayDescription(\"A first group\")\n .annotations(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"foo2\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n )))\n ))\n .build(),\n RealmUserProfileGroupArgs.builder()\n .name(\"group2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n attributes:\n userProfileEnabled: true\n userprofile:\n type: keycloak:RealmUserProfile\n properties:\n realmId: ${keycloak_realm.my_realm.id}\n attributes:\n - name: field1\n displayName: Field 1\n group: group1\n enabledWhenScopes:\n - offline_access\n requiredForRoles:\n - user\n requiredForScopes:\n - offline_access\n permissions:\n views:\n - admin\n - user\n edits:\n - admin\n - user\n validators:\n - name: person-name-prohibited-characters\n - name: pattern\n config:\n pattern: ^[a-z]+$\n error-message: Nope\n annotations:\n foo: bar\n - name: field2\n validators:\n - name: options\n config:\n options:\n fn::toJSON:\n - opt1\n annotations:\n foo:\n fn::toJSON:\n key: val\n groups:\n - name: group1\n displayHeader: Group 1\n displayDescription: A first group\n annotations:\n foo: bar\n foo2:\n fn::toJSON:\n key: val\n - name: group2\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource currently does not support importing.\n\n ", + "description": "Allows for managing Realm User Profiles within Keycloak.\n\nA user profile defines a schema for representing user attributes and how they are managed within a realm.\nThis is a preview feature, hence not fully supported and disabled by default.\nTo enable it, start the server with one of the following flags:\n- WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled`\n- Quarkus distribution: `--features=preview` or `--features=declarative-user-profile`\n\nThe realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled.\nIt can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n attributes: {\n userProfileEnabled: true,\n },\n});\nconst userprofile = new keycloak.RealmUserProfile(\"userprofile\", {\n realmId: keycloak_realm.my_realm.id,\n attributes: [\n {\n name: \"field1\",\n displayName: \"Field 1\",\n group: \"group1\",\n enabledWhenScopes: [\"offline_access\"],\n requiredForRoles: [\"user\"],\n requiredForScopes: [\"offline_access\"],\n permissions: {\n views: [\n \"admin\",\n \"user\",\n ],\n edits: [\n \"admin\",\n \"user\",\n ],\n },\n validators: [\n {\n name: \"person-name-prohibited-characters\",\n },\n {\n name: \"pattern\",\n config: {\n pattern: \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n annotations: {\n foo: \"bar\",\n },\n },\n {\n name: \"field2\",\n validators: [{\n name: \"options\",\n config: {\n options: JSON.stringify([\"opt1\"]),\n },\n }],\n annotations: {\n foo: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n ],\n groups: [\n {\n name: \"group1\",\n displayHeader: \"Group 1\",\n displayDescription: \"A first group\",\n annotations: {\n foo: \"bar\",\n foo2: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n {\n name: \"group2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n attributes={\n \"userProfileEnabled\": True,\n })\nuserprofile = keycloak.RealmUserProfile(\"userprofile\",\n realm_id=keycloak_realm[\"my_realm\"][\"id\"],\n attributes=[\n keycloak.RealmUserProfileAttributeArgs(\n name=\"field1\",\n display_name=\"Field 1\",\n group=\"group1\",\n enabled_when_scopes=[\"offline_access\"],\n required_for_roles=[\"user\"],\n required_for_scopes=[\"offline_access\"],\n permissions=keycloak.RealmUserProfileAttributePermissionsArgs(\n views=[\n \"admin\",\n \"user\",\n ],\n edits=[\n \"admin\",\n \"user\",\n ],\n ),\n validators=[\n keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"person-name-prohibited-characters\",\n ),\n keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"pattern\",\n config={\n \"pattern\": \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n ),\n ],\n annotations={\n \"foo\": \"bar\",\n },\n ),\n keycloak.RealmUserProfileAttributeArgs(\n name=\"field2\",\n validators=[keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"options\",\n config={\n \"options\": json.dumps([\"opt1\"]),\n },\n )],\n annotations={\n \"foo\": json.dumps({\n \"key\": \"val\",\n }),\n },\n ),\n ],\n groups=[\n keycloak.RealmUserProfileGroupArgs(\n name=\"group1\",\n display_header=\"Group 1\",\n display_description=\"A first group\",\n annotations={\n \"foo\": \"bar\",\n \"foo2\": json.dumps({\n \"key\": \"val\",\n }),\n },\n ),\n keycloak.RealmUserProfileGroupArgs(\n name=\"group2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Attributes = \n {\n { \"userProfileEnabled\", true },\n },\n });\n\n var userprofile = new Keycloak.RealmUserProfile(\"userprofile\", new()\n {\n RealmId = keycloak_realm.My_realm.Id,\n Attributes = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field1\",\n DisplayName = \"Field 1\",\n Group = \"group1\",\n EnabledWhenScopes = new[]\n {\n \"offline_access\",\n },\n RequiredForRoles = new[]\n {\n \"user\",\n },\n RequiredForScopes = new[]\n {\n \"offline_access\",\n },\n Permissions = new Keycloak.Inputs.RealmUserProfileAttributePermissionsArgs\n {\n Views = new[]\n {\n \"admin\",\n \"user\",\n },\n Edits = new[]\n {\n \"admin\",\n \"user\",\n },\n },\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"person-name-prohibited-characters\",\n },\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"pattern\",\n Config = \n {\n { \"pattern\", \"^[a-z]+$\" },\n { \"error-message\", \"Nope\" },\n },\n },\n },\n Annotations = \n {\n { \"foo\", \"bar\" },\n },\n },\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field2\",\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"options\",\n Config = \n {\n { \"options\", JsonSerializer.Serialize(new[]\n {\n \"opt1\",\n }) },\n },\n },\n },\n Annotations = \n {\n { \"foo\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n },\n Groups = new[]\n {\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group1\",\n DisplayHeader = \"Group 1\",\n DisplayDescription = \"A first group\",\n Annotations = \n {\n { \"foo\", \"bar\" },\n { \"foo2\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"userProfileEnabled\": pulumi.Any(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\"opt1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\ttmpJSON2, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson2 := string(tmpJSON2)\n\t\t_, err = keycloak.NewRealmUserProfile(ctx, \"userprofile\", \u0026keycloak.RealmUserProfileArgs{\n\t\t\tRealmId: pulumi.Any(keycloak_realm.My_realm.Id),\n\t\t\tAttributes: keycloak.RealmUserProfileAttributeArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field1\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Field 1\"),\n\t\t\t\t\tGroup: pulumi.String(\"group1\"),\n\t\t\t\t\tEnabledWhenScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tPermissions: \u0026keycloak.RealmUserProfileAttributePermissionsArgs{\n\t\t\t\t\t\tViews: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEdits: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"person-name-prohibited-characters\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"pattern\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"pattern\": pulumi.String(\"^[a-z]+$\"),\n\t\t\t\t\t\t\t\t\"error-message\": pulumi.String(\"Nope\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field2\"),\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"options\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"options\": pulumi.String(json0),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(json1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroups: keycloak.RealmUserProfileGroupArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group1\"),\n\t\t\t\t\tDisplayHeader: pulumi.String(\"Group 1\"),\n\t\t\t\t\tDisplayDescription: pulumi.String(\"A first group\"),\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\t\"foo2\": pulumi.String(json2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmUserProfile;\nimport com.pulumi.keycloak.RealmUserProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributeArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributePermissionsArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .attributes(Map.of(\"userProfileEnabled\", true))\n .build());\n\n var userprofile = new RealmUserProfile(\"userprofile\", RealmUserProfileArgs.builder() \n .realmId(keycloak_realm.my_realm().id())\n .attributes( \n RealmUserProfileAttributeArgs.builder()\n .name(\"field1\")\n .displayName(\"Field 1\")\n .group(\"group1\")\n .enabledWhenScopes(\"offline_access\")\n .requiredForRoles(\"user\")\n .requiredForScopes(\"offline_access\")\n .permissions(RealmUserProfileAttributePermissionsArgs.builder()\n .views( \n \"admin\",\n \"user\")\n .edits( \n \"admin\",\n \"user\")\n .build())\n .validators( \n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"person-name-prohibited-characters\")\n .build(),\n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"pattern\")\n .config(Map.ofEntries(\n Map.entry(\"pattern\", \"^[a-z]+$\"),\n Map.entry(\"error-message\", \"Nope\")\n ))\n .build())\n .annotations(Map.of(\"foo\", \"bar\"))\n .build(),\n RealmUserProfileAttributeArgs.builder()\n .name(\"field2\")\n .validators(RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"options\")\n .config(Map.of(\"options\", serializeJson(\n jsonArray(\"opt1\"))))\n .build())\n .annotations(Map.of(\"foo\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n ))))\n .build())\n .groups( \n RealmUserProfileGroupArgs.builder()\n .name(\"group1\")\n .displayHeader(\"Group 1\")\n .displayDescription(\"A first group\")\n .annotations(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"foo2\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n )))\n ))\n .build(),\n RealmUserProfileGroupArgs.builder()\n .name(\"group2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n attributes:\n userProfileEnabled: true\n userprofile:\n type: keycloak:RealmUserProfile\n properties:\n realmId: ${keycloak_realm.my_realm.id}\n attributes:\n - name: field1\n displayName: Field 1\n group: group1\n enabledWhenScopes:\n - offline_access\n requiredForRoles:\n - user\n requiredForScopes:\n - offline_access\n permissions:\n views:\n - admin\n - user\n edits:\n - admin\n - user\n validators:\n - name: person-name-prohibited-characters\n - name: pattern\n config:\n pattern: ^[a-z]+$\n error-message: Nope\n annotations:\n foo: bar\n - name: field2\n validators:\n - name: options\n config:\n options:\n fn::toJSON:\n - opt1\n annotations:\n foo:\n fn::toJSON:\n key: val\n groups:\n - name: group1\n displayHeader: Group 1\n displayDescription: A first group\n annotations:\n foo: bar\n foo2:\n fn::toJSON:\n key: val\n - name: group2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource currently does not support importing.\n\n", "properties": { "attributes": { "type": "array", @@ -5586,7 +5321,7 @@ } }, "keycloak:index/requiredAction:RequiredAction": { - "description": "Allows for creating and managing required actions within Keycloak.\n\n[Required actions](https://www.keycloak.org/docs/latest/server_admin/#con-required-actions_server_administration_guide) specify actions required before the first login of all new users.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst requiredAction = new keycloak.RequiredAction(\"requiredAction\", {\n realmId: realm.realm,\n alias: \"webauthn-register\",\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrequired_action = keycloak.RequiredAction(\"requiredAction\",\n realm_id=realm.realm,\n alias=\"webauthn-register\",\n enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var requiredAction = new Keycloak.RequiredAction(\"requiredAction\", new()\n {\n RealmId = realm.RealmName,\n Alias = \"webauthn-register\",\n Enabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRequiredAction(ctx, \"requiredAction\", \u0026keycloak.RequiredActionArgs{\n\t\t\tRealmId: realm.Realm,\n\t\t\tAlias: pulumi.String(\"webauthn-register\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RequiredAction;\nimport com.pulumi.keycloak.RequiredActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var requiredAction = new RequiredAction(\"requiredAction\", RequiredActionArgs.builder() \n .realmId(realm.realm())\n .alias(\"webauthn-register\")\n .enabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n requiredAction:\n type: keycloak:RequiredAction\n properties:\n realmId: ${realm.realm}\n alias: webauthn-register\n enabled: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realm}}/{{alias}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias\n```\n\n ", + "description": "Allows for creating and managing required actions within Keycloak.\n\n[Required actions](https://www.keycloak.org/docs/latest/server_admin/#con-required-actions_server_administration_guide) specify actions required before the first login of all new users.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst requiredAction = new keycloak.RequiredAction(\"requiredAction\", {\n realmId: realm.realm,\n alias: \"webauthn-register\",\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrequired_action = keycloak.RequiredAction(\"requiredAction\",\n realm_id=realm.realm,\n alias=\"webauthn-register\",\n enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var requiredAction = new Keycloak.RequiredAction(\"requiredAction\", new()\n {\n RealmId = realm.RealmName,\n Alias = \"webauthn-register\",\n Enabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRequiredAction(ctx, \"requiredAction\", \u0026keycloak.RequiredActionArgs{\n\t\t\tRealmId: realm.Realm,\n\t\t\tAlias: pulumi.String(\"webauthn-register\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RequiredAction;\nimport com.pulumi.keycloak.RequiredActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var requiredAction = new RequiredAction(\"requiredAction\", RequiredActionArgs.builder() \n .realmId(realm.realm())\n .alias(\"webauthn-register\")\n .enabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n requiredAction:\n type: keycloak:RequiredAction\n properties:\n realmId: ${realm.realm}\n alias: webauthn-register\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realm}}/{{alias}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias\n```\n\n", "properties": { "alias": { "type": "string", @@ -5681,37 +5416,31 @@ } }, "keycloak:index/role:Role": { - "description": "Allows for creating and managing roles within Keycloak.\n\nRoles allow you define privileges within Keycloak and map them to users and groups.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Realm Role)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n attributes: {\n key: \"value\",\n multivalue: \"value1##value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\",\n attributes={\n \"key\": \"value\",\n \"multivalue\": \"value1##value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n { \"multivalue\", \"value1##value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key\": pulumi.Any(\"value\"),\n\t\t\t\t\"multivalue\": pulumi.Any(\"value1##value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .attributes(Map.ofEntries(\n Map.entry(\"key\", \"value\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n attributes:\n key: value\n multivalue: value1##value2\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Role)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: keycloak_client.openid_client.id,\n description: \"My Client Role\",\n attributes: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=keycloak_client[\"openid_client\"][\"id\"],\n description=\"My Client Role\",\n attributes={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_client.Openid_client.Id,\n Description = \"My Client Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_client.Openid_client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_client.openid_client().id())\n .description(\"My Client Role\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_client.openid_client.id}\n description: My Client Role\n attributes:\n key: value\n```\n\n{{% /example %}}\n{{% example %}}\n### Composite Role)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// realm roles\nconst createRole = new keycloak.Role(\"createRole\", {\n realmId: realm.id,\n attributes: {\n key: \"value\",\n },\n});\nconst readRole = new keycloak.Role(\"readRole\", {\n realmId: realm.id,\n attributes: {\n key: \"value\",\n },\n});\nconst updateRole = new keycloak.Role(\"updateRole\", {\n realmId: realm.id,\n attributes: {\n key: \"value\",\n },\n});\nconst deleteRole = new keycloak.Role(\"deleteRole\", {\n realmId: realm.id,\n attributes: {\n key: \"value\",\n },\n});\n// client role\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: keycloak_client.openid_client.id,\n description: \"My Client Role\",\n attributes: {\n key: \"value\",\n },\n});\nconst adminRole = new keycloak.Role(\"adminRole\", {\n realmId: realm.id,\n compositeRoles: [\n createRole.id,\n readRole.id,\n updateRole.id,\n deleteRole.id,\n clientRole.id,\n ],\n attributes: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# realm roles\ncreate_role = keycloak.Role(\"createRole\",\n realm_id=realm.id,\n attributes={\n \"key\": \"value\",\n })\nread_role = keycloak.Role(\"readRole\",\n realm_id=realm.id,\n attributes={\n \"key\": \"value\",\n })\nupdate_role = keycloak.Role(\"updateRole\",\n realm_id=realm.id,\n attributes={\n \"key\": \"value\",\n })\ndelete_role = keycloak.Role(\"deleteRole\",\n realm_id=realm.id,\n attributes={\n \"key\": \"value\",\n })\n# client role\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=keycloak_client[\"openid_client\"][\"id\"],\n description=\"My Client Role\",\n attributes={\n \"key\": \"value\",\n })\nadmin_role = keycloak.Role(\"adminRole\",\n realm_id=realm.id,\n composite_roles=[\n create_role.id,\n read_role.id,\n update_role.id,\n delete_role.id,\n client_role.id,\n ],\n attributes={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // realm roles\n var createRole = new Keycloak.Role(\"createRole\", new()\n {\n RealmId = realm.Id,\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var readRole = new Keycloak.Role(\"readRole\", new()\n {\n RealmId = realm.Id,\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var updateRole = new Keycloak.Role(\"updateRole\", new()\n {\n RealmId = realm.Id,\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var deleteRole = new Keycloak.Role(\"deleteRole\", new()\n {\n RealmId = realm.Id,\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n // client role\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_client.Openid_client.Id,\n Description = \"My Client Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var adminRole = new Keycloak.Role(\"adminRole\", new()\n {\n RealmId = realm.Id,\n CompositeRoles = new[]\n {\n createRole.Id,\n readRole.Id,\n updateRole.Id,\n deleteRole.Id,\n clientRole.Id,\n },\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcreateRole, err := keycloak.NewRole(ctx, \"createRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treadRole, err := keycloak.NewRole(ctx, \"readRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tupdateRole, err := keycloak.NewRole(ctx, \"updateRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdeleteRole, err := keycloak.NewRole(ctx, \"deleteRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_client.Openid_client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"adminRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tCompositeRoles: pulumi.StringArray{\n\t\t\t\tcreateRole.ID(),\n\t\t\t\treadRole.ID(),\n\t\t\t\tupdateRole.ID(),\n\t\t\t\tdeleteRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var createRole = new Role(\"createRole\", RoleArgs.builder() \n .realmId(realm.id())\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var readRole = new Role(\"readRole\", RoleArgs.builder() \n .realmId(realm.id())\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var updateRole = new Role(\"updateRole\", RoleArgs.builder() \n .realmId(realm.id())\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var deleteRole = new Role(\"deleteRole\", RoleArgs.builder() \n .realmId(realm.id())\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_client.openid_client().id())\n .description(\"My Client Role\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var adminRole = new Role(\"adminRole\", RoleArgs.builder() \n .realmId(realm.id())\n .compositeRoles( \n createRole.id(),\n readRole.id(),\n updateRole.id(),\n deleteRole.id(),\n clientRole.id())\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm: # realm roles\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n createRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n attributes:\n key: value\n readRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n attributes:\n key: value\n updateRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n attributes:\n key: value\n deleteRole: # client role\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n attributes:\n key: value\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_client.openid_client.id}\n description: My Client Role\n attributes:\n key: value\n adminRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n compositeRoles:\n - ${createRole.id}\n - ${readRole.id}\n - ${updateRole.id}\n - ${deleteRole.id}\n - ${clientRole.id}\n attributes:\n key: value\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns\n\n to the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad\n```\n\n ", + "description": "## # keycloak.Role\n\nAllows for creating and managing roles within Keycloak.\n\nRoles allow you define privileges within Keycloak and map them to users\nand groups.\n\n### Example Usage (Realm role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n description: \"My Realm Role\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nrealm_role = keycloak.Role(\"realmRole\",\n description=\"My Realm Role\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n Description = \"My Realm Role\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .description(\"My Realm Role\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n realmRole:\n type: keycloak:Role\n properties:\n description: My Realm Role\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"BEARER-ONLY\",\n clientId: \"client\",\n enabled: true,\n realmId: realm.id,\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient = keycloak.openid.Client(\"client\",\n access_type=\"BEARER-ONLY\",\n client_id=\"client\",\n enabled=True,\n realm_id=realm.id)\nclient_role = keycloak.Role(\"clientRole\",\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"BEARER-ONLY\",\n ClientId = \"client\",\n Enabled = true,\n RealmId = realm.Id,\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"BEARER-ONLY\")\n .clientId(\"client\")\n .enabled(true)\n .realmId(realm.id())\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n client:\n type: keycloak:openid:Client\n properties:\n accessType: BEARER-ONLY\n clientId: client\n enabled: true\n realmId: ${realm.id}\n clientRole:\n type: keycloak:Role\n properties:\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Composite role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst createRole = new keycloak.Role(\"createRole\", {realmId: realm.id});\nconst readRole = new keycloak.Role(\"readRole\", {realmId: realm.id});\nconst updateRole = new keycloak.Role(\"updateRole\", {realmId: realm.id});\nconst deleteRole = new keycloak.Role(\"deleteRole\", {realmId: realm.id});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"BEARER-ONLY\",\n clientId: \"client\",\n enabled: true,\n realmId: realm.id,\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n realmId: realm.id,\n});\nconst adminRole = new keycloak.Role(\"adminRole\", {\n compositeRoles: [\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n ],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\ncreate_role = keycloak.Role(\"createRole\", realm_id=realm.id)\nread_role = keycloak.Role(\"readRole\", realm_id=realm.id)\nupdate_role = keycloak.Role(\"updateRole\", realm_id=realm.id)\ndelete_role = keycloak.Role(\"deleteRole\", realm_id=realm.id)\nclient = keycloak.openid.Client(\"client\",\n access_type=\"BEARER-ONLY\",\n client_id=\"client\",\n enabled=True,\n realm_id=realm.id)\nclient_role = keycloak.Role(\"clientRole\",\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\",\n realm_id=realm.id)\nadmin_role = keycloak.Role(\"adminRole\",\n composite_roles=[\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n ],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var createRole = new Keycloak.Role(\"createRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var readRole = new Keycloak.Role(\"readRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var updateRole = new Keycloak.Role(\"updateRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var deleteRole = new Keycloak.Role(\"deleteRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"BEARER-ONLY\",\n ClientId = \"client\",\n Enabled = true,\n RealmId = realm.Id,\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n RealmId = realm.Id,\n });\n\n var adminRole = new Keycloak.Role(\"adminRole\", new()\n {\n CompositeRoles = new[]\n {\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"createRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"readRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"updateRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"deleteRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"adminRole\", \u0026keycloak.RoleArgs{\n\t\t\tCompositeRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"{keycloak_role.create_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.read_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.update_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.delete_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.client_role.id}\"),\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var createRole = new Role(\"createRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var readRole = new Role(\"readRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var updateRole = new Role(\"updateRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var deleteRole = new Role(\"deleteRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"BEARER-ONLY\")\n .clientId(\"client\")\n .enabled(true)\n .realmId(realm.id())\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .realmId(realm.id())\n .build());\n\n var adminRole = new Role(\"adminRole\", RoleArgs.builder() \n .compositeRoles( \n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n createRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n readRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n updateRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n deleteRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n client:\n type: keycloak:openid:Client\n properties:\n accessType: BEARER-ONLY\n clientId: client\n enabled: true\n realmId: ${realm.id}\n clientRole:\n type: keycloak:Role\n properties:\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n realmId: ${realm.id}\n adminRole:\n type: keycloak:Role\n properties:\n compositeRoles:\n - '{keycloak_role.create_role.id}'\n - '{keycloak_role.read_role.id}'\n - '{keycloak_role.update_role.id}'\n - '{keycloak_role.delete_role.id}'\n - '{keycloak_role.client_role.id}'\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this role exists within.\n- `client_id` - (Optional) When specified, this role will be created as\n a client role attached to the client with the provided ID\n- `name` - (Required) The name of the role\n- `description` - (Optional) The description of the role\n- `composite_roles` - (Optional) When specified, this role will be a\n composite role, composed of all roles that have an ID present within\n this list.\n\n\n### Import\n\nRoles can be imported using the format `{{realm_id}}/{{role_id}}`, where\n`role_id` is the unique ID that Keycloak assigns to the role. The ID is\nnot easy to find in the GUI, but it appears in the URL when editing the\nrole.\n\nExample:\n\n```bash\n$ terraform import keycloak_role.role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad\n```\n", "properties": { "attributes": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "clientId": { - "type": "string", - "description": "When specified, this role will be created as a client role attached to the client with the provided ID\n" + "type": "string" }, "compositeRoles": { "type": "array", "items": { "type": "string" - }, - "description": "When specified, this role will be a composite role, composed of all roles that have an ID present within this list.\n" + } }, "description": { - "type": "string", - "description": "The description of the role\n" + "type": "string" }, "name": { - "type": "string", - "description": "The name of the role\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this role exists within.\n" + "type": "string" } }, "required": [ @@ -5723,32 +5452,26 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "clientId": { "type": "string", - "description": "When specified, this role will be created as a client role attached to the client with the provided ID\n", "willReplaceOnChanges": true }, "compositeRoles": { "type": "array", "items": { "type": "string" - }, - "description": "When specified, this role will be a composite role, composed of all roles that have an ID present within this list.\n" + } }, "description": { - "type": "string", - "description": "The description of the role\n" + "type": "string" }, "name": { - "type": "string", - "description": "The name of the role\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this role exists within.\n", "willReplaceOnChanges": true } }, @@ -5762,32 +5485,26 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "clientId": { "type": "string", - "description": "When specified, this role will be created as a client role attached to the client with the provided ID\n", "willReplaceOnChanges": true }, "compositeRoles": { "type": "array", "items": { "type": "string" - }, - "description": "When specified, this role will be a composite role, composed of all roles that have an ID present within this list.\n" + } }, "description": { - "type": "string", - "description": "The description of the role\n" + "type": "string" }, "name": { - "type": "string", - "description": "The name of the role\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this role exists within.\n", "willReplaceOnChanges": true } }, @@ -5795,60 +5512,49 @@ } }, "keycloak:index/user:User": { - "description": "Allows for creating and managing Users within Keycloak.\n\nThis resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource. Creating users within\nKeycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers\nor identity providers.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@domain.com\",\n firstName: \"Bob\",\n lastName: \"Bobson\",\n});\nconst userWithInitialPassword = new keycloak.User(\"userWithInitialPassword\", {\n realmId: realm.id,\n username: \"alice\",\n enabled: true,\n email: \"alice@domain.com\",\n firstName: \"Alice\",\n lastName: \"Aliceberg\",\n attributes: {\n foo: \"bar\",\n multivalue: \"value1##value2\",\n },\n initialPassword: {\n value: \"some password\",\n temporary: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@domain.com\",\n first_name=\"Bob\",\n last_name=\"Bobson\")\nuser_with_initial_password = keycloak.User(\"userWithInitialPassword\",\n realm_id=realm.id,\n username=\"alice\",\n enabled=True,\n email=\"alice@domain.com\",\n first_name=\"Alice\",\n last_name=\"Aliceberg\",\n attributes={\n \"foo\": \"bar\",\n \"multivalue\": \"value1##value2\",\n },\n initial_password=keycloak.UserInitialPasswordArgs(\n value=\"some password\",\n temporary=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@domain.com\",\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n });\n\n var userWithInitialPassword = new Keycloak.User(\"userWithInitialPassword\", new()\n {\n RealmId = realm.Id,\n Username = \"alice\",\n Enabled = true,\n Email = \"alice@domain.com\",\n FirstName = \"Alice\",\n LastName = \"Aliceberg\",\n Attributes = \n {\n { \"foo\", \"bar\" },\n { \"multivalue\", \"value1##value2\" },\n },\n InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs\n {\n Value = \"some password\",\n Temporary = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"userWithInitialPassword\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"alice\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"alice@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Alice\"),\n\t\t\tLastName: pulumi.String(\"Aliceberg\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t\t\"multivalue\": pulumi.Any(\"value1##value2\"),\n\t\t\t},\n\t\t\tInitialPassword: \u0026keycloak.UserInitialPasswordArgs{\n\t\t\t\tValue: pulumi.String(\"some password\"),\n\t\t\t\tTemporary: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.inputs.UserInitialPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@domain.com\")\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .build());\n\n var userWithInitialPassword = new User(\"userWithInitialPassword\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"alice\")\n .enabled(true)\n .email(\"alice@domain.com\")\n .firstName(\"Alice\")\n .lastName(\"Aliceberg\")\n .attributes(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .initialPassword(UserInitialPasswordArgs.builder()\n .value(\"some password\")\n .temporary(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@domain.com\n firstName: Bob\n lastName: Bobson\n userWithInitialPassword:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: alice\n enabled: true\n email: alice@domain.com\n firstName: Alice\n lastName: Aliceberg\n attributes:\n foo: bar\n multivalue: value1##value2\n initialPassword:\n value: some password\n temporary: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsers can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak\n\n assigns to the user upon creation. This value can be found in the GUI when editing the user.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4\n```\n\n ", + "description": "## # keycloak.User\n\nAllows for creating and managing Users within Keycloak.\n\nThis resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource.\nCreating users within Keycloak is not recommended. Instead, users should be federated from external sources\nby configuring user federation providers or identity providers.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst user = new keycloak.User(\"user\", {\n email: \"bob@domain.com\",\n enabled: true,\n firstName: \"Bob\",\n lastName: \"Bobson\",\n realmId: realm.id,\n username: \"bob\",\n});\nconst userWithInitialPassword = new keycloak.User(\"userWithInitialPassword\", {\n email: \"alice@domain.com\",\n enabled: true,\n firstName: \"Alice\",\n initialPassword: {\n temporary: true,\n value: \"some password\",\n },\n lastName: \"Aliceberg\",\n realmId: realm.id,\n username: \"alice\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nuser = keycloak.User(\"user\",\n email=\"bob@domain.com\",\n enabled=True,\n first_name=\"Bob\",\n last_name=\"Bobson\",\n realm_id=realm.id,\n username=\"bob\")\nuser_with_initial_password = keycloak.User(\"userWithInitialPassword\",\n email=\"alice@domain.com\",\n enabled=True,\n first_name=\"Alice\",\n initial_password=keycloak.UserInitialPasswordArgs(\n temporary=True,\n value=\"some password\",\n ),\n last_name=\"Aliceberg\",\n realm_id=realm.id,\n username=\"alice\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n Email = \"bob@domain.com\",\n Enabled = true,\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n RealmId = realm.Id,\n Username = \"bob\",\n });\n\n var userWithInitialPassword = new Keycloak.User(\"userWithInitialPassword\", new()\n {\n Email = \"alice@domain.com\",\n Enabled = true,\n FirstName = \"Alice\",\n InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs\n {\n Temporary = true,\n Value = \"some password\",\n },\n LastName = \"Aliceberg\",\n RealmId = realm.Id,\n Username = \"alice\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"userWithInitialPassword\", \u0026keycloak.UserArgs{\n\t\t\tEmail: pulumi.String(\"alice@domain.com\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tFirstName: pulumi.String(\"Alice\"),\n\t\t\tInitialPassword: \u0026keycloak.UserInitialPasswordArgs{\n\t\t\t\tTemporary: pulumi.Bool(true),\n\t\t\t\tValue: pulumi.String(\"some password\"),\n\t\t\t},\n\t\t\tLastName: pulumi.String(\"Aliceberg\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"alice\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.inputs.UserInitialPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .email(\"bob@domain.com\")\n .enabled(true)\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .realmId(realm.id())\n .username(\"bob\")\n .build());\n\n var userWithInitialPassword = new User(\"userWithInitialPassword\", UserArgs.builder() \n .email(\"alice@domain.com\")\n .enabled(true)\n .firstName(\"Alice\")\n .initialPassword(UserInitialPasswordArgs.builder()\n .temporary(true)\n .value(\"some password\")\n .build())\n .lastName(\"Aliceberg\")\n .realmId(realm.id())\n .username(\"alice\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n user:\n type: keycloak:User\n properties:\n email: bob@domain.com\n enabled: true\n firstName: Bob\n lastName: Bobson\n realmId: ${realm.id}\n username: bob\n userWithInitialPassword:\n type: keycloak:User\n properties:\n email: alice@domain.com\n enabled: true\n firstName: Alice\n initialPassword:\n temporary: true\n value: some password\n lastName: Aliceberg\n realmId: ${realm.id}\n username: alice\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this user belongs to.\n- `username` - (Required) The unique username of this user.\n- `initial_password` (Optional) When given, the user's initial password will be set.\n This attribute is only respected during initial user creation.\n - `value` (Required) The initial password.\n - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`.\n- `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`.\n- `email` - (Optional) The user's email.\n- `first_name` - (Optional) The user's first name.\n- `last_name` - (Optional) The user's last name.\n\n### Import\n\nUsers can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak\nassigns to the user upon creation. This value can be found in the GUI when editing the user.\n\nExample:\n\n```bash\n$ terraform import keycloak_user.user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4\n```\n", "properties": { "attributes": { "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "email": { - "type": "string", - "description": "The user's email.\n" + "type": "string" }, "emailVerified": { - "type": "boolean", - "description": "Whether the email address was validated or not. Default to `false`.\n" + "type": "boolean" }, "enabled": { - "type": "boolean", - "description": "When false, this user cannot log in. Defaults to `true`.\n" + "type": "boolean" }, "federatedIdentities": { "type": "array", "items": { "$ref": "#/types/keycloak:index/UserFederatedIdentity:UserFederatedIdentity" - }, - "description": "When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details.\n" + } }, "firstName": { - "type": "string", - "description": "The user's first name.\n" + "type": "string" }, "initialPassword": { - "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword", - "description": "When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n" + "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword" }, "lastName": { - "type": "string", - "description": "The user's last name.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this user belongs to.\n" + "type": "string" }, "requiredActions": { "type": "array", "items": { "type": "string" - }, - "description": "A list of required user actions.\n" + } }, "username": { - "type": "string", - "description": "The unique username of this user.\n" + "type": "string" } }, "required": [ @@ -5860,55 +5566,44 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "email": { - "type": "string", - "description": "The user's email.\n" + "type": "string" }, "emailVerified": { - "type": "boolean", - "description": "Whether the email address was validated or not. Default to `false`.\n" + "type": "boolean" }, "enabled": { - "type": "boolean", - "description": "When false, this user cannot log in. Defaults to `true`.\n" + "type": "boolean" }, "federatedIdentities": { "type": "array", "items": { "$ref": "#/types/keycloak:index/UserFederatedIdentity:UserFederatedIdentity" - }, - "description": "When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details.\n" + } }, "firstName": { - "type": "string", - "description": "The user's first name.\n" + "type": "string" }, "initialPassword": { - "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword", - "description": "When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n" + "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword" }, "lastName": { - "type": "string", - "description": "The user's last name.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this user belongs to.\n", "willReplaceOnChanges": true }, "requiredActions": { "type": "array", "items": { "type": "string" - }, - "description": "A list of required user actions.\n" + } }, "username": { "type": "string", - "description": "The unique username of this user.\n", "willReplaceOnChanges": true } }, @@ -5923,55 +5618,44 @@ "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - }, - "description": "A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + } }, "email": { - "type": "string", - "description": "The user's email.\n" + "type": "string" }, "emailVerified": { - "type": "boolean", - "description": "Whether the email address was validated or not. Default to `false`.\n" + "type": "boolean" }, "enabled": { - "type": "boolean", - "description": "When false, this user cannot log in. Defaults to `true`.\n" + "type": "boolean" }, "federatedIdentities": { "type": "array", "items": { "$ref": "#/types/keycloak:index/UserFederatedIdentity:UserFederatedIdentity" - }, - "description": "When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details.\n" + } }, "firstName": { - "type": "string", - "description": "The user's first name.\n" + "type": "string" }, "initialPassword": { - "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword", - "description": "When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n" + "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword" }, "lastName": { - "type": "string", - "description": "The user's last name.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this user belongs to.\n", "willReplaceOnChanges": true }, "requiredActions": { "type": "array", "items": { "type": "string" - }, - "description": "A list of required user actions.\n" + } }, "username": { "type": "string", - "description": "The unique username of this user.\n", "willReplaceOnChanges": true } }, @@ -5979,7 +5663,7 @@ } }, "keycloak:index/userGroups:UserGroups": { - "description": "Allows for managing a Keycloak user's groups.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over user groups: groups that are manually added to the user will be removed, and groups that are manually removed from the user group will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `keycloak.UserGroups` for the same `user_id`.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Exhaustive Groups)\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst userGroups = new keycloak.UserGroups(\"userGroups\", {\n realmId: realm.id,\n userId: user.id,\n groupIds: [group.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\nuser_groups = keycloak.UserGroups(\"userGroups\",\n realm_id=realm.id,\n user_id=user.id,\n group_ids=[group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var userGroups = new Keycloak.UserGroups(\"userGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n GroupIds = new[]\n {\n @group.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserGroups;\nimport com.pulumi.keycloak.UserGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var userGroups = new UserGroups(\"userGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .groupIds(group.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n userGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n groupIds:\n - ${group.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Non Exhaustive Groups)\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst groupFoo = new keycloak.Group(\"groupFoo\", {realmId: realm.id});\nconst groupBar = new keycloak.Group(\"groupBar\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst userGroupsAssociation1UserGroups = new keycloak.UserGroups(\"userGroupsAssociation1UserGroups\", {\n realmId: realm.id,\n userId: user.id,\n exhaustive: false,\n groupIds: [groupFoo.id],\n});\nconst userGroupsAssociation1Index_userGroupsUserGroups = new keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", {\n realmId: realm.id,\n userId: user.id,\n exhaustive: false,\n groupIds: [groupBar.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup_foo = keycloak.Group(\"groupFoo\", realm_id=realm.id)\ngroup_bar = keycloak.Group(\"groupBar\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\nuser_groups_association1_user_groups = keycloak.UserGroups(\"userGroupsAssociation1UserGroups\",\n realm_id=realm.id,\n user_id=user.id,\n exhaustive=False,\n group_ids=[group_foo.id])\nuser_groups_association1_index_user_groups_user_groups = keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\",\n realm_id=realm.id,\n user_id=user.id,\n exhaustive=False,\n group_ids=[group_bar.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var groupFoo = new Keycloak.Group(\"groupFoo\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupBar = new Keycloak.Group(\"groupBar\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var userGroupsAssociation1UserGroups = new Keycloak.UserGroups(\"userGroupsAssociation1UserGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n Exhaustive = false,\n GroupIds = new[]\n {\n groupFoo.Id,\n },\n });\n\n var userGroupsAssociation1Index_userGroupsUserGroups = new Keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n Exhaustive = false,\n GroupIds = new[]\n {\n groupBar.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupFoo, err := keycloak.NewGroup(ctx, \"groupFoo\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupBar, err := keycloak.NewGroup(ctx, \"groupBar\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroupsAssociation1UserGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroupFoo.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroupsAssociation1Index/userGroupsUserGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroupBar.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserGroups;\nimport com.pulumi.keycloak.UserGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var groupFoo = new Group(\"groupFoo\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupBar = new Group(\"groupBar\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var userGroupsAssociation1UserGroups = new UserGroups(\"userGroupsAssociation1UserGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .exhaustive(false)\n .groupIds(groupFoo.id())\n .build());\n\n var userGroupsAssociation1Index_userGroupsUserGroups = new UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .exhaustive(false)\n .groupIds(groupBar.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n groupFoo:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupBar:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n userGroupsAssociation1UserGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n exhaustive: false\n groupIds:\n - ${groupFoo.id}\n userGroupsAssociation1Index/userGroupsUserGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n exhaustive: false\n groupIds:\n - ${groupBar.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\n\n as if it did not already exist on the server.\n\n ", + "description": "Allows for managing a Keycloak user's groups.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over user groups: groups that are manually added to the user will be removed, and groups that are manually removed from the user group will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `keycloak.UserGroups` for the same `user_id`.\n\n\n## Example Usage\n\n### Exhaustive Groups)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst userGroups = new keycloak.UserGroups(\"userGroups\", {\n realmId: realm.id,\n userId: user.id,\n groupIds: [group.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\nuser_groups = keycloak.UserGroups(\"userGroups\",\n realm_id=realm.id,\n user_id=user.id,\n group_ids=[group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var userGroups = new Keycloak.UserGroups(\"userGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n GroupIds = new[]\n {\n @group.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserGroups;\nimport com.pulumi.keycloak.UserGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var userGroups = new UserGroups(\"userGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .groupIds(group.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n userGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n groupIds:\n - ${group.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Non Exhaustive Groups)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst groupFoo = new keycloak.Group(\"groupFoo\", {realmId: realm.id});\nconst groupBar = new keycloak.Group(\"groupBar\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst userGroupsAssociation1UserGroups = new keycloak.UserGroups(\"userGroupsAssociation1UserGroups\", {\n realmId: realm.id,\n userId: user.id,\n exhaustive: false,\n groupIds: [groupFoo.id],\n});\nconst userGroupsAssociation1Index_userGroupsUserGroups = new keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", {\n realmId: realm.id,\n userId: user.id,\n exhaustive: false,\n groupIds: [groupBar.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup_foo = keycloak.Group(\"groupFoo\", realm_id=realm.id)\ngroup_bar = keycloak.Group(\"groupBar\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\nuser_groups_association1_user_groups = keycloak.UserGroups(\"userGroupsAssociation1UserGroups\",\n realm_id=realm.id,\n user_id=user.id,\n exhaustive=False,\n group_ids=[group_foo.id])\nuser_groups_association1_index_user_groups_user_groups = keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\",\n realm_id=realm.id,\n user_id=user.id,\n exhaustive=False,\n group_ids=[group_bar.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var groupFoo = new Keycloak.Group(\"groupFoo\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupBar = new Keycloak.Group(\"groupBar\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var userGroupsAssociation1UserGroups = new Keycloak.UserGroups(\"userGroupsAssociation1UserGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n Exhaustive = false,\n GroupIds = new[]\n {\n groupFoo.Id,\n },\n });\n\n var userGroupsAssociation1Index_userGroupsUserGroups = new Keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n Exhaustive = false,\n GroupIds = new[]\n {\n groupBar.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupFoo, err := keycloak.NewGroup(ctx, \"groupFoo\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupBar, err := keycloak.NewGroup(ctx, \"groupBar\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroupsAssociation1UserGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroupFoo.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroupsAssociation1Index/userGroupsUserGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroupBar.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserGroups;\nimport com.pulumi.keycloak.UserGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var groupFoo = new Group(\"groupFoo\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupBar = new Group(\"groupBar\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var userGroupsAssociation1UserGroups = new UserGroups(\"userGroupsAssociation1UserGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .exhaustive(false)\n .groupIds(groupFoo.id())\n .build());\n\n var userGroupsAssociation1Index_userGroupsUserGroups = new UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .exhaustive(false)\n .groupIds(groupBar.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n groupFoo:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupBar:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n userGroupsAssociation1UserGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n exhaustive: false\n groupIds:\n - ${groupFoo.id}\n userGroupsAssociation1Index/userGroupsUserGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n exhaustive: false\n groupIds:\n - ${groupBar.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\n\nas if it did not already exist on the server.\n\n", "properties": { "exhaustive": { "type": "boolean", @@ -6063,7 +5747,7 @@ } }, "keycloak:index/userRoles:UserRoles": { - "description": "Allows you to manage roles assigned to a Keycloak user.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over user roles: roles that are manually added to the user will be removed, and roles that are manually removed from the\nuser will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of roles to a user. As a result, you can use multiple `keycloak.UserRoles` for the same `user_id`.\n\nNote that when assigning composite roles to a user, you may see a non-empty plan following a `pulumi up` if you assign\na role and a composite that includes that role to the same user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Exhaustive Roles)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@domain.com\",\n firstName: \"Bob\",\n lastName: \"Bobson\",\n});\nconst userRoles = new keycloak.UserRoles(\"userRoles\", {\n realmId: realm.id,\n userId: user.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@domain.com\",\n first_name=\"Bob\",\n last_name=\"Bobson\")\nuser_roles = keycloak.UserRoles(\"userRoles\",\n realm_id=realm.id,\n user_id=user.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@domain.com\",\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n });\n\n var userRoles = new Keycloak.UserRoles(\"userRoles\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserRoles(ctx, \"userRoles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@domain.com\")\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .build());\n\n var userRoles = new UserRoles(\"userRoles\", UserRolesArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@domain.com\n firstName: Bob\n lastName: Bobson\n userRoles:\n type: keycloak:UserRoles\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak\n\n assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924\n```\n\n ", + "description": "Allows you to manage roles assigned to a Keycloak user.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over user roles: roles that are manually added to the user will be removed, and roles that are manually removed from the\nuser will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of roles to a user. As a result, you can use multiple `keycloak.UserRoles` for the same `user_id`.\n\nNote that when assigning composite roles to a user, you may see a non-empty plan following a `pulumi up` if you assign\na role and a composite that includes that role to the same user.\n\n## Example Usage\n\n### Exhaustive Roles)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@domain.com\",\n firstName: \"Bob\",\n lastName: \"Bobson\",\n});\nconst userRoles = new keycloak.UserRoles(\"userRoles\", {\n realmId: realm.id,\n userId: user.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@domain.com\",\n first_name=\"Bob\",\n last_name=\"Bobson\")\nuser_roles = keycloak.UserRoles(\"userRoles\",\n realm_id=realm.id,\n user_id=user.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@domain.com\",\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n });\n\n var userRoles = new Keycloak.UserRoles(\"userRoles\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserRoles(ctx, \"userRoles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@domain.com\")\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .build());\n\n var userRoles = new UserRoles(\"userRoles\", UserRolesArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@domain.com\n firstName: Bob\n lastName: Bobson\n userRoles:\n type: keycloak:UserRoles\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak\n\nassigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924\n```\n\n", "properties": { "exhaustive": { "type": "boolean", @@ -6147,7 +5831,7 @@ } }, "keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper": { - "description": "Allows for creating and managing an username template importer identity provider mapper within Keycloak.\n\nThe username template importer mapper can be used to map externally defined OIDC claims or SAML attributes with a template to the username of the imported Keycloak user:\n\n- Substitutions are enclosed in \\${}. For example: '\\${ALIAS}.\\${CLAIM.sub}'. ALIAS is the provider alias. CLAIM.\\\u003cNAME\\\u003e references an ID or Access token claim.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst usernameImporter = new keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", {\n realm: realm.id,\n identityProviderAlias: oidc.alias,\n template: \"${ALIAS}.${CLAIM.email}\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nusername_importer = keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\",\n realm=realm.id,\n identity_provider_alias=oidc.alias,\n template=\"${ALIAS}.${CLAIM.email}\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var usernameImporter = new Keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidc.Alias,\n Template = \"${ALIAS}.${CLAIM.email}\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserTemplateImporterIdentityProviderMapper(ctx, \"usernameImporter\", \u0026keycloak.UserTemplateImporterIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tTemplate: pulumi.String(\"${ALIAS}.${CLAIM.email}\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var usernameImporter = new UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", UserTemplateImporterIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidc.alias())\n .template(\"${ALIAS}.${CLAIM.email}\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n usernameImporter:\n type: keycloak:UserTemplateImporterIdentityProviderMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidc.alias}\n template: ${ALIAS}.${CLAIM.email}\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\n assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n ", + "description": "Allows for creating and managing an username template importer identity provider mapper within Keycloak.\n\nThe username template importer mapper can be used to map externally defined OIDC claims or SAML attributes with a template to the username of the imported Keycloak user:\n\n- Substitutions are enclosed in \\${}. For example: '\\${ALIAS}.\\${CLAIM.sub}'. ALIAS is the provider alias. CLAIM.\\\u003cNAME\\\u003e references an ID or Access token claim.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst usernameImporter = new keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", {\n realm: realm.id,\n identityProviderAlias: oidc.alias,\n template: \"${ALIAS}.${CLAIM.email}\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nusername_importer = keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\",\n realm=realm.id,\n identity_provider_alias=oidc.alias,\n template=\"${ALIAS}.${CLAIM.email}\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var usernameImporter = new Keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidc.Alias,\n Template = \"${ALIAS}.${CLAIM.email}\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserTemplateImporterIdentityProviderMapper(ctx, \"usernameImporter\", \u0026keycloak.UserTemplateImporterIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tTemplate: pulumi.String(\"${ALIAS}.${CLAIM.email}\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var usernameImporter = new UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", UserTemplateImporterIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidc.alias())\n .template(\"${ALIAS}.${CLAIM.email}\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n usernameImporter:\n type: keycloak:UserTemplateImporterIdentityProviderMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidc.alias}\n template: ${ALIAS}.${CLAIM.email}\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", "properties": { "extraConfig": { "type": "object", @@ -6244,7 +5928,7 @@ } }, "keycloak:index/usersPermissions:UsersPermissions": { - "description": "Allows you to manage fine-grained permissions for all users in a realm: https://www.keycloak.org/docs/latest/server_admin/#_users-permissions\n\nThis is part of a preview Keycloak feature: `admin_fine_grained_authz` (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).\nThis feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the\nexample `docker-compose.yml` file for an example.\n\nWhen enabling fine-grained permissions for users, Keycloak does several things automatically:\n1. Enable Authorization on built-in `realm-management` client (if not already enabled).\n1. Create a resource representing the users permissions.\n1. Create scopes `view`, `manage`, `map-roles`, `manage-group-membership`, `impersonate`, and `user-impersonated`.\n1. Create all scope based permission for the scopes and users resources.\n\n\u003e This resource should only be created once per realm.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.openid.ClientUserPolicy;\nimport com.pulumi.keycloak.openid.ClientUserPolicyArgs;\nimport com.pulumi.keycloak.UsersPermissions;\nimport com.pulumi.keycloak.UsersPermissionsArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsViewScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsMapRolesScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageGroupMembershipScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsImpersonateScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsUserImpersonatedScopeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"realm-management\")\n .build());\n\n var realmManagementPermission = new ClientPermissions(\"realmManagementPermission\", ClientPermissionsArgs.builder() \n .realmId(realm.id())\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .enabled(true)\n .build());\n\n var testUser = new User(\"testUser\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"test-user\")\n .email(\"test-user@fakedomain.com\")\n .firstName(\"Testy\")\n .lastName(\"Tester\")\n .build());\n\n var testClientUserPolicy = new ClientUserPolicy(\"testClientUserPolicy\", ClientUserPolicyArgs.builder() \n .realmId(realm.id())\n .resourceServerId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .users(testUser.id())\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(realmManagementPermission)\n .build());\n\n var usersPermissions = new UsersPermissions(\"usersPermissions\", UsersPermissionsArgs.builder() \n .realmId(realm.id())\n .viewScope(UsersPermissionsViewScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageScope(UsersPermissionsManageScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .mapRolesScope(UsersPermissionsMapRolesScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageGroupMembershipScope(UsersPermissionsManageGroupMembershipScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .impersonateScope(UsersPermissionsImpersonateScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .userImpersonatedScope(UsersPermissionsUserImpersonatedScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n # enable permissions for realm-management client\n realmManagementPermission:\n type: keycloak:openid:ClientPermissions\n properties:\n realmId: ${realm.id}\n clientId: ${realmManagement.id}\n enabled: true\n # creating a user to use with the keycloak_openid_client_user_policy resource\n testUser:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: test-user\n email: test-user@fakedomain.com\n firstName: Testy\n lastName: Tester\n testClientUserPolicy:\n type: keycloak:openid:ClientUserPolicy\n properties:\n realmId: ${realm.id}\n resourceServerId: ${realmManagement.id}\n users:\n - ${testUser.id}\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n options:\n dependson:\n - ${realmManagementPermission}\n usersPermissions:\n type: keycloak:UsersPermissions\n properties:\n realmId: ${realm.id}\n viewScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n mapRolesScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageGroupMembershipScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n impersonateScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n userImpersonatedScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: ${realm.id}\n clientId: realm-management\n```\n{{% /example %}}\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm in which to manage fine-grained user permissions.\n\nEach of the scopes that can be managed are defined below:\n\n- `view_scope` - (Optional) When specified, set the scope based view permission.\n- `manage_scope` - (Optional) When specified, set the scope based manage permission.\n- `map_roles_scope` - (Optional) When specified, set the scope based map_roles permission.\n- `manage_group_membership_scope` - (Optional) When specified, set the scope based manage_group_membership permission.\n- `impersonate_scope` - (Optional) When specified, set the scope based impersonate permission.\n- `user_impersonated_scope` - (Optional) When specified, set the scope based user_impersonated permission.\n\nThe configuration block for each of these scopes supports the following arguments:\n\n- `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID.\n- `description` - (Optional) Description of the permission.\n- `decision_strategy` - (Optional) Decision strategy of the permission.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`.\n- `authorization_resource_server_id` - Resource server id representing the realm management client on which these permissions are managed.\n{{% /examples %}}", + "description": "Allows you to manage fine-grained permissions for all users in a realm: https://www.keycloak.org/docs/latest/server_admin/#_users-permissions\n\nThis is part of a preview Keycloak feature: `admin_fine_grained_authz` (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).\nThis feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the\nexample `docker-compose.yml` file for an example.\n\nWhen enabling fine-grained permissions for users, Keycloak does several things automatically:\n1. Enable Authorization on built-in `realm-management` client (if not already enabled).\n1. Create a resource representing the users permissions.\n1. Create scopes `view`, `manage`, `map-roles`, `manage-group-membership`, `impersonate`, and `user-impersonated`.\n1. Create all scope based permission for the scopes and users resources.\n\n\u003e This resource should only be created once per realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.openid.ClientUserPolicy;\nimport com.pulumi.keycloak.openid.ClientUserPolicyArgs;\nimport com.pulumi.keycloak.UsersPermissions;\nimport com.pulumi.keycloak.UsersPermissionsArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsViewScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsMapRolesScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageGroupMembershipScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsImpersonateScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsUserImpersonatedScopeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"realm-management\")\n .build());\n\n var realmManagementPermission = new ClientPermissions(\"realmManagementPermission\", ClientPermissionsArgs.builder() \n .realmId(realm.id())\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .enabled(true)\n .build());\n\n var testUser = new User(\"testUser\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"test-user\")\n .email(\"test-user@fakedomain.com\")\n .firstName(\"Testy\")\n .lastName(\"Tester\")\n .build());\n\n var testClientUserPolicy = new ClientUserPolicy(\"testClientUserPolicy\", ClientUserPolicyArgs.builder() \n .realmId(realm.id())\n .resourceServerId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .users(testUser.id())\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(realmManagementPermission)\n .build());\n\n var usersPermissions = new UsersPermissions(\"usersPermissions\", UsersPermissionsArgs.builder() \n .realmId(realm.id())\n .viewScope(UsersPermissionsViewScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageScope(UsersPermissionsManageScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .mapRolesScope(UsersPermissionsMapRolesScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageGroupMembershipScope(UsersPermissionsManageGroupMembershipScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .impersonateScope(UsersPermissionsImpersonateScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .userImpersonatedScope(UsersPermissionsUserImpersonatedScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n # enable permissions for realm-management client\n realmManagementPermission:\n type: keycloak:openid:ClientPermissions\n properties:\n realmId: ${realm.id}\n clientId: ${realmManagement.id}\n enabled: true\n # creating a user to use with the keycloak_openid_client_user_policy resource\n testUser:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: test-user\n email: test-user@fakedomain.com\n firstName: Testy\n lastName: Tester\n testClientUserPolicy:\n type: keycloak:openid:ClientUserPolicy\n properties:\n realmId: ${realm.id}\n resourceServerId: ${realmManagement.id}\n users:\n - ${testUser.id}\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n options:\n dependson:\n - ${realmManagementPermission}\n usersPermissions:\n type: keycloak:UsersPermissions\n properties:\n realmId: ${realm.id}\n viewScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n mapRolesScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageGroupMembershipScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n impersonateScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n userImpersonatedScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: ${realm.id}\n clientId: realm-management\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm in which to manage fine-grained user permissions.\n\nEach of the scopes that can be managed are defined below:\n\n- `view_scope` - (Optional) When specified, set the scope based view permission.\n- `manage_scope` - (Optional) When specified, set the scope based manage permission.\n- `map_roles_scope` - (Optional) When specified, set the scope based map_roles permission.\n- `manage_group_membership_scope` - (Optional) When specified, set the scope based manage_group_membership permission.\n- `impersonate_scope` - (Optional) When specified, set the scope based impersonate permission.\n- `user_impersonated_scope` - (Optional) When specified, set the scope based user_impersonated permission.\n\nThe configuration block for each of these scopes supports the following arguments:\n\n- `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID.\n- `description` - (Optional) Description of the permission.\n- `decision_strategy` - (Optional) Decision strategy of the permission.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`.\n- `authorization_resource_server_id` - Resource server id representing the realm management client on which these permissions are managed.\n", "properties": { "authorizationResourceServerId": { "type": "string", @@ -6344,7 +6028,7 @@ } }, "keycloak:ldap/customMapper:CustomMapper": { - "description": "Allows for creating and managing custom attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP custom mapper is implemented and deployed into Keycloak as a custom provider. This resource allows to\nspecify the custom id and custom implementation class of the self-implemented attribute mapper as well as additional\nproperties via config map.\n\nThe custom mapper should already be deployed into keycloak in order to be correctly configured.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst customMapper = new keycloak.ldap.CustomMapper(\"customMapper\", {\n realmId: keycloak_ldap_user_federation.openldap.realm_id,\n ldapUserFederationId: keycloak_ldap_user_federation.openldap.id,\n providerId: \"custom-provider-registered-in-keycloak\",\n providerType: \"com.example.custom.ldap.mappers.CustomMapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\ncustom_mapper = keycloak.ldap.CustomMapper(\"customMapper\",\n realm_id=keycloak_ldap_user_federation[\"openldap\"][\"realm_id\"],\n ldap_user_federation_id=keycloak_ldap_user_federation[\"openldap\"][\"id\"],\n provider_id=\"custom-provider-registered-in-keycloak\",\n provider_type=\"com.example.custom.ldap.mappers.CustomMapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var customMapper = new Keycloak.Ldap.CustomMapper(\"customMapper\", new()\n {\n RealmId = keycloak_ldap_user_federation.Openldap.Realm_id,\n LdapUserFederationId = keycloak_ldap_user_federation.Openldap.Id,\n ProviderId = \"custom-provider-registered-in-keycloak\",\n ProviderType = \"com.example.custom.ldap.mappers.CustomMapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.value\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewCustomMapper(ctx, \"customMapper\", \u0026ldap.CustomMapperArgs{\n\t\t\tRealmId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Realm_id),\n\t\t\tLdapUserFederationId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Id),\n\t\t\tProviderId: pulumi.String(\"custom-provider-registered-in-keycloak\"),\n\t\t\tProviderType: pulumi.String(\"com.example.custom.ldap.mappers.CustomMapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.CustomMapper;\nimport com.pulumi.keycloak.ldap.CustomMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var customMapper = new CustomMapper(\"customMapper\", CustomMapperArgs.builder() \n .realmId(keycloak_ldap_user_federation.openldap().realm_id())\n .ldapUserFederationId(keycloak_ldap_user_federation.openldap().id())\n .providerId(\"custom-provider-registered-in-keycloak\")\n .providerType(\"com.example.custom.ldap.mappers.CustomMapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.value\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n customMapper:\n type: keycloak:ldap:CustomMapper\n properties:\n realmId: ${keycloak_ldap_user_federation.openldap.realm_id}\n ldapUserFederationId: ${keycloak_ldap_user_federation.openldap.id}\n providerId: custom-provider-registered-in-keycloak\n providerType: com.example.custom.ldap.mappers.CustomMapper\n config:\n attribute.name: name\n attribute.value: value\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "Allows for creating and managing custom attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP custom mapper is implemented and deployed into Keycloak as a custom provider. This resource allows to\nspecify the custom id and custom implementation class of the self-implemented attribute mapper as well as additional\nproperties via config map.\n\nThe custom mapper should already be deployed into keycloak in order to be correctly configured.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst customMapper = new keycloak.ldap.CustomMapper(\"customMapper\", {\n realmId: keycloak_ldap_user_federation.openldap.realm_id,\n ldapUserFederationId: keycloak_ldap_user_federation.openldap.id,\n providerId: \"custom-provider-registered-in-keycloak\",\n providerType: \"com.example.custom.ldap.mappers.CustomMapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\ncustom_mapper = keycloak.ldap.CustomMapper(\"customMapper\",\n realm_id=keycloak_ldap_user_federation[\"openldap\"][\"realm_id\"],\n ldap_user_federation_id=keycloak_ldap_user_federation[\"openldap\"][\"id\"],\n provider_id=\"custom-provider-registered-in-keycloak\",\n provider_type=\"com.example.custom.ldap.mappers.CustomMapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var customMapper = new Keycloak.Ldap.CustomMapper(\"customMapper\", new()\n {\n RealmId = keycloak_ldap_user_federation.Openldap.Realm_id,\n LdapUserFederationId = keycloak_ldap_user_federation.Openldap.Id,\n ProviderId = \"custom-provider-registered-in-keycloak\",\n ProviderType = \"com.example.custom.ldap.mappers.CustomMapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.value\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewCustomMapper(ctx, \"customMapper\", \u0026ldap.CustomMapperArgs{\n\t\t\tRealmId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Realm_id),\n\t\t\tLdapUserFederationId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Id),\n\t\t\tProviderId: pulumi.String(\"custom-provider-registered-in-keycloak\"),\n\t\t\tProviderType: pulumi.String(\"com.example.custom.ldap.mappers.CustomMapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.CustomMapper;\nimport com.pulumi.keycloak.ldap.CustomMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var customMapper = new CustomMapper(\"customMapper\", CustomMapperArgs.builder() \n .realmId(keycloak_ldap_user_federation.openldap().realm_id())\n .ldapUserFederationId(keycloak_ldap_user_federation.openldap().id())\n .providerId(\"custom-provider-registered-in-keycloak\")\n .providerType(\"com.example.custom.ldap.mappers.CustomMapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.value\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n customMapper:\n type: keycloak:ldap:CustomMapper\n properties:\n realmId: ${keycloak_ldap_user_federation.openldap.realm_id}\n ldapUserFederationId: ${keycloak_ldap_user_federation.openldap.id}\n providerId: custom-provider-registered-in-keycloak\n providerType: com.example.custom.ldap.mappers.CustomMapper\n config:\n attribute.name: name\n attribute.value: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "config": { "type": "object", @@ -6459,31 +6143,28 @@ } }, "keycloak:ldap/fullNameMapper:FullNameMapper": { - "description": "Allows for creating and managing full name mappers for Keycloak users federated via LDAP.\n\nThe LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a\nKeycloak user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapFullNameMapper = new keycloak.ldap.FullNameMapper(\"ldapFullNameMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n ldapFullNameAttribute: \"cn\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_full_name_mapper = keycloak.ldap.FullNameMapper(\"ldapFullNameMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n ldap_full_name_attribute=\"cn\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapFullNameMapper = new Keycloak.Ldap.FullNameMapper(\"ldapFullNameMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n LdapFullNameAttribute = \"cn\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewFullNameMapper(ctx, \"ldapFullNameMapper\", \u0026ldap.FullNameMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tLdapFullNameAttribute: pulumi.String(\"cn\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.FullNameMapper;\nimport com.pulumi.keycloak.ldap.FullNameMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapFullNameMapper = new FullNameMapper(\"ldapFullNameMapper\", FullNameMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .ldapFullNameAttribute(\"cn\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapFullNameMapper:\n type: keycloak:ldap:FullNameMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n ldapFullNameAttribute: cn\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "## # keycloak.ldap.FullNameMapper\n\nAllows for creating and managing full name mappers for Keycloak users federated\nvia LDAP.\n\nThe LDAP full name mapper can map a user's full name from an LDAP attribute\nto the first and last name attributes of a Keycloak user.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionUrl: \"ldap://openldap\",\n rdnLdapAttribute: \"cn\",\n realmId: realm.id,\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"entryDN\",\n});\nconst ldapFullNameMapper = new keycloak.ldap.FullNameMapper(\"ldapFullNameMapper\", {\n ldapFullNameAttribute: \"cn\",\n ldapUserFederationId: ldapUserFederation.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_url=\"ldap://openldap\",\n rdn_ldap_attribute=\"cn\",\n realm_id=realm.id,\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"entryDN\")\nldap_full_name_mapper = keycloak.ldap.FullNameMapper(\"ldapFullNameMapper\",\n ldap_full_name_attribute=\"cn\",\n ldap_user_federation_id=ldap_user_federation.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionUrl = \"ldap://openldap\",\n RdnLdapAttribute = \"cn\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"entryDN\",\n });\n\n var ldapFullNameMapper = new Keycloak.Ldap.FullNameMapper(\"ldapFullNameMapper\", new()\n {\n LdapFullNameAttribute = \"cn\",\n LdapUserFederationId = ldapUserFederation.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewFullNameMapper(ctx, \"ldapFullNameMapper\", \u0026ldap.FullNameMapperArgs{\n\t\t\tLdapFullNameAttribute: pulumi.String(\"cn\"),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.FullNameMapper;\nimport com.pulumi.keycloak.ldap.FullNameMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionUrl(\"ldap://openldap\")\n .rdnLdapAttribute(\"cn\")\n .realmId(realm.id())\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"entryDN\")\n .build());\n\n var ldapFullNameMapper = new FullNameMapper(\"ldapFullNameMapper\", FullNameMapperArgs.builder() \n .ldapFullNameAttribute(\"cn\")\n .ldapUserFederationId(ldapUserFederation.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionUrl: ldap://openldap\n rdnLdapAttribute: cn\n realmId: ${realm.id}\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: entryDN\n ldapFullNameMapper:\n type: keycloak:ldap:FullNameMapper\n properties:\n ldapFullNameAttribute: cn\n ldapUserFederationId: ${ldapUserFederation.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_full_name_attribute` - (Required) The name of the LDAP attribute containing the user's full name.\n- `read_only` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.\n- `write_only` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_full_name_mapper.ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "ldapFullNameAttribute": { - "type": "string", - "description": "The name of the LDAP attribute containing the user's full name.\n" + "type": "string" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n" + "description": "The ldap user federation provider to attach this mapper to.\n" }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "readOnly": { - "type": "boolean", - "description": "When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.\n" + "type": "boolean" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n" + "description": "The realm in which the ldap user federation provider exists.\n" }, "writeOnly": { - "type": "boolean", - "description": "When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.\n" + "type": "boolean" } }, "required": [ @@ -6494,30 +6175,27 @@ ], "inputProperties": { "ldapFullNameAttribute": { - "type": "string", - "description": "The name of the LDAP attribute containing the user's full name.\n" + "type": "string" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "readOnly": { - "type": "boolean", - "description": "When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.\n" + "type": "boolean" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true }, "writeOnly": { - "type": "boolean", - "description": "When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.\n" + "type": "boolean" } }, "requiredInputs": [ @@ -6529,115 +6207,97 @@ "description": "Input properties used for looking up and filtering FullNameMapper resources.\n", "properties": { "ldapFullNameAttribute": { - "type": "string", - "description": "The name of the LDAP attribute containing the user's full name.\n" + "type": "string" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "readOnly": { - "type": "boolean", - "description": "When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.\n" + "type": "boolean" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true }, "writeOnly": { - "type": "boolean", - "description": "When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.\n" + "type": "boolean" } }, "type": "object" } }, "keycloak:ldap/groupMapper:GroupMapper": { - "description": "Allows for creating and managing group mappers for Keycloak users federated via LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also\ncreate the groups within Keycloak if they do not already exist.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapGroupMapper = new keycloak.ldap.GroupMapper(\"ldapGroupMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n ldapGroupsDn: \"dc=example,dc=org\",\n groupNameLdapAttribute: \"cn\",\n groupObjectClasses: [\"groupOfNames\"],\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n memberofLdapAttribute: \"memberOf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_group_mapper = keycloak.ldap.GroupMapper(\"ldapGroupMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n ldap_groups_dn=\"dc=example,dc=org\",\n group_name_ldap_attribute=\"cn\",\n group_object_classes=[\"groupOfNames\"],\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n memberof_ldap_attribute=\"memberOf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapGroupMapper = new Keycloak.Ldap.GroupMapper(\"ldapGroupMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n LdapGroupsDn = \"dc=example,dc=org\",\n GroupNameLdapAttribute = \"cn\",\n GroupObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n MemberofLdapAttribute = \"memberOf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewGroupMapper(ctx, \"ldapGroupMapper\", \u0026ldap.GroupMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tLdapGroupsDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tGroupNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tGroupObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.GroupMapper;\nimport com.pulumi.keycloak.ldap.GroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapGroupMapper = new GroupMapper(\"ldapGroupMapper\", GroupMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .ldapGroupsDn(\"dc=example,dc=org\")\n .groupNameLdapAttribute(\"cn\")\n .groupObjectClasses(\"groupOfNames\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .memberofLdapAttribute(\"memberOf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapGroupMapper:\n type: keycloak:ldap:GroupMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n ldapGroupsDn: dc=example,dc=org\n groupNameLdapAttribute: cn\n groupObjectClasses:\n - groupOfNames\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n memberofLdapAttribute: memberOf\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "## # keycloak.ldap.GroupMapper\n\nAllows for creating and managing group mappers for Keycloak users federated\nvia LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's groups from some DN\nto Keycloak groups. This group mapper will also create the groups within Keycloak\nif they do not already exist.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionUrl: \"ldap://openldap\",\n rdnLdapAttribute: \"cn\",\n realmId: realm.id,\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"entryDN\",\n});\nconst ldapGroupMapper = new keycloak.ldap.GroupMapper(\"ldapGroupMapper\", {\n groupNameLdapAttribute: \"cn\",\n groupObjectClasses: [\"groupOfNames\"],\n ldapGroupsDn: \"dc=example,dc=org\",\n ldapUserFederationId: ldapUserFederation.id,\n memberofLdapAttribute: \"memberOf\",\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_url=\"ldap://openldap\",\n rdn_ldap_attribute=\"cn\",\n realm_id=realm.id,\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"entryDN\")\nldap_group_mapper = keycloak.ldap.GroupMapper(\"ldapGroupMapper\",\n group_name_ldap_attribute=\"cn\",\n group_object_classes=[\"groupOfNames\"],\n ldap_groups_dn=\"dc=example,dc=org\",\n ldap_user_federation_id=ldap_user_federation.id,\n memberof_ldap_attribute=\"memberOf\",\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionUrl = \"ldap://openldap\",\n RdnLdapAttribute = \"cn\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"entryDN\",\n });\n\n var ldapGroupMapper = new Keycloak.Ldap.GroupMapper(\"ldapGroupMapper\", new()\n {\n GroupNameLdapAttribute = \"cn\",\n GroupObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n LdapGroupsDn = \"dc=example,dc=org\",\n LdapUserFederationId = ldapUserFederation.Id,\n MemberofLdapAttribute = \"memberOf\",\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewGroupMapper(ctx, \"ldapGroupMapper\", \u0026ldap.GroupMapperArgs{\n\t\t\tGroupNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tGroupObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tLdapGroupsDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.GroupMapper;\nimport com.pulumi.keycloak.ldap.GroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionUrl(\"ldap://openldap\")\n .rdnLdapAttribute(\"cn\")\n .realmId(realm.id())\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"entryDN\")\n .build());\n\n var ldapGroupMapper = new GroupMapper(\"ldapGroupMapper\", GroupMapperArgs.builder() \n .groupNameLdapAttribute(\"cn\")\n .groupObjectClasses(\"groupOfNames\")\n .ldapGroupsDn(\"dc=example,dc=org\")\n .ldapUserFederationId(ldapUserFederation.id())\n .memberofLdapAttribute(\"memberOf\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionUrl: ldap://openldap\n rdnLdapAttribute: cn\n realmId: ${realm.id}\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: entryDN\n ldapGroupMapper:\n type: keycloak:ldap:GroupMapper\n properties:\n groupNameLdapAttribute: cn\n groupObjectClasses:\n - groupOfNames\n ldapGroupsDn: dc=example,dc=org\n ldapUserFederationId: ${ldapUserFederation.id}\n memberofLdapAttribute: memberOf\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_groups_dn` - (Required) The LDAP DN where groups can be found.\n- `group_name_ldap_attribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.\n- `group_object_classes` - (Required) Array of strings representing the object classes for the group. Must contain at least one.\n- `preserve_group_inheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.\n- `ignore_missing_groups` - (Optional) When `true`, missing groups in the hierarchy will be ignored.\n- `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings.\n- `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`.\n- `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings.\n- `groups_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n- `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`.\n- `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n- `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n- `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n- `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_group_mapper.ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "dropNonExistingGroupsDuringSync": { - "type": "boolean", - "description": "When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.\n" + "type": "boolean" }, "groupNameLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.\n" + "type": "string" }, "groupObjectClasses": { "type": "array", "items": { "type": "string" - }, - "description": "List of strings representing the object classes for the group. Must contain at least one.\n" + } }, "groupsLdapFilter": { - "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" + "type": "string" }, "groupsPath": { - "type": "string", - "description": "Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.\n" + "type": "string" }, "ignoreMissingGroups": { - "type": "boolean", - "description": "When `true`, missing groups in the hierarchy will be ignored.\n" + "type": "boolean" }, "ldapGroupsDn": { - "type": "string", - "description": "The LDAP DN where groups can be found.\n" + "type": "string" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n" + "description": "The ldap user federation provider to attach this mapper to.\n" }, "mappedGroupAttributes": { "type": "array", "items": { "type": "string" - }, - "description": "Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n" + } }, "memberofLdapAttribute": { - "type": "string", - "description": "Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n" + "type": "string" }, "membershipAttributeType": { - "type": "string", - "description": "Can be one of `DN` or `UID`. Defaults to `DN`.\n" + "type": "string" }, "membershipLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute that is used for membership mappings.\n" + "type": "string" }, "membershipUserLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute on a user that is used for membership mappings.\n" + "type": "string" }, "mode": { - "type": "string", - "description": "Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n" + "type": "string" }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "preserveGroupInheritance": { - "type": "boolean", - "description": "When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.\n" + "type": "boolean" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n" + "description": "The realm in which the ldap user federation provider exists.\n" }, "userRolesRetrieveStrategy": { - "type": "string", - "description": "Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n" + "type": "string" } }, "required": [ @@ -6653,84 +6313,69 @@ ], "inputProperties": { "dropNonExistingGroupsDuringSync": { - "type": "boolean", - "description": "When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.\n" + "type": "boolean" }, "groupNameLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.\n" + "type": "string" }, "groupObjectClasses": { "type": "array", "items": { "type": "string" - }, - "description": "List of strings representing the object classes for the group. Must contain at least one.\n" + } }, "groupsLdapFilter": { - "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" + "type": "string" }, "groupsPath": { - "type": "string", - "description": "Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.\n" + "type": "string" }, "ignoreMissingGroups": { - "type": "boolean", - "description": "When `true`, missing groups in the hierarchy will be ignored.\n" + "type": "boolean" }, "ldapGroupsDn": { - "type": "string", - "description": "The LDAP DN where groups can be found.\n" + "type": "string" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "mappedGroupAttributes": { "type": "array", "items": { "type": "string" - }, - "description": "Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n" + } }, "memberofLdapAttribute": { - "type": "string", - "description": "Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n" + "type": "string" }, "membershipAttributeType": { - "type": "string", - "description": "Can be one of `DN` or `UID`. Defaults to `DN`.\n" + "type": "string" }, "membershipLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute that is used for membership mappings.\n" + "type": "string" }, "membershipUserLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute on a user that is used for membership mappings.\n" + "type": "string" }, "mode": { - "type": "string", - "description": "Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n" + "type": "string" }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "preserveGroupInheritance": { - "type": "boolean", - "description": "When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.\n" + "type": "boolean" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true }, "userRolesRetrieveStrategy": { - "type": "string", - "description": "Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n" + "type": "string" } }, "requiredInputs": [ @@ -6746,91 +6391,76 @@ "description": "Input properties used for looking up and filtering GroupMapper resources.\n", "properties": { "dropNonExistingGroupsDuringSync": { - "type": "boolean", - "description": "When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.\n" + "type": "boolean" }, "groupNameLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.\n" + "type": "string" }, "groupObjectClasses": { "type": "array", "items": { "type": "string" - }, - "description": "List of strings representing the object classes for the group. Must contain at least one.\n" + } }, "groupsLdapFilter": { - "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" + "type": "string" }, "groupsPath": { - "type": "string", - "description": "Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.\n" + "type": "string" }, "ignoreMissingGroups": { - "type": "boolean", - "description": "When `true`, missing groups in the hierarchy will be ignored.\n" + "type": "boolean" }, "ldapGroupsDn": { - "type": "string", - "description": "The LDAP DN where groups can be found.\n" + "type": "string" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "mappedGroupAttributes": { "type": "array", "items": { "type": "string" - }, - "description": "Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n" + } }, "memberofLdapAttribute": { - "type": "string", - "description": "Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n" + "type": "string" }, "membershipAttributeType": { - "type": "string", - "description": "Can be one of `DN` or `UID`. Defaults to `DN`.\n" + "type": "string" }, "membershipLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute that is used for membership mappings.\n" + "type": "string" }, "membershipUserLdapAttribute": { - "type": "string", - "description": "The name of the LDAP attribute on a user that is used for membership mappings.\n" + "type": "string" }, "mode": { - "type": "string", - "description": "Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n" + "type": "string" }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "preserveGroupInheritance": { - "type": "boolean", - "description": "When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.\n" + "type": "boolean" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true }, "userRolesRetrieveStrategy": { - "type": "string", - "description": "Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n" + "type": "string" } }, "type": "object" } }, "keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper": { - "description": "Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded attribute mapper will set the specified value to the LDAP attribute.\n\n**NOTE**: This mapper only works when the `sync_registrations` attribute on the `keycloak.ldap.UserFederation` resource is set to `true`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n syncRegistrations: true,\n});\nconst assignBarToFoo = new keycloak.ldap.HardcodedAttributeMapper(\"assignBarToFoo\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n attributeName: \"foo\",\n attributeValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n sync_registrations=True)\nassign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper(\"assignBarToFoo\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n attribute_name=\"foo\",\n attribute_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n SyncRegistrations = true,\n });\n\n var assignBarToFoo = new Keycloak.Ldap.HardcodedAttributeMapper(\"assignBarToFoo\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n AttributeName = \"foo\",\n AttributeValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tSyncRegistrations: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedAttributeMapper(ctx, \"assignBarToFoo\", \u0026ldap.HardcodedAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tAttributeName: pulumi.String(\"foo\"),\n\t\t\tAttributeValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapper;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .syncRegistrations(true)\n .build());\n\n var assignBarToFoo = new HardcodedAttributeMapper(\"assignBarToFoo\", HardcodedAttributeMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .attributeName(\"foo\")\n .attributeValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n syncRegistrations: true\n assignBarToFoo:\n type: keycloak:ldap:HardcodedAttributeMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n attributeName: foo\n attributeValue: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded attribute mapper will set the specified value to the LDAP attribute.\n\n**NOTE**: This mapper only works when the `sync_registrations` attribute on the `keycloak.ldap.UserFederation` resource is set to `true`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n syncRegistrations: true,\n});\nconst assignBarToFoo = new keycloak.ldap.HardcodedAttributeMapper(\"assignBarToFoo\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n attributeName: \"foo\",\n attributeValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n sync_registrations=True)\nassign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper(\"assignBarToFoo\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n attribute_name=\"foo\",\n attribute_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n SyncRegistrations = true,\n });\n\n var assignBarToFoo = new Keycloak.Ldap.HardcodedAttributeMapper(\"assignBarToFoo\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n AttributeName = \"foo\",\n AttributeValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tSyncRegistrations: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedAttributeMapper(ctx, \"assignBarToFoo\", \u0026ldap.HardcodedAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tAttributeName: pulumi.String(\"foo\"),\n\t\t\tAttributeValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapper;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .syncRegistrations(true)\n .build());\n\n var assignBarToFoo = new HardcodedAttributeMapper(\"assignBarToFoo\", HardcodedAttributeMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .attributeName(\"foo\")\n .attributeValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n syncRegistrations: true\n assignBarToFoo:\n type: keycloak:ldap:HardcodedAttributeMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n attributeName: foo\n attributeValue: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "attributeName": { "type": "string", @@ -6924,7 +6554,7 @@ } }, "keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper": { - "description": "Allows for creating and managing hardcoded group mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded group mapper will grant a specified Keycloak group to each Keycloak user linked with LDAP.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst realmGroup = new keycloak.Group(\"realmGroup\", {realmId: realm.id});\nconst assignGroupToUsers = new keycloak.ldap.HardcodedGroupMapper(\"assignGroupToUsers\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n group: realmGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nrealm_group = keycloak.Group(\"realmGroup\", realm_id=realm.id)\nassign_group_to_users = keycloak.ldap.HardcodedGroupMapper(\"assignGroupToUsers\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n group=realm_group.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var realmGroup = new Keycloak.Group(\"realmGroup\", new()\n {\n RealmId = realm.Id,\n });\n\n var assignGroupToUsers = new Keycloak.Ldap.HardcodedGroupMapper(\"assignGroupToUsers\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Group = realmGroup.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmGroup, err := keycloak.NewGroup(ctx, \"realmGroup\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedGroupMapper(ctx, \"assignGroupToUsers\", \u0026ldap.HardcodedGroupMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tGroup: realmGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapper;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var realmGroup = new Group(\"realmGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var assignGroupToUsers = new HardcodedGroupMapper(\"assignGroupToUsers\", HardcodedGroupMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .group(realmGroup.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n realmGroup:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n assignGroupToUsers:\n type: keycloak:ldap:HardcodedGroupMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n group: ${realmGroup.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "Allows for creating and managing hardcoded group mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded group mapper will grant a specified Keycloak group to each Keycloak user linked with LDAP.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst realmGroup = new keycloak.Group(\"realmGroup\", {realmId: realm.id});\nconst assignGroupToUsers = new keycloak.ldap.HardcodedGroupMapper(\"assignGroupToUsers\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n group: realmGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nrealm_group = keycloak.Group(\"realmGroup\", realm_id=realm.id)\nassign_group_to_users = keycloak.ldap.HardcodedGroupMapper(\"assignGroupToUsers\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n group=realm_group.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var realmGroup = new Keycloak.Group(\"realmGroup\", new()\n {\n RealmId = realm.Id,\n });\n\n var assignGroupToUsers = new Keycloak.Ldap.HardcodedGroupMapper(\"assignGroupToUsers\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Group = realmGroup.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmGroup, err := keycloak.NewGroup(ctx, \"realmGroup\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedGroupMapper(ctx, \"assignGroupToUsers\", \u0026ldap.HardcodedGroupMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tGroup: realmGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapper;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var realmGroup = new Group(\"realmGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var assignGroupToUsers = new HardcodedGroupMapper(\"assignGroupToUsers\", HardcodedGroupMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .group(realmGroup.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n realmGroup:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n assignGroupToUsers:\n type: keycloak:ldap:HardcodedGroupMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n group: ${realmGroup.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "group": { "type": "string", @@ -7002,23 +6632,23 @@ } }, "keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper": { - "description": "Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Realm Role)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst realmAdminRole = new keycloak.Role(\"realmAdminRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n role: realmAdminRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nrealm_admin_role = keycloak.Role(\"realmAdminRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nassign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n role=realm_admin_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var realmAdminRole = new Keycloak.Role(\"realmAdminRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Role = realmAdminRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmAdminRole, err := keycloak.NewRole(ctx, \"realmAdminRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedRoleMapper(ctx, \"assignAdminRoleToAllUsers\", \u0026ldap.HardcodedRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRole: realmAdminRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapper;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var realmAdminRole = new Role(\"realmAdminRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var assignAdminRoleToAllUsers = new HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", HardcodedRoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .role(realmAdminRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n realmAdminRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n assignAdminRoleToAllUsers:\n type: keycloak:ldap:HardcodedRoleMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n role: ${realmAdminRole.name}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Role)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst realmManagement = keycloak.openid.getClientOutput({\n realmId: realm.id,\n clientId: \"realm-management\",\n});\nconst createClient = pulumi.all([realm.id, realmManagement]).apply(([id, realmManagement]) =\u003e keycloak.getRoleOutput({\n realmId: id,\n clientId: realmManagement.id,\n name: \"create-client\",\n}));\nconst assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n role: pulumi.all([realmManagement, createClient]).apply(([realmManagement, createClient]) =\u003e `${realmManagement.clientId}.${createClient.name}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nrealm_management = keycloak.openid.get_client_output(realm_id=realm.id,\n client_id=\"realm-management\")\ncreate_client = pulumi.Output.all(realm.id, realm_management).apply(lambda id, realm_management: keycloak.get_role_output(realm_id=id,\n client_id=realm_management.id,\n name=\"create-client\"))\nassign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n role=pulumi.Output.all(realm_management, create_client).apply(lambda realm_management, create_client: f\"{realm_management.client_id}.{create_client.name}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = \"realm-management\",\n });\n\n var createClient = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"create-client\",\n });\n\n var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Role = Output.Tuple(realmManagement, createClient).Apply(values =\u003e\n {\n var realmManagement = values.Item1;\n var createClient = values.Item2;\n return $\"{realmManagement.Apply(getClientResult =\u003e getClientResult.ClientId)}.{createClient.Apply(getRoleResult =\u003e getRoleResult.Name)}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmManagement := openid.LookupClientOutput(ctx, openid.GetClientOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"realm-management\"),\n\t\t}, nil)\n\t\tcreateClient := pulumi.All(realm.ID(), realmManagement).ApplyT(func(_args []interface{}) (keycloak.GetRoleResult, error) {\n\t\t\tid := _args[0].(string)\n\t\t\trealmManagement := _args[1].(openid.GetClientResult)\n\t\t\treturn keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\t\tRealmId: id,\n\t\t\t\tClientId: realmManagement.Id,\n\t\t\t\tName: \"create-client\",\n\t\t\t}, nil), nil\n\t\t}).(keycloak.GetRoleResultOutput)\n\t\t_, err = ldap.NewHardcodedRoleMapper(ctx, \"assignAdminRoleToAllUsers\", \u0026ldap.HardcodedRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRole: pulumi.All(realmManagement, createClient).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\trealmManagement := _args[0].(openid.GetClientResult)\n\t\t\t\tcreateClient := _args[1].(keycloak.GetRoleResult)\n\t\t\t\treturn fmt.Sprintf(\"%v.%v\", realmManagement.ClientId, createClient.Name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapper;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"realm-management\")\n .build());\n\n final var createClient = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .name(\"create-client\")\n .build());\n\n var assignAdminRoleToAllUsers = new HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", HardcodedRoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .role(Output.tuple(realmManagement.applyValue(getClientResult -\u003e getClientResult), createClient.applyValue(getRoleResult -\u003e getRoleResult)).applyValue(values -\u003e {\n var realmManagement = values.t1;\n var createClient = values.t2;\n return String.format(\"%s.%s\", realmManagement.applyValue(getClientResult -\u003e getClientResult.clientId()),createClient.applyValue(getRoleResult -\u003e getRoleResult.name()));\n }))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n assignAdminRoleToAllUsers:\n type: keycloak:ldap:HardcodedRoleMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n role: ${realmManagement.clientId}.${createClient.name}\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: ${realm.id}\n clientId: realm-management\n createClient:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n clientId: ${realmManagement.id}\n name: create-client\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "## # keycloak.ldap.HardcodedRoleMapper\n\nThis mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n role: \"admin\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nassign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n role=\"admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Role = \"admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedRoleMapper(ctx, \"assignAdminRoleToAllUsers\", \u0026ldap.HardcodedRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRole: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapper;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var assignAdminRoleToAllUsers = new HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", HardcodedRoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .role(\"admin\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n assignAdminRoleToAllUsers:\n type: keycloak:ldap:HardcodedRoleMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n role: admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `role` - (Required) The role which should be assigned to the users.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_hardcoded_role_mapper.ldap_hardcoded_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n" + "description": "The ldap user federation provider to attach this mapper to.\n" }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n" + "description": "The realm in which the ldap user federation provider exists.\n" }, "role": { "type": "string", - "description": "The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.\n" + "description": "Role to grant to user.\n" } }, "required": [ @@ -7030,21 +6660,21 @@ "inputProperties": { "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true }, "role": { "type": "string", - "description": "The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.\n", + "description": "Role to grant to user.\n", "willReplaceOnChanges": true } }, @@ -7058,21 +6688,21 @@ "properties": { "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true }, "role": { "type": "string", - "description": "The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.\n", + "description": "Role to grant to user.\n", "willReplaceOnChanges": true } }, @@ -7080,7 +6710,7 @@ } }, "keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper": { - "description": "Allows for creating and managing MSAD-LDS user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD-LDS (Microsoft Active Directory Lightweight Directory Service) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD-LDS, and it can propagate\nAD-LDS user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"objectGUID\",\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connectionUrl: \"ldap://my-ad-server\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst msadLdsUserAccountControlMapper = new keycloak.ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"objectGUID\",\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connection_url=\"ldap://my-ad-server\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nmsad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"objectGUID\",\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n ConnectionUrl = \"ldap://my-ad-server\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var msadLdsUserAccountControlMapper = new Keycloak.Ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, \"msadLdsUserAccountControlMapper\", \u0026ldap.MsadLdsUserAccountControlMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"objectGUID\")\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .connectionUrl(\"ldap://my-ad-server\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var msadLdsUserAccountControlMapper = new MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", MsadLdsUserAccountControlMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: objectGUID\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n connectionUrl: ldap://my-ad-server\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n msadLdsUserAccountControlMapper:\n type: keycloak:ldap:MsadLdsUserAccountControlMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "Allows for creating and managing MSAD-LDS user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD-LDS (Microsoft Active Directory Lightweight Directory Service) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD-LDS, and it can propagate\nAD-LDS user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"objectGUID\",\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connectionUrl: \"ldap://my-ad-server\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst msadLdsUserAccountControlMapper = new keycloak.ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"objectGUID\",\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connection_url=\"ldap://my-ad-server\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nmsad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"objectGUID\",\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n ConnectionUrl = \"ldap://my-ad-server\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var msadLdsUserAccountControlMapper = new Keycloak.Ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, \"msadLdsUserAccountControlMapper\", \u0026ldap.MsadLdsUserAccountControlMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"objectGUID\")\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .connectionUrl(\"ldap://my-ad-server\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var msadLdsUserAccountControlMapper = new MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", MsadLdsUserAccountControlMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: objectGUID\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n connectionUrl: ldap://my-ad-server\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n msadLdsUserAccountControlMapper:\n type: keycloak:ldap:MsadLdsUserAccountControlMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "ldapUserFederationId": { "type": "string", @@ -7142,23 +6772,22 @@ } }, "keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper": { - "description": "Allows for creating and managing MSAD user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD (Microsoft Active Directory) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD, and it can propagate\nAD user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"objectGUID\",\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connectionUrl: \"ldap://my-ad-server\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"objectGUID\",\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connection_url=\"ldap://my-ad-server\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nmsad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"objectGUID\",\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n ConnectionUrl = \"ldap://my-ad-server\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadUserAccountControlMapper(ctx, \"msadUserAccountControlMapper\", \u0026ldap.MsadUserAccountControlMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"objectGUID\")\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .connectionUrl(\"ldap://my-ad-server\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var msadUserAccountControlMapper = new MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", MsadUserAccountControlMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: objectGUID\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n connectionUrl: ldap://my-ad-server\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n msadUserAccountControlMapper:\n type: keycloak:ldap:MsadUserAccountControlMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "## # keycloak.ldap.MsadUserAccountControlMapper\n\nAllows for creating and managing MSAD user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD (Microsoft Active Directory) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD, and it can propagate\nAD user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionUrl: \"ldap://my-ad-server\",\n rdnLdapAttribute: \"cn\",\n realmId: realm.id,\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"objectGUID\",\n});\nconst msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", {\n ldapUserFederationId: ldapUserFederation.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_url=\"ldap://my-ad-server\",\n rdn_ldap_attribute=\"cn\",\n realm_id=realm.id,\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"objectGUID\")\nmsad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\",\n ldap_user_federation_id=ldap_user_federation.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionUrl = \"ldap://my-ad-server\",\n RdnLdapAttribute = \"cn\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"objectGUID\",\n });\n\n var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", new()\n {\n LdapUserFederationId = ldapUserFederation.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadUserAccountControlMapper(ctx, \"msadUserAccountControlMapper\", \u0026ldap.MsadUserAccountControlMapperArgs{\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionUrl(\"ldap://my-ad-server\")\n .rdnLdapAttribute(\"cn\")\n .realmId(realm.id())\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"objectGUID\")\n .build());\n\n var msadUserAccountControlMapper = new MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", MsadUserAccountControlMapperArgs.builder() \n .ldapUserFederationId(ldapUserFederation.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionUrl: ldap://my-ad-server\n rdnLdapAttribute: cn\n realmId: ${realm.id}\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: objectGUID\n msadUserAccountControlMapper:\n type: keycloak:ldap:MsadUserAccountControlMapper\n properties:\n ldapUserFederationId: ${ldapUserFederation.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_password_policy_hints_enabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_msad_user_account_control_mapper.msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "ldapPasswordPolicyHintsEnabled": { - "type": "boolean", - "description": "When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.\n" + "type": "boolean" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n" + "description": "The ldap user federation provider to attach this mapper to.\n" }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n" + "description": "The realm in which the ldap user federation provider exists.\n" } }, "required": [ @@ -7168,21 +6797,20 @@ ], "inputProperties": { "ldapPasswordPolicyHintsEnabled": { - "type": "boolean", - "description": "When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.\n" + "type": "boolean" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true } }, @@ -7194,21 +6822,20 @@ "description": "Input properties used for looking up and filtering MsadUserAccountControlMapper resources.\n", "properties": { "ldapPasswordPolicyHintsEnabled": { - "type": "boolean", - "description": "When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.\n" + "type": "boolean" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true } }, @@ -7216,7 +6843,7 @@ } }, "keycloak:ldap/roleMapper:RoleMapper": { - "description": "Allows for creating and managing role mappers for Keycloak users federated via LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapRoleMapper = new keycloak.ldap.RoleMapper(\"ldapRoleMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n ldapRolesDn: \"dc=example,dc=org\",\n roleNameLdapAttribute: \"cn\",\n roleObjectClasses: [\"groupOfNames\"],\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n userRolesRetrieveStrategy: \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberofLdapAttribute: \"memberOf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_role_mapper = keycloak.ldap.RoleMapper(\"ldapRoleMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n ldap_roles_dn=\"dc=example,dc=org\",\n role_name_ldap_attribute=\"cn\",\n role_object_classes=[\"groupOfNames\"],\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n user_roles_retrieve_strategy=\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberof_ldap_attribute=\"memberOf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapRoleMapper = new Keycloak.Ldap.RoleMapper(\"ldapRoleMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n LdapRolesDn = \"dc=example,dc=org\",\n RoleNameLdapAttribute = \"cn\",\n RoleObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n UserRolesRetrieveStrategy = \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n MemberofLdapAttribute = \"memberOf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewRoleMapper(ctx, \"ldapRoleMapper\", \u0026ldap.RoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tLdapRolesDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tRoleNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRoleObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUserRolesRetrieveStrategy: pulumi.String(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\"),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.RoleMapper;\nimport com.pulumi.keycloak.ldap.RoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapRoleMapper = new RoleMapper(\"ldapRoleMapper\", RoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .ldapRolesDn(\"dc=example,dc=org\")\n .roleNameLdapAttribute(\"cn\")\n .roleObjectClasses(\"groupOfNames\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .userRolesRetrieveStrategy(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\")\n .memberofLdapAttribute(\"memberOf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapRoleMapper:\n type: keycloak:ldap:RoleMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n ldapRolesDn: dc=example,dc=org\n roleNameLdapAttribute: cn\n roleObjectClasses:\n - groupOfNames\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n userRolesRetrieveStrategy: GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\n memberofLdapAttribute: memberOf\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "Allows for creating and managing role mappers for Keycloak users federated via LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapRoleMapper = new keycloak.ldap.RoleMapper(\"ldapRoleMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n ldapRolesDn: \"dc=example,dc=org\",\n roleNameLdapAttribute: \"cn\",\n roleObjectClasses: [\"groupOfNames\"],\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n userRolesRetrieveStrategy: \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberofLdapAttribute: \"memberOf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_role_mapper = keycloak.ldap.RoleMapper(\"ldapRoleMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n ldap_roles_dn=\"dc=example,dc=org\",\n role_name_ldap_attribute=\"cn\",\n role_object_classes=[\"groupOfNames\"],\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n user_roles_retrieve_strategy=\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberof_ldap_attribute=\"memberOf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapRoleMapper = new Keycloak.Ldap.RoleMapper(\"ldapRoleMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n LdapRolesDn = \"dc=example,dc=org\",\n RoleNameLdapAttribute = \"cn\",\n RoleObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n UserRolesRetrieveStrategy = \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n MemberofLdapAttribute = \"memberOf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewRoleMapper(ctx, \"ldapRoleMapper\", \u0026ldap.RoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tLdapRolesDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tRoleNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRoleObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUserRolesRetrieveStrategy: pulumi.String(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\"),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.RoleMapper;\nimport com.pulumi.keycloak.ldap.RoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapRoleMapper = new RoleMapper(\"ldapRoleMapper\", RoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .ldapRolesDn(\"dc=example,dc=org\")\n .roleNameLdapAttribute(\"cn\")\n .roleObjectClasses(\"groupOfNames\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .userRolesRetrieveStrategy(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\")\n .memberofLdapAttribute(\"memberOf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapRoleMapper:\n type: keycloak:ldap:RoleMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n ldapRolesDn: dc=example,dc=org\n roleNameLdapAttribute: cn\n roleObjectClasses:\n - groupOfNames\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n userRolesRetrieveStrategy: GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\n memberofLdapAttribute: memberOf\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "clientId": { "type": "string", @@ -7441,47 +7068,47 @@ } }, "keycloak:ldap/userAttributeMapper:UserAttributeMapper": { - "description": "Allows for creating and managing user attribute mappers for Keycloak users\nfederated via LDAP.\n\nThe LDAP user attribute mapper can be used to map a single LDAP attribute\nto an attribute on the Keycloak user model.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper(\"ldapUserAttributeMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n userModelAttribute: \"foo\",\n ldapAttribute: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper(\"ldapUserAttributeMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n user_model_attribute=\"foo\",\n ldap_attribute=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper(\"ldapUserAttributeMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n UserModelAttribute = \"foo\",\n LdapAttribute = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserAttributeMapper(ctx, \"ldapUserAttributeMapper\", \u0026ldap.UserAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tUserModelAttribute: pulumi.String(\"foo\"),\n\t\t\tLdapAttribute: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.UserAttributeMapper;\nimport com.pulumi.keycloak.ldap.UserAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapUserAttributeMapper = new UserAttributeMapper(\"ldapUserAttributeMapper\", UserAttributeMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .userModelAttribute(\"foo\")\n .ldapAttribute(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapUserAttributeMapper:\n type: keycloak:ldap:UserAttributeMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n userModelAttribute: foo\n ldapAttribute: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\n The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n ", + "description": "## # keycloak.ldap.UserAttributeMapper\n\nAllows for creating and managing user attribute mappers for Keycloak users\nfederated via LDAP.\n\nThe LDAP user attribute mapper can be used to map a single LDAP attribute\nto an attribute on the Keycloak user model.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionUrl: \"ldap://openldap\",\n rdnLdapAttribute: \"cn\",\n realmId: realm.id,\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"entryDN\",\n});\nconst ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper(\"ldapUserAttributeMapper\", {\n ldapAttribute: \"bar\",\n ldapUserFederationId: ldapUserFederation.id,\n realmId: realm.id,\n userModelAttribute: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_url=\"ldap://openldap\",\n rdn_ldap_attribute=\"cn\",\n realm_id=realm.id,\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"entryDN\")\nldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper(\"ldapUserAttributeMapper\",\n ldap_attribute=\"bar\",\n ldap_user_federation_id=ldap_user_federation.id,\n realm_id=realm.id,\n user_model_attribute=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionUrl = \"ldap://openldap\",\n RdnLdapAttribute = \"cn\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"entryDN\",\n });\n\n var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper(\"ldapUserAttributeMapper\", new()\n {\n LdapAttribute = \"bar\",\n LdapUserFederationId = ldapUserFederation.Id,\n RealmId = realm.Id,\n UserModelAttribute = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserAttributeMapper(ctx, \"ldapUserAttributeMapper\", \u0026ldap.UserAttributeMapperArgs{\n\t\t\tLdapAttribute: pulumi.String(\"bar\"),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserModelAttribute: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.UserAttributeMapper;\nimport com.pulumi.keycloak.ldap.UserAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionUrl(\"ldap://openldap\")\n .rdnLdapAttribute(\"cn\")\n .realmId(realm.id())\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"entryDN\")\n .build());\n\n var ldapUserAttributeMapper = new UserAttributeMapper(\"ldapUserAttributeMapper\", UserAttributeMapperArgs.builder() \n .ldapAttribute(\"bar\")\n .ldapUserFederationId(ldapUserFederation.id())\n .realmId(realm.id())\n .userModelAttribute(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionUrl: ldap://openldap\n rdnLdapAttribute: cn\n realmId: ${realm.id}\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: entryDN\n ldapUserAttributeMapper:\n type: keycloak:ldap:UserAttributeMapper\n properties:\n ldapAttribute: bar\n ldapUserFederationId: ${ldapUserFederation.id}\n realmId: ${realm.id}\n userModelAttribute: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `user_model_attribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into.\n- `ldap_attribute` - (Required) Name of the mapped attribute on the LDAP object.\n- `read_only` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.\n- `always_read_value_from_ldap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.\n- `is_mandatory_in_ldap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_user_attribute_mapper.ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "alwaysReadValueFromLdap": { "type": "boolean", - "description": "When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.\n" + "description": "When true, the value fetched from LDAP will override the value stored in Keycloak.\n" }, "attributeDefaultValue": { "type": "string", - "description": "Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty.\n" + "description": "Default value to set in LDAP if is_mandatory_in_ldap and the value is empty\n" }, "isBinaryAttribute": { "type": "boolean", - "description": "Should be true for binary LDAP attributes.\n" + "description": "Should be true for binary LDAP attributes\n" }, "isMandatoryInLdap": { "type": "boolean", - "description": "When `true`, this attribute must exist in LDAP. Defaults to `false`.\n" + "description": "When true, this attribute must exist in LDAP.\n" }, "ldapAttribute": { "type": "string", - "description": "Name of the mapped attribute on the LDAP object.\n" + "description": "Name of the mapped attribute on LDAP object.\n" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n" + "description": "The ldap user federation provider to attach this mapper to.\n" }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "readOnly": { "type": "boolean", - "description": "When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.\n" + "description": "When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n" + "description": "The realm in which the ldap user federation provider exists.\n" }, "userModelAttribute": { "type": "string", - "description": "Name of the user property or attribute you want to map the LDAP attribute into.\n" + "description": "Name of the UserModel property or attribute you want to map the LDAP attribute into.\n" } }, "required": [ @@ -7494,45 +7121,45 @@ "inputProperties": { "alwaysReadValueFromLdap": { "type": "boolean", - "description": "When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.\n" + "description": "When true, the value fetched from LDAP will override the value stored in Keycloak.\n" }, "attributeDefaultValue": { "type": "string", - "description": "Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty.\n" + "description": "Default value to set in LDAP if is_mandatory_in_ldap and the value is empty\n" }, "isBinaryAttribute": { "type": "boolean", - "description": "Should be true for binary LDAP attributes.\n" + "description": "Should be true for binary LDAP attributes\n" }, "isMandatoryInLdap": { "type": "boolean", - "description": "When `true`, this attribute must exist in LDAP. Defaults to `false`.\n" + "description": "When true, this attribute must exist in LDAP.\n" }, "ldapAttribute": { "type": "string", - "description": "Name of the mapped attribute on the LDAP object.\n" + "description": "Name of the mapped attribute on LDAP object.\n" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "readOnly": { "type": "boolean", - "description": "When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.\n" + "description": "When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true }, "userModelAttribute": { "type": "string", - "description": "Name of the user property or attribute you want to map the LDAP attribute into.\n" + "description": "Name of the UserModel property or attribute you want to map the LDAP attribute into.\n" } }, "requiredInputs": [ @@ -7546,77 +7173,77 @@ "properties": { "alwaysReadValueFromLdap": { "type": "boolean", - "description": "When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.\n" + "description": "When true, the value fetched from LDAP will override the value stored in Keycloak.\n" }, "attributeDefaultValue": { "type": "string", - "description": "Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty.\n" + "description": "Default value to set in LDAP if is_mandatory_in_ldap and the value is empty\n" }, "isBinaryAttribute": { "type": "boolean", - "description": "Should be true for binary LDAP attributes.\n" + "description": "Should be true for binary LDAP attributes\n" }, "isMandatoryInLdap": { "type": "boolean", - "description": "When `true`, this attribute must exist in LDAP. Defaults to `false`.\n" + "description": "When true, this attribute must exist in LDAP.\n" }, "ldapAttribute": { "type": "string", - "description": "Name of the mapped attribute on the LDAP object.\n" + "description": "Name of the mapped attribute on LDAP object.\n" }, "ldapUserFederationId": { "type": "string", - "description": "The ID of the LDAP user federation provider to attach this mapper to.\n", + "description": "The ldap user federation provider to attach this mapper to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Display name of this mapper when displayed in the console.\n" + "description": "Display name of the mapper when displayed in the console.\n" }, "readOnly": { "type": "boolean", - "description": "When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.\n" + "description": "When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.\n" }, "realmId": { "type": "string", - "description": "The realm that this LDAP mapper will exist in.\n", + "description": "The realm in which the ldap user federation provider exists.\n", "willReplaceOnChanges": true }, "userModelAttribute": { "type": "string", - "description": "Name of the user property or attribute you want to map the LDAP attribute into.\n" + "description": "Name of the UserModel property or attribute you want to map the LDAP attribute into.\n" } }, "type": "object" } }, "keycloak:ldap/userFederation:UserFederation": { - "description": "Allows for creating and managing LDAP user federation providers within Keycloak.\n\nKeycloak can use an LDAP user federation provider to federate users to Keycloak\nfrom a directory system such as LDAP or Active Directory. Federated users\nwill exist within the realm and will be able to log in to clients. Federated\nusers can have their attributes defined using mappers.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n enabled: true,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n connectionTimeout: \"5s\",\n readTimeout: \"10s\",\n kerberos: {\n kerberosRealm: \"FOO.LOCAL\",\n serverPrincipal: \"HTTP/host.foo.com@FOO.LOCAL\",\n keyTab: \"/etc/host.keytab\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n enabled=True,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n connection_timeout=\"5s\",\n read_timeout=\"10s\",\n kerberos=keycloak.ldap.UserFederationKerberosArgs(\n kerberos_realm=\"FOO.LOCAL\",\n server_principal=\"HTTP/host.foo.com@FOO.LOCAL\",\n key_tab=\"/etc/host.keytab\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n ConnectionTimeout = \"5s\",\n ReadTimeout = \"10s\",\n Kerberos = new Keycloak.Ldap.Inputs.UserFederationKerberosArgs\n {\n KerberosRealm = \"FOO.LOCAL\",\n ServerPrincipal = \"HTTP/host.foo.com@FOO.LOCAL\",\n KeyTab = \"/etc/host.keytab\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tConnectionTimeout: pulumi.String(\"5s\"),\n\t\t\tReadTimeout: pulumi.String(\"10s\"),\n\t\t\tKerberos: \u0026ldap.UserFederationKerberosArgs{\n\t\t\t\tKerberosRealm: pulumi.String(\"FOO.LOCAL\"),\n\t\t\t\tServerPrincipal: pulumi.String(\"HTTP/host.foo.com@FOO.LOCAL\"),\n\t\t\t\tKeyTab: pulumi.String(\"/etc/host.keytab\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.inputs.UserFederationKerberosArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .connectionTimeout(\"5s\")\n .readTimeout(\"10s\")\n .kerberos(UserFederationKerberosArgs.builder()\n .kerberosRealm(\"FOO.LOCAL\")\n .serverPrincipal(\"HTTP/host.foo.com@FOO.LOCAL\")\n .keyTab(\"/etc/host.keytab\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n enabled: true\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n connectionTimeout: 5s\n readTimeout: 10s\n kerberos:\n kerberosRealm: FOO.LOCAL\n serverPrincipal: HTTP/host.foo.com@FOO.LOCAL\n keyTab: /etc/host.keytab\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`.\n\n The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n bash\n\n ```sh\n $ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n\n ", + "description": "## # keycloak.ldap.UserFederation\n\nAllows for creating and managing LDAP user federation providers within Keycloak.\n\nKeycloak can use an LDAP user federation provider to federate users to Keycloak\nfrom a directory system such as LDAP or Active Directory. Federated users\nwill exist within the realm and will be able to log in to clients. Federated\nusers can have their attributes defined using mappers.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionTimeout: \"5s\",\n connectionUrl: \"ldap://openldap\",\n enabled: true,\n rdnLdapAttribute: \"cn\",\n readTimeout: \"10s\",\n realmId: realm.id,\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"entryDN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_timeout=\"5s\",\n connection_url=\"ldap://openldap\",\n enabled=True,\n rdn_ldap_attribute=\"cn\",\n read_timeout=\"10s\",\n realm_id=realm.id,\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"entryDN\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionTimeout = \"5s\",\n ConnectionUrl = \"ldap://openldap\",\n Enabled = true,\n RdnLdapAttribute = \"cn\",\n ReadTimeout = \"10s\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"entryDN\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionTimeout: pulumi.String(\"5s\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tReadTimeout: pulumi.String(\"10s\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionTimeout(\"5s\")\n .connectionUrl(\"ldap://openldap\")\n .enabled(true)\n .rdnLdapAttribute(\"cn\")\n .readTimeout(\"10s\")\n .realmId(realm.id())\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"entryDN\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionTimeout: 5s\n connectionUrl: ldap://openldap\n enabled: true\n rdnLdapAttribute: cn\n readTimeout: 10s\n realmId: ${realm.id}\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: entryDN\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this provider will provide user federation for.\n- `name` - (Required) Display name of the provider when displayed in the console.\n- `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n- `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n- `import_enabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.\n- `edit_mode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n- `sync_registrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`.\n- `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`.\n- `username_ldap_attribute` - (Required) Name of the LDAP attribute to use as the Keycloak username.\n- `rdn_ldap_attribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name.\n- `uuid_ldap_attribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.\n- `user_object_classes` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n- `connection_url` - (Required) Connection URL to the LDAP server.\n- `users_dn` - (Required) Full DN of LDAP tree where your users are.\n- `bind_dn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.\n- `bind_credential` - (Optional) Password of LDAP admin. This attribute must be set if `bind_dn` is set.\n- `custom_user_search_filter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n- `search_scope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`:\n - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`.\n - `SUBTREE`: Search entire LDAP subtree.\n- `validate_password_policy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it.\n- `use_truststore_spi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n - `ALWAYS` - Always use the truststore SPI for LDAP connections.\n - `NEVER` - Never use the truststore SPI for LDAP connections.\n - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.\n- `connection_timeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n- `read_timeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n- `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.\n- `batch_size_for_sync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`.\n- `full_sync_period` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.\n- `changed_sync_period` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n- `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n\n### Import\n\nLDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`.\nThe ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n```bash\n$ terraform import keycloak_ldap_user_federation.ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n", "properties": { "batchSizeForSync": { "type": "integer", - "description": "The number of users to sync within a single transaction. Defaults to `1000`.\n" + "description": "The number of users to sync within a single transaction.\n" }, "bindCredential": { "type": "string", - "description": "Password of LDAP admin. This attribute must be set if `bind_dn` is set.\n", + "description": "Password of LDAP admin.\n", "secret": true }, "bindDn": { "type": "string", - "description": "DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.\n" + "description": "DN of LDAP admin, which will be used by Keycloak to access LDAP server.\n" }, "cache": { "$ref": "#/types/keycloak:ldap/UserFederationCache:UserFederationCache", - "description": "A block containing the cache settings.\n" + "description": "Settings regarding cache policy for this realm.\n" }, "changedSyncPeriod": { "type": "integer", - "description": "How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n" + "description": "How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users\nsync.\n" }, "connectionTimeout": { "type": "string", - "description": "LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n" + "description": "LDAP connection timeout (duration string)\n" }, "connectionUrl": { "type": "string", @@ -7624,19 +7251,19 @@ }, "customUserSearchFilter": { "type": "string", - "description": "Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n" + "description": "Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'.\n" }, "deleteDefaultMappers": { "type": "boolean", - "description": "When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`.\n" + "description": "When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP\nuser federation provider.\n" }, "editMode": { "type": "string", - "description": "Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n" + "description": "READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP.\n" }, "enabled": { "type": "boolean", - "description": "When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n" + "description": "When false, this provider will not be used when performing queries for users.\n" }, "fullSyncPeriod": { "type": "integer", @@ -7644,11 +7271,11 @@ }, "importEnabled": { "type": "boolean", - "description": "When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.\n" + "description": "When true, LDAP users will be imported into the Keycloak database.\n" }, "kerberos": { "$ref": "#/types/keycloak:ldap/UserFederationKerberos:UserFederationKerberos", - "description": "A block containing the kerberos settings.\n" + "description": "Settings regarding kerberos authentication for this realm.\n" }, "name": { "type": "string", @@ -7656,11 +7283,11 @@ }, "pagination": { "type": "boolean", - "description": "When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.\n" + "description": "When true, Keycloak assumes the LDAP server supports pagination.\n" }, "priority": { "type": "integer", - "description": "Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n" + "description": "Priority of this provider when looking up users. Lower values are first.\n" }, "rdnLdapAttribute": { "type": "string", @@ -7668,23 +7295,23 @@ }, "readTimeout": { "type": "string", - "description": "LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n" + "description": "LDAP read timeout (duration string)\n" }, "realmId": { "type": "string", - "description": "The realm that this provider will provide user federation for.\n" + "description": "The realm this provider will provide user federation for.\n" }, "searchScope": { "type": "string", - "description": "Can be one of `ONE_LEVEL` or `SUBTREE`:\n" + "description": "ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree.\n" }, "startTls": { "type": "boolean", - "description": "When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n" + "description": "When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n" }, "syncRegistrations": { "type": "boolean", - "description": "When `true`, newly created users will be synced back to LDAP. Defaults to `false`.\n" + "description": "When true, newly created users will be synced back to LDAP.\n" }, "trustEmail": { "type": "boolean", @@ -7695,15 +7322,14 @@ "description": "When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).\n" }, "useTruststoreSpi": { - "type": "string", - "description": "Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n" + "type": "string" }, "userObjectClasses": { "type": "array", "items": { "type": "string" }, - "description": "Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n" + "description": "All values of LDAP objectClass attribute for users in LDAP.\n" }, "usernameLdapAttribute": { "type": "string", @@ -7719,11 +7345,11 @@ }, "validatePasswordPolicy": { "type": "boolean", - "description": "When `true`, Keycloak will validate passwords using the realm policy before updating it.\n" + "description": "When true, Keycloak will validate passwords using the realm policy before updating it.\n" }, "vendor": { "type": "string", - "description": "Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.\n" + "description": "LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required.\n" } }, "required": [ @@ -7739,28 +7365,28 @@ "inputProperties": { "batchSizeForSync": { "type": "integer", - "description": "The number of users to sync within a single transaction. Defaults to `1000`.\n" + "description": "The number of users to sync within a single transaction.\n" }, "bindCredential": { "type": "string", - "description": "Password of LDAP admin. This attribute must be set if `bind_dn` is set.\n", + "description": "Password of LDAP admin.\n", "secret": true }, "bindDn": { "type": "string", - "description": "DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.\n" + "description": "DN of LDAP admin, which will be used by Keycloak to access LDAP server.\n" }, "cache": { "$ref": "#/types/keycloak:ldap/UserFederationCache:UserFederationCache", - "description": "A block containing the cache settings.\n" + "description": "Settings regarding cache policy for this realm.\n" }, "changedSyncPeriod": { "type": "integer", - "description": "How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n" + "description": "How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users\nsync.\n" }, "connectionTimeout": { "type": "string", - "description": "LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n" + "description": "LDAP connection timeout (duration string)\n" }, "connectionUrl": { "type": "string", @@ -7768,20 +7394,20 @@ }, "customUserSearchFilter": { "type": "string", - "description": "Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n" + "description": "Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'.\n" }, "deleteDefaultMappers": { "type": "boolean", - "description": "When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`.\n", + "description": "When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP\nuser federation provider.\n", "willReplaceOnChanges": true }, "editMode": { "type": "string", - "description": "Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n" + "description": "READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP.\n" }, "enabled": { "type": "boolean", - "description": "When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n" + "description": "When false, this provider will not be used when performing queries for users.\n" }, "fullSyncPeriod": { "type": "integer", @@ -7789,11 +7415,11 @@ }, "importEnabled": { "type": "boolean", - "description": "When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.\n" + "description": "When true, LDAP users will be imported into the Keycloak database.\n" }, "kerberos": { "$ref": "#/types/keycloak:ldap/UserFederationKerberos:UserFederationKerberos", - "description": "A block containing the kerberos settings.\n" + "description": "Settings regarding kerberos authentication for this realm.\n" }, "name": { "type": "string", @@ -7801,11 +7427,11 @@ }, "pagination": { "type": "boolean", - "description": "When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.\n" + "description": "When true, Keycloak assumes the LDAP server supports pagination.\n" }, "priority": { "type": "integer", - "description": "Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n" + "description": "Priority of this provider when looking up users. Lower values are first.\n" }, "rdnLdapAttribute": { "type": "string", @@ -7813,24 +7439,24 @@ }, "readTimeout": { "type": "string", - "description": "LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n" + "description": "LDAP read timeout (duration string)\n" }, "realmId": { "type": "string", - "description": "The realm that this provider will provide user federation for.\n", + "description": "The realm this provider will provide user federation for.\n", "willReplaceOnChanges": true }, "searchScope": { "type": "string", - "description": "Can be one of `ONE_LEVEL` or `SUBTREE`:\n" + "description": "ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree.\n" }, "startTls": { "type": "boolean", - "description": "When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n" + "description": "When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n" }, "syncRegistrations": { "type": "boolean", - "description": "When `true`, newly created users will be synced back to LDAP. Defaults to `false`.\n" + "description": "When true, newly created users will be synced back to LDAP.\n" }, "trustEmail": { "type": "boolean", @@ -7841,15 +7467,14 @@ "description": "When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).\n" }, "useTruststoreSpi": { - "type": "string", - "description": "Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n" + "type": "string" }, "userObjectClasses": { "type": "array", "items": { "type": "string" }, - "description": "Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n" + "description": "All values of LDAP objectClass attribute for users in LDAP.\n" }, "usernameLdapAttribute": { "type": "string", @@ -7865,11 +7490,11 @@ }, "validatePasswordPolicy": { "type": "boolean", - "description": "When `true`, Keycloak will validate passwords using the realm policy before updating it.\n" + "description": "When true, Keycloak will validate passwords using the realm policy before updating it.\n" }, "vendor": { "type": "string", - "description": "Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.\n" + "description": "LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required.\n" } }, "requiredInputs": [ @@ -7886,28 +7511,28 @@ "properties": { "batchSizeForSync": { "type": "integer", - "description": "The number of users to sync within a single transaction. Defaults to `1000`.\n" + "description": "The number of users to sync within a single transaction.\n" }, "bindCredential": { "type": "string", - "description": "Password of LDAP admin. This attribute must be set if `bind_dn` is set.\n", + "description": "Password of LDAP admin.\n", "secret": true }, "bindDn": { "type": "string", - "description": "DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.\n" + "description": "DN of LDAP admin, which will be used by Keycloak to access LDAP server.\n" }, "cache": { "$ref": "#/types/keycloak:ldap/UserFederationCache:UserFederationCache", - "description": "A block containing the cache settings.\n" + "description": "Settings regarding cache policy for this realm.\n" }, "changedSyncPeriod": { "type": "integer", - "description": "How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n" + "description": "How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users\nsync.\n" }, "connectionTimeout": { "type": "string", - "description": "LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n" + "description": "LDAP connection timeout (duration string)\n" }, "connectionUrl": { "type": "string", @@ -7915,20 +7540,20 @@ }, "customUserSearchFilter": { "type": "string", - "description": "Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n" + "description": "Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'.\n" }, "deleteDefaultMappers": { "type": "boolean", - "description": "When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`.\n", + "description": "When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP\nuser federation provider.\n", "willReplaceOnChanges": true }, "editMode": { "type": "string", - "description": "Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n" + "description": "READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP.\n" }, "enabled": { "type": "boolean", - "description": "When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n" + "description": "When false, this provider will not be used when performing queries for users.\n" }, "fullSyncPeriod": { "type": "integer", @@ -7936,11 +7561,11 @@ }, "importEnabled": { "type": "boolean", - "description": "When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.\n" + "description": "When true, LDAP users will be imported into the Keycloak database.\n" }, "kerberos": { "$ref": "#/types/keycloak:ldap/UserFederationKerberos:UserFederationKerberos", - "description": "A block containing the kerberos settings.\n" + "description": "Settings regarding kerberos authentication for this realm.\n" }, "name": { "type": "string", @@ -7948,11 +7573,11 @@ }, "pagination": { "type": "boolean", - "description": "When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.\n" + "description": "When true, Keycloak assumes the LDAP server supports pagination.\n" }, "priority": { "type": "integer", - "description": "Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n" + "description": "Priority of this provider when looking up users. Lower values are first.\n" }, "rdnLdapAttribute": { "type": "string", @@ -7960,24 +7585,24 @@ }, "readTimeout": { "type": "string", - "description": "LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n" + "description": "LDAP read timeout (duration string)\n" }, "realmId": { "type": "string", - "description": "The realm that this provider will provide user federation for.\n", + "description": "The realm this provider will provide user federation for.\n", "willReplaceOnChanges": true }, "searchScope": { "type": "string", - "description": "Can be one of `ONE_LEVEL` or `SUBTREE`:\n" + "description": "ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree.\n" }, "startTls": { "type": "boolean", - "description": "When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n" + "description": "When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n" }, "syncRegistrations": { "type": "boolean", - "description": "When `true`, newly created users will be synced back to LDAP. Defaults to `false`.\n" + "description": "When true, newly created users will be synced back to LDAP.\n" }, "trustEmail": { "type": "boolean", @@ -7988,15 +7613,14 @@ "description": "When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).\n" }, "useTruststoreSpi": { - "type": "string", - "description": "Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n" + "type": "string" }, "userObjectClasses": { "type": "array", "items": { "type": "string" }, - "description": "Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n" + "description": "All values of LDAP objectClass attribute for users in LDAP.\n" }, "usernameLdapAttribute": { "type": "string", @@ -8012,18 +7636,18 @@ }, "validatePasswordPolicy": { "type": "boolean", - "description": "When `true`, Keycloak will validate passwords using the realm policy before updating it.\n" + "description": "When true, Keycloak will validate passwords using the realm policy before updating it.\n" }, "vendor": { "type": "string", - "description": "Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.\n" + "description": "LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required.\n" } }, "type": "object" } }, "keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider": { - "description": "Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst google = new keycloak.oidc.GoogleIdentityProvider(\"google\", {\n realm: realm.id,\n clientId: _var.google_identity_provider_client_id,\n clientSecret: _var.google_identity_provider_client_secret,\n trustEmail: true,\n hostedDomain: \"example.com\",\n syncMode: \"IMPORT\",\n extraConfig: {\n myCustomConfigKey: \"myValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngoogle = keycloak.oidc.GoogleIdentityProvider(\"google\",\n realm=realm.id,\n client_id=var[\"google_identity_provider_client_id\"],\n client_secret=var[\"google_identity_provider_client_secret\"],\n trust_email=True,\n hosted_domain=\"example.com\",\n sync_mode=\"IMPORT\",\n extra_config={\n \"myCustomConfigKey\": \"myValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var google = new Keycloak.Oidc.GoogleIdentityProvider(\"google\", new()\n {\n Realm = realm.Id,\n ClientId = @var.Google_identity_provider_client_id,\n ClientSecret = @var.Google_identity_provider_client_secret,\n TrustEmail = true,\n HostedDomain = \"example.com\",\n SyncMode = \"IMPORT\",\n ExtraConfig = \n {\n { \"myCustomConfigKey\", \"myValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewGoogleIdentityProvider(ctx, \"google\", \u0026oidc.GoogleIdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tClientId: pulumi.Any(_var.Google_identity_provider_client_id),\n\t\t\tClientSecret: pulumi.Any(_var.Google_identity_provider_client_secret),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tHostedDomain: pulumi.String(\"example.com\"),\n\t\t\tSyncMode: pulumi.String(\"IMPORT\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"myCustomConfigKey\": pulumi.Any(\"myValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProvider;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var google = new GoogleIdentityProvider(\"google\", GoogleIdentityProviderArgs.builder() \n .realm(realm.id())\n .clientId(var_.google_identity_provider_client_id())\n .clientSecret(var_.google_identity_provider_client_secret())\n .trustEmail(true)\n .hostedDomain(\"example.com\")\n .syncMode(\"IMPORT\")\n .extraConfig(Map.of(\"myCustomConfigKey\", \"myValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n google:\n type: keycloak:oidc:GoogleIdentityProvider\n properties:\n realm: ${realm.id}\n clientId: ${var.google_identity_provider_client_id}\n clientSecret: ${var.google_identity_provider_client_secret}\n trustEmail: true\n hostedDomain: example.com\n syncMode: IMPORT\n extraConfig:\n myCustomConfigKey: myValue\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGoogle Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp\n```\n\n ", + "description": "Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst google = new keycloak.oidc.GoogleIdentityProvider(\"google\", {\n realm: realm.id,\n clientId: _var.google_identity_provider_client_id,\n clientSecret: _var.google_identity_provider_client_secret,\n trustEmail: true,\n hostedDomain: \"example.com\",\n syncMode: \"IMPORT\",\n extraConfig: {\n myCustomConfigKey: \"myValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngoogle = keycloak.oidc.GoogleIdentityProvider(\"google\",\n realm=realm.id,\n client_id=var[\"google_identity_provider_client_id\"],\n client_secret=var[\"google_identity_provider_client_secret\"],\n trust_email=True,\n hosted_domain=\"example.com\",\n sync_mode=\"IMPORT\",\n extra_config={\n \"myCustomConfigKey\": \"myValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var google = new Keycloak.Oidc.GoogleIdentityProvider(\"google\", new()\n {\n Realm = realm.Id,\n ClientId = @var.Google_identity_provider_client_id,\n ClientSecret = @var.Google_identity_provider_client_secret,\n TrustEmail = true,\n HostedDomain = \"example.com\",\n SyncMode = \"IMPORT\",\n ExtraConfig = \n {\n { \"myCustomConfigKey\", \"myValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewGoogleIdentityProvider(ctx, \"google\", \u0026oidc.GoogleIdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tClientId: pulumi.Any(_var.Google_identity_provider_client_id),\n\t\t\tClientSecret: pulumi.Any(_var.Google_identity_provider_client_secret),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tHostedDomain: pulumi.String(\"example.com\"),\n\t\t\tSyncMode: pulumi.String(\"IMPORT\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"myCustomConfigKey\": pulumi.Any(\"myValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProvider;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var google = new GoogleIdentityProvider(\"google\", GoogleIdentityProviderArgs.builder() \n .realm(realm.id())\n .clientId(var_.google_identity_provider_client_id())\n .clientSecret(var_.google_identity_provider_client_secret())\n .trustEmail(true)\n .hostedDomain(\"example.com\")\n .syncMode(\"IMPORT\")\n .extraConfig(Map.of(\"myCustomConfigKey\", \"myValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n google:\n type: keycloak:oidc:GoogleIdentityProvider\n properties:\n realm: ${realm.id}\n clientId: ${var.google_identity_provider_client_id}\n clientSecret: ${var.google_identity_provider_client_secret}\n trustEmail: true\n hostedDomain: example.com\n syncMode: IMPORT\n extraConfig:\n myCustomConfigKey: myValue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGoogle Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp\n```\n\n", "properties": { "acceptsPromptNoneForwardFromClient": { "type": "boolean", @@ -8350,7 +7974,7 @@ } }, "keycloak:oidc/identityProvider:IdentityProvider": { - "description": "Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmIdentityProvider = new keycloak.oidc.IdentityProvider(\"realmIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n extraConfig: {\n clientAuthMethod: \"client_secret_post\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_identity_provider = keycloak.oidc.IdentityProvider(\"realmIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\",\n extra_config={\n \"clientAuthMethod\": \"client_secret_post\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"realmIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n ExtraConfig = \n {\n { \"clientAuthMethod\", \"client_secret_post\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewIdentityProvider(ctx, \"realmIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"clientAuthMethod\": pulumi.Any(\"client_secret_post\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .extraConfig(Map.of(\"clientAuthMethod\", \"client_secret_post\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n extraConfig:\n clientAuthMethod: client_secret_post\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp\n```\n\n ", + "description": "Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmIdentityProvider = new keycloak.oidc.IdentityProvider(\"realmIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n extraConfig: {\n clientAuthMethod: \"client_secret_post\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_identity_provider = keycloak.oidc.IdentityProvider(\"realmIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\",\n extra_config={\n \"clientAuthMethod\": \"client_secret_post\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"realmIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n ExtraConfig = \n {\n { \"clientAuthMethod\", \"client_secret_post\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewIdentityProvider(ctx, \"realmIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"clientAuthMethod\": pulumi.Any(\"client_secret_post\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .extraConfig(Map.of(\"clientAuthMethod\", \"client_secret_post\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n extraConfig:\n clientAuthMethod: client_secret_post\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp\n```\n\n", "properties": { "acceptsPromptNoneForwardFromClient": { "type": "boolean", @@ -8775,39 +8399,39 @@ } }, "keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper": { - "description": "Allows for creating and managing audience protocol mappers within Keycloak.\n\nAudience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom\nstring, or it can be mapped to the ID of a pre-existing client.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n includedCustomAudience: foo\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n includedCustomAudience: foo\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.openid.AudienceProtocolMapper\n\nAllows for creating and managing audience protocol mappers within\nKeycloak. This mapper was added in Keycloak v4.6.0.Final.\n\nAudience protocol mappers allow you add audiences to the `aud` claim\nwithin issued tokens. The audience can be a custom string, or it can be\nmapped to the ID of a pre-existing client.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n clientId: openidClient.id,\n includedCustomAudience: \"foo\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n client_id=openid_client.id,\n included_custom_audience=\"foo\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n ClientId = openidClient.Id,\n IncludedCustomAudience = \"foo\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tClientId: openidClient.ID(),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .clientId(openidClient.id())\n .includedCustomAudience(\"foo\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n clientId: ${openidClient.id}\n includedCustomAudience: foo\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n clientScopeId: clientScope.id,\n includedCustomAudience: \"foo\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n client_scope_id=client_scope.id,\n included_custom_audience=\"foo\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n ClientScopeId = clientScope.Id,\n IncludedCustomAudience = \"foo\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .clientScopeId(clientScope.id())\n .includedCustomAudience(\"foo\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n clientScopeId: ${clientScope.id}\n includedCustomAudience: foo\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `included_client_audience` - (Required if `included_custom_audience` is not specified) A client ID to include within the token's `aud` claim.\n- `included_custom_audience` - (Required if `included_client_audience` is not specified) A custom audience to include within the token's `aud` claim.\n- `add_to_id_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n" + "description": "Indicates if this claim should be added to the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n" + "description": "Indicates if this claim should be added to the id token.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n" }, "includedClientAudience": { "type": "string", - "description": "A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified.\n" + "description": "A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience\n" }, "includedCustomAudience": { "type": "string", - "description": "A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified.\n" + "description": "A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" } }, "required": [ @@ -8817,37 +8441,37 @@ "inputProperties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n" + "description": "Indicates if this claim should be added to the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n" + "description": "Indicates if this claim should be added to the id token.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "includedClientAudience": { "type": "string", - "description": "A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified.\n" + "description": "A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience\n" }, "includedCustomAudience": { "type": "string", - "description": "A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified.\n" + "description": "A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -8859,37 +8483,37 @@ "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n" + "description": "Indicates if this claim should be added to the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n" + "description": "Indicates if this claim should be added to the id token.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "includedClientAudience": { "type": "string", - "description": "A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified.\n" + "description": "A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience\n" }, "includedCustomAudience": { "type": "string", - "description": "A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified.\n" + "description": "A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -8897,7 +8521,7 @@ } }, "keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper": { - "description": "Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_id=openid_client.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_id=openid_client.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "clientId": { "type": "string", @@ -8978,7 +8602,7 @@ ] }, "keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter": { - "description": "Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_id=openid_client.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_id=openid_client.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "clientId": { "type": "string", @@ -9055,100 +8679,77 @@ "deprecationMessage": "keycloak.openid/audienceresolveprotocolmappter.AudienceResolveProtocolMappter has been deprecated in favor of keycloak.openid/audienceresolveprotocolmapper.AudienceResolveProtocolMapper" }, "keycloak:openid/client:Client": { - "description": "Allows for creating and managing Keycloak clients that use the OpenID Connect protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically,\nclients are applications that redirect users to Keycloak for authentication\nin order to take advantage of Keycloak's user sessions for SSO.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"test-client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n loginTheme: \"keycloak\",\n extraConfig: {\n key1: \"value1\",\n key2: \"value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"test-client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"],\n login_theme=\"keycloak\",\n extra_config={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n LoginTheme = \"keycloak\",\n ExtraConfig = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t\tLoginTheme: pulumi.String(\"keycloak\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"key1\": pulumi.Any(\"value1\"),\n\t\t\t\t\"key2\": pulumi.Any(\"value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .loginTheme(\"keycloak\")\n .extraConfig(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n loginTheme: keycloak\n extraConfig:\n key1: value1\n key2: value2\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak\n\n assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/client:Client openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n\n ", + "description": "## # keycloak.openid.Client\n\nAllows for creating and managing Keycloak clients that use the OpenID Connect protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically,\nclients are applications that redirect users to Keycloak for authentication\nin order to take advantage of Keycloak's user sessions for SSO.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client is attached to.\n- `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n- `name` - (Optional) The display name of this client in the GUI.\n- `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n- `description` - (Optional) The description of this client in the GUI.\n- `access_type` - (Required) Specifies the type of client, which can be one of the following:\n - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating.\n This client should be used for applications using the Authorization Code or Client Credentials grant flows.\n - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect\n URIs for security. This client should be used for applications using the Implicit grant flow.\n - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests.\n- `client_secret` - (Optional) The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and\nshould be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute.\n- `standard_flow_enabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`.\n- `implicit_flow_enabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`.\n- `direct_access_grants_enabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`.\n- `service_accounts_enabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`.\n- `valid_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled`\nis set to `true`.\n- `web_origins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins.\n- `admin_url` - (Optional) URL to the admin interface of the client.\n- `base_url` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client.\n- `pkce_code_challenge_method` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``.\n- `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `service_account_user_id` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.\n\n\n### Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak\nassigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client.openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n", "properties": { "accessTokenLifespan": { - "type": "string", - "description": "The amount of time in seconds before an access token expires. This will override the default for the realm.\n" + "type": "string" }, "accessType": { - "type": "string", - "description": "Specifies the type of client, which can be one of the following:\n" + "type": "string" }, "adminUrl": { - "type": "string", - "description": "URL to the admin interface of the client.\n" + "type": "string" }, "authenticationFlowBindingOverrides": { - "$ref": "#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides", - "description": "Override realm authentication flow bindings\n" + "$ref": "#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides" }, "authorization": { - "$ref": "#/types/keycloak:openid/ClientAuthorization:ClientAuthorization", - "description": "When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments:\n" + "$ref": "#/types/keycloak:openid/ClientAuthorization:ClientAuthorization" }, "backchannelLogoutRevokeOfflineSessions": { - "type": "boolean", - "description": "Specifying whether a \"revoke_offline_access\" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event.\n" + "type": "boolean" }, "backchannelLogoutSessionRequired": { - "type": "boolean", - "description": "When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`.\n" + "type": "boolean" }, "backchannelLogoutUrl": { - "type": "string", - "description": "The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case.\n" + "type": "string" }, "baseUrl": { - "type": "string", - "description": "Default URL to use when the auth server needs to redirect or link back to the client.\n" + "type": "string" }, "clientAuthenticatorType": { - "type": "string", - "description": "Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types:\n- `client-secret` (Default) Use client id and client secret to authenticate client.\n- `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n- `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = \u003csubjectDn\u003e`\n- `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n" + "type": "string" }, "clientId": { - "type": "string", - "description": "The Client ID for this client, referenced in the URI during authentication and in issued tokens.\n" + "type": "string" }, "clientOfflineSessionIdleTimeout": { - "type": "string", - "description": "Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value.\n" + "type": "string" }, "clientOfflineSessionMaxLifespan": { - "type": "string", - "description": "Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value.\n" + "type": "string" }, "clientSecret": { "type": "string", - "description": "The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak.\n", "secret": true }, "clientSessionIdleTimeout": { - "type": "string", - "description": "Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value.\n" + "type": "string" }, "clientSessionMaxLifespan": { - "type": "string", - "description": "Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value.\n" + "type": "string" }, "consentRequired": { - "type": "boolean", - "description": "When `true`, users have to consent to client access. Defaults to `false`.\n" + "type": "boolean" }, "consentScreenText": { - "type": "string", - "description": "The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`.\n" + "type": "string" }, "description": { - "type": "string", - "description": "The description of this client in the GUI.\n" + "type": "string" }, "directAccessGrantsEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "displayOnConsentScreen": { - "type": "boolean", - "description": "When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`.\n" + "type": "boolean" }, "enabled": { - "type": "boolean", - "description": "When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n" + "type": "boolean" }, "excludeSessionStateFromAuthResponse": { - "type": "boolean", - "description": "When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response.\n" + "type": "boolean" }, "extraConfig": { "type": "object", @@ -9157,101 +8758,79 @@ } }, "frontchannelLogoutEnabled": { - "type": "boolean", - "description": "When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`.\n" + "type": "boolean" }, "frontchannelLogoutUrl": { - "type": "string", - "description": "The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`.\n" + "type": "string" }, "fullScopeAllowed": { - "type": "boolean", - "description": "Allow to include all roles mappings in the access token.\n" + "type": "boolean" }, "implicitFlowEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "import": { - "type": "boolean", - "description": "When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`.\n" + "type": "boolean" }, "loginTheme": { - "type": "string", - "description": "The client login theme. This will override the default theme for the realm.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this client in the GUI.\n" + "type": "string" }, "oauth2DeviceAuthorizationGrantEnabled": { - "type": "boolean", - "description": "Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser.\n" + "type": "boolean" }, "oauth2DeviceCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the device code flow before it expires.\n" + "type": "string" }, "oauth2DevicePollingInterval": { - "type": "string", - "description": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n" + "type": "string" }, "pkceCodeChallengeMethod": { - "type": "string", - "description": "The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this client is attached to.\n" + "type": "string" }, "resourceServerId": { - "type": "string", - "description": "(Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute).\n" + "type": "string" }, "rootUrl": { - "type": "string", - "description": "When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required.\n" + "type": "string" }, "serviceAccountUserId": { - "type": "string", - "description": "(Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.\n" + "type": "string" }, "serviceAccountsEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "standardFlowEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "useRefreshTokens": { - "type": "boolean", - "description": "If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`.\n" + "type": "boolean" }, "useRefreshTokensClientCredentials": { - "type": "boolean", - "description": "If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`.\n" + "type": "boolean" }, "validPostLogoutRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "A list of valid URIs a browser is permitted to redirect to after a successful logout.\n" + } }, "validRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled`\nis set to `true`.\n" + } }, "webOrigins": { "type": "array", "items": { "type": "string" - }, - "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\"\n" + } } }, "required": [ @@ -9286,97 +8865,74 @@ ], "inputProperties": { "accessTokenLifespan": { - "type": "string", - "description": "The amount of time in seconds before an access token expires. This will override the default for the realm.\n" + "type": "string" }, "accessType": { - "type": "string", - "description": "Specifies the type of client, which can be one of the following:\n" + "type": "string" }, "adminUrl": { - "type": "string", - "description": "URL to the admin interface of the client.\n" + "type": "string" }, "authenticationFlowBindingOverrides": { - "$ref": "#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides", - "description": "Override realm authentication flow bindings\n" + "$ref": "#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides" }, "authorization": { - "$ref": "#/types/keycloak:openid/ClientAuthorization:ClientAuthorization", - "description": "When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments:\n" + "$ref": "#/types/keycloak:openid/ClientAuthorization:ClientAuthorization" }, "backchannelLogoutRevokeOfflineSessions": { - "type": "boolean", - "description": "Specifying whether a \"revoke_offline_access\" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event.\n" + "type": "boolean" }, "backchannelLogoutSessionRequired": { - "type": "boolean", - "description": "When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`.\n" + "type": "boolean" }, "backchannelLogoutUrl": { - "type": "string", - "description": "The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case.\n" + "type": "string" }, "baseUrl": { - "type": "string", - "description": "Default URL to use when the auth server needs to redirect or link back to the client.\n" + "type": "string" }, "clientAuthenticatorType": { - "type": "string", - "description": "Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types:\n- `client-secret` (Default) Use client id and client secret to authenticate client.\n- `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n- `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = \u003csubjectDn\u003e`\n- `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n" + "type": "string" }, "clientId": { - "type": "string", - "description": "The Client ID for this client, referenced in the URI during authentication and in issued tokens.\n" + "type": "string" }, "clientOfflineSessionIdleTimeout": { - "type": "string", - "description": "Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value.\n" + "type": "string" }, "clientOfflineSessionMaxLifespan": { - "type": "string", - "description": "Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value.\n" + "type": "string" }, "clientSecret": { "type": "string", - "description": "The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak.\n", "secret": true }, "clientSessionIdleTimeout": { - "type": "string", - "description": "Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value.\n" + "type": "string" }, "clientSessionMaxLifespan": { - "type": "string", - "description": "Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value.\n" + "type": "string" }, "consentRequired": { - "type": "boolean", - "description": "When `true`, users have to consent to client access. Defaults to `false`.\n" + "type": "boolean" }, "consentScreenText": { - "type": "string", - "description": "The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`.\n" + "type": "string" }, "description": { - "type": "string", - "description": "The description of this client in the GUI.\n" + "type": "string" }, "directAccessGrantsEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "displayOnConsentScreen": { - "type": "boolean", - "description": "When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`.\n" + "type": "boolean" }, "enabled": { - "type": "boolean", - "description": "When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n" + "type": "boolean" }, "excludeSessionStateFromAuthResponse": { - "type": "boolean", - "description": "When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response.\n" + "type": "boolean" }, "extraConfig": { "type": "object", @@ -9385,95 +8941,75 @@ } }, "frontchannelLogoutEnabled": { - "type": "boolean", - "description": "When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`.\n" + "type": "boolean" }, "frontchannelLogoutUrl": { - "type": "string", - "description": "The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`.\n" + "type": "string" }, "fullScopeAllowed": { - "type": "boolean", - "description": "Allow to include all roles mappings in the access token.\n" + "type": "boolean" }, "implicitFlowEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "import": { "type": "boolean", - "description": "When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`.\n", "willReplaceOnChanges": true }, "loginTheme": { - "type": "string", - "description": "The client login theme. This will override the default theme for the realm.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this client in the GUI.\n" + "type": "string" }, "oauth2DeviceAuthorizationGrantEnabled": { - "type": "boolean", - "description": "Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser.\n" + "type": "boolean" }, "oauth2DeviceCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the device code flow before it expires.\n" + "type": "string" }, "oauth2DevicePollingInterval": { - "type": "string", - "description": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n" + "type": "string" }, "pkceCodeChallengeMethod": { - "type": "string", - "description": "The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this client is attached to.\n", "willReplaceOnChanges": true }, "rootUrl": { - "type": "string", - "description": "When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required.\n" + "type": "string" }, "serviceAccountsEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "standardFlowEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "useRefreshTokens": { - "type": "boolean", - "description": "If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`.\n" + "type": "boolean" }, "useRefreshTokensClientCredentials": { - "type": "boolean", - "description": "If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`.\n" + "type": "boolean" }, "validPostLogoutRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "A list of valid URIs a browser is permitted to redirect to after a successful logout.\n" + } }, "validRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled`\nis set to `true`.\n" + } }, "webOrigins": { "type": "array", "items": { "type": "string" - }, - "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\"\n" + } } }, "requiredInputs": [ @@ -9485,97 +9021,74 @@ "description": "Input properties used for looking up and filtering Client resources.\n", "properties": { "accessTokenLifespan": { - "type": "string", - "description": "The amount of time in seconds before an access token expires. This will override the default for the realm.\n" + "type": "string" }, "accessType": { - "type": "string", - "description": "Specifies the type of client, which can be one of the following:\n" + "type": "string" }, "adminUrl": { - "type": "string", - "description": "URL to the admin interface of the client.\n" + "type": "string" }, "authenticationFlowBindingOverrides": { - "$ref": "#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides", - "description": "Override realm authentication flow bindings\n" + "$ref": "#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides" }, "authorization": { - "$ref": "#/types/keycloak:openid/ClientAuthorization:ClientAuthorization", - "description": "When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments:\n" + "$ref": "#/types/keycloak:openid/ClientAuthorization:ClientAuthorization" }, "backchannelLogoutRevokeOfflineSessions": { - "type": "boolean", - "description": "Specifying whether a \"revoke_offline_access\" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event.\n" + "type": "boolean" }, "backchannelLogoutSessionRequired": { - "type": "boolean", - "description": "When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`.\n" + "type": "boolean" }, "backchannelLogoutUrl": { - "type": "string", - "description": "The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case.\n" + "type": "string" }, "baseUrl": { - "type": "string", - "description": "Default URL to use when the auth server needs to redirect or link back to the client.\n" + "type": "string" }, "clientAuthenticatorType": { - "type": "string", - "description": "Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types:\n- `client-secret` (Default) Use client id and client secret to authenticate client.\n- `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n- `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = \u003csubjectDn\u003e`\n- `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n" + "type": "string" }, "clientId": { - "type": "string", - "description": "The Client ID for this client, referenced in the URI during authentication and in issued tokens.\n" + "type": "string" }, "clientOfflineSessionIdleTimeout": { - "type": "string", - "description": "Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value.\n" + "type": "string" }, "clientOfflineSessionMaxLifespan": { - "type": "string", - "description": "Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value.\n" + "type": "string" }, "clientSecret": { "type": "string", - "description": "The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak.\n", "secret": true }, "clientSessionIdleTimeout": { - "type": "string", - "description": "Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value.\n" + "type": "string" }, "clientSessionMaxLifespan": { - "type": "string", - "description": "Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value.\n" + "type": "string" }, "consentRequired": { - "type": "boolean", - "description": "When `true`, users have to consent to client access. Defaults to `false`.\n" + "type": "boolean" }, "consentScreenText": { - "type": "string", - "description": "The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`.\n" + "type": "string" }, "description": { - "type": "string", - "description": "The description of this client in the GUI.\n" + "type": "string" }, "directAccessGrantsEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "displayOnConsentScreen": { - "type": "boolean", - "description": "When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`.\n" + "type": "boolean" }, "enabled": { - "type": "boolean", - "description": "When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n" + "type": "boolean" }, "excludeSessionStateFromAuthResponse": { - "type": "boolean", - "description": "When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response.\n" + "type": "boolean" }, "extraConfig": { "type": "object", @@ -9584,103 +9097,81 @@ } }, "frontchannelLogoutEnabled": { - "type": "boolean", - "description": "When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`.\n" + "type": "boolean" }, "frontchannelLogoutUrl": { - "type": "string", - "description": "The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`.\n" + "type": "string" }, "fullScopeAllowed": { - "type": "boolean", - "description": "Allow to include all roles mappings in the access token.\n" + "type": "boolean" }, "implicitFlowEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "import": { "type": "boolean", - "description": "When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`.\n", "willReplaceOnChanges": true }, "loginTheme": { - "type": "string", - "description": "The client login theme. This will override the default theme for the realm.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this client in the GUI.\n" + "type": "string" }, "oauth2DeviceAuthorizationGrantEnabled": { - "type": "boolean", - "description": "Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser.\n" + "type": "boolean" }, "oauth2DeviceCodeLifespan": { - "type": "string", - "description": "The maximum amount of time a client has to finish the device code flow before it expires.\n" + "type": "string" }, "oauth2DevicePollingInterval": { - "type": "string", - "description": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n" + "type": "string" }, "pkceCodeChallengeMethod": { - "type": "string", - "description": "The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this client is attached to.\n", "willReplaceOnChanges": true }, "resourceServerId": { - "type": "string", - "description": "(Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute).\n" + "type": "string" }, "rootUrl": { - "type": "string", - "description": "When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required.\n" + "type": "string" }, "serviceAccountUserId": { - "type": "string", - "description": "(Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.\n" + "type": "string" }, "serviceAccountsEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "standardFlowEnabled": { - "type": "boolean", - "description": "When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`.\n" + "type": "boolean" }, "useRefreshTokens": { - "type": "boolean", - "description": "If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`.\n" + "type": "boolean" }, "useRefreshTokensClientCredentials": { - "type": "boolean", - "description": "If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`.\n" + "type": "boolean" }, "validPostLogoutRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "A list of valid URIs a browser is permitted to redirect to after a successful logout.\n" + } }, "validRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled`\nis set to `true`.\n" + } }, "webOrigins": { "type": "array", "items": { "type": "string" - }, - "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\"\n" + } } }, "type": "object" @@ -9784,7 +9275,7 @@ } }, "keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission": { - "description": "Allows you to manage openid Client Authorization Permissions.\n\n\n## Import\n\nClient authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n ", + "description": "Allows you to manage openid Client Authorization Permissions.\n\n## Import\n\nClient authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n", "properties": { "decisionStrategy": { "type": "string" @@ -10139,22 +9630,19 @@ } }, "keycloak:openid/clientDefaultScopes:ClientDefaultScopes": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n accessType: \"CONFIDENTIAL\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientDefaultScopes = new keycloak.openid.ClientDefaultScopes(\"clientDefaultScopes\", {\n realmId: realm.id,\n clientId: client.id,\n defaultScopes: [\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n access_type=\"CONFIDENTIAL\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_default_scopes = keycloak.openid.ClientDefaultScopes(\"clientDefaultScopes\",\n realm_id=realm.id,\n client_id=client.id,\n default_scopes=[\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n AccessType = \"CONFIDENTIAL\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientDefaultScopes = new Keycloak.OpenId.ClientDefaultScopes(\"clientDefaultScopes\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n DefaultScopes = new[]\n {\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientDefaultScopes(ctx, \"clientDefaultScopes\", \u0026openid.ClientDefaultScopesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"profile\"),\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t\tpulumi.String(\"roles\"),\n\t\t\t\tpulumi.String(\"web-origins\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientDefaultScopes;\nimport com.pulumi.keycloak.openid.ClientDefaultScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .accessType(\"CONFIDENTIAL\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientDefaultScopes = new ClientDefaultScopes(\"clientDefaultScopes\", ClientDefaultScopesArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .defaultScopes( \n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n accessType: CONFIDENTIAL\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientDefaultScopes:\n type: keycloak:openid:ClientDefaultScopes\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n defaultScopes:\n - profile\n - email\n - roles\n - web-origins\n - ${clientScope.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\n\n as if it did not already exist on the server.\n\n ", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n realmId: realm.id,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientDefaultScopes = new keycloak.openid.ClientDefaultScopes(\"clientDefaultScopes\", {\n clientId: client.id,\n defaultScopes: [\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name,\n ],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient = keycloak.openid.Client(\"client\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n realm_id=realm.id)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_default_scopes = keycloak.openid.ClientDefaultScopes(\"clientDefaultScopes\",\n client_id=client.id,\n default_scopes=[\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n client_scope.name,\n ],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n RealmId = realm.Id,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientDefaultScopes = new Keycloak.OpenId.ClientDefaultScopes(\"clientDefaultScopes\", new()\n {\n ClientId = client.Id,\n DefaultScopes = new[]\n {\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.Name,\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientDefaultScopes(ctx, \"clientDefaultScopes\", \u0026openid.ClientDefaultScopesArgs{\n\t\t\tClientId: client.ID(),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"profile\"),\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t\tpulumi.String(\"roles\"),\n\t\t\t\tpulumi.String(\"web-origins\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientDefaultScopes;\nimport com.pulumi.keycloak.openid.ClientDefaultScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .realmId(realm.id())\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientDefaultScopes = new ClientDefaultScopes(\"clientDefaultScopes\", ClientDefaultScopesArgs.builder() \n .clientId(client.id())\n .defaultScopes( \n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n client:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n realmId: ${realm.id}\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientDefaultScopes:\n type: keycloak:openid:ClientDefaultScopes\n properties:\n clientId: ${client.id}\n defaultScopes:\n - profile\n - email\n - roles\n - web-origins\n - ${clientScope.name}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client and scopes exists in.\n- `client_id` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n- `default_scopes` - (Required) An array of client scope names to attach to this client.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", "properties": { "clientId": { - "type": "string", - "description": "The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n" + "type": "string" }, "defaultScopes": { "type": "array", "items": { "type": "string" - }, - "description": "An array of client scope names to attach to this client.\n" + } }, "realmId": { - "type": "string", - "description": "The realm this client and scopes exists in.\n" + "type": "string" } }, "required": [ @@ -10165,19 +9653,16 @@ "inputProperties": { "clientId": { "type": "string", - "description": "The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n", "willReplaceOnChanges": true }, "defaultScopes": { "type": "array", "items": { "type": "string" - }, - "description": "An array of client scope names to attach to this client.\n" + } }, "realmId": { "type": "string", - "description": "The realm this client and scopes exists in.\n", "willReplaceOnChanges": true } }, @@ -10191,19 +9676,16 @@ "properties": { "clientId": { "type": "string", - "description": "The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n", "willReplaceOnChanges": true }, "defaultScopes": { "type": "array", "items": { "type": "string" - }, - "description": "An array of client scope names to attach to this client.\n" + } }, "realmId": { "type": "string", - "description": "The realm this client and scopes exists in.\n", "willReplaceOnChanges": true } }, @@ -10414,22 +9896,19 @@ } }, "keycloak:openid/clientOptionalScopes:ClientOptionalScopes": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n accessType: \"CONFIDENTIAL\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientOptionalScopes = new keycloak.openid.ClientOptionalScopes(\"clientOptionalScopes\", {\n realmId: realm.id,\n clientId: client.id,\n optionalScopes: [\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n access_type=\"CONFIDENTIAL\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_optional_scopes = keycloak.openid.ClientOptionalScopes(\"clientOptionalScopes\",\n realm_id=realm.id,\n client_id=client.id,\n optional_scopes=[\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n AccessType = \"CONFIDENTIAL\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientOptionalScopes = new Keycloak.OpenId.ClientOptionalScopes(\"clientOptionalScopes\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n OptionalScopes = new[]\n {\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientOptionalScopes(ctx, \"clientOptionalScopes\", \u0026openid.ClientOptionalScopesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tOptionalScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"address\"),\n\t\t\t\tpulumi.String(\"phone\"),\n\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\tpulumi.String(\"microprofile-jwt\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientOptionalScopes;\nimport com.pulumi.keycloak.openid.ClientOptionalScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .accessType(\"CONFIDENTIAL\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientOptionalScopes = new ClientOptionalScopes(\"clientOptionalScopes\", ClientOptionalScopesArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .optionalScopes( \n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n accessType: CONFIDENTIAL\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientOptionalScopes:\n type: keycloak:openid:ClientOptionalScopes\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n optionalScopes:\n - address\n - phone\n - offline_access\n - microprofile-jwt\n - ${clientScope.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\n\n as if it did not already exist on the server.\n\n ", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n realmId: realm.id,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientOptionalScopes = new keycloak.openid.ClientOptionalScopes(\"clientOptionalScopes\", {\n clientId: client.id,\n optionalScopes: [\n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.name,\n ],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient = keycloak.openid.Client(\"client\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n realm_id=realm.id)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_optional_scopes = keycloak.openid.ClientOptionalScopes(\"clientOptionalScopes\",\n client_id=client.id,\n optional_scopes=[\n \"address\",\n \"phone\",\n \"offline_access\",\n client_scope.name,\n ],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n RealmId = realm.Id,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientOptionalScopes = new Keycloak.OpenId.ClientOptionalScopes(\"clientOptionalScopes\", new()\n {\n ClientId = client.Id,\n OptionalScopes = new[]\n {\n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.Name,\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientOptionalScopes(ctx, \"clientOptionalScopes\", \u0026openid.ClientOptionalScopesArgs{\n\t\t\tClientId: client.ID(),\n\t\t\tOptionalScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"address\"),\n\t\t\t\tpulumi.String(\"phone\"),\n\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientOptionalScopes;\nimport com.pulumi.keycloak.openid.ClientOptionalScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .realmId(realm.id())\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientOptionalScopes = new ClientOptionalScopes(\"clientOptionalScopes\", ClientOptionalScopesArgs.builder() \n .clientId(client.id())\n .optionalScopes( \n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.name())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n client:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n realmId: ${realm.id}\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientOptionalScopes:\n type: keycloak:openid:ClientOptionalScopes\n properties:\n clientId: ${client.id}\n optionalScopes:\n - address\n - phone\n - offline_access\n - ${clientScope.name}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client and scopes exists in.\n- `client_id` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n- `optional_scopes` - (Required) An array of client scope names to attach to this client as optional scopes.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", "properties": { "clientId": { - "type": "string", - "description": "The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n" + "type": "string" }, "optionalScopes": { "type": "array", "items": { "type": "string" - }, - "description": "An array of client scope names to attach to this client as optional scopes.\n" + } }, "realmId": { - "type": "string", - "description": "The realm this client and scopes exists in.\n" + "type": "string" } }, "required": [ @@ -10440,19 +9919,16 @@ "inputProperties": { "clientId": { "type": "string", - "description": "The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n", "willReplaceOnChanges": true }, "optionalScopes": { "type": "array", "items": { "type": "string" - }, - "description": "An array of client scope names to attach to this client as optional scopes.\n" + } }, "realmId": { "type": "string", - "description": "The realm this client and scopes exists in.\n", "willReplaceOnChanges": true } }, @@ -10466,19 +9942,16 @@ "properties": { "clientId": { "type": "string", - "description": "The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n", "willReplaceOnChanges": true }, "optionalScopes": { "type": "array", "items": { "type": "string" - }, - "description": "An array of client scope names to attach to this client as optional scopes.\n" + } }, "realmId": { "type": "string", - "description": "The realm this client and scopes exists in.\n", "willReplaceOnChanges": true } }, @@ -10608,7 +10081,7 @@ } }, "keycloak:openid/clientPolicy:ClientPolicy": { - "description": "This resource can be used to create client policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nIn this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `keycloak.openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n clientId: \"openid_client\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst myPermission = new keycloak.openid.ClientPermissions(\"myPermission\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst tokenExchange = new keycloak.openid.ClientPolicy(\"tokenExchange\", {\n resourceServerId: realmManagement.then(realmManagement =\u003e realmManagement.id),\n realmId: realm.id,\n logic: \"POSITIVE\",\n decisionStrategy: \"UNANIMOUS\",\n clients: [openidClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n client_id=\"openid_client\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nmy_permission = keycloak.openid.ClientPermissions(\"myPermission\",\n realm_id=realm.id,\n client_id=openid_client.id)\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\ntoken_exchange = keycloak.openid.ClientPolicy(\"tokenExchange\",\n resource_server_id=realm_management.id,\n realm_id=realm.id,\n logic=\"POSITIVE\",\n decision_strategy=\"UNANIMOUS\",\n clients=[openid_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n ClientId = \"openid_client\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var myPermission = new Keycloak.OpenId.ClientPermissions(\"myPermission\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var tokenExchange = new Keycloak.OpenId.ClientPolicy(\"tokenExchange\", new()\n {\n ResourceServerId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n RealmId = realm.Id,\n Logic = \"POSITIVE\",\n DecisionStrategy = \"UNANIMOUS\",\n Clients = new[]\n {\n openidClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"openid_client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPermissions(ctx, \"myPermission\", \u0026openid.ClientPermissionsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPolicy(ctx, \"tokenExchange\", \u0026openid.ClientPolicyArgs{\n\t\t\tResourceServerId: *pulumi.String(realmManagement.Id),\n\t\t\tRealmId: realm.ID(),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\topenidClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPolicy;\nimport com.pulumi.keycloak.openid.ClientPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .clientId(\"openid_client\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n var myPermission = new ClientPermissions(\"myPermission\", ClientPermissionsArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n var tokenExchange = new ClientPolicy(\"tokenExchange\", ClientPolicyArgs.builder() \n .resourceServerId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .realmId(realm.id())\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .clients(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n clientId: openid_client\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n myPermission:\n type: keycloak:openid:ClientPermissions\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n tokenExchange:\n type: keycloak:openid:ClientPolicy\n properties:\n resourceServerId: ${realmManagement.id}\n realmId: ${realm.id}\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n clients:\n - ${openidClient.id}\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This resource can be used to create client policy.\n\n## Example Usage\n\nIn this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `keycloak.openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n clientId: \"openid_client\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst myPermission = new keycloak.openid.ClientPermissions(\"myPermission\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst tokenExchange = new keycloak.openid.ClientPolicy(\"tokenExchange\", {\n resourceServerId: realmManagement.then(realmManagement =\u003e realmManagement.id),\n realmId: realm.id,\n logic: \"POSITIVE\",\n decisionStrategy: \"UNANIMOUS\",\n clients: [openidClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n client_id=\"openid_client\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nmy_permission = keycloak.openid.ClientPermissions(\"myPermission\",\n realm_id=realm.id,\n client_id=openid_client.id)\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\ntoken_exchange = keycloak.openid.ClientPolicy(\"tokenExchange\",\n resource_server_id=realm_management.id,\n realm_id=realm.id,\n logic=\"POSITIVE\",\n decision_strategy=\"UNANIMOUS\",\n clients=[openid_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n ClientId = \"openid_client\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var myPermission = new Keycloak.OpenId.ClientPermissions(\"myPermission\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var tokenExchange = new Keycloak.OpenId.ClientPolicy(\"tokenExchange\", new()\n {\n ResourceServerId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n RealmId = realm.Id,\n Logic = \"POSITIVE\",\n DecisionStrategy = \"UNANIMOUS\",\n Clients = new[]\n {\n openidClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"openid_client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPermissions(ctx, \"myPermission\", \u0026openid.ClientPermissionsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPolicy(ctx, \"tokenExchange\", \u0026openid.ClientPolicyArgs{\n\t\t\tResourceServerId: *pulumi.String(realmManagement.Id),\n\t\t\tRealmId: realm.ID(),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\topenidClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPolicy;\nimport com.pulumi.keycloak.openid.ClientPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .clientId(\"openid_client\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n var myPermission = new ClientPermissions(\"myPermission\", ClientPermissionsArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n var tokenExchange = new ClientPolicy(\"tokenExchange\", ClientPolicyArgs.builder() \n .resourceServerId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .realmId(realm.id())\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .clients(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n clientId: openid_client\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n myPermission:\n type: keycloak:openid:ClientPermissions\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n tokenExchange:\n type: keycloak:openid:ClientPolicy\n properties:\n resourceServerId: ${realmManagement.id}\n realmId: ${realm.id}\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n clients:\n - ${openidClient.id}\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "clients": { "type": "array", @@ -10831,31 +10304,25 @@ } }, "keycloak:openid/clientScope:ClientScope": { - "description": "Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also\nbe used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 `scope` parameter.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClientScope = new keycloak.openid.ClientScope(\"openidClientScope\", {\n realmId: realm.id,\n description: \"When requested, this scope will map a user's group memberships to a claim\",\n includeInTokenScope: true,\n guiOrder: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client_scope = keycloak.openid.ClientScope(\"openidClientScope\",\n realm_id=realm.id,\n description=\"When requested, this scope will map a user's group memberships to a claim\",\n include_in_token_scope=True,\n gui_order=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClientScope = new Keycloak.OpenId.ClientScope(\"openidClientScope\", new()\n {\n RealmId = realm.Id,\n Description = \"When requested, this scope will map a user's group memberships to a claim\",\n IncludeInTokenScope = true,\n GuiOrder = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientScope(ctx, \"openidClientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"When requested, this scope will map a user's group memberships to a claim\"),\n\t\t\tIncludeInTokenScope: pulumi.Bool(true),\n\t\t\tGuiOrder: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClientScope = new ClientScope(\"openidClientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .description(\"When requested, this scope will map a user's group memberships to a claim\")\n .includeInTokenScope(true)\n .guiOrder(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n description: When requested, this scope will map a user's group memberships to a claim\n includeInTokenScope: true\n guiOrder: 1\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak\n\n assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/clientScope:ClientScope openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52\n```\n\n ", + "description": "## # keycloak.openid.ClientScope\n\nAllows for creating and managing Keycloak client scopes that can be attached to\nclients that use the OpenID Connect protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple\nclients within a realm. They can also be used by clients to conditionally request\nclaims or roles for a user based on the OAuth 2.0 `scope` parameter.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClientScope = new keycloak.openid.ClientScope(\"openidClientScope\", {\n description: \"When requested, this scope will map a user's group memberships to a claim\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client_scope = keycloak.openid.ClientScope(\"openidClientScope\",\n description=\"When requested, this scope will map a user's group memberships to a claim\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClientScope = new Keycloak.OpenId.ClientScope(\"openidClientScope\", new()\n {\n Description = \"When requested, this scope will map a user's group memberships to a claim\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientScope(ctx, \"openidClientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tDescription: pulumi.String(\"When requested, this scope will map a user's group memberships to a claim\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClientScope = new ClientScope(\"openidClientScope\", ClientScopeArgs.builder() \n .description(\"When requested, this scope will map a user's group memberships to a claim\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClientScope:\n type: keycloak:openid:ClientScope\n properties:\n description: When requested, this scope will map a user's group memberships to a claim\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client scope belongs to.\n- `name` - (Required) The display name of this client scope in the GUI.\n- `description` - (Optional) The description of this client scope in the GUI.\n- `consent_screen_text` - (Optional) When set, a consent screen will be displayed to users\nauthenticating to clients with this scope attached. The consent screen will display the string\nvalue of this attribute.\n\n### Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak\nassigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_scope.openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52\n```\n", "properties": { "consentScreenText": { - "type": "string", - "description": "When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n" + "type": "string" }, "description": { - "type": "string", - "description": "The description of this client scope in the GUI.\n" + "type": "string" }, "guiOrder": { - "type": "integer", - "description": "Specify order of the client scope in GUI (such as in Consent page) as integer.\n" + "type": "integer" }, "includeInTokenScope": { - "type": "boolean", - "description": "When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response.\n" + "type": "boolean" }, "name": { - "type": "string", - "description": "The display name of this client scope in the GUI.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this client scope belongs to.\n" + "type": "string" } }, "required": [ @@ -10864,28 +10331,22 @@ ], "inputProperties": { "consentScreenText": { - "type": "string", - "description": "When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n" + "type": "string" }, "description": { - "type": "string", - "description": "The description of this client scope in the GUI.\n" + "type": "string" }, "guiOrder": { - "type": "integer", - "description": "Specify order of the client scope in GUI (such as in Consent page) as integer.\n" + "type": "integer" }, "includeInTokenScope": { - "type": "boolean", - "description": "When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response.\n" + "type": "boolean" }, "name": { - "type": "string", - "description": "The display name of this client scope in the GUI.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this client scope belongs to.\n", "willReplaceOnChanges": true } }, @@ -10896,28 +10357,22 @@ "description": "Input properties used for looking up and filtering ClientScope resources.\n", "properties": { "consentScreenText": { - "type": "string", - "description": "When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n" + "type": "string" }, "description": { - "type": "string", - "description": "The description of this client scope in the GUI.\n" + "type": "string" }, "guiOrder": { - "type": "integer", - "description": "Specify order of the client scope in GUI (such as in Consent page) as integer.\n" + "type": "integer" }, "includeInTokenScope": { - "type": "boolean", - "description": "When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response.\n" + "type": "boolean" }, "name": { - "type": "string", - "description": "The display name of this client scope in the GUI.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this client scope belongs to.\n", "willReplaceOnChanges": true } }, @@ -10925,7 +10380,7 @@ } }, "keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole": { - "description": "Allows for assigning realm roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach client roles to a service account, please use the `keycloak.openid.ClientServiceAccountRole`\nresource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {realmId: realm.id});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n serviceAccountsEnabled: true,\n});\nconst clientServiceAccountRole = new keycloak.openid.ClientServiceAccountRealmRole(\"clientServiceAccountRole\", {\n realmId: realm.id,\n serviceAccountUserId: client.serviceAccountUserId,\n role: realmRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\", realm_id=realm.id)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n service_accounts_enabled=True)\nclient_service_account_role = keycloak.openid.ClientServiceAccountRealmRole(\"clientServiceAccountRole\",\n realm_id=realm.id,\n service_account_user_id=client.service_account_user_id,\n role=realm_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ServiceAccountsEnabled = true,\n });\n\n var clientServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRealmRole(\"clientServiceAccountRole\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client.ServiceAccountUserId,\n Role = realmRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRealmRole(ctx, \"clientServiceAccountRole\", \u0026openid.ClientServiceAccountRealmRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client.ServiceAccountUserId,\n\t\t\tRole: realmRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .serviceAccountsEnabled(true)\n .build());\n\n var clientServiceAccountRole = new ClientServiceAccountRealmRole(\"clientServiceAccountRole\", ClientServiceAccountRealmRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client.serviceAccountUserId())\n .role(realmRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n serviceAccountsEnabled: true\n clientServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRealmRole\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client.serviceAccountUserId}\n role: ${realmRole.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n ", + "description": "Allows for assigning realm roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach client roles to a service account, please use the `keycloak.openid.ClientServiceAccountRole`\nresource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {realmId: realm.id});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n serviceAccountsEnabled: true,\n});\nconst clientServiceAccountRole = new keycloak.openid.ClientServiceAccountRealmRole(\"clientServiceAccountRole\", {\n realmId: realm.id,\n serviceAccountUserId: client.serviceAccountUserId,\n role: realmRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\", realm_id=realm.id)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n service_accounts_enabled=True)\nclient_service_account_role = keycloak.openid.ClientServiceAccountRealmRole(\"clientServiceAccountRole\",\n realm_id=realm.id,\n service_account_user_id=client.service_account_user_id,\n role=realm_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ServiceAccountsEnabled = true,\n });\n\n var clientServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRealmRole(\"clientServiceAccountRole\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client.ServiceAccountUserId,\n Role = realmRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRealmRole(ctx, \"clientServiceAccountRole\", \u0026openid.ClientServiceAccountRealmRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client.ServiceAccountUserId,\n\t\t\tRole: realmRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .serviceAccountsEnabled(true)\n .build());\n\n var clientServiceAccountRole = new ClientServiceAccountRealmRole(\"clientServiceAccountRole\", ClientServiceAccountRealmRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client.serviceAccountUserId())\n .role(realmRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n serviceAccountsEnabled: true\n clientServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRealmRole\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client.serviceAccountUserId}\n role: ${realmRole.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n", "properties": { "realmId": { "type": "string", @@ -10990,7 +10445,7 @@ } }, "keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole": { - "description": "Allows for assigning client roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach realm roles to a service account, please use the `keycloak.openid.ClientServiceAccountRealmRole`\nresource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// client1 provides a role to other clients\nconst client1 = new keycloak.openid.Client(\"client1\", {realmId: realm.id});\nconst client1Role = new keycloak.Role(\"client1Role\", {\n realmId: realm.id,\n clientId: client1.id,\n description: \"A role that client1 provides\",\n});\n// client2 is assigned the role of client1\nconst client2 = new keycloak.openid.Client(\"client2\", {\n realmId: realm.id,\n serviceAccountsEnabled: true,\n});\nconst client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\", {\n realmId: realm.id,\n serviceAccountUserId: client2.serviceAccountUserId,\n clientId: client1.id,\n role: client1Role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# client1 provides a role to other clients\nclient1 = keycloak.openid.Client(\"client1\", realm_id=realm.id)\nclient1_role = keycloak.Role(\"client1Role\",\n realm_id=realm.id,\n client_id=client1.id,\n description=\"A role that client1 provides\")\n# client2 is assigned the role of client1\nclient2 = keycloak.openid.Client(\"client2\",\n realm_id=realm.id,\n service_accounts_enabled=True)\nclient2_service_account_role = keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\",\n realm_id=realm.id,\n service_account_user_id=client2.service_account_user_id,\n client_id=client1.id,\n role=client1_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // client1 provides a role to other clients\n var client1 = new Keycloak.OpenId.Client(\"client1\", new()\n {\n RealmId = realm.Id,\n });\n\n var client1Role = new Keycloak.Role(\"client1Role\", new()\n {\n RealmId = realm.Id,\n ClientId = client1.Id,\n Description = \"A role that client1 provides\",\n });\n\n // client2 is assigned the role of client1\n var client2 = new Keycloak.OpenId.Client(\"client2\", new()\n {\n RealmId = realm.Id,\n ServiceAccountsEnabled = true,\n });\n\n var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole(\"client2ServiceAccountRole\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client2.ServiceAccountUserId,\n ClientId = client1.Id,\n Role = client1Role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client1 provides a role to other clients\n\t\tclient1, err := openid.NewClient(ctx, \"client1\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1Role, err := keycloak.NewRole(ctx, \"client1Role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client1.ID(),\n\t\t\tDescription: pulumi.String(\"A role that client1 provides\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client2 is assigned the role of client1\n\t\tclient2, err := openid.NewClient(ctx, \"client2\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRole(ctx, \"client2ServiceAccountRole\", \u0026openid.ClientServiceAccountRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client2.ServiceAccountUserId,\n\t\t\tClientId: client1.ID(),\n\t\t\tRole: client1Role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client1 = new Client(\"client1\", ClientArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client1Role = new Role(\"client1Role\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client1.id())\n .description(\"A role that client1 provides\")\n .build());\n\n var client2 = new Client(\"client2\", ClientArgs.builder() \n .realmId(realm.id())\n .serviceAccountsEnabled(true)\n .build());\n\n var client2ServiceAccountRole = new ClientServiceAccountRole(\"client2ServiceAccountRole\", ClientServiceAccountRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client2.serviceAccountUserId())\n .clientId(client1.id())\n .role(client1Role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # client1 provides a role to other clients\n client1:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n client1Role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client1.id}\n description: A role that client1 provides\n # client2 is assigned the role of client1\n client2:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n serviceAccountsEnabled: true\n client2ServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRole\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client2.serviceAccountUserId}\n clientId: ${client1.id}\n role: ${client1Role.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n ", + "description": "Allows for assigning client roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach realm roles to a service account, please use the `keycloak.openid.ClientServiceAccountRealmRole`\nresource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// client1 provides a role to other clients\nconst client1 = new keycloak.openid.Client(\"client1\", {realmId: realm.id});\nconst client1Role = new keycloak.Role(\"client1Role\", {\n realmId: realm.id,\n clientId: client1.id,\n description: \"A role that client1 provides\",\n});\n// client2 is assigned the role of client1\nconst client2 = new keycloak.openid.Client(\"client2\", {\n realmId: realm.id,\n serviceAccountsEnabled: true,\n});\nconst client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\", {\n realmId: realm.id,\n serviceAccountUserId: client2.serviceAccountUserId,\n clientId: client1.id,\n role: client1Role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# client1 provides a role to other clients\nclient1 = keycloak.openid.Client(\"client1\", realm_id=realm.id)\nclient1_role = keycloak.Role(\"client1Role\",\n realm_id=realm.id,\n client_id=client1.id,\n description=\"A role that client1 provides\")\n# client2 is assigned the role of client1\nclient2 = keycloak.openid.Client(\"client2\",\n realm_id=realm.id,\n service_accounts_enabled=True)\nclient2_service_account_role = keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\",\n realm_id=realm.id,\n service_account_user_id=client2.service_account_user_id,\n client_id=client1.id,\n role=client1_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // client1 provides a role to other clients\n var client1 = new Keycloak.OpenId.Client(\"client1\", new()\n {\n RealmId = realm.Id,\n });\n\n var client1Role = new Keycloak.Role(\"client1Role\", new()\n {\n RealmId = realm.Id,\n ClientId = client1.Id,\n Description = \"A role that client1 provides\",\n });\n\n // client2 is assigned the role of client1\n var client2 = new Keycloak.OpenId.Client(\"client2\", new()\n {\n RealmId = realm.Id,\n ServiceAccountsEnabled = true,\n });\n\n var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole(\"client2ServiceAccountRole\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client2.ServiceAccountUserId,\n ClientId = client1.Id,\n Role = client1Role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client1 provides a role to other clients\n\t\tclient1, err := openid.NewClient(ctx, \"client1\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1Role, err := keycloak.NewRole(ctx, \"client1Role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client1.ID(),\n\t\t\tDescription: pulumi.String(\"A role that client1 provides\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client2 is assigned the role of client1\n\t\tclient2, err := openid.NewClient(ctx, \"client2\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRole(ctx, \"client2ServiceAccountRole\", \u0026openid.ClientServiceAccountRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client2.ServiceAccountUserId,\n\t\t\tClientId: client1.ID(),\n\t\t\tRole: client1Role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client1 = new Client(\"client1\", ClientArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client1Role = new Role(\"client1Role\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client1.id())\n .description(\"A role that client1 provides\")\n .build());\n\n var client2 = new Client(\"client2\", ClientArgs.builder() \n .realmId(realm.id())\n .serviceAccountsEnabled(true)\n .build());\n\n var client2ServiceAccountRole = new ClientServiceAccountRole(\"client2ServiceAccountRole\", ClientServiceAccountRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client2.serviceAccountUserId())\n .clientId(client1.id())\n .role(client1Role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # client1 provides a role to other clients\n client1:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n client1Role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client1.id}\n description: A role that client1 provides\n # client2 is assigned the role of client1\n client2:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n serviceAccountsEnabled: true\n client2ServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRole\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client2.serviceAccountUserId}\n clientId: ${client1.id}\n role: ${client1Role.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n", "properties": { "clientId": { "type": "string", @@ -11353,35 +10808,32 @@ } }, "keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper": { - "description": "Allows for creating and managing full name protocol mappers within Keycloak.\n\nFull name protocol mappers allow you to map a user's first and last name to the OpenID Connect `name` claim in a token.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\",\n realm_id=realm.id,\n client_id=openid_client.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"fullNameMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"fullNameMapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"fullNameMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"fullNameMapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.openid.FullNameProtocolMapper\n\nAllows for creating and managing full name protocol mappers within\nKeycloak.\n\nFull name protocol mappers allow you to map a user's first and last name\nto the OpenID Connect `name` claim in a token. Protocol mappers can be defined\nfor a single client, or they can be defined for a client scope which can\nbe shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\", {\n clientId: openidClient.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\",\n client_id=openid_client.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"fullNameMapper\", new()\n {\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"fullNameMapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder() \n .clientId(openidClient.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n properties:\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\", {\n clientScopeId: clientScope.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\",\n client_scope_id=client_scope.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"fullNameMapper\", new()\n {\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"fullNameMapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder() \n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n properties:\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `add_to_id_token` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_full_name_protocol_mapper.full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_full_name_protocol_mapper.full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`.\n" + "type": "boolean" }, "addToIdToken": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`.\n" + "type": "boolean" }, "addToUserinfo": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "type": "boolean" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" } }, "required": [ @@ -11390,35 +10842,32 @@ ], "inputProperties": { "addToAccessToken": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`.\n" + "type": "boolean" }, "addToIdToken": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`.\n" + "type": "boolean" }, "addToUserinfo": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "type": "boolean" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n", + "description": "A human-friendly name that will appear in the Keycloak console.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -11429,35 +10878,32 @@ "description": "Input properties used for looking up and filtering FullNameProtocolMapper resources.\n", "properties": { "addToAccessToken": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`.\n" + "type": "boolean" }, "addToIdToken": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`.\n" + "type": "boolean" }, "addToUserinfo": { - "type": "boolean", - "description": "Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "type": "boolean" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n", + "description": "A human-friendly name that will appear in the Keycloak console.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -11465,43 +10911,38 @@ } }, "keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper": { - "description": "Allows for creating and managing group membership protocol mappers within Keycloak.\n\nGroup membership protocol mappers allow you to map a user's group memberships to a claim in a token.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"groups\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"groups\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"groupMembershipMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"groups\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"groupMembershipMapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"groups\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: groups\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"groups\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"groups\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"groupMembershipMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"groups\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"groupMembershipMapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"groups\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: groups\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.openid.GroupMembershipProtocolMapper\n\nAllows for creating and managing group membership protocol mappers within\nKeycloak.\n\nGroup membership protocol mappers allow you to map a user's group memberships\nto a claim in a token. Protocol mappers can be defined for a single client,\nor they can be defined for a client scope which can be shared between multiple\ndifferent clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\", {\n claimName: \"groups\",\n clientId: openidClient.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\",\n claim_name=\"groups\",\n client_id=openid_client.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"groupMembershipMapper\", new()\n {\n ClaimName = \"groups\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"groupMembershipMapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder() \n .claimName(\"groups\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n properties:\n claimName: groups\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\", {\n claimName: \"groups\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\",\n claim_name=\"groups\",\n client_scope_id=client_scope.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"groupMembershipMapper\", new()\n {\n ClaimName = \"groups\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"groupMembershipMapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder() \n .claimName(\"groups\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n properties:\n claimName: groups\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `full_path` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_group_membership_protocol_mapper.group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_group_membership_protocol_mapper.group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "type": "boolean" }, "addToIdToken": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "type": "boolean" }, "addToUserinfo": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "type": "boolean" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n" }, "fullPath": { - "type": "boolean", - "description": "Indicates whether the full path of the group including its parents will be used. Defaults to `true`.\n" + "type": "boolean" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" } }, "required": [ @@ -11511,43 +10952,38 @@ ], "inputProperties": { "addToAccessToken": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "type": "boolean" }, "addToIdToken": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "type": "boolean" }, "addToUserinfo": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "type": "boolean" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "fullPath": { - "type": "boolean", - "description": "Indicates whether the full path of the group including its parents will be used. Defaults to `true`.\n" + "type": "boolean" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n", + "description": "A human-friendly name that will appear in the Keycloak console.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -11559,43 +10995,38 @@ "description": "Input properties used for looking up and filtering GroupMembershipProtocolMapper resources.\n", "properties": { "addToAccessToken": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "type": "boolean" }, "addToIdToken": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "type": "boolean" }, "addToUserinfo": { - "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "type": "boolean" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "fullPath": { - "type": "boolean", - "description": "Indicates whether the full path of the group including its parents will be used. Defaults to `true`.\n" + "type": "boolean" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n", + "description": "A human-friendly name that will appear in the Keycloak console.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -11603,47 +11034,45 @@ } }, "keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper": { - "description": "Allows for creating and managing hardcoded claim protocol mappers within Keycloak.\n\nHardcoded claim protocol mappers allow you to define a claim with a hardcoded value.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n claimValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\",\n claim_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcodedClaimMapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .claimValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n claimValue: bar\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n claimValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\",\n claim_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcodedClaimMapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .claimValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n claimValue: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.openid.HardcodedClaimProtocolMapper\n\nAllows for creating and managing hardcoded claim protocol mappers within\nKeycloak.\n\nHardcoded claim protocol mappers allow you to define a claim with a hardcoded\nvalue. Protocol mappers can be defined for a single client, or they can\nbe defined for a client scope which can be shared between multiple different\nclients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", {\n claimName: \"foo\",\n claimValue: \"bar\",\n clientId: openidClient.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\",\n claim_name=\"foo\",\n claim_value=\"bar\",\n client_id=openid_client.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", new()\n {\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcodedClaimMapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder() \n .claimName(\"foo\")\n .claimValue(\"bar\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n properties:\n claimName: foo\n claimValue: bar\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", {\n claimName: \"foo\",\n claimValue: \"bar\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\",\n claim_name=\"foo\",\n claim_value=\"bar\",\n client_scope_id=client_scope.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", new()\n {\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcodedClaimMapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder() \n .claimName(\"foo\")\n .claimValue(\"bar\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n properties:\n claimName: foo\n claimValue: bar\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value` - (Required) The hardcoded value of the claim.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValue": { - "type": "string", - "description": "The hardcoded value of the claim.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" } }, "required": [ @@ -11655,45 +11084,43 @@ "inputProperties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValue": { - "type": "string", - "description": "The hardcoded value of the claim.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -11707,45 +11134,43 @@ "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValue": { - "type": "string", - "description": "The hardcoded value of the claim.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true } }, @@ -11753,27 +11178,26 @@ } }, "keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper": { - "description": "Allows for creating and managing hardcoded role protocol mappers within Keycloak.\n\nHardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst role = new keycloak.Role(\"role\", {realmId: realm.id});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrole = keycloak.Role(\"role\", realm_id=realm.id)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcodedRoleMapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n roleId: ${role.id}\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst role = new keycloak.Role(\"role\", {realmId: realm.id});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrole = keycloak.Role(\"role\", realm_id=realm.id)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcodedRoleMapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${role.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.openid.HardcodedRoleProtocolMapper\n\nAllows for creating and managing hardcoded role protocol mappers within\nKeycloak.\n\nHardcoded role protocol mappers allow you to specify a single role to\nalways map to an access token for a client. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope\nwhich can be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst role = new keycloak.Role(\"role\", {realmId: realm.id});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", {\n clientId: openidClient.id,\n realmId: realm.id,\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nrole = keycloak.Role(\"role\", realm_id=realm.id)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\",\n client_id=openid_client.id,\n realm_id=realm.id,\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", new()\n {\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcodedRoleMapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder() \n .clientId(openidClient.id())\n .realmId(realm.id())\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n properties:\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n roleId: ${role.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst role = new keycloak.Role(\"role\", {realmId: realm.id});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", {\n clientScopeId: clientScope.id,\n realmId: realm.id,\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nrole = keycloak.Role(\"role\", realm_id=realm.id)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\",\n client_scope_id=client_scope.id,\n realm_id=realm.id,\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", new()\n {\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcodedRoleMapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder() \n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n properties:\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n roleId: ${role.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the\n GUI.\n- `role_id` - (Required) The ID of the role to map to an access token.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" }, "roleId": { - "type": "string", - "description": "The ID of the role to map to an access token.\n" + "type": "string" } }, "required": [ @@ -11784,27 +11208,26 @@ "inputProperties": { "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n", + "description": "A human-friendly name that will appear in the Keycloak console.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true }, "roleId": { - "type": "string", - "description": "The ID of the role to map to an access token.\n" + "type": "string" } }, "requiredInputs": [ @@ -11816,34 +11239,33 @@ "properties": { "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n", + "description": "A human-friendly name that will appear in the Keycloak console.\n", "willReplaceOnChanges": true }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true }, "roleId": { - "type": "string", - "description": "The ID of the role to map to an access token.\n" + "type": "string" } }, "type": "object" } }, "keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper": { - "description": "Allows for creating and managing script protocol mappers within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce a token claim based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n\u003e Support for this protocol mapper was removed in Keycloak 18.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"scriptMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"scriptMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"scriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"scriptMapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n script: exports = 'foo';\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"scriptMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"scriptMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"scriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"scriptMapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n script: exports = 'foo';\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "Allows for creating and managing script protocol mappers within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce a token claim based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n\u003e Support for this protocol mapper was removed in Keycloak 18.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"scriptMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"scriptMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"scriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"scriptMapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n script: exports = 'foo';\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"scriptMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"scriptMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"scriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"scriptMapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n script: exports = 'foo';\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -12005,55 +11427,53 @@ } }, "keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper": { - "description": "Allows for creating and managing user attribute protocol mappers within Keycloak.\n\nUser attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n userAttribute: \"foo\",\n claimName: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n user_attribute=\"foo\",\n claim_name=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"userAttributeMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n UserAttribute = \"foo\",\n ClaimName = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"userAttributeMapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .userAttribute(\"foo\")\n .claimName(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n userAttribute: foo\n claimName: bar\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n userAttribute: \"foo\",\n claimName: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n user_attribute=\"foo\",\n claim_name=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"userAttributeMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n UserAttribute = \"foo\",\n ClaimName = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"userAttributeMapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .userAttribute(\"foo\")\n .claimName(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n userAttribute: foo\n claimName: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.openid.UserAttributeProtocolMapper\n\nAllows for creating and managing user attribute protocol mappers within\nKeycloak.\n\nUser attribute protocol mappers allow you to map custom attributes defined\nfor a user within Keycloak to a claim in a token. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\", {\n claimName: \"bar\",\n clientId: openidClient.id,\n realmId: realm.id,\n userAttribute: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\",\n claim_name=\"bar\",\n client_id=openid_client.id,\n realm_id=realm.id,\n user_attribute=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"userAttributeMapper\", new()\n {\n ClaimName = \"bar\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n UserAttribute = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"userAttributeMapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .claimName(\"bar\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .userAttribute(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n properties:\n claimName: bar\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n userAttribute: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\", {\n claimName: \"bar\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n userAttribute: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\",\n claim_name=\"bar\",\n client_scope_id=client_scope.id,\n realm_id=realm.id,\n user_attribute=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"userAttributeMapper\", new()\n {\n ClaimName = \"bar\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n UserAttribute = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"userAttributeMapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .claimName(\"bar\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .userAttribute(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n properties:\n claimName: bar\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n userAttribute: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_attribute` - (Required) The custom user attribute to map a claim for.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n- `add_to_id_token` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "aggregateAttributes": { "type": "boolean", - "description": "Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n" + "description": "Indicates if attribute values should be aggregated within the group attributes\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n" }, "multivalued": { "type": "boolean", - "description": "Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n" + "description": "Indicates whether this attribute is a single value or an array of values.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" }, "userAttribute": { - "type": "string", - "description": "The custom user attribute to map a claim for.\n" + "type": "string" } }, "required": [ @@ -12065,54 +11485,52 @@ "inputProperties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "aggregateAttributes": { "type": "boolean", - "description": "Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n" + "description": "Indicates if attribute values should be aggregated within the group attributes\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "multivalued": { "type": "boolean", - "description": "Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n" + "description": "Indicates whether this attribute is a single value or an array of values.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true }, "userAttribute": { - "type": "string", - "description": "The custom user attribute to map a claim for.\n" + "type": "string" } }, "requiredInputs": [ @@ -12125,61 +11543,59 @@ "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "aggregateAttributes": { "type": "boolean", - "description": "Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n" + "description": "Indicates if attribute values should be aggregated within the group attributes\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "multivalued": { "type": "boolean", - "description": "Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n" + "description": "Indicates whether this attribute is a single value or an array of values.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true }, "userAttribute": { - "type": "string", - "description": "The custom user attribute to map a claim for.\n" + "type": "string" } }, "type": "object" } }, "keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper": { - "description": "Allows for creating and managing user client role protocol mappers within Keycloak.\n\nUser client role protocol mappers allow you to define a claim containing the list of a client roles.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"userClientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"userClientRoleMapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"userClientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"userClientRoleMapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "Allows for creating and managing user client role protocol mappers within Keycloak.\n\nUser client role protocol mappers allow you to define a claim containing the list of a client roles.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"userClientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"userClientRoleMapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"userClientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"userClientRoleMapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -12351,47 +11767,45 @@ } }, "keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper": { - "description": "Allows for creating and managing user property protocol mappers within Keycloak.\n\nUser property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in\na token.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n userProperty: \"email\",\n claimName: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n user_property=\"email\",\n claim_name=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"userPropertyMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n UserProperty = \"email\",\n ClaimName = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"userPropertyMapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .userProperty(\"email\")\n .claimName(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n userProperty: email\n claimName: email\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n userProperty: \"email\",\n claimName: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n user_property=\"email\",\n claim_name=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"userPropertyMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n UserProperty = \"email\",\n ClaimName = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"userPropertyMapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .userProperty(\"email\")\n .claimName(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n userProperty: email\n claimName: email\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.openid.UserPropertyProtocolMapper\n\nAllows for creating and managing user property protocol mappers within\nKeycloak.\n\nUser property protocol mappers allow you to map built in properties defined\non the Keycloak user interface to a claim in a token. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\", {\n claimName: \"email\",\n clientId: openidClient.id,\n realmId: realm.id,\n userProperty: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\",\n claim_name=\"email\",\n client_id=openid_client.id,\n realm_id=realm.id,\n user_property=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"userPropertyMapper\", new()\n {\n ClaimName = \"email\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n UserProperty = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"userPropertyMapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .claimName(\"email\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .userProperty(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n properties:\n claimName: email\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n userProperty: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\", {\n claimName: \"email\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n userProperty: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\",\n claim_name=\"email\",\n client_scope_id=client_scope.id,\n realm_id=realm.id,\n user_property=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"userPropertyMapper\", new()\n {\n ClaimName = \"email\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n UserProperty = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"userPropertyMapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .claimName(\"email\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .userProperty(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n properties:\n claimName: email\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n userProperty: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_property` - (Required) The built in user property (such as email) to map a claim for.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_property_protocol_mapper.user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_property_protocol_mapper.user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the property should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the property should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the property should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n" + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" }, "userProperty": { - "type": "string", - "description": "The built in user property (such as email) to map a claim for.\n" + "type": "string" } }, "required": [ @@ -12403,46 +11817,44 @@ "inputProperties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the property should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the property should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the property should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true }, "userProperty": { - "type": "string", - "description": "The built in user property (such as email) to map a claim for.\n" + "type": "string" } }, "requiredInputs": [ @@ -12455,97 +11867,94 @@ "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the property should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the property should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the property should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true }, "userProperty": { - "type": "string", - "description": "The built in user property (such as email) to map a claim for.\n" + "type": "string" } }, "type": "object" } }, "keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper": { - "description": "Allows for creating and managing user realm role protocol mappers within Keycloak.\n\nUser realm role protocol mappers allow you to define a claim containing the list of the realm roles.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"userRealmRoleMapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"userRealmRoleMapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.openid.UserRealmRoleProtocolMapper\n\nAllows for creating and managing user realm role protocol mappers within\nKeycloak.\n\nUser realm role protocol mappers allow you to define a claim containing the list of the realm roles.\nProtocol mappers can be defined for a single client, or they can\nbe defined for a client scope which can be shared between multiple different\nclients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", {\n claimName: \"foo\",\n clientId: openidClient.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\",\n claim_name=\"foo\",\n client_id=openid_client.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", new()\n {\n ClaimName = \"foo\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"userRealmRoleMapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder() \n .claimName(\"foo\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n properties:\n claimName: foo\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", {\n claimName: \"foo\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\",\n claim_name=\"foo\",\n client_scope_id=client_scope.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", new()\n {\n ClaimName = \"foo\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"userRealmRoleMapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder() \n .claimName(\"foo\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n properties:\n claimName: foo\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`.\n- `realm_role_prefix` - (Optional) A prefix for each Realm Role.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n" }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n" }, "multivalued": { "type": "boolean", - "description": "Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`.\n" + "description": "Indicates whether this attribute is a single value or an array of values.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "description": "The realm id where the associated client or client scope exists.\n" }, "realmRolePrefix": { "type": "string", - "description": "A prefix for each Realm Role.\n" + "description": "Prefix that will be added to each realm role.\n" } }, "required": [ @@ -12556,50 +11965,49 @@ "inputProperties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "multivalued": { "type": "boolean", - "description": "Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`.\n" + "description": "Indicates whether this attribute is a single value or an array of values.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true }, "realmRolePrefix": { "type": "string", - "description": "A prefix for each Realm Role.\n" + "description": "Prefix that will be added to each realm role.\n" } }, "requiredInputs": [ @@ -12611,57 +12019,56 @@ "properties": { "addToAccessToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the access token.\n" }, "addToIdToken": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n" + "description": "Indicates if the attribute should be a claim in the id token.\n" }, "addToUserinfo": { "type": "boolean", - "description": "Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n" + "description": "Indicates if the attribute should appear in the userinfo response body.\n" }, "claimName": { - "type": "string", - "description": "The name of the claim to insert into a token.\n" + "type": "string" }, "claimValueType": { "type": "string", - "description": "The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.\n" + "description": "Claim type used when serializing tokens.\n" }, "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client. Cannot be used at the same time as client_scope_id.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", + "description": "The mapper's associated client scope. Cannot be used at the same time as client_id.\n", "willReplaceOnChanges": true }, "multivalued": { "type": "boolean", - "description": "Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`.\n" + "description": "Indicates whether this attribute is a single value or an array of values.\n" }, "name": { "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "description": "A human-friendly name that will appear in the Keycloak console.\n" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", + "description": "The realm id where the associated client or client scope exists.\n", "willReplaceOnChanges": true }, "realmRolePrefix": { "type": "string", - "description": "A prefix for each Realm Role.\n" + "description": "Prefix that will be added to each realm role.\n" } }, "type": "object" } }, "keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper": { - "description": "Allows for creating and managing user session note protocol mappers within Keycloak.\n\nUser session note protocol mappers map a custom user session note to a token claim.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Client)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"userSessionNoteMapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\n{{% /example %}}\n{{% example %}}\n### Client Scope)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"userSessionNoteMapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "Allows for creating and managing user session note protocol mappers within Keycloak.\n\nUser session note protocol mappers map a custom user session note to a token claim.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"userSessionNoteMapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"userSessionNoteMapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -12797,55 +12204,43 @@ } }, "keycloak:saml/client:Client": { - "description": "Allows for creating and managing Keycloak clients that use the SAML protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users\nto Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak\n\n assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n\n ", + "description": "## # keycloak.saml.Client\n\nAllows for creating and managing Keycloak clients that use the SAML protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically,\nclients are applications that redirect users to Keycloak for authentication\nin order to take advantage of Keycloak's user sessions for SSO.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n clientId: \"test-saml-client\",\n includeAuthnStatement: true,\n realmId: realm.id,\n signAssertions: true,\n signDocuments: false,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nsaml_client = keycloak.saml.Client(\"samlClient\",\n client_id=\"test-saml-client\",\n include_authn_statement=True,\n realm_id=realm.id,\n sign_assertions=True,\n sign_documents=False,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n ClientId = \"test-saml-client\",\n IncludeAuthnStatement = true,\n RealmId = realm.Id,\n SignAssertions = true,\n SignDocuments = false,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .clientId(\"test-saml-client\")\n .includeAuthnStatement(true)\n .realmId(realm.id())\n .signAssertions(true)\n .signDocuments(false)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n samlClient:\n type: keycloak:saml:Client\n properties:\n clientId: test-saml-client\n includeAuthnStatement: true\n realmId: ${realm.id}\n signAssertions: true\n signDocuments: false\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client is attached to.\n- `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n- `name` - (Optional) The display name of this client in the GUI.\n- `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n- `description` - (Optional) The description of this client in the GUI.\n- `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response.\n- `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key.\n- `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response.\n- `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`.\n- `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding.\n- `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout.\n- `name_id_format` - (Optional) Sets the Name ID format for the subject.\n- `root_url` - (Optional) When specified, this value is prepended to all relative URLs.\n- `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.\n- `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client.\n- `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests.\n- `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature.\n- `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature.\n- `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO.\n- `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO.\n- `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses).\n- `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses).\n- `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service.\n- `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service.\n- `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token\n\n### Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak\nassigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_client.saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n", "properties": { "assertionConsumerPostUrl": { - "type": "string", - "description": "SAML POST Binding URL for the client's assertion consumer service (login responses).\n" + "type": "string" }, "assertionConsumerRedirectUrl": { - "type": "string", - "description": "SAML Redirect Binding URL for the client's assertion consumer service (login responses).\n" + "type": "string" }, "authenticationFlowBindingOverrides": { - "$ref": "#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides", - "description": "Override realm authentication flow bindings\n" + "$ref": "#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides" }, "baseUrl": { - "type": "string", - "description": "When specified, this URL will be used whenever Keycloak needs to link to this client.\n" + "type": "string" }, "canonicalizationMethod": { - "type": "string", - "description": "The Canonicalization Method for XML signatures. Should be one of \"EXCLUSIVE\", \"EXCLUSIVE_WITH_COMMENTS\", \"INCLUSIVE\", or \"INCLUSIVE_WITH_COMMENTS\". Defaults to \"EXCLUSIVE\".\n" + "type": "string" }, "clientId": { - "type": "string", - "description": "The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n" + "type": "string" }, "clientSignatureRequired": { - "type": "boolean", - "description": "When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`.\n" + "type": "boolean" }, "description": { - "type": "string", - "description": "The description of this client in the GUI.\n" + "type": "string" }, "enabled": { - "type": "boolean", - "description": "When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n" + "type": "boolean" }, "encryptAssertions": { - "type": "boolean", - "description": "When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.\n" + "type": "boolean" }, "encryptionCertificate": { - "type": "string", - "description": "If assertions for the client are encrypted, this certificate will be used for encryption.\n" + "type": "string" }, "encryptionCertificateSha1": { - "type": "string", - "description": "(Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.\n" + "type": "string" }, "extraConfig": { "type": "object", @@ -12854,103 +12249,79 @@ } }, "forceNameIdFormat": { - "type": "boolean", - "description": "Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`.\n" + "type": "boolean" }, "forcePostBinding": { - "type": "boolean", - "description": "When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.\n" + "type": "boolean" }, "frontChannelLogout": { - "type": "boolean", - "description": "When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.\n" + "type": "boolean" }, "fullScopeAllowed": { - "type": "boolean", - "description": "Allow to include all roles mappings in the access token\n" + "type": "boolean" }, "idpInitiatedSsoRelayState": { - "type": "string", - "description": "Relay state you want to send with SAML request when you want to do IDP Initiated SSO.\n" + "type": "string" }, "idpInitiatedSsoUrlName": { - "type": "string", - "description": "URL fragment name to reference client when you want to do IDP Initiated SSO.\n" + "type": "string" }, "includeAuthnStatement": { - "type": "boolean", - "description": "When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.\n" + "type": "boolean" }, "loginTheme": { - "type": "string", - "description": "The login theme of this client.\n" + "type": "string" }, "logoutServicePostBindingUrl": { - "type": "string", - "description": "SAML POST Binding URL for the client's single logout service.\n" + "type": "string" }, "logoutServiceRedirectBindingUrl": { - "type": "string", - "description": "SAML Redirect Binding URL for the client's single logout service.\n" + "type": "string" }, "masterSamlProcessingUrl": { - "type": "string", - "description": "When specified, this URL will be used for all SAML requests.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this client in the GUI.\n" + "type": "string" }, "nameIdFormat": { - "type": "string", - "description": "Sets the Name ID format for the subject.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this client is attached to.\n" + "type": "string" }, "rootUrl": { - "type": "string", - "description": "When specified, this value is prepended to all relative URLs.\n" + "type": "string" }, "signAssertions": { - "type": "boolean", - "description": "When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.\n" + "type": "boolean" }, "signDocuments": { - "type": "boolean", - "description": "When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.\n" + "type": "boolean" }, "signatureAlgorithm": { - "type": "string", - "description": "The signature algorithm used to sign documents. Should be one of \"RSA_SHA1\", \"RSA_SHA256\", \"RSA_SHA256_MGF1, \"RSA_SHA512\", \"RSA_SHA512_MGF1\" or \"DSA_SHA1\".\n" + "type": "string" }, "signatureKeyName": { - "type": "string", - "description": "The value of the `KeyName` element within the signed SAML document. Should be one of \"NONE\", \"KEY_ID\", or \"CERT_SUBJECT\". Defaults to \"KEY_ID\".\n" + "type": "string" }, "signingCertificate": { - "type": "string", - "description": "If documents or assertions from the client are signed, this certificate will be used to verify the signature.\n" + "type": "string" }, "signingCertificateSha1": { - "type": "string", - "description": "(Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.\n" + "type": "string" }, "signingPrivateKey": { - "type": "string", - "description": "If documents or assertions from the client are signed, this private key will be used to verify the signature.\n" + "type": "string" }, "signingPrivateKeySha1": { - "type": "string", - "description": "(Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.\n" + "type": "string" }, "validRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.\n" + } } }, "required": [ @@ -12967,48 +12338,37 @@ ], "inputProperties": { "assertionConsumerPostUrl": { - "type": "string", - "description": "SAML POST Binding URL for the client's assertion consumer service (login responses).\n" + "type": "string" }, "assertionConsumerRedirectUrl": { - "type": "string", - "description": "SAML Redirect Binding URL for the client's assertion consumer service (login responses).\n" + "type": "string" }, "authenticationFlowBindingOverrides": { - "$ref": "#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides", - "description": "Override realm authentication flow bindings\n" + "$ref": "#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides" }, "baseUrl": { - "type": "string", - "description": "When specified, this URL will be used whenever Keycloak needs to link to this client.\n" + "type": "string" }, "canonicalizationMethod": { - "type": "string", - "description": "The Canonicalization Method for XML signatures. Should be one of \"EXCLUSIVE\", \"EXCLUSIVE_WITH_COMMENTS\", \"INCLUSIVE\", or \"INCLUSIVE_WITH_COMMENTS\". Defaults to \"EXCLUSIVE\".\n" + "type": "string" }, "clientId": { - "type": "string", - "description": "The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n" + "type": "string" }, "clientSignatureRequired": { - "type": "boolean", - "description": "When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`.\n" + "type": "boolean" }, "description": { - "type": "string", - "description": "The description of this client in the GUI.\n" + "type": "string" }, "enabled": { - "type": "boolean", - "description": "When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n" + "type": "boolean" }, "encryptAssertions": { - "type": "boolean", - "description": "When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.\n" + "type": "boolean" }, "encryptionCertificate": { - "type": "string", - "description": "If assertions for the client are encrypted, this certificate will be used for encryption.\n" + "type": "string" }, "extraConfig": { "type": "object", @@ -13017,96 +12377,74 @@ } }, "forceNameIdFormat": { - "type": "boolean", - "description": "Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`.\n" + "type": "boolean" }, "forcePostBinding": { - "type": "boolean", - "description": "When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.\n" + "type": "boolean" }, "frontChannelLogout": { - "type": "boolean", - "description": "When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.\n" + "type": "boolean" }, "fullScopeAllowed": { - "type": "boolean", - "description": "Allow to include all roles mappings in the access token\n" + "type": "boolean" }, "idpInitiatedSsoRelayState": { - "type": "string", - "description": "Relay state you want to send with SAML request when you want to do IDP Initiated SSO.\n" + "type": "string" }, "idpInitiatedSsoUrlName": { - "type": "string", - "description": "URL fragment name to reference client when you want to do IDP Initiated SSO.\n" + "type": "string" }, "includeAuthnStatement": { - "type": "boolean", - "description": "When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.\n" + "type": "boolean" }, "loginTheme": { - "type": "string", - "description": "The login theme of this client.\n" + "type": "string" }, "logoutServicePostBindingUrl": { - "type": "string", - "description": "SAML POST Binding URL for the client's single logout service.\n" + "type": "string" }, "logoutServiceRedirectBindingUrl": { - "type": "string", - "description": "SAML Redirect Binding URL for the client's single logout service.\n" + "type": "string" }, "masterSamlProcessingUrl": { - "type": "string", - "description": "When specified, this URL will be used for all SAML requests.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this client in the GUI.\n" + "type": "string" }, "nameIdFormat": { - "type": "string", - "description": "Sets the Name ID format for the subject.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this client is attached to.\n", "willReplaceOnChanges": true }, "rootUrl": { - "type": "string", - "description": "When specified, this value is prepended to all relative URLs.\n" + "type": "string" }, "signAssertions": { - "type": "boolean", - "description": "When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.\n" + "type": "boolean" }, "signDocuments": { - "type": "boolean", - "description": "When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.\n" + "type": "boolean" }, "signatureAlgorithm": { - "type": "string", - "description": "The signature algorithm used to sign documents. Should be one of \"RSA_SHA1\", \"RSA_SHA256\", \"RSA_SHA256_MGF1, \"RSA_SHA512\", \"RSA_SHA512_MGF1\" or \"DSA_SHA1\".\n" + "type": "string" }, "signatureKeyName": { - "type": "string", - "description": "The value of the `KeyName` element within the signed SAML document. Should be one of \"NONE\", \"KEY_ID\", or \"CERT_SUBJECT\". Defaults to \"KEY_ID\".\n" + "type": "string" }, "signingCertificate": { - "type": "string", - "description": "If documents or assertions from the client are signed, this certificate will be used to verify the signature.\n" + "type": "string" }, "signingPrivateKey": { - "type": "string", - "description": "If documents or assertions from the client are signed, this private key will be used to verify the signature.\n" + "type": "string" }, "validRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.\n" + } } }, "requiredInputs": [ @@ -13117,52 +12455,40 @@ "description": "Input properties used for looking up and filtering Client resources.\n", "properties": { "assertionConsumerPostUrl": { - "type": "string", - "description": "SAML POST Binding URL for the client's assertion consumer service (login responses).\n" + "type": "string" }, "assertionConsumerRedirectUrl": { - "type": "string", - "description": "SAML Redirect Binding URL for the client's assertion consumer service (login responses).\n" + "type": "string" }, "authenticationFlowBindingOverrides": { - "$ref": "#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides", - "description": "Override realm authentication flow bindings\n" + "$ref": "#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides" }, "baseUrl": { - "type": "string", - "description": "When specified, this URL will be used whenever Keycloak needs to link to this client.\n" + "type": "string" }, "canonicalizationMethod": { - "type": "string", - "description": "The Canonicalization Method for XML signatures. Should be one of \"EXCLUSIVE\", \"EXCLUSIVE_WITH_COMMENTS\", \"INCLUSIVE\", or \"INCLUSIVE_WITH_COMMENTS\". Defaults to \"EXCLUSIVE\".\n" + "type": "string" }, "clientId": { - "type": "string", - "description": "The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n" + "type": "string" }, "clientSignatureRequired": { - "type": "boolean", - "description": "When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`.\n" + "type": "boolean" }, "description": { - "type": "string", - "description": "The description of this client in the GUI.\n" + "type": "string" }, "enabled": { - "type": "boolean", - "description": "When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n" + "type": "boolean" }, "encryptAssertions": { - "type": "boolean", - "description": "When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.\n" + "type": "boolean" }, "encryptionCertificate": { - "type": "string", - "description": "If assertions for the client are encrypted, this certificate will be used for encryption.\n" + "type": "string" }, "encryptionCertificateSha1": { - "type": "string", - "description": "(Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.\n" + "type": "string" }, "extraConfig": { "type": "object", @@ -13171,111 +12497,87 @@ } }, "forceNameIdFormat": { - "type": "boolean", - "description": "Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`.\n" + "type": "boolean" }, "forcePostBinding": { - "type": "boolean", - "description": "When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.\n" + "type": "boolean" }, "frontChannelLogout": { - "type": "boolean", - "description": "When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.\n" + "type": "boolean" }, "fullScopeAllowed": { - "type": "boolean", - "description": "Allow to include all roles mappings in the access token\n" + "type": "boolean" }, "idpInitiatedSsoRelayState": { - "type": "string", - "description": "Relay state you want to send with SAML request when you want to do IDP Initiated SSO.\n" + "type": "string" }, "idpInitiatedSsoUrlName": { - "type": "string", - "description": "URL fragment name to reference client when you want to do IDP Initiated SSO.\n" + "type": "string" }, "includeAuthnStatement": { - "type": "boolean", - "description": "When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.\n" + "type": "boolean" }, "loginTheme": { - "type": "string", - "description": "The login theme of this client.\n" + "type": "string" }, "logoutServicePostBindingUrl": { - "type": "string", - "description": "SAML POST Binding URL for the client's single logout service.\n" + "type": "string" }, "logoutServiceRedirectBindingUrl": { - "type": "string", - "description": "SAML Redirect Binding URL for the client's single logout service.\n" + "type": "string" }, "masterSamlProcessingUrl": { - "type": "string", - "description": "When specified, this URL will be used for all SAML requests.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this client in the GUI.\n" + "type": "string" }, "nameIdFormat": { - "type": "string", - "description": "Sets the Name ID format for the subject.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this client is attached to.\n", "willReplaceOnChanges": true }, "rootUrl": { - "type": "string", - "description": "When specified, this value is prepended to all relative URLs.\n" + "type": "string" }, "signAssertions": { - "type": "boolean", - "description": "When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.\n" + "type": "boolean" }, "signDocuments": { - "type": "boolean", - "description": "When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.\n" + "type": "boolean" }, "signatureAlgorithm": { - "type": "string", - "description": "The signature algorithm used to sign documents. Should be one of \"RSA_SHA1\", \"RSA_SHA256\", \"RSA_SHA256_MGF1, \"RSA_SHA512\", \"RSA_SHA512_MGF1\" or \"DSA_SHA1\".\n" + "type": "string" }, "signatureKeyName": { - "type": "string", - "description": "The value of the `KeyName` element within the signed SAML document. Should be one of \"NONE\", \"KEY_ID\", or \"CERT_SUBJECT\". Defaults to \"KEY_ID\".\n" + "type": "string" }, "signingCertificate": { - "type": "string", - "description": "If documents or assertions from the client are signed, this certificate will be used to verify the signature.\n" + "type": "string" }, "signingCertificateSha1": { - "type": "string", - "description": "(Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.\n" + "type": "string" }, "signingPrivateKey": { - "type": "string", - "description": "If documents or assertions from the client are signed, this private key will be used to verify the signature.\n" + "type": "string" }, "signingPrivateKeySha1": { - "type": "string", - "description": "(Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.\n" + "type": "string" }, "validRedirectUris": { "type": "array", "items": { "type": "string" - }, - "description": "When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.\n" + } } }, "type": "object" } }, "keycloak:saml/clientDefaultScope:ClientDefaultScope": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\nconst clientScope = new keycloak.saml.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientDefaultScopes = new keycloak.saml.ClientDefaultScope(\"clientDefaultScopes\", {\n realmId: realm.id,\n clientId: keycloak_saml_client.client.id,\n defaultScopes: [\n \"role_list\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\nclient_scope = keycloak.saml.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_default_scopes = keycloak.saml.ClientDefaultScope(\"clientDefaultScopes\",\n realm_id=realm.id,\n client_id=keycloak_saml_client[\"client\"][\"id\"],\n default_scopes=[\n \"role_list\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n var clientScope = new Keycloak.Saml.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientDefaultScopes = new Keycloak.Saml.ClientDefaultScope(\"clientDefaultScopes\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_saml_client.Client.Id,\n DefaultScopes = new[]\n {\n \"role_list\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := saml.NewClientScope(ctx, \"clientScope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientDefaultScope(ctx, \"clientDefaultScopes\", \u0026saml.ClientDefaultScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_saml_client.Client.Id),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"role_list\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport com.pulumi.keycloak.saml.ClientDefaultScope;\nimport com.pulumi.keycloak.saml.ClientDefaultScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientDefaultScopes = new ClientDefaultScope(\"clientDefaultScopes\", ClientDefaultScopeArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_saml_client.client().id())\n .defaultScopes( \n \"role_list\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n clientScope:\n type: keycloak:saml:ClientScope\n properties:\n realmId: ${realm.id}\n clientDefaultScopes:\n type: keycloak:saml:ClientDefaultScope\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_saml_client.client.id}\n defaultScopes:\n - role_list\n - ${clientScope.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist\n\n on the server.\n\n ", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\nconst clientScope = new keycloak.saml.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientDefaultScopes = new keycloak.saml.ClientDefaultScope(\"clientDefaultScopes\", {\n realmId: realm.id,\n clientId: keycloak_saml_client.client.id,\n defaultScopes: [\n \"role_list\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\nclient_scope = keycloak.saml.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_default_scopes = keycloak.saml.ClientDefaultScope(\"clientDefaultScopes\",\n realm_id=realm.id,\n client_id=keycloak_saml_client[\"client\"][\"id\"],\n default_scopes=[\n \"role_list\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n var clientScope = new Keycloak.Saml.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientDefaultScopes = new Keycloak.Saml.ClientDefaultScope(\"clientDefaultScopes\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_saml_client.Client.Id,\n DefaultScopes = new[]\n {\n \"role_list\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := saml.NewClientScope(ctx, \"clientScope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientDefaultScope(ctx, \"clientDefaultScopes\", \u0026saml.ClientDefaultScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_saml_client.Client.Id),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"role_list\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport com.pulumi.keycloak.saml.ClientDefaultScope;\nimport com.pulumi.keycloak.saml.ClientDefaultScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientDefaultScopes = new ClientDefaultScope(\"clientDefaultScopes\", ClientDefaultScopeArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_saml_client.client().id())\n .defaultScopes( \n \"role_list\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n clientScope:\n type: keycloak:saml:ClientScope\n properties:\n realmId: ${realm.id}\n clientDefaultScopes:\n type: keycloak:saml:ClientDefaultScope\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_saml_client.client.id}\n defaultScopes:\n - role_list\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist\n\non the server.\n\n", "properties": { "clientId": { "type": "string", @@ -13347,7 +12649,7 @@ } }, "keycloak:saml/clientScope:ClientScope": { - "description": "Allows for creating and managing Keycloak client scopes that can be attached to clients that use the SAML protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple clients within a realm.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClientScope = new keycloak.saml.ClientScope(\"samlClientScope\", {\n realmId: realm.id,\n description: \"This scope will map a user's group memberships to SAML assertion\",\n guiOrder: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client_scope = keycloak.saml.ClientScope(\"samlClientScope\",\n realm_id=realm.id,\n description=\"This scope will map a user's group memberships to SAML assertion\",\n gui_order=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClientScope = new Keycloak.Saml.ClientScope(\"samlClientScope\", new()\n {\n RealmId = realm.Id,\n Description = \"This scope will map a user's group memberships to SAML assertion\",\n GuiOrder = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientScope(ctx, \"samlClientScope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"This scope will map a user's group memberships to SAML assertion\"),\n\t\t\tGuiOrder: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClientScope = new ClientScope(\"samlClientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .description(\"This scope will map a user's group memberships to SAML assertion\")\n .guiOrder(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientScope:\n type: keycloak:saml:ClientScope\n properties:\n realmId: ${realm.id}\n description: This scope will map a user's group memberships to SAML assertion\n guiOrder: 1\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak\n\n assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e\n```\n\n ", + "description": "Allows for creating and managing Keycloak client scopes that can be attached to clients that use the SAML protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple clients within a realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClientScope = new keycloak.saml.ClientScope(\"samlClientScope\", {\n realmId: realm.id,\n description: \"This scope will map a user's group memberships to SAML assertion\",\n guiOrder: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client_scope = keycloak.saml.ClientScope(\"samlClientScope\",\n realm_id=realm.id,\n description=\"This scope will map a user's group memberships to SAML assertion\",\n gui_order=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClientScope = new Keycloak.Saml.ClientScope(\"samlClientScope\", new()\n {\n RealmId = realm.Id,\n Description = \"This scope will map a user's group memberships to SAML assertion\",\n GuiOrder = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientScope(ctx, \"samlClientScope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"This scope will map a user's group memberships to SAML assertion\"),\n\t\t\tGuiOrder: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClientScope = new ClientScope(\"samlClientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .description(\"This scope will map a user's group memberships to SAML assertion\")\n .guiOrder(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientScope:\n type: keycloak:saml:ClientScope\n properties:\n realmId: ${realm.id}\n description: This scope will map a user's group memberships to SAML assertion\n guiOrder: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak\n\nassigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e\n```\n\n", "properties": { "consentScreenText": { "type": "string", @@ -13429,49 +12731,49 @@ } }, "keycloak:saml/identityProvider:IdentityProvider": { - "description": "Allows for creating and managing SAML Identity Providers within Keycloak.\n\nSAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmSamlIdentityProvider = new keycloak.saml.IdentityProvider(\"realmSamlIdentityProvider\", {\n realm: realm.id,\n alias: \"my-saml-idp\",\n entityId: \"https://domain.com/entity_id\",\n singleSignOnServiceUrl: \"https://domain.com/adfs/ls/\",\n singleLogoutServiceUrl: \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n backchannelSupported: true,\n postBindingResponse: true,\n postBindingLogout: true,\n postBindingAuthnRequest: true,\n storeToken: false,\n trustEmail: true,\n forceAuthn: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_saml_identity_provider = keycloak.saml.IdentityProvider(\"realmSamlIdentityProvider\",\n realm=realm.id,\n alias=\"my-saml-idp\",\n entity_id=\"https://domain.com/entity_id\",\n single_sign_on_service_url=\"https://domain.com/adfs/ls/\",\n single_logout_service_url=\"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n backchannel_supported=True,\n post_binding_response=True,\n post_binding_logout=True,\n post_binding_authn_request=True,\n store_token=False,\n trust_email=True,\n force_authn=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmSamlIdentityProvider = new Keycloak.Saml.IdentityProvider(\"realmSamlIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-saml-idp\",\n EntityId = \"https://domain.com/entity_id\",\n SingleSignOnServiceUrl = \"https://domain.com/adfs/ls/\",\n SingleLogoutServiceUrl = \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n BackchannelSupported = true,\n PostBindingResponse = true,\n PostBindingLogout = true,\n PostBindingAuthnRequest = true,\n StoreToken = false,\n TrustEmail = true,\n ForceAuthn = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewIdentityProvider(ctx, \"realmSamlIdentityProvider\", \u0026saml.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-saml-idp\"),\n\t\t\tEntityId: pulumi.String(\"https://domain.com/entity_id\"),\n\t\t\tSingleSignOnServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/\"),\n\t\t\tSingleLogoutServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/?wa=wsignout1.0\"),\n\t\t\tBackchannelSupported: pulumi.Bool(true),\n\t\t\tPostBindingResponse: pulumi.Bool(true),\n\t\t\tPostBindingLogout: pulumi.Bool(true),\n\t\t\tPostBindingAuthnRequest: pulumi.Bool(true),\n\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tForceAuthn: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.IdentityProvider;\nimport com.pulumi.keycloak.saml.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmSamlIdentityProvider = new IdentityProvider(\"realmSamlIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-saml-idp\")\n .entityId(\"https://domain.com/entity_id\")\n .singleSignOnServiceUrl(\"https://domain.com/adfs/ls/\")\n .singleLogoutServiceUrl(\"https://domain.com/adfs/ls/?wa=wsignout1.0\")\n .backchannelSupported(true)\n .postBindingResponse(true)\n .postBindingLogout(true)\n .postBindingAuthnRequest(true)\n .storeToken(false)\n .trustEmail(true)\n .forceAuthn(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmSamlIdentityProvider:\n type: keycloak:saml:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-saml-idp\n entityId: https://domain.com/entity_id\n singleSignOnServiceUrl: https://domain.com/adfs/ls/\n singleLogoutServiceUrl: https://domain.com/adfs/ls/?wa=wsignout1.0\n backchannelSupported: true\n postBindingResponse: true\n postBindingLogout: true\n postBindingAuthnRequest: true\n storeToken: false\n trustEmail: true\n forceAuthn: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp\n```\n\n ", + "description": "## # keycloak.saml.IdentityProvider\n\nAllows to create and manage SAML Identity Providers within Keycloak.\n\nSAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmIdentityProvider = new keycloak.saml.IdentityProvider(\"realmIdentityProvider\", {\n alias: \"my-idp\",\n backchannelSupported: true,\n forceAuthn: true,\n postBindingAuthnRequest: true,\n postBindingLogout: true,\n postBindingResponse: true,\n realm: \"my-realm\",\n singleLogoutServiceUrl: \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n singleSignOnServiceUrl: \"https://domain.com/adfs/ls/\",\n storeToken: false,\n trustEmail: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_identity_provider = keycloak.saml.IdentityProvider(\"realmIdentityProvider\",\n alias=\"my-idp\",\n backchannel_supported=True,\n force_authn=True,\n post_binding_authn_request=True,\n post_binding_logout=True,\n post_binding_response=True,\n realm=\"my-realm\",\n single_logout_service_url=\"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n single_sign_on_service_url=\"https://domain.com/adfs/ls/\",\n store_token=False,\n trust_email=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmIdentityProvider = new Keycloak.Saml.IdentityProvider(\"realmIdentityProvider\", new()\n {\n Alias = \"my-idp\",\n BackchannelSupported = true,\n ForceAuthn = true,\n PostBindingAuthnRequest = true,\n PostBindingLogout = true,\n PostBindingResponse = true,\n Realm = \"my-realm\",\n SingleLogoutServiceUrl = \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n SingleSignOnServiceUrl = \"https://domain.com/adfs/ls/\",\n StoreToken = false,\n TrustEmail = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := saml.NewIdentityProvider(ctx, \"realmIdentityProvider\", \u0026saml.IdentityProviderArgs{\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tBackchannelSupported: pulumi.Bool(true),\n\t\t\tForceAuthn: pulumi.Bool(true),\n\t\t\tPostBindingAuthnRequest: pulumi.Bool(true),\n\t\t\tPostBindingLogout: pulumi.Bool(true),\n\t\t\tPostBindingResponse: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tSingleLogoutServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/?wa=wsignout1.0\"),\n\t\t\tSingleSignOnServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/\"),\n\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.IdentityProvider;\nimport com.pulumi.keycloak.saml.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder() \n .alias(\"my-idp\")\n .backchannelSupported(true)\n .forceAuthn(true)\n .postBindingAuthnRequest(true)\n .postBindingLogout(true)\n .postBindingResponse(true)\n .realm(\"my-realm\")\n .singleLogoutServiceUrl(\"https://domain.com/adfs/ls/?wa=wsignout1.0\")\n .singleSignOnServiceUrl(\"https://domain.com/adfs/ls/\")\n .storeToken(false)\n .trustEmail(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realmIdentityProvider:\n type: keycloak:saml:IdentityProvider\n properties:\n alias: my-idp\n backchannelSupported: true\n forceAuthn: true\n postBindingAuthnRequest: true\n postBindingLogout: true\n postBindingResponse: true\n realm: my-realm\n singleLogoutServiceUrl: https://domain.com/adfs/ls/?wa=wsignout1.0\n singleSignOnServiceUrl: https://domain.com/adfs/ls/\n storeToken: false\n trustEmail: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The name of the realm. This is unique across Keycloak.\n- `alias` - (Optional) The uniq name of identity provider.\n- `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`.\n- `display_name` - (Optional) The display name for the realm that is shown when logging in to the admin console.\n- `store_token` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`.\n- `add_read_token_role_on_create` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`.\n- `trust_email` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`.\n- `link_only` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`.\n- `hide_on_login_page` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n- `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n- `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n- `authenticate_by_default` - (Optional) Authenticate users by default. Defaults to `false`.\n\n#### SAML Configuration\n\n- `single_sign_on_service_url` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest).\n- `single_logout_service_url` - (Optional) The Url that must be used to send logout requests.\n- `backchannel_supported` - (Optional) Does the external IDP support back-channel logout ?.\n- `name_id_policy_format` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n- `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n- `post_binding_authn_request` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n- `post_binding_logout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n- `want_assertions_signed` - (Optional) Indicates whether this service provider expects a signed Assertion.\n- `want_assertions_encrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion.\n- `force_authn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n- `validate_signature` - (Optional) Enable/disable signature validation of SAML responses.\n- `signing_certificate` - (Optional) Signing Certificate.\n- `signature_algorithm` - (Optional) Signing Algorithm. Defaults to empty.\n- `xml_sign_key_info_key_name_transformer` - (Optional) Sign Key Transformer. Defaults to empty.\n\n### Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_identity_provider.realm_identity_provider my-realm/my-idp\n```\n", "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", - "description": "When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.\n" + "description": "Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.\n" }, "alias": { "type": "string", - "description": "The unique name of identity provider.\n" + "description": "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.\n" }, "authenticateByDefault": { "type": "boolean", - "description": "Authenticate users by default. Defaults to `false`.\n" + "description": "Enable/disable authenticate users by default.\n" }, "authnContextClassRefs": { "type": "array", "items": { "type": "string" }, - "description": "Ordered list of requested AuthnContext ClassRefs.\n" + "description": "AuthnContext ClassRefs\n" }, "authnContextComparisonType": { "type": "string", - "description": "Specifies the comparison method used to evaluate the requested context classes or statements.\n" + "description": "AuthnContext Comparison\n" }, "authnContextDeclRefs": { "type": "array", "items": { "type": "string" }, - "description": "Ordered list of requested AuthnContext DeclRefs.\n" + "description": "AuthnContext DeclRefs\n" }, "backchannelSupported": { "type": "boolean", - "description": "Does the external IDP support backchannel logout?. Defaults to `false`.\n" + "description": "Does the external IDP support backchannel logout?\n" }, "displayName": { "type": "string", - "description": "The display name for the realm that is shown when logging in to the admin console.\n" + "description": "Friendly name for Identity Providers.\n" }, "enabled": { "type": "boolean", - "description": "When `false`, users and clients will not be able to access this realm. Defaults to `true`.\n" + "description": "Enable/disable this identity provider.\n" }, "entityId": { "type": "string", @@ -13485,19 +12787,19 @@ }, "firstBrokerLoginFlowAlias": { "type": "string", - "description": "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n" + "description": "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means\nthat there is not yet existing Keycloak account linked with the authenticated identity provider account.\n" }, "forceAuthn": { "type": "boolean", - "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n" + "description": "Require Force Authn.\n" }, "guiOrder": { "type": "string", - "description": "A number defining the order of this identity provider in the GUI.\n" + "description": "GUI Order\n" }, "hideOnLoginPage": { "type": "boolean", - "description": "If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n" + "description": "Hide On Login Page.\n" }, "internalId": { "type": "string", @@ -13505,7 +12807,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't\nwant to allow login from the provider, but want to integrate with a provider\n" }, "loginHint": { "type": "string", @@ -13513,43 +12815,43 @@ }, "nameIdPolicyFormat": { "type": "string", - "description": "Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n" + "description": "Name ID Policy Format.\n" }, "postBindingAuthnRequest": { "type": "boolean", - "description": "Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" + "description": "Post Binding Authn Request.\n" }, "postBindingLogout": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" + "description": "Post Binding Logout.\n" }, "postBindingResponse": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n" + "description": "Post Binding Response.\n" }, "postBrokerLoginFlowAlias": { "type": "string", - "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n" + "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want\nadditional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if\nyou don't want any additional authenticators to be triggered after login with this identity provider. Also note, that\nauthenticator implementations must assume that user is already set in ClientSession as identity provider already set it.\n" }, "principalAttribute": { "type": "string", - "description": "The principal attribute.\n" + "description": "Principal Attribute\n" }, "principalType": { "type": "string", - "description": "The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.\n" + "description": "Principal Type\n" }, "providerId": { "type": "string", - "description": "The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.\n" + "description": "provider id, is always saml, unless you have a custom implementation\n" }, "realm": { "type": "string", - "description": "The name of the realm. This is unique across Keycloak.\n" + "description": "Realm Name\n" }, "signatureAlgorithm": { "type": "string", - "description": "Signing Algorithm. Defaults to empty.\n" + "description": "Signing Algorithm.\n" }, "signingCertificate": { "type": "string", @@ -13557,23 +12859,23 @@ }, "singleLogoutServiceUrl": { "type": "string", - "description": "The Url that must be used to send logout requests.\n" + "description": "Logout URL.\n" }, "singleSignOnServiceUrl": { "type": "string", - "description": "The Url that must be used to send authentication requests (SAML AuthnRequest).\n" + "description": "SSO Logout URL.\n" }, "storeToken": { "type": "boolean", - "description": "When `true`, tokens will be stored after authenticating users. Defaults to `true`.\n" + "description": "Enable/disable if tokens must be stored after authenticating users.\n" }, "syncMode": { "type": "string", - "description": "The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.\n" + "description": "Sync Mode\n" }, "trustEmail": { "type": "boolean", - "description": "When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.\n" + "description": "If enabled then email provided by this provider is not verified even if verification is enabled for the realm.\n" }, "validateSignature": { "type": "boolean", @@ -13581,15 +12883,15 @@ }, "wantAssertionsEncrypted": { "type": "boolean", - "description": "Indicates whether this service provider expects an encrypted Assertion.\n" + "description": "Want Assertions Encrypted.\n" }, "wantAssertionsSigned": { "type": "boolean", - "description": "Indicates whether this service provider expects a signed Assertion.\n" + "description": "Want Assertions Signed.\n" }, "xmlSignKeyInfoKeyNameTransformer": { "type": "string", - "description": "The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.\n" + "description": "Sign Key Transformer.\n" } }, "required": [ @@ -13602,47 +12904,47 @@ "inputProperties": { "addReadTokenRoleOnCreate": { "type": "boolean", - "description": "When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.\n", + "description": "Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.\n", "willReplaceOnChanges": true }, "alias": { "type": "string", - "description": "The unique name of identity provider.\n", + "description": "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.\n", "willReplaceOnChanges": true }, "authenticateByDefault": { "type": "boolean", - "description": "Authenticate users by default. Defaults to `false`.\n" + "description": "Enable/disable authenticate users by default.\n" }, "authnContextClassRefs": { "type": "array", "items": { "type": "string" }, - "description": "Ordered list of requested AuthnContext ClassRefs.\n" + "description": "AuthnContext ClassRefs\n" }, "authnContextComparisonType": { "type": "string", - "description": "Specifies the comparison method used to evaluate the requested context classes or statements.\n" + "description": "AuthnContext Comparison\n" }, "authnContextDeclRefs": { "type": "array", "items": { "type": "string" }, - "description": "Ordered list of requested AuthnContext DeclRefs.\n" + "description": "AuthnContext DeclRefs\n" }, "backchannelSupported": { "type": "boolean", - "description": "Does the external IDP support backchannel logout?. Defaults to `false`.\n" + "description": "Does the external IDP support backchannel logout?\n" }, "displayName": { "type": "string", - "description": "The display name for the realm that is shown when logging in to the admin console.\n" + "description": "Friendly name for Identity Providers.\n" }, "enabled": { "type": "boolean", - "description": "When `false`, users and clients will not be able to access this realm. Defaults to `true`.\n" + "description": "Enable/disable this identity provider.\n" }, "entityId": { "type": "string", @@ -13656,23 +12958,23 @@ }, "firstBrokerLoginFlowAlias": { "type": "string", - "description": "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n" + "description": "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means\nthat there is not yet existing Keycloak account linked with the authenticated identity provider account.\n" }, "forceAuthn": { "type": "boolean", - "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n" + "description": "Require Force Authn.\n" }, "guiOrder": { "type": "string", - "description": "A number defining the order of this identity provider in the GUI.\n" + "description": "GUI Order\n" }, "hideOnLoginPage": { "type": "boolean", - "description": "If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n" + "description": "Hide On Login Page.\n" }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't\nwant to allow login from the provider, but want to integrate with a provider\n" }, "loginHint": { "type": "string", @@ -13680,44 +12982,44 @@ }, "nameIdPolicyFormat": { "type": "string", - "description": "Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n" + "description": "Name ID Policy Format.\n" }, "postBindingAuthnRequest": { "type": "boolean", - "description": "Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" + "description": "Post Binding Authn Request.\n" }, "postBindingLogout": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" + "description": "Post Binding Logout.\n" }, "postBindingResponse": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n" + "description": "Post Binding Response.\n" }, "postBrokerLoginFlowAlias": { "type": "string", - "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n" + "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want\nadditional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if\nyou don't want any additional authenticators to be triggered after login with this identity provider. Also note, that\nauthenticator implementations must assume that user is already set in ClientSession as identity provider already set it.\n" }, "principalAttribute": { "type": "string", - "description": "The principal attribute.\n" + "description": "Principal Attribute\n" }, "principalType": { "type": "string", - "description": "The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.\n" + "description": "Principal Type\n" }, "providerId": { "type": "string", - "description": "The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.\n" + "description": "provider id, is always saml, unless you have a custom implementation\n" }, "realm": { "type": "string", - "description": "The name of the realm. This is unique across Keycloak.\n", + "description": "Realm Name\n", "willReplaceOnChanges": true }, "signatureAlgorithm": { "type": "string", - "description": "Signing Algorithm. Defaults to empty.\n" + "description": "Signing Algorithm.\n" }, "signingCertificate": { "type": "string", @@ -13725,23 +13027,23 @@ }, "singleLogoutServiceUrl": { "type": "string", - "description": "The Url that must be used to send logout requests.\n" + "description": "Logout URL.\n" }, "singleSignOnServiceUrl": { "type": "string", - "description": "The Url that must be used to send authentication requests (SAML AuthnRequest).\n" + "description": "SSO Logout URL.\n" }, "storeToken": { "type": "boolean", - "description": "When `true`, tokens will be stored after authenticating users. Defaults to `true`.\n" + "description": "Enable/disable if tokens must be stored after authenticating users.\n" }, "syncMode": { "type": "string", - "description": "The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.\n" + "description": "Sync Mode\n" }, "trustEmail": { "type": "boolean", - "description": "When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.\n" + "description": "If enabled then email provided by this provider is not verified even if verification is enabled for the realm.\n" }, "validateSignature": { "type": "boolean", @@ -13749,15 +13051,15 @@ }, "wantAssertionsEncrypted": { "type": "boolean", - "description": "Indicates whether this service provider expects an encrypted Assertion.\n" + "description": "Want Assertions Encrypted.\n" }, "wantAssertionsSigned": { "type": "boolean", - "description": "Indicates whether this service provider expects a signed Assertion.\n" + "description": "Want Assertions Signed.\n" }, "xmlSignKeyInfoKeyNameTransformer": { "type": "string", - "description": "The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.\n" + "description": "Sign Key Transformer.\n" } }, "requiredInputs": [ @@ -13771,47 +13073,47 @@ "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", - "description": "When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.\n", + "description": "Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.\n", "willReplaceOnChanges": true }, "alias": { "type": "string", - "description": "The unique name of identity provider.\n", + "description": "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.\n", "willReplaceOnChanges": true }, "authenticateByDefault": { "type": "boolean", - "description": "Authenticate users by default. Defaults to `false`.\n" + "description": "Enable/disable authenticate users by default.\n" }, "authnContextClassRefs": { "type": "array", "items": { "type": "string" }, - "description": "Ordered list of requested AuthnContext ClassRefs.\n" + "description": "AuthnContext ClassRefs\n" }, "authnContextComparisonType": { "type": "string", - "description": "Specifies the comparison method used to evaluate the requested context classes or statements.\n" + "description": "AuthnContext Comparison\n" }, "authnContextDeclRefs": { "type": "array", "items": { "type": "string" }, - "description": "Ordered list of requested AuthnContext DeclRefs.\n" + "description": "AuthnContext DeclRefs\n" }, "backchannelSupported": { "type": "boolean", - "description": "Does the external IDP support backchannel logout?. Defaults to `false`.\n" + "description": "Does the external IDP support backchannel logout?\n" }, "displayName": { "type": "string", - "description": "The display name for the realm that is shown when logging in to the admin console.\n" + "description": "Friendly name for Identity Providers.\n" }, "enabled": { "type": "boolean", - "description": "When `false`, users and clients will not be able to access this realm. Defaults to `true`.\n" + "description": "Enable/disable this identity provider.\n" }, "entityId": { "type": "string", @@ -13825,19 +13127,19 @@ }, "firstBrokerLoginFlowAlias": { "type": "string", - "description": "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n" + "description": "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means\nthat there is not yet existing Keycloak account linked with the authenticated identity provider account.\n" }, "forceAuthn": { "type": "boolean", - "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n" + "description": "Require Force Authn.\n" }, "guiOrder": { "type": "string", - "description": "A number defining the order of this identity provider in the GUI.\n" + "description": "GUI Order\n" }, "hideOnLoginPage": { "type": "boolean", - "description": "If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n" + "description": "Hide On Login Page.\n" }, "internalId": { "type": "string", @@ -13845,7 +13147,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't\nwant to allow login from the provider, but want to integrate with a provider\n" }, "loginHint": { "type": "string", @@ -13853,44 +13155,44 @@ }, "nameIdPolicyFormat": { "type": "string", - "description": "Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n" + "description": "Name ID Policy Format.\n" }, "postBindingAuthnRequest": { "type": "boolean", - "description": "Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" + "description": "Post Binding Authn Request.\n" }, "postBindingLogout": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" + "description": "Post Binding Logout.\n" }, "postBindingResponse": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n" + "description": "Post Binding Response.\n" }, "postBrokerLoginFlowAlias": { "type": "string", - "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n" + "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want\nadditional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if\nyou don't want any additional authenticators to be triggered after login with this identity provider. Also note, that\nauthenticator implementations must assume that user is already set in ClientSession as identity provider already set it.\n" }, "principalAttribute": { "type": "string", - "description": "The principal attribute.\n" + "description": "Principal Attribute\n" }, "principalType": { "type": "string", - "description": "The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.\n" + "description": "Principal Type\n" }, "providerId": { "type": "string", - "description": "The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.\n" + "description": "provider id, is always saml, unless you have a custom implementation\n" }, "realm": { "type": "string", - "description": "The name of the realm. This is unique across Keycloak.\n", + "description": "Realm Name\n", "willReplaceOnChanges": true }, "signatureAlgorithm": { "type": "string", - "description": "Signing Algorithm. Defaults to empty.\n" + "description": "Signing Algorithm.\n" }, "signingCertificate": { "type": "string", @@ -13898,23 +13200,23 @@ }, "singleLogoutServiceUrl": { "type": "string", - "description": "The Url that must be used to send logout requests.\n" + "description": "Logout URL.\n" }, "singleSignOnServiceUrl": { "type": "string", - "description": "The Url that must be used to send authentication requests (SAML AuthnRequest).\n" + "description": "SSO Logout URL.\n" }, "storeToken": { "type": "boolean", - "description": "When `true`, tokens will be stored after authenticating users. Defaults to `true`.\n" + "description": "Enable/disable if tokens must be stored after authenticating users.\n" }, "syncMode": { "type": "string", - "description": "The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.\n" + "description": "Sync Mode\n" }, "trustEmail": { "type": "boolean", - "description": "When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.\n" + "description": "If enabled then email provided by this provider is not verified even if verification is enabled for the realm.\n" }, "validateSignature": { "type": "boolean", @@ -13922,22 +13224,22 @@ }, "wantAssertionsEncrypted": { "type": "boolean", - "description": "Indicates whether this service provider expects an encrypted Assertion.\n" + "description": "Want Assertions Encrypted.\n" }, "wantAssertionsSigned": { "type": "boolean", - "description": "Indicates whether this service provider expects a signed Assertion.\n" + "description": "Want Assertions Signed.\n" }, "xmlSignKeyInfoKeyNameTransformer": { "type": "string", - "description": "The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.\n" + "description": "Sign Key Transformer.\n" } }, "type": "object" } }, "keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper": { - "description": "Allows for creating and managing script protocol mappers for SAML clients within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce an attribute value based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n});\nconst samlScriptMapper = new keycloak.saml.ScriptProtocolMapper(\"samlScriptMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n script: \"exports = 'foo';\",\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\")\nsaml_script_mapper = keycloak.saml.ScriptProtocolMapper(\"samlScriptMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n script=\"exports = 'foo';\",\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n });\n\n var samlScriptMapper = new Keycloak.Saml.ScriptProtocolMapper(\"samlScriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Script = \"exports = 'foo';\",\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewScriptProtocolMapper(ctx, \"samlScriptMapper\", \u0026saml.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapper;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .build());\n\n var samlScriptMapper = new ScriptProtocolMapper(\"samlScriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .script(\"exports = 'foo';\")\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n samlScriptMapper:\n type: keycloak:saml:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n script: exports = 'foo';\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "Allows for creating and managing script protocol mappers for SAML clients within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce an attribute value based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n});\nconst samlScriptMapper = new keycloak.saml.ScriptProtocolMapper(\"samlScriptMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n script: \"exports = 'foo';\",\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\")\nsaml_script_mapper = keycloak.saml.ScriptProtocolMapper(\"samlScriptMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n script=\"exports = 'foo';\",\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n });\n\n var samlScriptMapper = new Keycloak.Saml.ScriptProtocolMapper(\"samlScriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Script = \"exports = 'foo';\",\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewScriptProtocolMapper(ctx, \"samlScriptMapper\", \u0026saml.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapper;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .build());\n\n var samlScriptMapper = new ScriptProtocolMapper(\"samlScriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .script(\"exports = 'foo';\")\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n samlScriptMapper:\n type: keycloak:saml:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n script: exports = 'foo';\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "clientId": { "type": "string", @@ -14077,39 +13379,31 @@ } }, "keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper": { - "description": "Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak.\n\nSAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute\nin a SAML assertion.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n});\nconst samlUserAttributeMapper = new keycloak.saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n userAttribute: \"displayName\",\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\")\nsaml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n user_attribute=\"displayName\",\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n });\n\n var samlUserAttributeMapper = new Keycloak.Saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n UserAttribute = \"displayName\",\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserAttributeProtocolMapper(ctx, \"samlUserAttributeMapper\", \u0026saml.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tUserAttribute: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .build());\n\n var samlUserAttributeMapper = new UserAttributeProtocolMapper(\"samlUserAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .userAttribute(\"displayName\")\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n samlUserAttributeMapper:\n type: keycloak:saml:UserAttributeProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n userAttribute: displayName\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.saml.UserAttributeProtocolMapper\n\nAllows for creating and managing user attribute protocol mappers for\nSAML clients within Keycloak.\n\nSAML user attribute protocol mappers allow you to map custom attributes defined\nfor a user within Keycloak to an attribute in a SAML assertion. Protocol mappers\ncan be defined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n clientId: \"test-saml-client\",\n realmId: keycloak_realm.test.id,\n});\nconst samlUserAttributeMapper = new keycloak.saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\", {\n clientId: samlClient.id,\n realmId: keycloak_realm.test.id,\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n userAttribute: \"displayName\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nsaml_client = keycloak.saml.Client(\"samlClient\",\n client_id=\"test-saml-client\",\n realm_id=keycloak_realm[\"test\"][\"id\"])\nsaml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\",\n client_id=saml_client.id,\n realm_id=keycloak_realm[\"test\"][\"id\"],\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\",\n user_attribute=\"displayName\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n ClientId = \"test-saml-client\",\n RealmId = keycloak_realm.Test.Id,\n });\n\n var samlUserAttributeMapper = new Keycloak.Saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\", new()\n {\n ClientId = samlClient.Id,\n RealmId = keycloak_realm.Test.Id,\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n UserAttribute = \"displayName\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tRealmId: pulumi.Any(keycloak_realm.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserAttributeProtocolMapper(ctx, \"samlUserAttributeMapper\", \u0026saml.UserAttributeProtocolMapperArgs{\n\t\t\tClientId: samlClient.ID(),\n\t\t\tRealmId: pulumi.Any(keycloak_realm.Test.Id),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t\tUserAttribute: pulumi.String(\"displayName\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .clientId(\"test-saml-client\")\n .realmId(keycloak_realm.test().id())\n .build());\n\n var samlUserAttributeMapper = new UserAttributeProtocolMapper(\"samlUserAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .clientId(samlClient.id())\n .realmId(keycloak_realm.test().id())\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .userAttribute(\"displayName\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n samlClient:\n type: keycloak:saml:Client\n properties:\n clientId: test-saml-client\n realmId: ${keycloak_realm.test.id}\n samlUserAttributeMapper:\n type: keycloak:saml:UserAttributeProtocolMapper\n properties:\n clientId: ${samlClient.id}\n realmId: ${keycloak_realm.test.id}\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n userAttribute: displayName\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_attribute` - (Required) The custom user attribute to map.\n- `friendly_name` - (Optional) An optional human-friendly name for this attribute.\n- `saml_attribute_name` - (Required) The name of the SAML attribute.\n- `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "clientId": { - "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "type": "string" }, "clientScopeId": { - "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "type": "string" }, "friendlyName": { - "type": "string", - "description": "An optional human-friendly name for this attribute.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "type": "string" }, "samlAttributeName": { - "type": "string", - "description": "The name of the SAML attribute.\n" + "type": "string" }, "samlAttributeNameFormat": { - "type": "string", - "description": "The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n" + "type": "string" }, "userAttribute": { - "type": "string", - "description": "The custom user attribute to map.\n" + "type": "string" } }, "required": [ @@ -14122,38 +13416,30 @@ "inputProperties": { "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", "willReplaceOnChanges": true }, "friendlyName": { - "type": "string", - "description": "An optional human-friendly name for this attribute.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", "willReplaceOnChanges": true }, "samlAttributeName": { - "type": "string", - "description": "The name of the SAML attribute.\n" + "type": "string" }, "samlAttributeNameFormat": { - "type": "string", - "description": "The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n" + "type": "string" }, "userAttribute": { - "type": "string", - "description": "The custom user attribute to map.\n" + "type": "string" } }, "requiredInputs": [ @@ -14167,77 +13453,61 @@ "properties": { "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", "willReplaceOnChanges": true }, "friendlyName": { - "type": "string", - "description": "An optional human-friendly name for this attribute.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", "willReplaceOnChanges": true }, "samlAttributeName": { - "type": "string", - "description": "The name of the SAML attribute.\n" + "type": "string" }, "samlAttributeNameFormat": { - "type": "string", - "description": "The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n" + "type": "string" }, "userAttribute": { - "type": "string", - "description": "The custom user attribute to map.\n" + "type": "string" } }, "type": "object" } }, "keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper": { - "description": "Allows for creating and managing user property protocol mappers for SAML clients within Keycloak.\n\nSAML user property protocol mappers allow you to map properties of the Keycloak\nuser model to an attribute in a SAML assertion.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n});\nconst samlUserPropertyMapper = new keycloak.saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n userProperty: \"email\",\n samlAttributeName: \"email\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\")\nsaml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n user_property=\"email\",\n saml_attribute_name=\"email\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n });\n\n var samlUserPropertyMapper = new Keycloak.Saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n UserProperty = \"email\",\n SamlAttributeName = \"email\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserPropertyProtocolMapper(ctx, \"samlUserPropertyMapper\", \u0026saml.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tSamlAttributeName: pulumi.String(\"email\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .build());\n\n var samlUserPropertyMapper = new UserPropertyProtocolMapper(\"samlUserPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .userProperty(\"email\")\n .samlAttributeName(\"email\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n samlUserPropertyMapper:\n type: keycloak:saml:UserPropertyProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n userProperty: email\n samlAttributeName: email\n samlAttributeNameFormat: Unspecified\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ```sh\n $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n ", + "description": "## # keycloak.saml.UserPropertyProtocolMapper\n\nAllows for creating and managing user property protocol mappers for\nSAML clients within Keycloak.\n\nSAML user property protocol mappers allow you to map properties of the Keycloak\nuser model to an attribute in a SAML assertion. Protocol mappers\ncan be defined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n clientId: \"test-saml-client\",\n realmId: keycloak_realm.test.id,\n});\nconst samlUserPropertyMapper = new keycloak.saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\", {\n clientId: samlClient.id,\n realmId: keycloak_realm.test.id,\n samlAttributeName: \"email\",\n samlAttributeNameFormat: \"Unspecified\",\n userProperty: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nsaml_client = keycloak.saml.Client(\"samlClient\",\n client_id=\"test-saml-client\",\n realm_id=keycloak_realm[\"test\"][\"id\"])\nsaml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\",\n client_id=saml_client.id,\n realm_id=keycloak_realm[\"test\"][\"id\"],\n saml_attribute_name=\"email\",\n saml_attribute_name_format=\"Unspecified\",\n user_property=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n ClientId = \"test-saml-client\",\n RealmId = keycloak_realm.Test.Id,\n });\n\n var samlUserPropertyMapper = new Keycloak.Saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\", new()\n {\n ClientId = samlClient.Id,\n RealmId = keycloak_realm.Test.Id,\n SamlAttributeName = \"email\",\n SamlAttributeNameFormat = \"Unspecified\",\n UserProperty = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tRealmId: pulumi.Any(keycloak_realm.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserPropertyProtocolMapper(ctx, \"samlUserPropertyMapper\", \u0026saml.UserPropertyProtocolMapperArgs{\n\t\t\tClientId: samlClient.ID(),\n\t\t\tRealmId: pulumi.Any(keycloak_realm.Test.Id),\n\t\t\tSamlAttributeName: pulumi.String(\"email\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .clientId(\"test-saml-client\")\n .realmId(keycloak_realm.test().id())\n .build());\n\n var samlUserPropertyMapper = new UserPropertyProtocolMapper(\"samlUserPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .clientId(samlClient.id())\n .realmId(keycloak_realm.test().id())\n .samlAttributeName(\"email\")\n .samlAttributeNameFormat(\"Unspecified\")\n .userProperty(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n samlClient:\n type: keycloak:saml:Client\n properties:\n clientId: test-saml-client\n realmId: ${keycloak_realm.test.id}\n samlUserPropertyMapper:\n type: keycloak:saml:UserPropertyProtocolMapper\n properties:\n clientId: ${samlClient.id}\n realmId: ${keycloak_realm.test.id}\n samlAttributeName: email\n samlAttributeNameFormat: Unspecified\n userProperty: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_property` - (Required) The property of the Keycloak user model to map.\n- `friendly_name` - (Optional) An optional human-friendly name for this attribute.\n- `saml_attribute_name` - (Required) The name of the SAML attribute.\n- `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "clientId": { - "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "type": "string" }, "clientScopeId": { - "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n" + "type": "string" }, "friendlyName": { - "type": "string", - "description": "An optional human-friendly name for this attribute.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this protocol mapper exists within.\n" + "type": "string" }, "samlAttributeName": { - "type": "string", - "description": "The name of the SAML attribute.\n" + "type": "string" }, "samlAttributeNameFormat": { - "type": "string", - "description": "The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n" + "type": "string" }, "userProperty": { - "type": "string", - "description": "The property of the Keycloak user model to map.\n" + "type": "string" } }, "required": [ @@ -14250,38 +13520,30 @@ "inputProperties": { "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", "willReplaceOnChanges": true }, "friendlyName": { - "type": "string", - "description": "An optional human-friendly name for this attribute.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", "willReplaceOnChanges": true }, "samlAttributeName": { - "type": "string", - "description": "The name of the SAML attribute.\n" + "type": "string" }, "samlAttributeNameFormat": { - "type": "string", - "description": "The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n" + "type": "string" }, "userProperty": { - "type": "string", - "description": "The property of the Keycloak user model to map.\n" + "type": "string" } }, "requiredInputs": [ @@ -14295,38 +13557,30 @@ "properties": { "clientId": { "type": "string", - "description": "The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.\n", "willReplaceOnChanges": true }, "clientScopeId": { "type": "string", - "description": "The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.\n", "willReplaceOnChanges": true }, "friendlyName": { - "type": "string", - "description": "An optional human-friendly name for this attribute.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The display name of this protocol mapper in the GUI.\n" + "type": "string" }, "realmId": { "type": "string", - "description": "The realm this protocol mapper exists within.\n", "willReplaceOnChanges": true }, "samlAttributeName": { - "type": "string", - "description": "The name of the SAML attribute.\n" + "type": "string" }, "samlAttributeNameFormat": { - "type": "string", - "description": "The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n" + "type": "string" }, "userProperty": { - "type": "string", - "description": "The property of the Keycloak user model to map.\n" + "type": "string" } }, "type": "object" @@ -14335,7 +13589,7 @@ }, "functions": { "keycloak:index/getAuthenticationExecution:getAuthenticationExecution": { - "description": "This data source can be used to fetch the ID of an authentication execution within Keycloak.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst browserAuthCookie = keycloak.getAuthenticationExecutionOutput({\n realmId: realm.id,\n parentFlowAlias: \"browser\",\n providerId: \"auth-cookie\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nbrowser_auth_cookie = keycloak.get_authentication_execution_output(realm_id=realm.id,\n parent_flow_alias=\"browser\",\n provider_id=\"auth-cookie\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var browserAuthCookie = Keycloak.GetAuthenticationExecution.Invoke(new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = \"browser\",\n ProviderId = \"auth-cookie\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = keycloak.GetAuthenticationExecutionOutput(ctx, keycloak.GetAuthenticationExecutionOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: pulumi.String(\"browser\"),\n\t\t\tProviderId: pulumi.String(\"auth-cookie\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetAuthenticationExecutionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var browserAuthCookie = KeycloakFunctions.getAuthenticationExecution(GetAuthenticationExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(\"browser\")\n .providerId(\"auth-cookie\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\nvariables:\n browserAuthCookie:\n fn::invoke:\n Function: keycloak:getAuthenticationExecution\n Arguments:\n realmId: ${realm.id}\n parentFlowAlias: browser\n providerId: auth-cookie\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch the ID of an authentication execution within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst browserAuthCookie = keycloak.getAuthenticationExecutionOutput({\n realmId: realm.id,\n parentFlowAlias: \"browser\",\n providerId: \"auth-cookie\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nbrowser_auth_cookie = keycloak.get_authentication_execution_output(realm_id=realm.id,\n parent_flow_alias=\"browser\",\n provider_id=\"auth-cookie\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var browserAuthCookie = Keycloak.GetAuthenticationExecution.Invoke(new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = \"browser\",\n ProviderId = \"auth-cookie\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = keycloak.GetAuthenticationExecutionOutput(ctx, keycloak.GetAuthenticationExecutionOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: pulumi.String(\"browser\"),\n\t\t\tProviderId: pulumi.String(\"auth-cookie\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetAuthenticationExecutionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var browserAuthCookie = KeycloakFunctions.getAuthenticationExecution(GetAuthenticationExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(\"browser\")\n .providerId(\"auth-cookie\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\nvariables:\n browserAuthCookie:\n fn::invoke:\n Function: keycloak:getAuthenticationExecution\n Arguments:\n realmId: ${realm.id}\n parentFlowAlias: browser\n providerId: auth-cookie\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAuthenticationExecution.\n", "properties": { @@ -14386,7 +13640,7 @@ } }, "keycloak:index/getAuthenticationFlow:getAuthenticationFlow": { - "description": "This data source can be used to fetch the ID of an authentication flow within Keycloak.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst browserAuthCookie = keycloak.getAuthenticationFlowOutput({\n realmId: realm.id,\n alias: \"browser\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nbrowser_auth_cookie = keycloak.get_authentication_flow_output(realm_id=realm.id,\n alias=\"browser\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var browserAuthCookie = Keycloak.GetAuthenticationFlow.Invoke(new()\n {\n RealmId = realm.Id,\n Alias = \"browser\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = keycloak.GetAuthenticationFlowOutput(ctx, keycloak.GetAuthenticationFlowOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"browser\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetAuthenticationFlowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var browserAuthCookie = KeycloakFunctions.getAuthenticationFlow(GetAuthenticationFlowArgs.builder()\n .realmId(realm.id())\n .alias(\"browser\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\nvariables:\n browserAuthCookie:\n fn::invoke:\n Function: keycloak:getAuthenticationFlow\n Arguments:\n realmId: ${realm.id}\n alias: browser\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch the ID of an authentication flow within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst browserAuthCookie = keycloak.getAuthenticationFlowOutput({\n realmId: realm.id,\n alias: \"browser\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nbrowser_auth_cookie = keycloak.get_authentication_flow_output(realm_id=realm.id,\n alias=\"browser\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var browserAuthCookie = Keycloak.GetAuthenticationFlow.Invoke(new()\n {\n RealmId = realm.Id,\n Alias = \"browser\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = keycloak.GetAuthenticationFlowOutput(ctx, keycloak.GetAuthenticationFlowOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"browser\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetAuthenticationFlowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var browserAuthCookie = KeycloakFunctions.getAuthenticationFlow(GetAuthenticationFlowArgs.builder()\n .realmId(realm.id())\n .alias(\"browser\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\nvariables:\n browserAuthCookie:\n fn::invoke:\n Function: keycloak:getAuthenticationFlow\n Arguments:\n realmId: ${realm.id}\n alias: browser\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAuthenticationFlow.\n", "properties": { @@ -14428,7 +13682,7 @@ } }, "keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter": { - "description": "This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak\nclient. This data can then be used to manage the client within Keycloak.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClientClientDescriptionConverter = keycloak.getClientDescriptionConverterOutput({\n realmId: realm.id,\n body: `\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`,\n});\nconst samlClientClient = new keycloak.saml.Client(\"samlClientClient\", {\n realmId: realm.id,\n clientId: samlClientClientDescriptionConverter.apply(samlClientClientDescriptionConverter =\u003e samlClientClientDescriptionConverter.clientId),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client_client_description_converter = keycloak.get_client_description_converter_output(realm_id=realm.id,\n body=\"\"\"\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\"\"\")\nsaml_client_client = keycloak.saml.Client(\"samlClientClient\",\n realm_id=realm.id,\n client_id=saml_client_client_description_converter.client_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClientClientDescriptionConverter = Keycloak.GetClientDescriptionConverter.Invoke(new()\n {\n RealmId = realm.Id,\n Body = @\"\t\u003cmd:EntityDescriptor xmlns:md=\"\"urn:oasis:names:tc:SAML:2.0:metadata\"\" validUntil=\"\"2021-04-17T12:41:46Z\"\" cacheDuration=\"\"PT604800S\"\" entityID=\"\"FakeEntityId\"\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"\"false\"\" WantAssertionsSigned=\"\"false\"\" protocolSupportEnumeration=\"\"urn:oasis:names:tc:SAML:2.0:protocol\"\"\u003e\n \u003cmd:KeyDescriptor use=\"\"signing\"\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"\"http://www.w3.org/2000/09/xmldsig#\"\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" Location=\"\"https://localhost/acs/saml/\"\" index=\"\"1\"\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\",\n });\n\n var samlClientClient = new Keycloak.Saml.Client(\"samlClientClient\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClientClientDescriptionConverter.Apply(getClientDescriptionConverterResult =\u003e getClientDescriptionConverterResult.ClientId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClientClientDescriptionConverter := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBody: pulumi.String(`\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`),\n\t\t}, nil)\n\t\t_, err = saml.NewClient(ctx, \"samlClientClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClientClientDescriptionConverter.ApplyT(func(samlClientClientDescriptionConverter keycloak.GetClientDescriptionConverterResult) (*string, error) {\n\t\t\t\treturn \u0026samlClientClientDescriptionConverter.ClientId, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetClientDescriptionConverterArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var samlClientClientDescriptionConverter = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder()\n .realmId(realm.id())\n .body(\"\"\"\n\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n \"\"\")\n .build());\n\n var samlClientClient = new Client(\"samlClientClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult).applyValue(samlClientClientDescriptionConverter -\u003e samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult.clientId())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: ${samlClientClientDescriptionConverter.clientId}\nvariables:\n samlClientClientDescriptionConverter:\n fn::invoke:\n Function: keycloak:getClientDescriptionConverter\n Arguments:\n realmId: ${realm.id}\n body: |\n \t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n \t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n \t\t\t\t\u003cds:X509Data\u003e\n \t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n \t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n \t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n \t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n \t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n \t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n \t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n \t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n \t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n \t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n \t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n \t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n \t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n \t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n \t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n \t\t\t\t\u003c/ds:X509Data\u003e\n \t\t\t\u003c/ds:KeyInfo\u003e\n \t\t\u003c/md:KeyDescriptor\u003e\n \t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n \u003c/md:EntityDescriptor\u003e\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak\nclient. This data can then be used to manage the client within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClientClientDescriptionConverter = keycloak.getClientDescriptionConverterOutput({\n realmId: realm.id,\n body: `\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`,\n});\nconst samlClientClient = new keycloak.saml.Client(\"samlClientClient\", {\n realmId: realm.id,\n clientId: samlClientClientDescriptionConverter.apply(samlClientClientDescriptionConverter =\u003e samlClientClientDescriptionConverter.clientId),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client_client_description_converter = keycloak.get_client_description_converter_output(realm_id=realm.id,\n body=\"\"\"\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\"\"\")\nsaml_client_client = keycloak.saml.Client(\"samlClientClient\",\n realm_id=realm.id,\n client_id=saml_client_client_description_converter.client_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClientClientDescriptionConverter = Keycloak.GetClientDescriptionConverter.Invoke(new()\n {\n RealmId = realm.Id,\n Body = @\"\t\u003cmd:EntityDescriptor xmlns:md=\"\"urn:oasis:names:tc:SAML:2.0:metadata\"\" validUntil=\"\"2021-04-17T12:41:46Z\"\" cacheDuration=\"\"PT604800S\"\" entityID=\"\"FakeEntityId\"\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"\"false\"\" WantAssertionsSigned=\"\"false\"\" protocolSupportEnumeration=\"\"urn:oasis:names:tc:SAML:2.0:protocol\"\"\u003e\n \u003cmd:KeyDescriptor use=\"\"signing\"\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"\"http://www.w3.org/2000/09/xmldsig#\"\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" Location=\"\"https://localhost/acs/saml/\"\" index=\"\"1\"\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\",\n });\n\n var samlClientClient = new Keycloak.Saml.Client(\"samlClientClient\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClientClientDescriptionConverter.Apply(getClientDescriptionConverterResult =\u003e getClientDescriptionConverterResult.ClientId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClientClientDescriptionConverter := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBody: pulumi.String(`\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`),\n\t\t}, nil)\n\t\t_, err = saml.NewClient(ctx, \"samlClientClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClientClientDescriptionConverter.ApplyT(func(samlClientClientDescriptionConverter keycloak.GetClientDescriptionConverterResult) (*string, error) {\n\t\t\t\treturn \u0026samlClientClientDescriptionConverter.ClientId, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetClientDescriptionConverterArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var samlClientClientDescriptionConverter = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder()\n .realmId(realm.id())\n .body(\"\"\"\n\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n \"\"\")\n .build());\n\n var samlClientClient = new Client(\"samlClientClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult).applyValue(samlClientClientDescriptionConverter -\u003e samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult.clientId())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: ${samlClientClientDescriptionConverter.clientId}\nvariables:\n samlClientClientDescriptionConverter:\n fn::invoke:\n Function: keycloak:getClientDescriptionConverter\n Arguments:\n realmId: ${realm.id}\n body: |\n \t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n \t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n \t\t\t\t\u003cds:X509Data\u003e\n \t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n \t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n \t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n \t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n \t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n \t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n \t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n \t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n \t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n \t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n \t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n \t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n \t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n \t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n \t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n \t\t\t\t\u003c/ds:X509Data\u003e\n \t\t\t\u003c/ds:KeyInfo\u003e\n \t\t\u003c/md:KeyDescriptor\u003e\n \t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n \u003c/md:EntityDescriptor\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientDescriptionConverter.\n", "properties": { @@ -14643,17 +13897,15 @@ } }, "keycloak:index/getGroup:getGroup": { - "description": "This data source can be used to fetch properties of a Keycloak group for\nusage with other resources, such as `keycloak.GroupRoles`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\nconst group = keycloak.getGroupOutput({\n realmId: realm.id,\n name: \"group\",\n});\nconst groupRoles = new keycloak.GroupRoles(\"groupRoles\", {\n realmId: realm.id,\n groupId: group.apply(group =\u003e group.id),\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\ngroup = keycloak.get_group_output(realm_id=realm.id,\n name=\"group\")\ngroup_roles = keycloak.GroupRoles(\"groupRoles\",\n realm_id=realm.id,\n group_id=group.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n var @group = Keycloak.GetGroup.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"group\",\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"groupRoles\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Apply(@group =\u003e @group.Apply(getGroupResult =\u003e getGroupResult.Id)),\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\tgroup := keycloak.LookupGroupOutput(ctx, keycloak.GetGroupOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"group\"),\n\t\t}, nil)\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"groupRoles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ApplyT(func(group keycloak.GetGroupResult) (*string, error) {\n\t\t\t\treturn \u0026group.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tofflineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.inputs.GetGroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder()\n .realmId(realm.id())\n .name(\"group\")\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .realmId(realm.id())\n .groupId(group.applyValue(getGroupResult -\u003e getGroupResult).applyValue(group -\u003e group.applyValue(getGroupResult -\u003e getGroupResult.id())))\n .roleIds(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n name: offline_access\n group:\n fn::invoke:\n Function: keycloak:getGroup\n Arguments:\n realmId: ${realm.id}\n name: group\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "## # keycloak.Group data source\n\nThis data source can be used to fetch properties of a Keycloak group for\nusage with other resources, such as `keycloak.GroupRoles`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.inputs.GetGroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .name(\"offline_access\")\n .realmId(realm.id())\n .build());\n\n final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder()\n .name(\"group\")\n .realmId(realm.id())\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .groupId(group.applyValue(getGroupResult -\u003e getGroupResult).applyValue(group -\u003e group.applyValue(getGroupResult -\u003e getGroupResult.id())))\n .realmId(realm.id())\n .roles(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n groupId: ${group.id}\n realmId: ${realm.id}\n roles:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n name: offline_access\n realmId: ${realm.id}\n group:\n fn::invoke:\n Function: keycloak:getGroup\n Arguments:\n name: group\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists within.\n- `name` - (Required) The name of the group\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `id` - The unique ID of the group, which can be used as an argument to\n other resources supported by this provider.\n", "inputs": { "description": "A collection of arguments for invoking getGroup.\n", "properties": { "name": { - "type": "string", - "description": "The name of the group. If there are multiple groups match `name`, the first result will be returned.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this group exists within.\n" + "type": "string" } }, "type": "object", @@ -14700,7 +13952,7 @@ } }, "keycloak:index/getRealm:getRealm": { - "description": "This data source can be used to fetch properties of a Keycloak realm for\nusage with other resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = keycloak.getRealm({\n realm: \"my-realm\",\n});\nconst group = new keycloak.Role(\"group\", {realmId: realm.then(realm =\u003e realm.id)});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.get_realm(realm=\"my-realm\")\ngroup = keycloak.Role(\"group\", realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"my-realm\",\n });\n\n var @group = new Keycloak.Role(\"group\", new()\n {\n RealmId = realm.Apply(getRealmResult =\u003e getRealmResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"my-realm\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"group\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: *pulumi.String(realm.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var group = new Role(\"group\", RoleArgs.builder() \n .realmId(realm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\nvariables:\n realm: # use the data source\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: my-realm\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "## # keycloak.Realm data source\n\nThis data source can be used to fetch properties of a Keycloak realm for\nusage with other resources.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = keycloak.getRealm({\n realm: \"my-realm\",\n});\nconst group = new keycloak.Role(\"group\", {realmId: data.keycloak_realm.id});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.get_realm(realm=\"my-realm\")\ngroup = keycloak.Role(\"group\", realm_id=data[\"keycloak_realm\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"my-realm\",\n });\n\n var @group = new Keycloak.Role(\"group\", new()\n {\n RealmId = data.Keycloak_realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"my-realm\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"group\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: pulumi.Any(data.Keycloak_realm.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var group = new Role(\"group\", RoleArgs.builder() \n .realmId(data.keycloak_realm().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: keycloak:Role\n properties:\n realmId: ${data.keycloak_realm.id}\nvariables:\n realm: # use the data source\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: my-realm\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The realm name.\n\n### Attributes Reference\n\nSee the docs for the `keycloak.Realm` resource for details on the exported attributes.\n", "inputs": { "description": "A collection of arguments for invoking getRealm.\n", "properties": { @@ -14735,8 +13987,7 @@ "$ref": "#/types/keycloak:index/getRealmOtpPolicy:getRealmOtpPolicy" }, "realm": { - "type": "string", - "description": "The realm name.\n" + "type": "string" }, "securityDefenses": { "type": "array", @@ -15018,7 +14269,7 @@ } }, "keycloak:index/getRealmKeys:getRealmKeys": { - "description": "Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status.\n\nRemarks:\n\n- A key must meet all filter criteria\n- This data source may return more than one value.\n- If no key matches the filter criteria, then an error will be returned.\n", + "description": "## # keycloak.getRealmKeys data source\n\nUse this data source to get the keys of a realm. Keys can be filtered by algorithm and status.\n\nRemarks:\n\n- A key must meet all filter criteria\n- This datasource may return more than one value.\n- If no key matches the filter criteria, then an error is returned.\n\n", "inputs": { "description": "A collection of arguments for invoking getRealmKeys.\n", "properties": { @@ -15026,19 +14277,16 @@ "type": "array", "items": { "type": "string" - }, - "description": "When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc.\n" + } }, "realmId": { - "type": "string", - "description": "The realm from which the keys will be retrieved.\n" + "type": "string" }, "statuses": { "type": "array", "items": { "type": "string" - }, - "description": "When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`.\n" + } } }, "type": "object", @@ -15063,8 +14311,7 @@ "type": "array", "items": { "$ref": "#/types/keycloak:index/getRealmKeysKey:getRealmKeysKey" - }, - "description": "(Computed) A list of keys that match the filter criteria. Each key has the following attributes:\n" + } }, "realmId": { "type": "string" @@ -15073,8 +14320,7 @@ "type": "array", "items": { "type": "string" - }, - "description": "Key status (string)\n" + } } }, "type": "object", @@ -15086,21 +14332,18 @@ } }, "keycloak:index/getRole:getRole": { - "description": "This data source can be used to fetch properties of a Keycloak role for\nusage with other resources, such as `keycloak.GroupRoles`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst groupRoles = new keycloak.GroupRoles(\"groupRoles\", {\n realmId: realm.id,\n groupId: group.id,\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\ngroup_roles = keycloak.GroupRoles(\"groupRoles\",\n realm_id=realm.id,\n group_id=group.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"groupRoles\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"groupRoles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tofflineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .realmId(realm.id())\n .groupId(group.id())\n .roleIds(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n offlineAccess: # use the data source\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n name: offline_access\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "## # keycloak.Role data source\n\nThis data source can be used to fetch properties of a Keycloak role for\nusage with other resources, such as `keycloak.GroupRoles`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .name(\"offline_access\")\n .realmId(realm.id())\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .groupId(group.id())\n .realmId(realm.id())\n .roles(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n groupId: ${group.id}\n realmId: ${realm.id}\n roles:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n name: offline_access\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this role exists within.\n- `client_id` - (Optional) When specified, this role is assumed to be a\n client role belonging to the client with the provided ID\n- `name` - (Required) The name of the role\n \n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `id` - The unique ID of the role, which can be used as an argument to\n other resources supported by this provider.\n- `description` - The description of the role.\n", "inputs": { "description": "A collection of arguments for invoking getRole.\n", "properties": { "clientId": { - "type": "string", - "description": "When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here.\n" + "type": "string" }, "name": { - "type": "string", - "description": "The name of the role.\n" + "type": "string" }, "realmId": { - "type": "string", - "description": "The realm this role exists within.\n" + "type": "string" } }, "type": "object", @@ -15128,8 +14371,7 @@ } }, "description": { - "type": "string", - "description": "(Computed) The description of the role.\n" + "type": "string" }, "id": { "type": "string", @@ -15154,7 +14396,7 @@ } }, "keycloak:index/getUser:getUser": { - "description": "This data source can be used to fetch properties of a user within Keycloak.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\nexport const keycloakUserId = defaultAdminUser.then(defaultAdminUser =\u003e defaultAdminUser.id);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\npulumi.export(\"keycloakUserId\", default_admin_user.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserId\"] = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserId\", defaultAdminUser.Id)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .username(\"keycloak\")\n .build());\n\n ctx.export(\"keycloakUserId\", defaultAdminUser.applyValue(getUserResult -\u003e getUserResult.id()));\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: master\n defaultAdminUser:\n fn::invoke:\n Function: keycloak:getUser\n Arguments:\n realmId: ${masterRealm.id}\n username: keycloak\noutputs:\n keycloakUserId: ${defaultAdminUser.id}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch properties of a user within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\nexport const keycloakUserId = defaultAdminUser.then(defaultAdminUser =\u003e defaultAdminUser.id);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\npulumi.export(\"keycloakUserId\", default_admin_user.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserId\"] = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserId\", defaultAdminUser.Id)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .username(\"keycloak\")\n .build());\n\n ctx.export(\"keycloakUserId\", defaultAdminUser.applyValue(getUserResult -\u003e getUserResult.id()));\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: master\n defaultAdminUser:\n fn::invoke:\n Function: keycloak:getUser\n Arguments:\n realmId: ${masterRealm.id}\n username: keycloak\noutputs:\n keycloakUserId: ${defaultAdminUser.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUser.\n", "properties": { @@ -15244,7 +14486,7 @@ } }, "keycloak:index/getUserRealmRoles:getUserRealmRoles": { - "description": "This data source can be used to fetch the realm roles of a user within Keycloak.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\nconst userRealmRoles = Promise.all([masterRealm, defaultAdminUser]).then(([masterRealm, defaultAdminUser]) =\u003e keycloak.getUserRealmRoles({\n realmId: masterRealm.id,\n userId: defaultAdminUser.id,\n}));\nexport const keycloakUserRoleNames = userRealmRoles.then(userRealmRoles =\u003e userRealmRoles.roleNames);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\nuser_realm_roles = keycloak.get_user_realm_roles(realm_id=master_realm.id,\n user_id=default_admin_user.id)\npulumi.export(\"keycloakUserRoleNames\", user_realm_roles.role_names)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n var userRealmRoles = Keycloak.GetUserRealmRoles.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n UserId = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserRoleNames\"] = userRealmRoles.Apply(getUserRealmRolesResult =\u003e getUserRealmRolesResult.RoleNames),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserRealmRoles, err := keycloak.GetUserRealmRoles(ctx, \u0026keycloak.GetUserRealmRolesArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUserId: defaultAdminUser.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserRoleNames\", userRealmRoles.RoleNames)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport com.pulumi.keycloak.inputs.GetUserRealmRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .username(\"keycloak\")\n .build());\n\n final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .userId(defaultAdminUser.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n ctx.export(\"keycloakUserRoleNames\", userRealmRoles.applyValue(getUserRealmRolesResult -\u003e getUserRealmRolesResult.roleNames()));\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: master\n defaultAdminUser:\n fn::invoke:\n Function: keycloak:getUser\n Arguments:\n realmId: ${masterRealm.id}\n username: keycloak\n userRealmRoles:\n fn::invoke:\n Function: keycloak:getUserRealmRoles\n Arguments:\n realmId: ${masterRealm.id}\n userId: ${defaultAdminUser.id}\noutputs:\n keycloakUserRoleNames: ${userRealmRoles.roleNames}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch the realm roles of a user within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\nconst userRealmRoles = Promise.all([masterRealm, defaultAdminUser]).then(([masterRealm, defaultAdminUser]) =\u003e keycloak.getUserRealmRoles({\n realmId: masterRealm.id,\n userId: defaultAdminUser.id,\n}));\nexport const keycloakUserRoleNames = userRealmRoles.then(userRealmRoles =\u003e userRealmRoles.roleNames);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\nuser_realm_roles = keycloak.get_user_realm_roles(realm_id=master_realm.id,\n user_id=default_admin_user.id)\npulumi.export(\"keycloakUserRoleNames\", user_realm_roles.role_names)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n var userRealmRoles = Keycloak.GetUserRealmRoles.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n UserId = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserRoleNames\"] = userRealmRoles.Apply(getUserRealmRolesResult =\u003e getUserRealmRolesResult.RoleNames),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserRealmRoles, err := keycloak.GetUserRealmRoles(ctx, \u0026keycloak.GetUserRealmRolesArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUserId: defaultAdminUser.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserRoleNames\", userRealmRoles.RoleNames)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport com.pulumi.keycloak.inputs.GetUserRealmRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .username(\"keycloak\")\n .build());\n\n final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .userId(defaultAdminUser.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n ctx.export(\"keycloakUserRoleNames\", userRealmRoles.applyValue(getUserRealmRolesResult -\u003e getUserRealmRolesResult.roleNames()));\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: master\n defaultAdminUser:\n fn::invoke:\n Function: keycloak:getUser\n Arguments:\n realmId: ${masterRealm.id}\n username: keycloak\n userRealmRoles:\n fn::invoke:\n Function: keycloak:getUserRealmRoles\n Arguments:\n realmId: ${masterRealm.id}\n userId: ${defaultAdminUser.id}\noutputs:\n keycloakUserRoleNames: ${userRealmRoles.roleNames}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUserRealmRoles.\n", "properties": { @@ -15294,13 +14536,12 @@ } }, "keycloak:openid/getClient:getClient": { - "description": "This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n admin:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "## # keycloak.openid.Client data source\n\nThis data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n admin:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm id.\n- `client_id` - (Required) The client id.\n\n### Attributes Reference\n\nSee the docs for the `keycloak.openid.Client` resource for details on the exported attributes.\n", "inputs": { "description": "A collection of arguments for invoking getClient.\n", "properties": { "clientId": { - "type": "string", - "description": "The client id (not its unique ID).\n" + "type": "string" }, "consentScreenText": { "type": "string" @@ -15324,8 +14565,7 @@ "type": "string" }, "realmId": { - "type": "string", - "description": "The realm id.\n" + "type": "string" } }, "type": "object", @@ -15543,7 +14783,7 @@ } }, "keycloak:openid/getClientAuthorizationPolicy:getClientAuthorizationPolicy": { - "description": "This data source can be used to fetch policy and permission information for an OpenID client that has authorization enabled.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nIn this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default\npermission for this client called \"Default Permission\". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data\nsource to fetch information about this permission, so we can use it to create a new resource-based authorization permission.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientWithAuthz = new keycloak.openid.Client(\"clientWithAuthz\", {\n clientId: \"client-with-authz\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst defaultPermission = keycloak.openid.getClientAuthorizationPolicyOutput({\n realmId: realm.id,\n resourceServerId: clientWithAuthz.resourceServerId,\n name: \"Default Permission\",\n});\nconst resource = new keycloak.openid.ClientAuthorizationResource(\"resource\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n realmId: realm.id,\n uris: [\"/endpoint/*\"],\n attributes: {\n foo: \"bar\",\n },\n});\nconst permission = new keycloak.openid.ClientAuthorizationPermission(\"permission\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n realmId: realm.id,\n policies: [defaultPermission.apply(defaultPermission =\u003e defaultPermission.id)],\n resources: [resource.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_with_authz = keycloak.openid.Client(\"clientWithAuthz\",\n client_id=\"client-with-authz\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization=keycloak.openid.ClientAuthorizationArgs(\n policy_enforcement_mode=\"ENFORCING\",\n ))\ndefault_permission = keycloak.openid.get_client_authorization_policy_output(realm_id=realm.id,\n resource_server_id=client_with_authz.resource_server_id,\n name=\"Default Permission\")\nresource = keycloak.openid.ClientAuthorizationResource(\"resource\",\n resource_server_id=client_with_authz.resource_server_id,\n realm_id=realm.id,\n uris=[\"/endpoint/*\"],\n attributes={\n \"foo\": \"bar\",\n })\npermission = keycloak.openid.ClientAuthorizationPermission(\"permission\",\n resource_server_id=client_with_authz.resource_server_id,\n realm_id=realm.id,\n policies=[default_permission.id],\n resources=[resource.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientWithAuthz = new Keycloak.OpenId.Client(\"clientWithAuthz\", new()\n {\n ClientId = \"client-with-authz\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var defaultPermission = Keycloak.OpenId.GetClientAuthorizationPolicy.Invoke(new()\n {\n RealmId = realm.Id,\n ResourceServerId = clientWithAuthz.ResourceServerId,\n Name = \"Default Permission\",\n });\n\n var resource = new Keycloak.OpenId.ClientAuthorizationResource(\"resource\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n RealmId = realm.Id,\n Uris = new[]\n {\n \"/endpoint/*\",\n },\n Attributes = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var permission = new Keycloak.OpenId.ClientAuthorizationPermission(\"permission\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n RealmId = realm.Id,\n Policies = new[]\n {\n defaultPermission.Apply(getClientAuthorizationPolicyResult =\u003e getClientAuthorizationPolicyResult.Id),\n },\n Resources = new[]\n {\n resource.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientWithAuthz, err := openid.NewClient(ctx, \"clientWithAuthz\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client-with-authz\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultPermission := openid.GetClientAuthorizationPolicyOutput(ctx, openid.GetClientAuthorizationPolicyOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tName: pulumi.String(\"Default Permission\"),\n\t\t}, nil)\n\t\tresource, err := openid.NewClientAuthorizationResource(ctx, \"resource\", \u0026openid.ClientAuthorizationResourceArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"/endpoint/*\"),\n\t\t\t},\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationPermission(ctx, \"permission\", \u0026openid.ClientAuthorizationPermissionArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\tdefaultPermission.ApplyT(func(defaultPermission openid.GetClientAuthorizationPolicyResult) (*string, error) {\n\t\t\t\t\treturn \u0026defaultPermission.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tresource.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientAuthorizationPolicyArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResource;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResourceArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermission;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientWithAuthz = new Client(\"clientWithAuthz\", ClientArgs.builder() \n .clientId(\"client-with-authz\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n final var defaultPermission = OpenidFunctions.getClientAuthorizationPolicy(GetClientAuthorizationPolicyArgs.builder()\n .realmId(realm.id())\n .resourceServerId(clientWithAuthz.resourceServerId())\n .name(\"Default Permission\")\n .build());\n\n var resource = new ClientAuthorizationResource(\"resource\", ClientAuthorizationResourceArgs.builder() \n .resourceServerId(clientWithAuthz.resourceServerId())\n .realmId(realm.id())\n .uris(\"/endpoint/*\")\n .attributes(Map.of(\"foo\", \"bar\"))\n .build());\n\n var permission = new ClientAuthorizationPermission(\"permission\", ClientAuthorizationPermissionArgs.builder() \n .resourceServerId(clientWithAuthz.resourceServerId())\n .realmId(realm.id())\n .policies(defaultPermission.applyValue(getClientAuthorizationPolicyResult -\u003e getClientAuthorizationPolicyResult).applyValue(defaultPermission -\u003e defaultPermission.applyValue(getClientAuthorizationPolicyResult -\u003e getClientAuthorizationPolicyResult.id())))\n .resources(resource.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientWithAuthz:\n type: keycloak:openid:Client\n properties:\n clientId: client-with-authz\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n resource:\n type: keycloak:openid:ClientAuthorizationResource\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n realmId: ${realm.id}\n uris:\n - /endpoint/*\n attributes:\n foo: bar\n permission:\n type: keycloak:openid:ClientAuthorizationPermission\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n realmId: ${realm.id}\n policies:\n - ${defaultPermission.id}\n resources:\n - ${resource.id}\nvariables:\n defaultPermission:\n fn::invoke:\n Function: keycloak:openid:getClientAuthorizationPolicy\n Arguments:\n realmId: ${realm.id}\n resourceServerId: ${clientWithAuthz.resourceServerId}\n name: Default Permission\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch policy and permission information for an OpenID client that has authorization enabled.\n\n## Example Usage\n\nIn this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default\npermission for this client called \"Default Permission\". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data\nsource to fetch information about this permission, so we can use it to create a new resource-based authorization permission.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientWithAuthz = new keycloak.openid.Client(\"clientWithAuthz\", {\n clientId: \"client-with-authz\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst defaultPermission = keycloak.openid.getClientAuthorizationPolicyOutput({\n realmId: realm.id,\n resourceServerId: clientWithAuthz.resourceServerId,\n name: \"Default Permission\",\n});\nconst resource = new keycloak.openid.ClientAuthorizationResource(\"resource\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n realmId: realm.id,\n uris: [\"/endpoint/*\"],\n attributes: {\n foo: \"bar\",\n },\n});\nconst permission = new keycloak.openid.ClientAuthorizationPermission(\"permission\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n realmId: realm.id,\n policies: [defaultPermission.apply(defaultPermission =\u003e defaultPermission.id)],\n resources: [resource.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_with_authz = keycloak.openid.Client(\"clientWithAuthz\",\n client_id=\"client-with-authz\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization=keycloak.openid.ClientAuthorizationArgs(\n policy_enforcement_mode=\"ENFORCING\",\n ))\ndefault_permission = keycloak.openid.get_client_authorization_policy_output(realm_id=realm.id,\n resource_server_id=client_with_authz.resource_server_id,\n name=\"Default Permission\")\nresource = keycloak.openid.ClientAuthorizationResource(\"resource\",\n resource_server_id=client_with_authz.resource_server_id,\n realm_id=realm.id,\n uris=[\"/endpoint/*\"],\n attributes={\n \"foo\": \"bar\",\n })\npermission = keycloak.openid.ClientAuthorizationPermission(\"permission\",\n resource_server_id=client_with_authz.resource_server_id,\n realm_id=realm.id,\n policies=[default_permission.id],\n resources=[resource.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientWithAuthz = new Keycloak.OpenId.Client(\"clientWithAuthz\", new()\n {\n ClientId = \"client-with-authz\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var defaultPermission = Keycloak.OpenId.GetClientAuthorizationPolicy.Invoke(new()\n {\n RealmId = realm.Id,\n ResourceServerId = clientWithAuthz.ResourceServerId,\n Name = \"Default Permission\",\n });\n\n var resource = new Keycloak.OpenId.ClientAuthorizationResource(\"resource\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n RealmId = realm.Id,\n Uris = new[]\n {\n \"/endpoint/*\",\n },\n Attributes = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var permission = new Keycloak.OpenId.ClientAuthorizationPermission(\"permission\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n RealmId = realm.Id,\n Policies = new[]\n {\n defaultPermission.Apply(getClientAuthorizationPolicyResult =\u003e getClientAuthorizationPolicyResult.Id),\n },\n Resources = new[]\n {\n resource.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientWithAuthz, err := openid.NewClient(ctx, \"clientWithAuthz\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client-with-authz\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultPermission := openid.GetClientAuthorizationPolicyOutput(ctx, openid.GetClientAuthorizationPolicyOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tName: pulumi.String(\"Default Permission\"),\n\t\t}, nil)\n\t\tresource, err := openid.NewClientAuthorizationResource(ctx, \"resource\", \u0026openid.ClientAuthorizationResourceArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"/endpoint/*\"),\n\t\t\t},\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationPermission(ctx, \"permission\", \u0026openid.ClientAuthorizationPermissionArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\tdefaultPermission.ApplyT(func(defaultPermission openid.GetClientAuthorizationPolicyResult) (*string, error) {\n\t\t\t\t\treturn \u0026defaultPermission.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tresource.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientAuthorizationPolicyArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResource;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResourceArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermission;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientWithAuthz = new Client(\"clientWithAuthz\", ClientArgs.builder() \n .clientId(\"client-with-authz\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n final var defaultPermission = OpenidFunctions.getClientAuthorizationPolicy(GetClientAuthorizationPolicyArgs.builder()\n .realmId(realm.id())\n .resourceServerId(clientWithAuthz.resourceServerId())\n .name(\"Default Permission\")\n .build());\n\n var resource = new ClientAuthorizationResource(\"resource\", ClientAuthorizationResourceArgs.builder() \n .resourceServerId(clientWithAuthz.resourceServerId())\n .realmId(realm.id())\n .uris(\"/endpoint/*\")\n .attributes(Map.of(\"foo\", \"bar\"))\n .build());\n\n var permission = new ClientAuthorizationPermission(\"permission\", ClientAuthorizationPermissionArgs.builder() \n .resourceServerId(clientWithAuthz.resourceServerId())\n .realmId(realm.id())\n .policies(defaultPermission.applyValue(getClientAuthorizationPolicyResult -\u003e getClientAuthorizationPolicyResult).applyValue(defaultPermission -\u003e defaultPermission.applyValue(getClientAuthorizationPolicyResult -\u003e getClientAuthorizationPolicyResult.id())))\n .resources(resource.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientWithAuthz:\n type: keycloak:openid:Client\n properties:\n clientId: client-with-authz\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n resource:\n type: keycloak:openid:ClientAuthorizationResource\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n realmId: ${realm.id}\n uris:\n - /endpoint/*\n attributes:\n foo: bar\n permission:\n type: keycloak:openid:ClientAuthorizationPermission\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n realmId: ${realm.id}\n policies:\n - ${defaultPermission.id}\n resources:\n - ${resource.id}\nvariables:\n defaultPermission:\n fn::invoke:\n Function: keycloak:openid:getClientAuthorizationPolicy\n Arguments:\n realmId: ${realm.id}\n resourceServerId: ${clientWithAuthz.resourceServerId}\n name: Default Permission\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientAuthorizationPolicy.\n", "properties": { @@ -15638,7 +14878,7 @@ } }, "keycloak:openid/getClientScope:getClientScope": { - "description": "This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst offlineAccess = keycloak.openid.getClientScope({\n realmId: \"my-realm\",\n name: \"offline_access\",\n});\n// use the data source\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: offlineAccess.then(offlineAccess =\u003e offlineAccess.realmId),\n clientScopeId: offlineAccess.then(offlineAccess =\u003e offlineAccess.id),\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\noffline_access = keycloak.openid.get_client_scope(realm_id=\"my-realm\",\n name=\"offline_access\")\n# use the data source\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=offline_access.realm_id,\n client_scope_id=offline_access.id,\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var offlineAccess = Keycloak.OpenId.GetClientScope.Invoke(new()\n {\n RealmId = \"my-realm\",\n Name = \"offline_access\",\n });\n\n // use the data source\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.RealmId),\n ClientScopeId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.Id),\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tofflineAccess, err := openid.LookupClientScope(ctx, \u0026openid.LookupClientScopeArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tName: \"offline_access\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: *pulumi.String(offlineAccess.RealmId),\n\t\t\tClientScopeId: *pulumi.String(offlineAccess.Id),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var offlineAccess = OpenidFunctions.getClientScope(GetClientScopeArgs.builder()\n .realmId(\"my-realm\")\n .name(\"offline_access\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.realmId()))\n .clientScopeId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.id()))\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${offlineAccess.realmId}\n clientScopeId: ${offlineAccess.id}\n includedCustomAudience: foo\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:openid:getClientScope\n Arguments:\n realmId: my-realm\n name: offline_access\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst offlineAccess = keycloak.openid.getClientScope({\n realmId: \"my-realm\",\n name: \"offline_access\",\n});\n// use the data source\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: offlineAccess.then(offlineAccess =\u003e offlineAccess.realmId),\n clientScopeId: offlineAccess.then(offlineAccess =\u003e offlineAccess.id),\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\noffline_access = keycloak.openid.get_client_scope(realm_id=\"my-realm\",\n name=\"offline_access\")\n# use the data source\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=offline_access.realm_id,\n client_scope_id=offline_access.id,\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var offlineAccess = Keycloak.OpenId.GetClientScope.Invoke(new()\n {\n RealmId = \"my-realm\",\n Name = \"offline_access\",\n });\n\n // use the data source\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.RealmId),\n ClientScopeId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.Id),\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tofflineAccess, err := openid.LookupClientScope(ctx, \u0026openid.LookupClientScopeArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tName: \"offline_access\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: *pulumi.String(offlineAccess.RealmId),\n\t\t\tClientScopeId: *pulumi.String(offlineAccess.Id),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var offlineAccess = OpenidFunctions.getClientScope(GetClientScopeArgs.builder()\n .realmId(\"my-realm\")\n .name(\"offline_access\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.realmId()))\n .clientScopeId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.id()))\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${offlineAccess.realmId}\n clientScopeId: ${offlineAccess.id}\n includedCustomAudience: foo\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:openid:getClientScope\n Arguments:\n realmId: my-realm\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientScope.\n", "properties": { @@ -15696,7 +14936,7 @@ } }, "keycloak:openid/getClientServiceAccountUser:getClientServiceAccountUser": { - "description": "This data source can be used to fetch information about the service account user that is associated with an OpenID client\nthat has service accounts enabled.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nIn this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user\nthat represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this\nuser, using the `keycloak.UserRoles` resource.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst serviceAccountUser = keycloak.openid.getClientServiceAccountUserOutput({\n realmId: realm.id,\n clientId: client.id,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\nconst serviceAccountUserRoles = new keycloak.UserRoles(\"serviceAccountUserRoles\", {\n realmId: realm.id,\n userId: serviceAccountUser.apply(serviceAccountUser =\u003e serviceAccountUser.id),\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nservice_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id,\n client_id=client.id)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\nservice_account_user_roles = keycloak.UserRoles(\"serviceAccountUserRoles\",\n realm_id=realm.id,\n user_id=service_account_user.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var serviceAccountUser = Keycloak.OpenId.GetClientServiceAccountUser.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n var serviceAccountUserRoles = new Keycloak.UserRoles(\"serviceAccountUserRoles\", new()\n {\n RealmId = realm.Id,\n UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult =\u003e getClientServiceAccountUserResult.Id),\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccountUser := openid.GetClientServiceAccountUserOutput(ctx, openid.GetClientServiceAccountUserOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t}, nil)\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\t_, err = keycloak.NewUserRoles(ctx, \"serviceAccountUserRoles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: serviceAccountUser.ApplyT(func(serviceAccountUser openid.GetClientServiceAccountUserResult) (*string, error) {\n\t\t\t\treturn \u0026serviceAccountUser.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tofflineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientServiceAccountUserArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n final var serviceAccountUser = OpenidFunctions.getClientServiceAccountUser(GetClientServiceAccountUserArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n var serviceAccountUserRoles = new UserRoles(\"serviceAccountUserRoles\", UserRolesArgs.builder() \n .realmId(realm.id())\n .userId(serviceAccountUser.applyValue(getClientServiceAccountUserResult -\u003e getClientServiceAccountUserResult).applyValue(serviceAccountUser -\u003e serviceAccountUser.applyValue(getClientServiceAccountUserResult -\u003e getClientServiceAccountUserResult.id())))\n .roleIds(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n serviceAccountUserRoles:\n type: keycloak:UserRoles\n properties:\n realmId: ${realm.id}\n userId: ${serviceAccountUser.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n serviceAccountUser:\n fn::invoke:\n Function: keycloak:openid:getClientServiceAccountUser\n Arguments:\n realmId: ${realm.id}\n clientId: ${client.id}\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n name: offline_access\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch information about the service account user that is associated with an OpenID client\nthat has service accounts enabled.\n\n## Example Usage\n\nIn this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user\nthat represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this\nuser, using the `keycloak.UserRoles` resource.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst serviceAccountUser = keycloak.openid.getClientServiceAccountUserOutput({\n realmId: realm.id,\n clientId: client.id,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\nconst serviceAccountUserRoles = new keycloak.UserRoles(\"serviceAccountUserRoles\", {\n realmId: realm.id,\n userId: serviceAccountUser.apply(serviceAccountUser =\u003e serviceAccountUser.id),\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nservice_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id,\n client_id=client.id)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\nservice_account_user_roles = keycloak.UserRoles(\"serviceAccountUserRoles\",\n realm_id=realm.id,\n user_id=service_account_user.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var serviceAccountUser = Keycloak.OpenId.GetClientServiceAccountUser.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n var serviceAccountUserRoles = new Keycloak.UserRoles(\"serviceAccountUserRoles\", new()\n {\n RealmId = realm.Id,\n UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult =\u003e getClientServiceAccountUserResult.Id),\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccountUser := openid.GetClientServiceAccountUserOutput(ctx, openid.GetClientServiceAccountUserOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t}, nil)\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\t_, err = keycloak.NewUserRoles(ctx, \"serviceAccountUserRoles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: serviceAccountUser.ApplyT(func(serviceAccountUser openid.GetClientServiceAccountUserResult) (*string, error) {\n\t\t\t\treturn \u0026serviceAccountUser.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tofflineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientServiceAccountUserArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n final var serviceAccountUser = OpenidFunctions.getClientServiceAccountUser(GetClientServiceAccountUserArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n var serviceAccountUserRoles = new UserRoles(\"serviceAccountUserRoles\", UserRolesArgs.builder() \n .realmId(realm.id())\n .userId(serviceAccountUser.applyValue(getClientServiceAccountUserResult -\u003e getClientServiceAccountUserResult).applyValue(serviceAccountUser -\u003e serviceAccountUser.applyValue(getClientServiceAccountUserResult -\u003e getClientServiceAccountUserResult.id())))\n .roleIds(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n serviceAccountUserRoles:\n type: keycloak:UserRoles\n properties:\n realmId: ${realm.id}\n userId: ${serviceAccountUser.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n serviceAccountUser:\n fn::invoke:\n Function: keycloak:openid:getClientServiceAccountUser\n Arguments:\n realmId: ${realm.id}\n clientId: ${client.id}\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientServiceAccountUser.\n", "properties": { @@ -15783,7 +15023,7 @@ } }, "keycloak:saml/getClient:getClient": { - "description": "This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.saml.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.saml.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.Saml.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := saml.LookupClient(ctx, \u0026saml.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = SamlFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:saml:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n admin:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.saml.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.saml.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.Saml.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := saml.LookupClient(ctx, \u0026saml.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = SamlFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:saml:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n admin:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClient.\n", "properties": { @@ -15978,7 +15218,7 @@ } }, "keycloak:saml/getClientInstallationProvider:getClientInstallationProvider": { - "description": "This data source can be used to retrieve Installation Provider of a SAML Client.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nIn the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"test-saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\nconst samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({\n realmId: realm.id,\n clientId: samlClient.id,\n providerId: \"saml-idp-descriptor\",\n});\nconst _default = new aws.iam.SamlProvider(\"default\", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor =\u003e samlIdpDescriptor.value)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"test-saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\nsaml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,\n client_id=saml_client.id,\n provider_id=\"saml-idp-descriptor\")\ndefault = aws.iam.SamlProvider(\"default\", saml_metadata_document=saml_idp_descriptor.value)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n ProviderId = \"saml-idp-descriptor\",\n });\n\n var @default = new Aws.Iam.SamlProvider(\"default\", new()\n {\n SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult =\u003e getClientInstallationProviderResult.Value),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tProviderId: pulumi.String(\"saml-idp-descriptor\"),\n\t\t}, nil)\n\t\t_, err = iam.NewSamlProvider(ctx, \"default\", \u0026iam.SamlProviderArgs{\n\t\t\tSamlMetadataDocument: samlIdpDescriptor.ApplyT(func(samlIdpDescriptor saml.GetClientInstallationProviderResult) (*string, error) {\n\t\t\t\treturn \u0026samlIdpDescriptor.Value, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;\nimport com.pulumi.aws.iam.SamlProvider;\nimport com.pulumi.aws.iam.SamlProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .providerId(\"saml-idp-descriptor\")\n .build());\n\n var default_ = new SamlProvider(\"default\", SamlProviderArgs.builder() \n .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -\u003e getClientInstallationProviderResult).applyValue(samlIdpDescriptor -\u003e samlIdpDescriptor.applyValue(getClientInstallationProviderResult -\u003e getClientInstallationProviderResult.value())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: test-saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n default:\n type: aws:iam:SamlProvider\n properties:\n samlMetadataDocument: ${samlIdpDescriptor.value}\nvariables:\n samlIdpDescriptor:\n fn::invoke:\n Function: keycloak:saml:getClientInstallationProvider\n Arguments:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n providerId: saml-idp-descriptor\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to retrieve Installation Provider of a SAML Client.\n\n## Example Usage\n\nIn the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"test-saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\nconst samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({\n realmId: realm.id,\n clientId: samlClient.id,\n providerId: \"saml-idp-descriptor\",\n});\nconst _default = new aws.iam.SamlProvider(\"default\", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor =\u003e samlIdpDescriptor.value)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"test-saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\nsaml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,\n client_id=saml_client.id,\n provider_id=\"saml-idp-descriptor\")\ndefault = aws.iam.SamlProvider(\"default\", saml_metadata_document=saml_idp_descriptor.value)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n ProviderId = \"saml-idp-descriptor\",\n });\n\n var @default = new Aws.Iam.SamlProvider(\"default\", new()\n {\n SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult =\u003e getClientInstallationProviderResult.Value),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tProviderId: pulumi.String(\"saml-idp-descriptor\"),\n\t\t}, nil)\n\t\t_, err = iam.NewSamlProvider(ctx, \"default\", \u0026iam.SamlProviderArgs{\n\t\t\tSamlMetadataDocument: samlIdpDescriptor.ApplyT(func(samlIdpDescriptor saml.GetClientInstallationProviderResult) (*string, error) {\n\t\t\t\treturn \u0026samlIdpDescriptor.Value, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;\nimport com.pulumi.aws.iam.SamlProvider;\nimport com.pulumi.aws.iam.SamlProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .providerId(\"saml-idp-descriptor\")\n .build());\n\n var default_ = new SamlProvider(\"default\", SamlProviderArgs.builder() \n .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -\u003e getClientInstallationProviderResult).applyValue(samlIdpDescriptor -\u003e samlIdpDescriptor.applyValue(getClientInstallationProviderResult -\u003e getClientInstallationProviderResult.value())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: test-saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n default:\n type: aws:iam:SamlProvider\n properties:\n samlMetadataDocument: ${samlIdpDescriptor.value}\nvariables:\n samlIdpDescriptor:\n fn::invoke:\n Function: keycloak:saml:getClientInstallationProvider\n Arguments:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n providerId: saml-idp-descriptor\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientInstallationProvider.\n", "properties": { diff --git a/provider/go.mod b/provider/go.mod index a76f1461..16ed6587 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -3,15 +3,15 @@ module github.com/pulumi/pulumi-keycloak/provider/v5 go 1.21 replace ( - github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240202163305-e2a20ae13ef9 + github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240229143312-4f60ee4e2975 github.com/hashicorp/vault => github.com/hashicorp/vault v1.2.0 github.com/mrparkers/terraform-provider-keycloak => ../upstream ) require ( github.com/mrparkers/terraform-provider-keycloak v0.0.0-00010101000000-000000000000 - github.com/pulumi/pulumi-terraform-bridge/v3 v3.76.0 - github.com/pulumi/pulumi/sdk/v3 v3.107.0 + github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.0 + github.com/pulumi/pulumi/sdk/v3 v3.108.1 ) require ( @@ -33,10 +33,10 @@ require ( github.com/BurntSushi/toml v1.2.1 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect - github.com/Masterminds/semver/v3 v3.1.1 // indirect - github.com/Masterminds/sprig/v3 v3.2.2 // indirect + github.com/Masterminds/semver/v3 v3.2.0 // indirect + github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect + github.com/ProtonMail/go-crypto v1.1.0-alpha.0 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-cidr v1.1.0 // indirect @@ -77,7 +77,7 @@ require ( github.com/edsrzf/mmap-go v1.1.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/ettle/strcase v0.1.1 // indirect - github.com/fatih/color v1.15.0 // indirect + github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/gedex/inflector v0.0.0-20170307190818-16278e9db813 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect @@ -121,22 +121,22 @@ require ( github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect - github.com/hashicorp/hc-install v0.6.0 // indirect + github.com/hashicorp/hc-install v0.6.3 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/hashicorp/hcl/v2 v2.18.0 // indirect + github.com/hashicorp/hcl/v2 v2.19.1 // indirect github.com/hashicorp/hil v0.0.0-20190212132231-97b3a9cdfa93 // indirect github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-exec v0.19.0 // indirect - github.com/hashicorp/terraform-json v0.17.1 // indirect + github.com/hashicorp/terraform-exec v0.20.0 // indirect + github.com/hashicorp/terraform-json v0.21.0 // indirect github.com/hashicorp/terraform-plugin-go v0.22.0 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect - github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0 // indirect + github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/vault/api v1.8.2 // indirect github.com/hashicorp/vault/sdk v0.6.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect - github.com/huandu/xstrings v1.3.2 // indirect + github.com/huandu/xstrings v1.3.3 // indirect github.com/iancoleman/strcase v0.2.0 // indirect github.com/imdario/mergo v0.3.15 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -148,7 +148,7 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-localereader v0.0.1 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect github.com/mitchellh/cli v1.1.5 // indirect @@ -184,7 +184,7 @@ require ( github.com/pulumi/pulumi-java/pkg v0.9.9 // indirect github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 // indirect github.com/pulumi/pulumi-yaml v1.5.0 // indirect - github.com/pulumi/pulumi/pkg/v3 v3.107.0 // indirect + github.com/pulumi/pulumi/pkg/v3 v3.108.1 // indirect github.com/pulumi/schema-tools v0.1.2 // indirect github.com/pulumi/terraform-diff-reader v0.0.2 // indirect github.com/rivo/uniseg v0.4.4 // indirect @@ -215,7 +215,7 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - github.com/zclconf/go-cty v1.14.0 // indirect + github.com/zclconf/go-cty v1.14.2 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect @@ -225,14 +225,14 @@ require ( go.uber.org/atomic v1.9.0 // indirect gocloud.dev v0.36.0 // indirect gocloud.dev/secrets/hashivault v0.27.0 // indirect - golang.org/x/crypto v0.18.0 // indirect + golang.org/x/crypto v0.19.0 // indirect golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect - golang.org/x/mod v0.14.0 // indirect + golang.org/x/mod v0.15.0 // indirect golang.org/x/net v0.20.0 // indirect golang.org/x/oauth2 v0.16.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/sys v0.17.0 // indirect + golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.15.0 // indirect diff --git a/provider/go.sum b/provider/go.sum index 03202eda..1f938b20 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -40,35 +40,75 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= +cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= +cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= +cloud.google.com/go v0.110.6/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= +cloud.google.com/go v0.110.7/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= +cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= +cloud.google.com/go v0.110.9/go.mod h1:rpxevX/0Lqvlbc88b7Sc1SPNdyK1riNBTUU6JXhYNpM= +cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic= cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= +cloud.google.com/go/accessapproval v1.7.1/go.mod h1:JYczztsHRMK7NTXb6Xw+dwbs/WnOJxbo/2mTI+Kgg68= +cloud.google.com/go/accessapproval v1.7.2/go.mod h1:/gShiq9/kK/h8T/eEn1BTzalDvk0mZxJlhfw0p+Xuc0= +cloud.google.com/go/accessapproval v1.7.3/go.mod h1:4l8+pwIxGTNqSf4T3ds8nLO94NQf0W/KnMNuQ9PbnP8= +cloud.google.com/go/accessapproval v1.7.4/go.mod h1:/aTEh45LzplQgFYdQdwPMR9YdX0UlhBmvB84uAmQKUc= cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE= cloud.google.com/go/accesscontextmanager v1.6.0/go.mod h1:8XCvZWfYw3K/ji0iVnp+6pu7huxoQTLmxAbVjbloTtM= cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ= +cloud.google.com/go/accesscontextmanager v1.8.0/go.mod h1:uI+AI/r1oyWK99NN8cQ3UK76AMelMzgZCvJfsi2c+ps= +cloud.google.com/go/accesscontextmanager v1.8.1/go.mod h1:JFJHfvuaTC+++1iL1coPiG1eu5D24db2wXCDWDjIrxo= +cloud.google.com/go/accesscontextmanager v1.8.2/go.mod h1:E6/SCRM30elQJ2PKtFMs2YhfJpZSNcJyejhuzoId4Zk= +cloud.google.com/go/accesscontextmanager v1.8.3/go.mod h1:4i/JkF2JiFbhLnnpnfoTX5vRXfhf9ukhU1ANOTALTOQ= +cloud.google.com/go/accesscontextmanager v1.8.4/go.mod h1:ParU+WbMpD34s5JFEnGAnPBYAgUHozaTmDJU7aCU9+M= cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg= cloud.google.com/go/aiplatform v1.35.0/go.mod h1:7MFT/vCaOyZT/4IIFfxH4ErVg/4ku6lKv3w0+tFTgXQ= cloud.google.com/go/aiplatform v1.36.1/go.mod h1:WTm12vJRPARNvJ+v6P52RDHCNe4AhvjcIZ/9/RRHy/k= cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw= +cloud.google.com/go/aiplatform v1.45.0/go.mod h1:Iu2Q7sC7QGhXUeOhAj/oCK9a+ULz1O4AotZiqjQ8MYA= +cloud.google.com/go/aiplatform v1.48.0/go.mod h1:Iu2Q7sC7QGhXUeOhAj/oCK9a+ULz1O4AotZiqjQ8MYA= +cloud.google.com/go/aiplatform v1.50.0/go.mod h1:IRc2b8XAMTa9ZmfJV1BCCQbieWWvDnP1A8znyz5N7y4= +cloud.google.com/go/aiplatform v1.51.0/go.mod h1:IRc2b8XAMTa9ZmfJV1BCCQbieWWvDnP1A8znyz5N7y4= +cloud.google.com/go/aiplatform v1.51.1/go.mod h1:kY3nIMAVQOK2XDqDPHaOuD9e+FdMA6OOpfBjsvaFSOo= +cloud.google.com/go/aiplatform v1.51.2/go.mod h1:hCqVYB3mY45w99TmetEoe8eCQEwZEp9WHxeZdcv9phw= +cloud.google.com/go/aiplatform v1.52.0/go.mod h1:pwZMGvqe0JRkI1GWSZCtnAfrR4K1bv65IHILGA//VEU= cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= cloud.google.com/go/analytics v0.17.0/go.mod h1:WXFa3WSym4IZ+JiKmavYdJwGG/CvpqiqczmL59bTD9M= cloud.google.com/go/analytics v0.18.0/go.mod h1:ZkeHGQlcIPkw0R/GW+boWHhCOR43xz9RN/jn7WcqfIE= cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE= +cloud.google.com/go/analytics v0.21.2/go.mod h1:U8dcUtmDmjrmUTnnnRnI4m6zKn/yaA5N9RlEkYFHpQo= +cloud.google.com/go/analytics v0.21.3/go.mod h1:U8dcUtmDmjrmUTnnnRnI4m6zKn/yaA5N9RlEkYFHpQo= +cloud.google.com/go/analytics v0.21.4/go.mod h1:zZgNCxLCy8b2rKKVfC1YkC2vTrpfZmeRCySM3aUbskA= +cloud.google.com/go/analytics v0.21.5/go.mod h1:BQtOBHWTlJ96axpPPnw5CvGJ6i3Ve/qX2fTxR8qWyr8= +cloud.google.com/go/analytics v0.21.6/go.mod h1:eiROFQKosh4hMaNhF85Oc9WO97Cpa7RggD40e/RBy8w= cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk= cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc= cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8= +cloud.google.com/go/apigateway v1.6.1/go.mod h1:ufAS3wpbRjqfZrzpvLC2oh0MFlpRJm2E/ts25yyqmXA= +cloud.google.com/go/apigateway v1.6.2/go.mod h1:CwMC90nnZElorCW63P2pAYm25AtQrHfuOkbRSHj0bT8= +cloud.google.com/go/apigateway v1.6.3/go.mod h1:k68PXWpEs6BVDTtnLQAyG606Q3mz8pshItwPXjgv44Y= +cloud.google.com/go/apigateway v1.6.4/go.mod h1:0EpJlVGH5HwAN4VF4Iec8TAzGN1aQgbxAWGJsnPCGGY= cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc= cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04= cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8= +cloud.google.com/go/apigeeconnect v1.6.1/go.mod h1:C4awq7x0JpLtrlQCr8AzVIzAaYgngRqWf9S5Uhg+wWs= +cloud.google.com/go/apigeeconnect v1.6.2/go.mod h1:s6O0CgXT9RgAxlq3DLXvG8riw8PYYbU/v25jqP3Dy18= +cloud.google.com/go/apigeeconnect v1.6.3/go.mod h1:peG0HFQ0si2bN15M6QSjEW/W7Gy3NYkWGz7pFz13cbo= +cloud.google.com/go/apigeeconnect v1.6.4/go.mod h1:CapQCWZ8TCjnU0d7PobxhpOdVz/OVJ2Hr/Zcuu1xFx0= cloud.google.com/go/apigeeregistry v0.4.0/go.mod h1:EUG4PGcsZvxOXAdyEghIdXwAEi/4MEaoqLMLDMIwKXY= cloud.google.com/go/apigeeregistry v0.5.0/go.mod h1:YR5+s0BVNZfVOUkMa5pAR2xGd0A473vA5M7j247o1wM= cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc= +cloud.google.com/go/apigeeregistry v0.7.1/go.mod h1:1XgyjZye4Mqtw7T9TsY4NW10U7BojBvG4RMD+vRDrIw= +cloud.google.com/go/apigeeregistry v0.7.2/go.mod h1:9CA2B2+TGsPKtfi3F7/1ncCCsL62NXBRfM6iPoGSM+8= +cloud.google.com/go/apigeeregistry v0.8.1/go.mod h1:MW4ig1N4JZQsXmBSwH4rwpgDonocz7FPBSw6XPGHmYw= +cloud.google.com/go/apigeeregistry v0.8.2/go.mod h1:h4v11TDGdeXJDJvImtgK2AFVvMIgGWjSb0HRnBSjcX8= cloud.google.com/go/apikeys v0.4.0/go.mod h1:XATS/yqZbaBK0HOssf+ALHp8jAlNHUgyfprvNcBIszU= cloud.google.com/go/apikeys v0.5.0/go.mod h1:5aQfwY4D+ewMMWScd3hm2en3hCj+BROlyrt3ytS7KLI= cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8= @@ -77,10 +117,18 @@ cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodC cloud.google.com/go/appengine v1.6.0/go.mod h1:hg6i0J/BD2cKmDJbaFSYHFyZkgBEfQrDg/X0V5fJn84= cloud.google.com/go/appengine v1.7.0/go.mod h1:eZqpbHFCqRGa2aCdope7eC0SWLV1j0neb/QnMJVWx6A= cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E= +cloud.google.com/go/appengine v1.8.1/go.mod h1:6NJXGLVhZCN9aQ/AEDvmfzKEfoYBlfB80/BHiKVputY= +cloud.google.com/go/appengine v1.8.2/go.mod h1:WMeJV9oZ51pvclqFN2PqHoGnys7rK0rz6s3Mp6yMvDo= +cloud.google.com/go/appengine v1.8.3/go.mod h1:2oUPZ1LVZ5EXi+AF1ihNAF+S8JrzQ3till5m9VQkrsk= +cloud.google.com/go/appengine v1.8.4/go.mod h1:TZ24v+wXBujtkK77CXCpjZbnuTvsFNT41MUaZ28D6vg= cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= cloud.google.com/go/area120 v0.7.0/go.mod h1:a3+8EUD1SX5RUcCs3MY5YasiO1z6yLiNLRiFrykbynY= cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k= +cloud.google.com/go/area120 v0.8.1/go.mod h1:BVfZpGpB7KFVNxPiQBuHkX6Ed0rS51xIgmGyjrAfzsg= +cloud.google.com/go/area120 v0.8.2/go.mod h1:a5qfo+x77SRLXnCynFWPUZhnZGeSgvQ+Y0v1kSItkh4= +cloud.google.com/go/area120 v0.8.3/go.mod h1:5zj6pMzVTH+SVHljdSKC35sriR/CVvQZzG/Icdyriw0= +cloud.google.com/go/area120 v0.8.4/go.mod h1:jfawXjxf29wyBXr48+W+GyX/f8fflxp642D/bb9v68M= cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0= @@ -89,6 +137,11 @@ cloud.google.com/go/artifactregistry v1.11.1/go.mod h1:lLYghw+Itq9SONbCa1YWBoWs1 cloud.google.com/go/artifactregistry v1.11.2/go.mod h1:nLZns771ZGAwVLzTX/7Al6R9ehma4WUEhZGWV6CeQNQ= cloud.google.com/go/artifactregistry v1.12.0/go.mod h1:o6P3MIvtzTOnmvGagO9v/rOjjA0HmhJ+/6KAXrmYDCI= cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08= +cloud.google.com/go/artifactregistry v1.14.1/go.mod h1:nxVdG19jTaSTu7yA7+VbWL346r3rIdkZ142BSQqhn5E= +cloud.google.com/go/artifactregistry v1.14.2/go.mod h1:Xk+QbsKEb0ElmyeMfdHAey41B+qBq3q5R5f5xD4XT3U= +cloud.google.com/go/artifactregistry v1.14.3/go.mod h1:A2/E9GXnsyXl7GUvQ/2CjHA+mVRoWAXC0brg2os+kNI= +cloud.google.com/go/artifactregistry v1.14.4/go.mod h1:SJJcZTMv6ce0LDMUnihCN7WSrI+kBSFV0KIKo8S8aYU= +cloud.google.com/go/artifactregistry v1.14.6/go.mod h1:np9LSFotNWHcjnOgh8UVK0RFPCTUGbO0ve3384xyHfE= cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= @@ -97,27 +150,56 @@ cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAt cloud.google.com/go/asset v1.11.1/go.mod h1:fSwLhbRvC9p9CXQHJ3BgFeQNM4c9x10lqlrdEUYXlJo= cloud.google.com/go/asset v1.12.0/go.mod h1:h9/sFOa4eDIyKmH6QMpm4eUK3pDojWnUhTgJlk762Hg= cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw= +cloud.google.com/go/asset v1.14.1/go.mod h1:4bEJ3dnHCqWCDbWJ/6Vn7GVI9LerSi7Rfdi03hd+WTQ= +cloud.google.com/go/asset v1.15.0/go.mod h1:tpKafV6mEut3+vN9ScGvCHXHj7FALFVta+okxFECHcg= +cloud.google.com/go/asset v1.15.1/go.mod h1:yX/amTvFWRpp5rcFq6XbCxzKT8RJUam1UoboE179jU4= +cloud.google.com/go/asset v1.15.2/go.mod h1:B6H5tclkXvXz7PD22qCA2TDxSVQfasa3iDlM89O2NXs= +cloud.google.com/go/asset v1.15.3/go.mod h1:yYLfUD4wL4X589A9tYrv4rFrba0QlDeag0CMcM5ggXU= cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= +cloud.google.com/go/assuredworkloads v1.11.1/go.mod h1:+F04I52Pgn5nmPG36CWFtxmav6+7Q+c5QyJoL18Lry0= +cloud.google.com/go/assuredworkloads v1.11.2/go.mod h1:O1dfr+oZJMlE6mw0Bp0P1KZSlj5SghMBvTpZqIcUAW4= +cloud.google.com/go/assuredworkloads v1.11.3/go.mod h1:vEjfTKYyRUaIeA0bsGJceFV2JKpVRgyG2op3jfa59Zs= +cloud.google.com/go/assuredworkloads v1.11.4/go.mod h1:4pwwGNwy1RP0m+y12ef3Q/8PaiWrIDQ6nD2E8kvWI9U= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM= cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU= +cloud.google.com/go/automl v1.13.1/go.mod h1:1aowgAHWYZU27MybSCFiukPO7xnyawv7pt3zK4bheQE= +cloud.google.com/go/automl v1.13.2/go.mod h1:gNY/fUmDEN40sP8amAX3MaXkxcqPIn7F1UIIPZpy4Mg= +cloud.google.com/go/automl v1.13.3/go.mod h1:Y8KwvyAZFOsMAPqUCfNu1AyclbC6ivCUF/MTwORymyY= +cloud.google.com/go/automl v1.13.4/go.mod h1:ULqwX/OLZ4hBVfKQaMtxMSTlPx0GqGbWN8uA/1EqCP8= cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc= cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI= cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= +cloud.google.com/go/baremetalsolution v1.1.1/go.mod h1:D1AV6xwOksJMV4OSlWHtWuFNZZYujJknMAP4Qa27QIA= +cloud.google.com/go/baremetalsolution v1.2.0/go.mod h1:68wi9AwPYkEWIUT4SvSGS9UJwKzNpshjHsH4lzk8iOw= +cloud.google.com/go/baremetalsolution v1.2.1/go.mod h1:3qKpKIw12RPXStwQXcbhfxVj1dqQGEvcmA+SX/mUR88= +cloud.google.com/go/baremetalsolution v1.2.2/go.mod h1:O5V6Uu1vzVelYahKfwEWRMaS3AbCkeYHy3145s1FkhM= +cloud.google.com/go/baremetalsolution v1.2.3/go.mod h1:/UAQ5xG3faDdy180rCUv47e0jvpp3BFxT+Cl0PFjw5g= cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE= cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE= cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= +cloud.google.com/go/batch v1.3.1/go.mod h1:VguXeQKXIYaeeIYbuozUmBR13AfL4SJP7IltNPS+A4A= +cloud.google.com/go/batch v1.4.1/go.mod h1:KdBmDD61K0ovcxoRHGrN6GmOBWeAOyCgKD0Mugx4Fkk= +cloud.google.com/go/batch v1.5.0/go.mod h1:KdBmDD61K0ovcxoRHGrN6GmOBWeAOyCgKD0Mugx4Fkk= +cloud.google.com/go/batch v1.5.1/go.mod h1:RpBuIYLkQu8+CWDk3dFD/t/jOCGuUpkpX+Y0n1Xccs8= +cloud.google.com/go/batch v1.6.1/go.mod h1:urdpD13zPe6YOK+6iZs/8/x2VBRofvblLpx0t57vM98= +cloud.google.com/go/batch v1.6.3/go.mod h1:J64gD4vsNSA2O5TtDB5AAux3nJ9iV8U3ilg3JDBYejU= cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4= cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8= cloud.google.com/go/beyondcorp v0.4.0/go.mod h1:3ApA0mbhHx6YImmuubf5pyW8srKnCEPON32/5hj+RmM= cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU= +cloud.google.com/go/beyondcorp v0.6.1/go.mod h1:YhxDWw946SCbmcWo3fAhw3V4XZMSpQ/VYfcKGAEU8/4= +cloud.google.com/go/beyondcorp v1.0.0/go.mod h1:YhxDWw946SCbmcWo3fAhw3V4XZMSpQ/VYfcKGAEU8/4= +cloud.google.com/go/beyondcorp v1.0.1/go.mod h1:zl/rWWAFVeV+kx+X2Javly7o1EIQThU4WlkynffL/lk= +cloud.google.com/go/beyondcorp v1.0.2/go.mod h1:m8cpG7caD+5su+1eZr+TSvF6r21NdLJk4f9u4SP2Ntc= +cloud.google.com/go/beyondcorp v1.0.3/go.mod h1:HcBvnEd7eYr+HGDd5ZbuVmBYX019C6CEXBonXbCVwJo= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -131,38 +213,79 @@ cloud.google.com/go/bigquery v1.47.0/go.mod h1:sA9XOgy0A8vQK9+MWhEQTY6Tix87M/Zur cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= +cloud.google.com/go/bigquery v1.52.0/go.mod h1:3b/iXjRQGU4nKa87cXeg6/gogLjO8C6PmuM8i5Bi/u4= +cloud.google.com/go/bigquery v1.53.0/go.mod h1:3b/iXjRQGU4nKa87cXeg6/gogLjO8C6PmuM8i5Bi/u4= +cloud.google.com/go/bigquery v1.55.0/go.mod h1:9Y5I3PN9kQWuid6183JFhOGOW3GcirA5LpsKCUn+2ec= +cloud.google.com/go/bigquery v1.56.0/go.mod h1:KDcsploXTEY7XT3fDQzMUZlpQLHzE4itubHrnmhUrZA= +cloud.google.com/go/bigquery v1.57.1/go.mod h1:iYzC0tGVWt1jqSzBHqCr3lrRn0u13E8e+AqowBsDgug= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y= cloud.google.com/go/billing v1.12.0/go.mod h1:yKrZio/eu+okO/2McZEbch17O5CB5NpZhhXG6Z766ss= cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc= +cloud.google.com/go/billing v1.16.0/go.mod h1:y8vx09JSSJG02k5QxbycNRrN7FGZB6F3CAcgum7jvGA= +cloud.google.com/go/billing v1.17.0/go.mod h1:Z9+vZXEq+HwH7bhJkyI4OQcR6TSbeMrjlpEjO2vzY64= +cloud.google.com/go/billing v1.17.1/go.mod h1:Z9+vZXEq+HwH7bhJkyI4OQcR6TSbeMrjlpEjO2vzY64= +cloud.google.com/go/billing v1.17.2/go.mod h1:u/AdV/3wr3xoRBk5xvUzYMS1IawOAPwQMuHgHMdljDg= +cloud.google.com/go/billing v1.17.3/go.mod h1:z83AkoZ7mZwBGT3yTnt6rSGI1OOsHSIi6a5M3mJ8NaU= +cloud.google.com/go/billing v1.17.4/go.mod h1:5DOYQStCxquGprqfuid/7haD7th74kyMBHkjO/OvDtk= cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0= cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk= cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q= +cloud.google.com/go/binaryauthorization v1.6.1/go.mod h1:TKt4pa8xhowwffiBmbrbcxijJRZED4zrqnwZ1lKH51U= +cloud.google.com/go/binaryauthorization v1.7.0/go.mod h1:Zn+S6QqTMn6odcMU1zDZCJxPjU2tZPV1oDl45lWY154= +cloud.google.com/go/binaryauthorization v1.7.1/go.mod h1:GTAyfRWYgcbsP3NJogpV3yeunbUIjx2T9xVeYovtURE= +cloud.google.com/go/binaryauthorization v1.7.2/go.mod h1:kFK5fQtxEp97m92ziy+hbu+uKocka1qRRL8MVJIgjv0= +cloud.google.com/go/binaryauthorization v1.7.3/go.mod h1:VQ/nUGRKhrStlGr+8GMS8f6/vznYLkdK5vaKfdCIpvU= cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg= cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590= cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8= +cloud.google.com/go/certificatemanager v1.7.1/go.mod h1:iW8J3nG6SaRYImIa+wXQ0g8IgoofDFRp5UMzaNk1UqI= +cloud.google.com/go/certificatemanager v1.7.2/go.mod h1:15SYTDQMd00kdoW0+XY5d9e+JbOPjp24AvF48D8BbcQ= +cloud.google.com/go/certificatemanager v1.7.3/go.mod h1:T/sZYuC30PTag0TLo28VedIRIj1KPGcOQzjWAptHa00= +cloud.google.com/go/certificatemanager v1.7.4/go.mod h1:FHAylPe/6IIKuaRmHbjbdLhGhVQ+CWHSD5Jq0k4+cCE= cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk= cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk= cloud.google.com/go/channel v1.11.0/go.mod h1:IdtI0uWGqhEeatSB62VOoJ8FSUhJ9/+iGkJVqp74CGE= cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU= +cloud.google.com/go/channel v1.16.0/go.mod h1:eN/q1PFSl5gyu0dYdmxNXscY/4Fi7ABmeHCJNf/oHmc= +cloud.google.com/go/channel v1.17.0/go.mod h1:RpbhJsGi/lXWAUM1eF4IbQGbsfVlg2o8Iiy2/YLfVT0= +cloud.google.com/go/channel v1.17.1/go.mod h1:xqfzcOZAcP4b/hUDH0GkGg1Sd5to6di1HOJn/pi5uBQ= +cloud.google.com/go/channel v1.17.2/go.mod h1:aT2LhnftnyfQceFql5I/mP8mIbiiJS4lWqgXA815zMk= +cloud.google.com/go/channel v1.17.3/go.mod h1:QcEBuZLGGrUMm7kNj9IbU1ZfmJq2apotsV83hbxX7eE= cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U= cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA= cloud.google.com/go/cloudbuild v1.6.0/go.mod h1:UIbc/w9QCbH12xX+ezUsgblrWv+Cv4Tw83GiSMHOn9M= cloud.google.com/go/cloudbuild v1.7.0/go.mod h1:zb5tWh2XI6lR9zQmsm1VRA+7OCuve5d8S+zJUul8KTg= cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s= +cloud.google.com/go/cloudbuild v1.10.1/go.mod h1:lyJg7v97SUIPq4RC2sGsz/9tNczhyv2AjML/ci4ulzU= +cloud.google.com/go/cloudbuild v1.13.0/go.mod h1:lyJg7v97SUIPq4RC2sGsz/9tNczhyv2AjML/ci4ulzU= +cloud.google.com/go/cloudbuild v1.14.0/go.mod h1:lyJg7v97SUIPq4RC2sGsz/9tNczhyv2AjML/ci4ulzU= +cloud.google.com/go/cloudbuild v1.14.1/go.mod h1:K7wGc/3zfvmYWOWwYTgF/d/UVJhS4pu+HAy7PL7mCsU= +cloud.google.com/go/cloudbuild v1.14.2/go.mod h1:Bn6RO0mBYk8Vlrt+8NLrru7WXlQ9/RDWz2uo5KG1/sg= +cloud.google.com/go/cloudbuild v1.14.3/go.mod h1:eIXYWmRt3UtggLnFGx4JvXcMj4kShhVzGndL1LwleEM= cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM= cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk= cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA= +cloud.google.com/go/clouddms v1.6.1/go.mod h1:Ygo1vL52Ov4TBZQquhz5fiw2CQ58gvu+PlS6PVXCpZI= +cloud.google.com/go/clouddms v1.7.0/go.mod h1:MW1dC6SOtI/tPNCciTsXtsGNEM0i0OccykPvv3hiYeM= +cloud.google.com/go/clouddms v1.7.1/go.mod h1:o4SR8U95+P7gZ/TX+YbJxehOCsM+fe6/brlrFquiszk= +cloud.google.com/go/clouddms v1.7.2/go.mod h1:Rk32TmWmHo64XqDvW7jgkFQet1tUKNVzs7oajtJT3jU= +cloud.google.com/go/clouddms v1.7.3/go.mod h1:fkN2HQQNUYInAU3NQ3vRLkV2iWs8lIdmBKOx4nrL6Hc= cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4= cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI= cloud.google.com/go/cloudtasks v1.9.0/go.mod h1:w+EyLsVkLWHcOaqNEyvcKAsWp9p29dL6uL9Nst1cI7Y= cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs= +cloud.google.com/go/cloudtasks v1.11.1/go.mod h1:a9udmnou9KO2iulGscKR0qBYjreuX8oHwpmFsKspEvM= +cloud.google.com/go/cloudtasks v1.12.1/go.mod h1:a9udmnou9KO2iulGscKR0qBYjreuX8oHwpmFsKspEvM= +cloud.google.com/go/cloudtasks v1.12.2/go.mod h1:A7nYkjNlW2gUoROg1kvJrQGhJP/38UaWwsnuBDOBVUk= +cloud.google.com/go/cloudtasks v1.12.3/go.mod h1:GPVXhIOSGEaR+3xT4Fp72ScI+HjHffSS4B8+BaBB5Ys= +cloud.google.com/go/cloudtasks v1.12.4/go.mod h1:BEPu0Gtt2dU6FxZHNqqNdGqIG86qyWKBPGnsb7udGY0= cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= @@ -178,6 +301,12 @@ cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63 cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= +cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= +cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78= +cloud.google.com/go/compute v1.23.2/go.mod h1:JJ0atRC0J/oWYiiVBmsSsrRnh92DhZPG4hFDcR04Rns= cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= @@ -188,15 +317,32 @@ cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2Aawl cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= +cloud.google.com/go/contactcenterinsights v1.9.1/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= +cloud.google.com/go/contactcenterinsights v1.10.0/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= +cloud.google.com/go/contactcenterinsights v1.11.0/go.mod h1:hutBdImE4XNZ1NV4vbPJKSFOnQruhC5Lj9bZqWMTKiU= +cloud.google.com/go/contactcenterinsights v1.11.1/go.mod h1:FeNP3Kg8iteKM80lMwSk3zZZKVxr+PGnAId6soKuXwE= +cloud.google.com/go/contactcenterinsights v1.11.2/go.mod h1:A9PIR5ov5cRcd28KlDbmmXE8Aay+Gccer2h4wzkYFso= +cloud.google.com/go/contactcenterinsights v1.11.3/go.mod h1:HHX5wrz5LHVAwfI2smIotQG9x8Qd6gYilaHcLLLmNis= cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= cloud.google.com/go/container v1.13.1/go.mod h1:6wgbMPeQRw9rSnKBCAJXnds3Pzj03C4JHamr8asWKy4= cloud.google.com/go/container v1.14.0/go.mod h1:3AoJMPhHfLDxLvrlVWaK57IXzaPnLaZq63WX59aQBfM= cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA= +cloud.google.com/go/container v1.22.1/go.mod h1:lTNExE2R7f+DLbAN+rJiKTisauFCaoDq6NURZ83eVH4= +cloud.google.com/go/container v1.24.0/go.mod h1:lTNExE2R7f+DLbAN+rJiKTisauFCaoDq6NURZ83eVH4= +cloud.google.com/go/container v1.26.0/go.mod h1:YJCmRet6+6jnYYRS000T6k0D0xUXQgBSaJ7VwI8FBj4= +cloud.google.com/go/container v1.26.1/go.mod h1:5smONjPRUxeEpDG7bMKWfDL4sauswqEtnBK1/KKpR04= +cloud.google.com/go/container v1.26.2/go.mod h1:YlO84xCt5xupVbLaMY4s3XNE79MUJ+49VmkInr6HvF4= +cloud.google.com/go/container v1.27.1/go.mod h1:b1A1gJeTBXVLQ6GGw9/9M4FG94BEGsqJ5+t4d/3N7O4= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI= cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= +cloud.google.com/go/containeranalysis v0.10.1/go.mod h1:Ya2jiILITMY68ZLPaogjmOMNkwsDrWBSTyBubGXO7j0= +cloud.google.com/go/containeranalysis v0.11.0/go.mod h1:4n2e99ZwpGxpNcz+YsFT1dfOHPQFGcAC8FN2M2/ne/U= +cloud.google.com/go/containeranalysis v0.11.1/go.mod h1:rYlUOM7nem1OJMKwE1SadufX0JP3wnXj844EtZAwWLY= +cloud.google.com/go/containeranalysis v0.11.2/go.mod h1:xibioGBC1MD2j4reTyV1xY1/MvKaz+fyM9ENWhmIeP8= +cloud.google.com/go/containeranalysis v0.11.3/go.mod h1:kMeST7yWFQMGjiG9K7Eov+fPNQcGhb8mXj/UcTiWw9U= cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= @@ -205,44 +351,98 @@ cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOX cloud.google.com/go/datacatalog v1.8.1/go.mod h1:RJ58z4rMp3gvETA465Vg+ag8BGgBdnRPEMMSTr5Uv+M= cloud.google.com/go/datacatalog v1.12.0/go.mod h1:CWae8rFkfp6LzLumKOnmVh4+Zle4A3NXLzVJ1d1mRm0= cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= +cloud.google.com/go/datacatalog v1.14.0/go.mod h1:h0PrGtlihoutNMp/uvwhawLQ9+c63Kz65UFqh49Yo+E= +cloud.google.com/go/datacatalog v1.14.1/go.mod h1:d2CevwTG4yedZilwe+v3E3ZBDRMobQfSG/a6cCCN5R4= +cloud.google.com/go/datacatalog v1.16.0/go.mod h1:d2CevwTG4yedZilwe+v3E3ZBDRMobQfSG/a6cCCN5R4= +cloud.google.com/go/datacatalog v1.17.1/go.mod h1:nCSYFHgtxh2MiEktWIz71s/X+7ds/UT9kp0PC7waCzE= +cloud.google.com/go/datacatalog v1.18.0/go.mod h1:nCSYFHgtxh2MiEktWIz71s/X+7ds/UT9kp0PC7waCzE= +cloud.google.com/go/datacatalog v1.18.1/go.mod h1:TzAWaz+ON1tkNr4MOcak8EBHX7wIRX/gZKM+yTVsv+A= +cloud.google.com/go/datacatalog v1.18.2/go.mod h1:SPVgWW2WEMuWHA+fHodYjmxPiMqcOiWfhc9OD5msigk= +cloud.google.com/go/datacatalog v1.18.3/go.mod h1:5FR6ZIF8RZrtml0VUao22FxhdjkoG+a0866rEnObryM= cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= +cloud.google.com/go/dataflow v0.9.1/go.mod h1:Wp7s32QjYuQDWqJPFFlnBKhkAtiFpMTdg00qGbnIHVw= +cloud.google.com/go/dataflow v0.9.2/go.mod h1:vBfdBZ/ejlTaYIGB3zB4T08UshH70vbtZeMD+urnUSo= +cloud.google.com/go/dataflow v0.9.3/go.mod h1:HI4kMVjcHGTs3jTHW/kv3501YW+eloiJSLxkJa/vqFE= +cloud.google.com/go/dataflow v0.9.4/go.mod h1:4G8vAkHYCSzU8b/kmsoR2lWyHJD85oMJPHMtan40K8w= cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0= cloud.google.com/go/dataform v0.6.0/go.mod h1:QPflImQy33e29VuapFdf19oPbE4aYTJxr31OAPV+ulA= cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE= +cloud.google.com/go/dataform v0.8.1/go.mod h1:3BhPSiw8xmppbgzeBbmDvmSWlwouuJkXsXsb8UBih9M= +cloud.google.com/go/dataform v0.8.2/go.mod h1:X9RIqDs6NbGPLR80tnYoPNiO1w0wenKTb8PxxlhTMKM= +cloud.google.com/go/dataform v0.8.3/go.mod h1:8nI/tvv5Fso0drO3pEjtowz58lodx8MVkdV2q0aPlqg= +cloud.google.com/go/dataform v0.9.1/go.mod h1:pWTg+zGQ7i16pyn0bS1ruqIE91SdL2FDMvEYu/8oQxs= cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38= cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w= cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8= +cloud.google.com/go/datafusion v1.7.1/go.mod h1:KpoTBbFmoToDExJUso/fcCiguGDk7MEzOWXUsJo0wsI= +cloud.google.com/go/datafusion v1.7.2/go.mod h1:62K2NEC6DRlpNmI43WHMWf9Vg/YvN6QVi8EVwifElI0= +cloud.google.com/go/datafusion v1.7.3/go.mod h1:eoLt1uFXKGBq48jy9LZ+Is8EAVLnmn50lNncLzwYokE= +cloud.google.com/go/datafusion v1.7.4/go.mod h1:BBs78WTOLYkT4GVZIXQCZT3GFpkpDN4aBY4NDX/jVlM= cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM= +cloud.google.com/go/datalabeling v0.8.1/go.mod h1:XS62LBSVPbYR54GfYQsPXZjTW8UxCK2fkDciSrpRFdY= +cloud.google.com/go/datalabeling v0.8.2/go.mod h1:cyDvGHuJWu9U/cLDA7d8sb9a0tWLEletStu2sTmg3BE= +cloud.google.com/go/datalabeling v0.8.3/go.mod h1:tvPhpGyS/V7lqjmb3V0TaDdGvhzgR1JoW7G2bpi2UTI= +cloud.google.com/go/datalabeling v0.8.4/go.mod h1:Z1z3E6LHtffBGrNUkKwbwbDxTiXEApLzIgmymj8A3S8= cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA= cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A= cloud.google.com/go/dataplex v1.5.2/go.mod h1:cVMgQHsmfRoI5KFYq4JtIBEUbYwc3c7tXmIDhRmNNVQ= cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs= +cloud.google.com/go/dataplex v1.8.1/go.mod h1:7TyrDT6BCdI8/38Uvp0/ZxBslOslP2X2MPDucliyvSE= +cloud.google.com/go/dataplex v1.9.0/go.mod h1:7TyrDT6BCdI8/38Uvp0/ZxBslOslP2X2MPDucliyvSE= +cloud.google.com/go/dataplex v1.9.1/go.mod h1:7TyrDT6BCdI8/38Uvp0/ZxBslOslP2X2MPDucliyvSE= +cloud.google.com/go/dataplex v1.10.1/go.mod h1:1MzmBv8FvjYfc7vDdxhnLFNskikkB+3vl475/XdCDhs= +cloud.google.com/go/dataplex v1.10.2/go.mod h1:xdC8URdTrCrZMW6keY779ZT1cTOfV8KEPNsw+LTRT1Y= +cloud.google.com/go/dataplex v1.11.1/go.mod h1:mHJYQQ2VEJHsyoC0OdNyy988DvEbPhqFs5OOLffLX0c= cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s= cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI= cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= +cloud.google.com/go/dataproc/v2 v2.0.1/go.mod h1:7Ez3KRHdFGcfY7GcevBbvozX+zyWGcwLJvvAMwCaoZ4= +cloud.google.com/go/dataproc/v2 v2.2.0/go.mod h1:lZR7AQtwZPvmINx5J87DSOOpTfof9LVZju6/Qo4lmcY= +cloud.google.com/go/dataproc/v2 v2.2.1/go.mod h1:QdAJLaBjh+l4PVlVZcmrmhGccosY/omC1qwfQ61Zv/o= +cloud.google.com/go/dataproc/v2 v2.2.2/go.mod h1:aocQywVmQVF4i8CL740rNI/ZRpsaaC1Wh2++BJ7HEJ4= +cloud.google.com/go/dataproc/v2 v2.2.3/go.mod h1:G5R6GBc9r36SXv/RtZIVfB8SipI+xVn0bX5SxUzVYbY= cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c= +cloud.google.com/go/dataqna v0.8.1/go.mod h1:zxZM0Bl6liMePWsHA8RMGAfmTG34vJMapbHAxQ5+WA8= +cloud.google.com/go/dataqna v0.8.2/go.mod h1:KNEqgx8TTmUipnQsScOoDpq/VlXVptUqVMZnt30WAPs= +cloud.google.com/go/dataqna v0.8.3/go.mod h1:wXNBW2uvc9e7Gl5k8adyAMnLush1KVV6lZUhB+rqNu4= +cloud.google.com/go/dataqna v0.8.4/go.mod h1:mySRKjKg5Lz784P6sCov3p1QD+RZQONRMRjzGNcFd0c= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM= cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c= +cloud.google.com/go/datastore v1.12.0/go.mod h1:KjdB88W897MRITkvWWJrg2OUtrR5XVj1EoLgSp6/N70= +cloud.google.com/go/datastore v1.12.1/go.mod h1:KjdB88W897MRITkvWWJrg2OUtrR5XVj1EoLgSp6/N70= +cloud.google.com/go/datastore v1.13.0/go.mod h1:KjdB88W897MRITkvWWJrg2OUtrR5XVj1EoLgSp6/N70= +cloud.google.com/go/datastore v1.14.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8= +cloud.google.com/go/datastore v1.15.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8= cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g= cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4= cloud.google.com/go/datastream v1.6.0/go.mod h1:6LQSuswqLa7S4rPAOZFVjHIG3wJIjZcZrw8JDEDJuIs= cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww= +cloud.google.com/go/datastream v1.9.1/go.mod h1:hqnmr8kdUBmrnk65k5wNRoHSCYksvpdZIcZIEl8h43Q= +cloud.google.com/go/datastream v1.10.0/go.mod h1:hqnmr8kdUBmrnk65k5wNRoHSCYksvpdZIcZIEl8h43Q= +cloud.google.com/go/datastream v1.10.1/go.mod h1:7ngSYwnw95YFyTd5tOGBxHlOZiL+OtpjheqU7t2/s/c= +cloud.google.com/go/datastream v1.10.2/go.mod h1:W42TFgKAs/om6x/CdXX5E4oiAsKlH+e8MTGy81zdYt0= +cloud.google.com/go/datastream v1.10.3/go.mod h1:YR0USzgjhqA/Id0Ycu1VvZe8hEWwrkjuXrGbzeDOSEA= cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c= cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s= cloud.google.com/go/deploy v1.6.0/go.mod h1:f9PTHehG/DjCom3QH0cntOVRm93uGBDt2vKzAPwpXQI= cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ= +cloud.google.com/go/deploy v1.11.0/go.mod h1:tKuSUV5pXbn67KiubiUNUejqLs4f5cxxiCNCeyl0F2g= +cloud.google.com/go/deploy v1.13.0/go.mod h1:tKuSUV5pXbn67KiubiUNUejqLs4f5cxxiCNCeyl0F2g= +cloud.google.com/go/deploy v1.13.1/go.mod h1:8jeadyLkH9qu9xgO3hVWw8jVr29N1mnW42gRJT8GY6g= +cloud.google.com/go/deploy v1.14.1/go.mod h1:N8S0b+aIHSEeSr5ORVoC0+/mOPUysVt8ae4QkZYolAw= +cloud.google.com/go/deploy v1.14.2/go.mod h1:e5XOUI5D+YGldyLNZ21wbp9S8otJbBE4i88PtO9x/2g= cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= @@ -251,37 +451,80 @@ cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFM cloud.google.com/go/dialogflow v1.29.0/go.mod h1:b+2bzMe+k1s9V+F2jbJwpHPzrnIyHihAdRFMtn2WXuM= cloud.google.com/go/dialogflow v1.31.0/go.mod h1:cuoUccuL1Z+HADhyIA7dci3N5zUssgpBJmCzI6fNRB4= cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE= +cloud.google.com/go/dialogflow v1.38.0/go.mod h1:L7jnH+JL2mtmdChzAIcXQHXMvQkE3U4hTaNltEuxXn4= +cloud.google.com/go/dialogflow v1.40.0/go.mod h1:L7jnH+JL2mtmdChzAIcXQHXMvQkE3U4hTaNltEuxXn4= +cloud.google.com/go/dialogflow v1.43.0/go.mod h1:pDUJdi4elL0MFmt1REMvFkdsUTYSHq+rTCS8wg0S3+M= +cloud.google.com/go/dialogflow v1.44.0/go.mod h1:pDUJdi4elL0MFmt1REMvFkdsUTYSHq+rTCS8wg0S3+M= +cloud.google.com/go/dialogflow v1.44.1/go.mod h1:n/h+/N2ouKOO+rbe/ZnI186xImpqvCVj2DdsWS/0EAk= +cloud.google.com/go/dialogflow v1.44.2/go.mod h1:QzFYndeJhpVPElnFkUXxdlptx0wPnBWLCBT9BvtC3/c= +cloud.google.com/go/dialogflow v1.44.3/go.mod h1:mHly4vU7cPXVweuB5R0zsYKPMzy240aQdAu06SqBbAQ= cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM= cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q= cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4= +cloud.google.com/go/dlp v1.10.1/go.mod h1:IM8BWz1iJd8njcNcG0+Kyd9OPnqnRNkDV8j42VT5KOI= +cloud.google.com/go/dlp v1.10.2/go.mod h1:ZbdKIhcnyhILgccwVDzkwqybthh7+MplGC3kZVZsIOQ= +cloud.google.com/go/dlp v1.10.3/go.mod h1:iUaTc/ln8I+QT6Ai5vmuwfw8fqTk2kaz0FvCwhLCom0= +cloud.google.com/go/dlp v1.11.1/go.mod h1:/PA2EnioBeXTL/0hInwgj0rfsQb3lpE3R8XUJxqUNKI= cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k= cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4= cloud.google.com/go/documentai v1.16.0/go.mod h1:o0o0DLTEZ+YnJZ+J4wNfTxmDVyrkzFvttBXXtYRMHkM= cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs= +cloud.google.com/go/documentai v1.20.0/go.mod h1:yJkInoMcK0qNAEdRnqY/D5asy73tnPe88I1YTZT+a8E= +cloud.google.com/go/documentai v1.22.0/go.mod h1:yJkInoMcK0qNAEdRnqY/D5asy73tnPe88I1YTZT+a8E= +cloud.google.com/go/documentai v1.22.1/go.mod h1:LKs22aDHbJv7ufXuPypzRO7rG3ALLJxzdCXDPutw4Qc= +cloud.google.com/go/documentai v1.23.0/go.mod h1:LKs22aDHbJv7ufXuPypzRO7rG3ALLJxzdCXDPutw4Qc= +cloud.google.com/go/documentai v1.23.2/go.mod h1:Q/wcRT+qnuXOpjAkvOV4A+IeQl04q2/ReT7SSbytLSo= +cloud.google.com/go/documentai v1.23.4/go.mod h1:4MYAaEMnADPN1LPN5xboDR5QVB6AgsaxgFdJhitlE2Y= +cloud.google.com/go/documentai v1.23.5/go.mod h1:ghzBsyVTiVdkfKaUCum/9bGBEyBjDO4GfooEcYKhN+g= cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE= +cloud.google.com/go/domains v0.9.1/go.mod h1:aOp1c0MbejQQ2Pjf1iJvnVyT+z6R6s8pX66KaCSDYfE= +cloud.google.com/go/domains v0.9.2/go.mod h1:3YvXGYzZG1Temjbk7EyGCuGGiXHJwVNmwIf+E/cUp5I= +cloud.google.com/go/domains v0.9.3/go.mod h1:29k66YNDLDY9LCFKpGFeh6Nj9r62ZKm5EsUJxAl84KU= +cloud.google.com/go/domains v0.9.4/go.mod h1:27jmJGShuXYdUNjyDG0SodTfT5RwLi7xmH334Gvi3fY= cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= cloud.google.com/go/edgecontainer v0.3.0/go.mod h1:FLDpP4nykgwwIfcLt6zInhprzw0lEi2P1fjO6Ie0qbc= cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY= +cloud.google.com/go/edgecontainer v1.1.1/go.mod h1:O5bYcS//7MELQZs3+7mabRqoWQhXCzenBu0R8bz2rwk= +cloud.google.com/go/edgecontainer v1.1.2/go.mod h1:wQRjIzqxEs9e9wrtle4hQPSR1Y51kqN75dgF7UllZZ4= +cloud.google.com/go/edgecontainer v1.1.3/go.mod h1:Ll2DtIABzEfaxaVSbwj3QHFaOOovlDFiWVDu349jSsA= +cloud.google.com/go/edgecontainer v1.1.4/go.mod h1:AvFdVuZuVGdgaE5YvlL1faAoa1ndRR/5XhXZvPBHbsE= cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI= cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8= cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M= +cloud.google.com/go/essentialcontacts v1.6.2/go.mod h1:T2tB6tX+TRak7i88Fb2N9Ok3PvY3UNbUsMag9/BARh4= +cloud.google.com/go/essentialcontacts v1.6.3/go.mod h1:yiPCD7f2TkP82oJEFXFTou8Jl8L6LBRPeBEkTaO0Ggo= +cloud.google.com/go/essentialcontacts v1.6.4/go.mod h1:iju5Vy3d9tJUg0PYMd1nHhjV7xoCXaOAVabrwLaPBEM= +cloud.google.com/go/essentialcontacts v1.6.5/go.mod h1:jjYbPzw0x+yglXC890l6ECJWdYeZ5dlYACTFL0U/VuM= cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc= cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw= cloud.google.com/go/eventarc v1.10.0/go.mod h1:u3R35tmZ9HvswGRBnF48IlYgYeBcPUCjkr4BTdem2Kw= cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY= +cloud.google.com/go/eventarc v1.12.1/go.mod h1:mAFCW6lukH5+IZjkvrEss+jmt2kOdYlN8aMx3sRJiAI= +cloud.google.com/go/eventarc v1.13.0/go.mod h1:mAFCW6lukH5+IZjkvrEss+jmt2kOdYlN8aMx3sRJiAI= +cloud.google.com/go/eventarc v1.13.1/go.mod h1:EqBxmGHFrruIara4FUQ3RHlgfCn7yo1HYsu2Hpt/C3Y= +cloud.google.com/go/eventarc v1.13.2/go.mod h1:X9A80ShVu19fb4e5sc/OLV7mpFUKZMwfJFeeWhcIObM= +cloud.google.com/go/eventarc v1.13.3/go.mod h1:RWH10IAZIRcj1s/vClXkBgMHwh59ts7hSWcqD3kaclg= cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w= cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI= cloud.google.com/go/filestore v1.5.0/go.mod h1:FqBXDWBp4YLHqRnVGveOkHDf8svj9r5+mUDLupOWEDs= cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg= +cloud.google.com/go/filestore v1.7.1/go.mod h1:y10jsorq40JJnjR/lQ8AfFbbcGlw3g+Dp8oN7i7FjV4= +cloud.google.com/go/filestore v1.7.2/go.mod h1:TYOlyJs25f/omgj+vY7/tIG/E7BX369triSPzE4LdgE= +cloud.google.com/go/filestore v1.7.3/go.mod h1:Qp8WaEERR3cSkxToxFPHh/b8AACkSut+4qlCjAmKTV0= +cloud.google.com/go/filestore v1.7.4/go.mod h1:S5JCxIbFjeBhWMTfIYH2Jx24J6BqjwpkkPl+nBA5DlI= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= +cloud.google.com/go/firestore v1.11.0/go.mod h1:b38dKhgzlmNNGTNZZwe7ZRFEuRab1Hay3/DBsIGKKy4= +cloud.google.com/go/firestore v1.12.0/go.mod h1:b38dKhgzlmNNGTNZZwe7ZRFEuRab1Hay3/DBsIGKKy4= +cloud.google.com/go/firestore v1.13.0/go.mod h1:QojqqOh8IntInDUSTAh0c8ZsPYAr68Ma8c5DWOy8xb8= +cloud.google.com/go/firestore v1.14.0/go.mod h1:96MVaHLsEhbvkBEdZgfN+AS/GIkco1LRpH9Xp9YZfzQ= cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY= @@ -289,28 +532,56 @@ cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5Uwt cloud.google.com/go/functions v1.10.0/go.mod h1:0D3hEOe3DbEvCXtYOZHQZmD+SzYsi1YbI7dGvHfldXw= cloud.google.com/go/functions v1.12.0/go.mod h1:AXWGrF3e2C/5ehvwYo/GH6O5s09tOPksiKhz+hH8WkA= cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c= +cloud.google.com/go/functions v1.15.1/go.mod h1:P5yNWUTkyU+LvW/S9O6V+V423VZooALQlqoXdoPz5AE= +cloud.google.com/go/functions v1.15.2/go.mod h1:CHAjtcR6OU4XF2HuiVeriEdELNcnvRZSk1Q8RMqy4lE= +cloud.google.com/go/functions v1.15.3/go.mod h1:r/AMHwBheapkkySEhiZYLDBwVJCdlRwsm4ieJu35/Ug= +cloud.google.com/go/functions v1.15.4/go.mod h1:CAsTc3VlRMVvx+XqXxKqVevguqJpnVip4DdonFsX28I= cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w= cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM= cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0= +cloud.google.com/go/gaming v1.10.1/go.mod h1:XQQvtfP8Rb9Rxnxm5wFVpAp9zCQkJi2bLIb7iHGwB3s= cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60= cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo= cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= +cloud.google.com/go/gkebackup v1.3.0/go.mod h1:vUDOu++N0U5qs4IhG1pcOnD1Mac79xWy6GoBFlWCWBU= +cloud.google.com/go/gkebackup v1.3.1/go.mod h1:vUDOu++N0U5qs4IhG1pcOnD1Mac79xWy6GoBFlWCWBU= +cloud.google.com/go/gkebackup v1.3.2/go.mod h1:OMZbXzEJloyXMC7gqdSB+EOEQ1AKcpGYvO3s1ec5ixk= +cloud.google.com/go/gkebackup v1.3.3/go.mod h1:eMk7/wVV5P22KBakhQnJxWSVftL1p4VBFLpv0kIft7I= +cloud.google.com/go/gkebackup v1.3.4/go.mod h1:gLVlbM8h/nHIs09ns1qx3q3eaXcGSELgNu1DWXYz1HI= cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw= +cloud.google.com/go/gkeconnect v0.8.1/go.mod h1:KWiK1g9sDLZqhxB2xEuPV8V9NYzrqTUmQR9shJHpOZw= +cloud.google.com/go/gkeconnect v0.8.2/go.mod h1:6nAVhwchBJYgQCXD2pHBFQNiJNyAd/wyxljpaa6ZPrY= +cloud.google.com/go/gkeconnect v0.8.3/go.mod h1:i9GDTrfzBSUZGCe98qSu1B8YB8qfapT57PenIb820Jo= +cloud.google.com/go/gkeconnect v0.8.4/go.mod h1:84hZz4UMlDCKl8ifVW8layK4WHlMAFeq8vbzjU0yJkw= cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= cloud.google.com/go/gkehub v0.11.0/go.mod h1:JOWHlmN+GHyIbuWQPl47/C2RFhnFKH38jH9Ascu3n0E= cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw= +cloud.google.com/go/gkehub v0.14.1/go.mod h1:VEXKIJZ2avzrbd7u+zeMtW00Y8ddk/4V9511C9CQGTY= +cloud.google.com/go/gkehub v0.14.2/go.mod h1:iyjYH23XzAxSdhrbmfoQdePnlMj2EWcvnR+tHdBQsCY= +cloud.google.com/go/gkehub v0.14.3/go.mod h1:jAl6WafkHHW18qgq7kqcrXYzN08hXeK/Va3utN8VKg8= +cloud.google.com/go/gkehub v0.14.4/go.mod h1:Xispfu2MqnnFt8rV/2/3o73SK1snL8s9dYJ9G2oQMfc= cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA= cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI= cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y= +cloud.google.com/go/gkemulticloud v0.6.1/go.mod h1:kbZ3HKyTsiwqKX7Yw56+wUGwwNZViRnxWK2DVknXWfw= +cloud.google.com/go/gkemulticloud v1.0.0/go.mod h1:kbZ3HKyTsiwqKX7Yw56+wUGwwNZViRnxWK2DVknXWfw= +cloud.google.com/go/gkemulticloud v1.0.1/go.mod h1:AcrGoin6VLKT/fwZEYuqvVominLriQBCKmbjtnbMjG8= +cloud.google.com/go/gkemulticloud v1.0.2/go.mod h1:+ee5VXxKb3H1l4LZAcgWB/rvI16VTNTrInWxDjAGsGo= +cloud.google.com/go/gkemulticloud v1.0.3/go.mod h1:7NpJBN94U6DY1xHIbsDqB2+TFZUfjLUKLjUX8NGLor0= cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= +cloud.google.com/go/grafeas v0.3.0/go.mod h1:P7hgN24EyONOTMyeJH6DxG4zD7fwiYa5Q6GUgyFSOU8= cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM= cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o= cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo= +cloud.google.com/go/gsuiteaddons v1.6.1/go.mod h1:CodrdOqRZcLp5WOwejHWYBjZvfY0kOphkAKpF/3qdZY= +cloud.google.com/go/gsuiteaddons v1.6.2/go.mod h1:K65m9XSgs8hTF3X9nNTPi8IQueljSdYo9F+Mi+s4MyU= +cloud.google.com/go/gsuiteaddons v1.6.3/go.mod h1:sCFJkZoMrLZT3JTb8uJqgKPNshH2tfXeCwTFRebTq48= +cloud.google.com/go/gsuiteaddons v1.6.4/go.mod h1:rxtstw7Fx22uLOXBpsvb9DUbC+fiXs7rF4U29KHM/pE= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= @@ -320,6 +591,12 @@ cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGE cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= +cloud.google.com/go/iam v1.0.1/go.mod h1:yR3tmSL8BcZB4bxByRv2jkSIahVmCtfKZwLYGBalRE8= +cloud.google.com/go/iam v1.1.0/go.mod h1:nxdHjaKfCr7fNYx/HJMM8LgiMugmveWlkatear5gVyk= +cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= +cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= +cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE= +cloud.google.com/go/iam v1.1.4/go.mod h1:l/rg8l1AaA+VFMho/HYx2Vv6xinPSLMF8qfhRPIZ0L8= cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI= cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= @@ -327,13 +604,26 @@ cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/ cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= cloud.google.com/go/iap v1.7.0/go.mod h1:beqQx56T9O1G1yNPph+spKpNibDlYIiIixiqsQXxLIo= cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74= +cloud.google.com/go/iap v1.8.1/go.mod h1:sJCbeqg3mvWLqjZNsI6dfAtbbV1DL2Rl7e1mTyXYREQ= +cloud.google.com/go/iap v1.9.0/go.mod h1:01OFxd1R+NFrg78S+hoPV5PxEzv22HXaNqUUlmNHFuY= +cloud.google.com/go/iap v1.9.1/go.mod h1:SIAkY7cGMLohLSdBR25BuIxO+I4fXJiL06IBL7cy/5Q= +cloud.google.com/go/iap v1.9.2/go.mod h1:GwDTOs047PPSnwRD0Us5FKf4WDRcVvHg1q9WVkKBhdI= +cloud.google.com/go/iap v1.9.3/go.mod h1:DTdutSZBqkkOm2HEOTBzhZxh2mwwxshfD/h3yofAiCw= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY= cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4= +cloud.google.com/go/ids v1.4.1/go.mod h1:np41ed8YMU8zOgv53MMMoCntLTn2lF+SUzlM+O3u/jw= +cloud.google.com/go/ids v1.4.2/go.mod h1:3vw8DX6YddRu9BncxuzMyWn0g8+ooUjI2gslJ7FH3vk= +cloud.google.com/go/ids v1.4.3/go.mod h1:9CXPqI3GedjmkjbMWCUhMZ2P2N7TUMzAkVXYEH2orYU= +cloud.google.com/go/ids v1.4.4/go.mod h1:z+WUc2eEl6S/1aZWzwtVNWoSZslgzPxAboS0lZX0HjI= cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs= cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g= cloud.google.com/go/iot v1.5.0/go.mod h1:mpz5259PDl3XJthEmh9+ap0affn/MqNSP4My77Qql9o= cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE= +cloud.google.com/go/iot v1.7.1/go.mod h1:46Mgw7ev1k9KqK1ao0ayW9h0lI+3hxeanz+L1zmbbbk= +cloud.google.com/go/iot v1.7.2/go.mod h1:q+0P5zr1wRFpw7/MOgDXrG/HVA+l+cSwdObffkrpnSg= +cloud.google.com/go/iot v1.7.3/go.mod h1:t8itFchkol4VgNbHnIq9lXoOOtHNR3uAACQMYbN9N4I= +cloud.google.com/go/iot v1.7.4/go.mod h1:3TWqDVvsddYBG++nHSZmluoCAVGr1hAcabbWZNKEZLk= cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= @@ -341,6 +631,12 @@ cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4 cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= +cloud.google.com/go/kms v1.11.0/go.mod h1:hwdiYC0xjnWsKQQCQQmIQnS9asjYVSK6jtXm+zFqXLM= +cloud.google.com/go/kms v1.12.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM= +cloud.google.com/go/kms v1.15.0/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM= +cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w= +cloud.google.com/go/kms v1.15.3/go.mod h1:AJdXqHxS2GlPyduM99s9iGqi2nwbviBbhV/hdmt4iOQ= +cloud.google.com/go/kms v1.15.4/go.mod h1:L3Sdj6QTHK8dfwK5D1JLsAyELsNMnd3tAIwGS4ltKpc= cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM= cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= @@ -348,92 +644,193 @@ cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQn cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8= cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY= +cloud.google.com/go/language v1.10.1/go.mod h1:CPp94nsdVNiQEt1CNjF5WkTcisLiHPyIbMhvR8H2AW0= +cloud.google.com/go/language v1.11.0/go.mod h1:uDx+pFDdAKTY8ehpWbiXyQdz8tDSYLJbQcXsCkjYyvQ= +cloud.google.com/go/language v1.11.1/go.mod h1:Xyid9MG9WOX3utvDbpX7j3tXDmmDooMyMDqgUVpH17U= +cloud.google.com/go/language v1.12.1/go.mod h1:zQhalE2QlQIxbKIZt54IASBzmZpN/aDASea5zl1l+J4= +cloud.google.com/go/language v1.12.2/go.mod h1:9idWapzr/JKXBBQ4lWqVX/hcadxB194ry20m/bTrhWc= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= +cloud.google.com/go/lifesciences v0.9.1/go.mod h1:hACAOd1fFbCGLr/+weUKRAJas82Y4vrL3O5326N//Wc= +cloud.google.com/go/lifesciences v0.9.2/go.mod h1:QHEOO4tDzcSAzeJg7s2qwnLM2ji8IRpQl4p6m5Z9yTA= +cloud.google.com/go/lifesciences v0.9.3/go.mod h1:gNGBOJV80IWZdkd+xz4GQj4mbqaz737SCLHn2aRhQKM= +cloud.google.com/go/lifesciences v0.9.4/go.mod h1:bhm64duKhMi7s9jR9WYJYvjAFJwRqNj+Nia7hF0Z7JA= cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= +cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI= cloud.google.com/go/logging v1.9.0 h1:iEIOXFO9EmSiTjDmfpbRjOxECO7R8C7b8IXUGOj7xZw= cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A0y7BBBhE= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= +cloud.google.com/go/longrunning v0.4.2/go.mod h1:OHrnaYyLUV6oqwh0xiS7e5sLQhP1m0QU9R+WhGDMgIQ= +cloud.google.com/go/longrunning v0.5.0/go.mod h1:0JNuqRShmscVAhIACGtskSAWtqtOoPkwP0YF1oVEchc= +cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHSQl/fRUUQJYJc= +cloud.google.com/go/longrunning v0.5.2/go.mod h1:nqo6DQbNV2pXhGDbDMoN2bWz68MjZUzqv2YttZiveCs= +cloud.google.com/go/longrunning v0.5.3/go.mod h1:y/0ga59EYu58J6SHmmQOvekvND2qODbu8ywBBW7EK7Y= cloud.google.com/go/longrunning v0.5.4 h1:w8xEcbZodnA2BbW6sVirkkoC+1gP8wS57EUUgGS0GVg= cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= +cloud.google.com/go/managedidentities v1.6.1/go.mod h1:h/irGhTN2SkZ64F43tfGPMbHnypMbu4RB3yl8YcuEak= +cloud.google.com/go/managedidentities v1.6.2/go.mod h1:5c2VG66eCa0WIq6IylRk3TBW83l161zkFvCj28X7jn8= +cloud.google.com/go/managedidentities v1.6.3/go.mod h1:tewiat9WLyFN0Fi7q1fDD5+0N4VUoL0SCX0OTCthZq4= +cloud.google.com/go/managedidentities v1.6.4/go.mod h1:WgyaECfHmF00t/1Uk8Oun3CQ2PGUtjc3e9Alh79wyiM= cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= cloud.google.com/go/maps v0.6.0/go.mod h1:o6DAMMfb+aINHz/p/jbcY+mYeXBoZoxTfdSQ8VAJaCw= cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY= +cloud.google.com/go/maps v1.3.0/go.mod h1:6mWTUv+WhnOwAgjVsSW2QPPECmW+s3PcRyOa9vgG/5s= +cloud.google.com/go/maps v1.4.0/go.mod h1:6mWTUv+WhnOwAgjVsSW2QPPECmW+s3PcRyOa9vgG/5s= +cloud.google.com/go/maps v1.4.1/go.mod h1:BxSa0BnW1g2U2gNdbq5zikLlHUuHW0GFWh7sgML2kIY= +cloud.google.com/go/maps v1.5.1/go.mod h1:NPMZw1LJwQZYCfz4y+EIw+SI+24A4bpdFJqdKVr0lt4= +cloud.google.com/go/maps v1.6.1/go.mod h1:4+buOHhYXFBp58Zj/K+Lc1rCmJssxxF4pJ5CJnhdz18= cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= cloud.google.com/go/mediatranslation v0.7.0/go.mod h1:LCnB/gZr90ONOIQLgSXagp8XUW1ODs2UmUMvcgMfI2I= +cloud.google.com/go/mediatranslation v0.8.1/go.mod h1:L/7hBdEYbYHQJhX2sldtTO5SZZ1C1vkapubj0T2aGig= +cloud.google.com/go/mediatranslation v0.8.2/go.mod h1:c9pUaDRLkgHRx3irYE5ZC8tfXGrMYwNZdmDqKMSfFp8= +cloud.google.com/go/mediatranslation v0.8.3/go.mod h1:F9OnXTy336rteOEywtY7FOqCk+J43o2RF638hkOQl4Y= +cloud.google.com/go/mediatranslation v0.8.4/go.mod h1:9WstgtNVAdN53m6TQa5GjIjLqKQPXe74hwSCxUP6nj4= cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA= cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY= cloud.google.com/go/memcache v1.9.0/go.mod h1:8oEyzXCu+zo9RzlEaEjHl4KkgjlNDaXbCQeQWlzNFJM= +cloud.google.com/go/memcache v1.10.1/go.mod h1:47YRQIarv4I3QS5+hoETgKO40InqzLP6kpNLvyXuyaA= +cloud.google.com/go/memcache v1.10.2/go.mod h1:f9ZzJHLBrmd4BkguIAa/l/Vle6uTHzHokdnzSWOdQ6A= +cloud.google.com/go/memcache v1.10.3/go.mod h1:6z89A41MT2DVAW0P4iIRdu5cmRTsbsFn4cyiIx8gbwo= +cloud.google.com/go/memcache v1.10.4/go.mod h1:v/d8PuC8d1gD6Yn5+I3INzLR01IDn0N4Ym56RgikSI0= cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8= cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI= cloud.google.com/go/metastore v1.10.0/go.mod h1:fPEnH3g4JJAk+gMRnrAnoqyv2lpUCqJPWOodSaf45Eo= +cloud.google.com/go/metastore v1.11.1/go.mod h1:uZuSo80U3Wd4zi6C22ZZliOUJ3XeM/MlYi/z5OAOWRA= +cloud.google.com/go/metastore v1.12.0/go.mod h1:uZuSo80U3Wd4zi6C22ZZliOUJ3XeM/MlYi/z5OAOWRA= +cloud.google.com/go/metastore v1.13.0/go.mod h1:URDhpG6XLeh5K+Glq0NOt74OfrPKTwS62gEPZzb5SOk= +cloud.google.com/go/metastore v1.13.1/go.mod h1:IbF62JLxuZmhItCppcIfzBBfUFq0DIB9HPDoLgWrVOU= +cloud.google.com/go/metastore v1.13.2/go.mod h1:KS59dD+unBji/kFebVp8XU/quNSyo8b6N6tPGspKszA= +cloud.google.com/go/metastore v1.13.3/go.mod h1:K+wdjXdtkdk7AQg4+sXS8bRrQa9gcOr+foOMF2tqINE= cloud.google.com/go/monitoring v1.1.0/go.mod h1:L81pzz7HKn14QCMaCs6NTQkdBnE87TElyanS95vIcl4= cloud.google.com/go/monitoring v1.5.0/go.mod h1:/o9y8NYX5j91JjD/JvGLYbi86kL11OjyJXq2XziLJu4= cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= +cloud.google.com/go/monitoring v1.15.1/go.mod h1:lADlSAlFdbqQuwwpaImhsJXu1QSdd3ojypXrFSMr2rM= +cloud.google.com/go/monitoring v1.16.0/go.mod h1:Ptp15HgAyM1fNICAojDMoNc/wUmn67mLHQfyqbw+poY= +cloud.google.com/go/monitoring v1.16.1/go.mod h1:6HsxddR+3y9j+o/cMJH6q/KJ/CBTvM/38L/1m7bTRJ4= +cloud.google.com/go/monitoring v1.16.2/go.mod h1:B44KGwi4ZCF8Rk/5n+FWeispDXoKSk9oss2QNlXJBgc= +cloud.google.com/go/monitoring v1.16.3/go.mod h1:KwSsX5+8PnXv5NJnICZzW2R8pWTis8ypC4zmdRD63Tw= cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8= cloud.google.com/go/networkconnectivity v1.10.0/go.mod h1:UP4O4sWXJG13AqrTdQCD9TnLGEbtNRqjuaaA7bNjF5E= cloud.google.com/go/networkconnectivity v1.11.0/go.mod h1:iWmDD4QF16VCDLXUqvyspJjIEtBR/4zq5hwnY2X3scM= +cloud.google.com/go/networkconnectivity v1.12.1/go.mod h1:PelxSWYM7Sh9/guf8CFhi6vIqf19Ir/sbfZRUwXh92E= +cloud.google.com/go/networkconnectivity v1.13.0/go.mod h1:SAnGPes88pl7QRLUen2HmcBSE9AowVAcdug8c0RSBFk= +cloud.google.com/go/networkconnectivity v1.14.0/go.mod h1:SAnGPes88pl7QRLUen2HmcBSE9AowVAcdug8c0RSBFk= +cloud.google.com/go/networkconnectivity v1.14.1/go.mod h1:LyGPXR742uQcDxZ/wv4EI0Vu5N6NKJ77ZYVnDe69Zug= +cloud.google.com/go/networkconnectivity v1.14.2/go.mod h1:5UFlwIisZylSkGG1AdwK/WZUaoz12PKu6wODwIbFzJo= +cloud.google.com/go/networkconnectivity v1.14.3/go.mod h1:4aoeFdrJpYEXNvrnfyD5kIzs8YtHg945Og4koAjHQek= cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8= cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4= cloud.google.com/go/networkmanagement v1.6.0/go.mod h1:5pKPqyXjB/sgtvB5xqOemumoQNB7y95Q7S+4rjSOPYY= +cloud.google.com/go/networkmanagement v1.8.0/go.mod h1:Ho/BUGmtyEqrttTgWEe7m+8vDdK74ibQc+Be0q7Fof0= +cloud.google.com/go/networkmanagement v1.9.0/go.mod h1:UTUaEU9YwbCAhhz3jEOHr+2/K/MrBk2XxOLS89LQzFw= +cloud.google.com/go/networkmanagement v1.9.1/go.mod h1:CCSYgrQQvW73EJawO2QamemYcOb57LvrDdDU51F0mcI= +cloud.google.com/go/networkmanagement v1.9.2/go.mod h1:iDGvGzAoYRghhp4j2Cji7sF899GnfGQcQRQwgVOWnDw= +cloud.google.com/go/networkmanagement v1.9.3/go.mod h1:y7WMO1bRLaP5h3Obm4tey+NquUvB93Co1oh4wpL+XcU= cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= cloud.google.com/go/networksecurity v0.7.0/go.mod h1:mAnzoxx/8TBSyXEeESMy9OOYwo1v+gZ5eMRnsT5bC8k= cloud.google.com/go/networksecurity v0.8.0/go.mod h1:B78DkqsxFG5zRSVuwYFRZ9Xz8IcQ5iECsNrPn74hKHU= +cloud.google.com/go/networksecurity v0.9.1/go.mod h1:MCMdxOKQ30wsBI1eI659f9kEp4wuuAueoC9AJKSPWZQ= +cloud.google.com/go/networksecurity v0.9.2/go.mod h1:jG0SeAttWzPMUILEHDUvFYdQTl8L/E/KC8iZDj85lEI= +cloud.google.com/go/networksecurity v0.9.3/go.mod h1:l+C0ynM6P+KV9YjOnx+kk5IZqMSLccdBqW6GUoF4p/0= +cloud.google.com/go/networksecurity v0.9.4/go.mod h1:E9CeMZ2zDsNBkr8axKSYm8XyTqNhiCHf1JO/Vb8mD1w= cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA= cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0= cloud.google.com/go/notebooks v1.7.0/go.mod h1:PVlaDGfJgj1fl1S3dUwhFMXFgfYGhYQt2164xOMONmE= cloud.google.com/go/notebooks v1.8.0/go.mod h1:Lq6dYKOYOWUCTvw5t2q1gp1lAp0zxAxRycayS0iJcqQ= +cloud.google.com/go/notebooks v1.9.1/go.mod h1:zqG9/gk05JrzgBt4ghLzEepPHNwE5jgPcHZRKhlC1A8= +cloud.google.com/go/notebooks v1.10.0/go.mod h1:SOPYMZnttHxqot0SGSFSkRrwE29eqnKPBJFqgWmiK2k= +cloud.google.com/go/notebooks v1.10.1/go.mod h1:5PdJc2SgAybE76kFQCWrTfJolCOUQXF97e+gteUUA6A= +cloud.google.com/go/notebooks v1.11.1/go.mod h1:V2Zkv8wX9kDCGRJqYoI+bQAaoVeE5kSiz4yYHd2yJwQ= +cloud.google.com/go/notebooks v1.11.2/go.mod h1:z0tlHI/lREXC8BS2mIsUeR3agM1AkgLiS+Isov3SS70= cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4= cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs= cloud.google.com/go/optimization v1.3.1/go.mod h1:IvUSefKiwd1a5p0RgHDbWCIbDFgKuEdB+fPPuP0IDLI= +cloud.google.com/go/optimization v1.4.1/go.mod h1:j64vZQP7h9bO49m2rVaTVoNM0vEBEN5eKPUPbZyXOrk= +cloud.google.com/go/optimization v1.5.0/go.mod h1:evo1OvTxeBRBu6ydPlrIRizKY/LJKo/drDMMRKqGEUU= +cloud.google.com/go/optimization v1.5.1/go.mod h1:NC0gnUD5MWVAF7XLdoYVPmYYVth93Q6BUzqAq3ZwtV8= +cloud.google.com/go/optimization v1.6.1/go.mod h1:hH2RYPTTM9e9zOiTaYPTiGPcGdNZVnBSBxjIAJzUkqo= +cloud.google.com/go/optimization v1.6.2/go.mod h1:mWNZ7B9/EyMCcwNl1frUGEuY6CPijSkz88Fz2vwKPOY= cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA= cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk= cloud.google.com/go/orchestration v1.6.0/go.mod h1:M62Bevp7pkxStDfFfTuCOaXgaaqRAga1yKyoMtEoWPQ= +cloud.google.com/go/orchestration v1.8.1/go.mod h1:4sluRF3wgbYVRqz7zJ1/EUNc90TTprliq9477fGobD8= +cloud.google.com/go/orchestration v1.8.2/go.mod h1:T1cP+6WyTmh6LSZzeUhvGf0uZVmJyTx7t8z7Vg87+A0= +cloud.google.com/go/orchestration v1.8.3/go.mod h1:xhgWAYqlbYjlz2ftbFghdyqENYW+JXuhBx9KsjMoGHs= +cloud.google.com/go/orchestration v1.8.4/go.mod h1:d0lywZSVYtIoSZXb0iFjv9SaL13PGyVOKDxqGxEf/qI= cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE= cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc= cloud.google.com/go/orgpolicy v1.10.0/go.mod h1:w1fo8b7rRqlXlIJbVhOMPrwVljyuW5mqssvBtU18ONc= +cloud.google.com/go/orgpolicy v1.11.0/go.mod h1:2RK748+FtVvnfuynxBzdnyu7sygtoZa1za/0ZfpOs1M= +cloud.google.com/go/orgpolicy v1.11.1/go.mod h1:8+E3jQcpZJQliP+zaFfayC2Pg5bmhuLK755wKhIIUCE= +cloud.google.com/go/orgpolicy v1.11.2/go.mod h1:biRDpNwfyytYnmCRWZWxrKF22Nkz9eNVj9zyaBdpm1o= +cloud.google.com/go/orgpolicy v1.11.3/go.mod h1:oKAtJ/gkMjum5icv2aujkP4CxROxPXsBbYGCDbPO8MM= +cloud.google.com/go/orgpolicy v1.11.4/go.mod h1:0+aNV/nrfoTQ4Mytv+Aw+stBDBjNf4d8fYRA9herfJI= cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo= cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw= cloud.google.com/go/osconfig v1.11.0/go.mod h1:aDICxrur2ogRd9zY5ytBLV89KEgT2MKB2L/n6x1ooPw= +cloud.google.com/go/osconfig v1.12.0/go.mod h1:8f/PaYzoS3JMVfdfTubkowZYGmAhUCjjwnjqWI7NVBc= +cloud.google.com/go/osconfig v1.12.1/go.mod h1:4CjBxND0gswz2gfYRCUoUzCm9zCABp91EeTtWXyz0tE= +cloud.google.com/go/osconfig v1.12.2/go.mod h1:eh9GPaMZpI6mEJEuhEjUJmaxvQ3gav+fFEJon1Y8Iw0= +cloud.google.com/go/osconfig v1.12.3/go.mod h1:L/fPS8LL6bEYUi1au832WtMnPeQNT94Zo3FwwV1/xGM= +cloud.google.com/go/osconfig v1.12.4/go.mod h1:B1qEwJ/jzqSRslvdOCI8Kdnp0gSng0xW4LOnIebQomA= cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70= cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo= cloud.google.com/go/oslogin v1.9.0/go.mod h1:HNavntnH8nzrn8JCTT5fj18FuJLFJc4NaZJtBnQtKFs= +cloud.google.com/go/oslogin v1.10.1/go.mod h1:x692z7yAue5nE7CsSnoG0aaMbNoRJRXO4sn73R+ZqAs= +cloud.google.com/go/oslogin v1.11.0/go.mod h1:8GMTJs4X2nOAUVJiPGqIWVcDaF0eniEto3xlOxaboXE= +cloud.google.com/go/oslogin v1.11.1/go.mod h1:OhD2icArCVNUxKqtK0mcSmKL7lgr0LVlQz+v9s1ujTg= +cloud.google.com/go/oslogin v1.12.1/go.mod h1:VfwTeFJGbnakxAY236eN8fsnglLiVXndlbcNomY4iZU= +cloud.google.com/go/oslogin v1.12.2/go.mod h1:CQ3V8Jvw4Qo4WRhNPF0o+HAM4DiLuE27Ul9CX9g2QdY= cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= cloud.google.com/go/phishingprotection v0.7.0/go.mod h1:8qJI4QKHoda/sb/7/YmMQ2omRLSLYSu9bU0EKCNI+Lk= +cloud.google.com/go/phishingprotection v0.8.1/go.mod h1:AxonW7GovcA8qdEk13NfHq9hNx5KPtfxXNeUxTDxB6I= +cloud.google.com/go/phishingprotection v0.8.2/go.mod h1:LhJ91uyVHEYKSKcMGhOa14zMMWfbEdxG032oT6ECbC8= +cloud.google.com/go/phishingprotection v0.8.3/go.mod h1:3B01yO7T2Ra/TMojifn8EoGd4G9jts/6cIO0DgDY9J8= +cloud.google.com/go/phishingprotection v0.8.4/go.mod h1:6b3kNPAc2AQ6jZfFHioZKg9MQNybDg4ixFd4RPZZ2nE= cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg= cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE= cloud.google.com/go/policytroubleshooter v1.5.0/go.mod h1:Rz1WfV+1oIpPdN2VvvuboLVRsB1Hclg3CKQ53j9l8vw= cloud.google.com/go/policytroubleshooter v1.6.0/go.mod h1:zYqaPTsmfvpjm5ULxAyD/lINQxJ0DDsnWOP/GZ7xzBc= +cloud.google.com/go/policytroubleshooter v1.7.1/go.mod h1:0NaT5v3Ag1M7U5r0GfDCpUFkWd9YqpubBWsQlhanRv0= +cloud.google.com/go/policytroubleshooter v1.8.0/go.mod h1:tmn5Ir5EToWe384EuboTcVQT7nTag2+DuH3uHmKd1HU= +cloud.google.com/go/policytroubleshooter v1.9.0/go.mod h1:+E2Lga7TycpeSTj2FsH4oXxTnrbHJGRlKhVZBLGgU64= +cloud.google.com/go/policytroubleshooter v1.9.1/go.mod h1:MYI8i0bCrL8cW+VHN1PoiBTyNZTstCg2WUw2eVC4c4U= +cloud.google.com/go/policytroubleshooter v1.10.1/go.mod h1:5C0rhT3TDZVxAu8813bwmTvd57Phbl8mr9F4ipOsxEs= +cloud.google.com/go/policytroubleshooter v1.10.2/go.mod h1:m4uF3f6LseVEnMV6nknlN2vYGRb+75ylQwJdnOXfnv0= cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= cloud.google.com/go/privatecatalog v0.7.0/go.mod h1:2s5ssIFO69F5csTXcwBP7NPFTZvps26xGzvQ2PQaBYg= cloud.google.com/go/privatecatalog v0.8.0/go.mod h1:nQ6pfaegeDAq/Q5lrfCQzQLhubPiZhSaNhIgfJlnIXs= +cloud.google.com/go/privatecatalog v0.9.1/go.mod h1:0XlDXW2unJXdf9zFz968Hp35gl/bhF4twwpXZAW50JA= +cloud.google.com/go/privatecatalog v0.9.2/go.mod h1:RMA4ATa8IXfzvjrhhK8J6H4wwcztab+oZph3c6WmtFc= +cloud.google.com/go/privatecatalog v0.9.3/go.mod h1:K5pn2GrVmOPjXz3T26mzwXLcKivfIJ9R5N79AFCF9UE= +cloud.google.com/go/privatecatalog v0.9.4/go.mod h1:SOjm93f+5hp/U3PqMZAHTtBtluqLygrDrVO8X8tYtG0= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -443,9 +840,12 @@ cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcd cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= +cloud.google.com/go/pubsub v1.32.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= +cloud.google.com/go/pubsub v1.33.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= cloud.google.com/go/pubsublite v1.6.0/go.mod h1:1eFCS0U11xlOuMFV/0iBqw3zP12kddMeCbj/F3FSj9k= cloud.google.com/go/pubsublite v1.7.0/go.mod h1:8hVMwRXfDfvGm3fahVbtDbiLePT3gpoiJYJY+vxWxVM= +cloud.google.com/go/pubsublite v1.8.1/go.mod h1:fOLdU4f5xldK4RGJrBMm+J7zMWNj/k4PxwEZXy39QS0= cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= @@ -454,47 +854,90 @@ cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U= cloud.google.com/go/recaptchaenterprise/v2 v2.6.0/go.mod h1:RPauz9jeLtB3JVzg6nCbe12qNoaa8pXc4d/YukAmcnA= cloud.google.com/go/recaptchaenterprise/v2 v2.7.0/go.mod h1:19wVj/fs5RtYtynAPJdDTb69oW0vNHYDBTbB4NvMD9c= +cloud.google.com/go/recaptchaenterprise/v2 v2.7.2/go.mod h1:kR0KjsJS7Jt1YSyWFkseQ756D45kaYNTlDPPaRAvDBU= +cloud.google.com/go/recaptchaenterprise/v2 v2.8.0/go.mod h1:QuE8EdU9dEnesG8/kG3XuJyNsjEqMlMzg3v3scCJ46c= +cloud.google.com/go/recaptchaenterprise/v2 v2.8.1/go.mod h1:JZYZJOeZjgSSTGP4uz7NlQ4/d1w5hGmksVgM0lbEij0= +cloud.google.com/go/recaptchaenterprise/v2 v2.8.2/go.mod h1:kpaDBOpkwD4G0GVMzG1W6Doy1tFFC97XAV3xy+Rd/pw= +cloud.google.com/go/recaptchaenterprise/v2 v2.8.3/go.mod h1:Dak54rw6lC2gBY8FBznpOCAR58wKf+R+ZSJRoeJok4w= cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= cloud.google.com/go/recommendationengine v0.7.0/go.mod h1:1reUcE3GIu6MeBz/h5xZJqNLuuVjNg1lmWMPyjatzac= +cloud.google.com/go/recommendationengine v0.8.1/go.mod h1:MrZihWwtFYWDzE6Hz5nKcNz3gLizXVIDI/o3G1DLcrE= +cloud.google.com/go/recommendationengine v0.8.2/go.mod h1:QIybYHPK58qir9CV2ix/re/M//Ty10OxjnnhWdaKS1Y= +cloud.google.com/go/recommendationengine v0.8.3/go.mod h1:m3b0RZV02BnODE9FeSvGv1qibFo8g0OnmB/RMwYy4V8= +cloud.google.com/go/recommendationengine v0.8.4/go.mod h1:GEteCf1PATl5v5ZsQ60sTClUE0phbWmo3rQ1Js8louU= cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs= cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70= cloud.google.com/go/recommender v1.9.0/go.mod h1:PnSsnZY7q+VL1uax2JWkt/UegHssxjUVVCrX52CuEmQ= +cloud.google.com/go/recommender v1.10.1/go.mod h1:XFvrE4Suqn5Cq0Lf+mCP6oBHD/yRMA8XxP5sb7Q7gpA= +cloud.google.com/go/recommender v1.11.0/go.mod h1:kPiRQhPyTJ9kyXPCG6u/dlPLbYfFlkwHNRwdzPVAoII= +cloud.google.com/go/recommender v1.11.1/go.mod h1:sGwFFAyI57v2Hc5LbIj+lTwXipGu9NW015rkaEM5B18= +cloud.google.com/go/recommender v1.11.2/go.mod h1:AeoJuzOvFR/emIcXdVFkspVXVTYpliRCmKNYDnyBv6Y= +cloud.google.com/go/recommender v1.11.3/go.mod h1:+FJosKKJSId1MBFeJ/TTyoGQZiEelQQIZMKYYD8ruK4= cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA= cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM= cloud.google.com/go/redis v1.11.0/go.mod h1:/X6eicana+BWcUda5PpwZC48o37SiFVTFSs0fWAJ7uQ= +cloud.google.com/go/redis v1.13.1/go.mod h1:VP7DGLpE91M6bcsDdMuyCm2hIpB6Vp2hI090Mfd1tcg= +cloud.google.com/go/redis v1.13.2/go.mod h1:0Hg7pCMXS9uz02q+LoEVl5dNHUkIQv+C/3L76fandSA= +cloud.google.com/go/redis v1.13.3/go.mod h1:vbUpCKUAZSYzFcWKmICnYgRAhTFg9r+djWqFxDYXi4U= +cloud.google.com/go/redis v1.14.1/go.mod h1:MbmBxN8bEnQI4doZPC1BzADU4HGocHBk2de3SbgOkqs= cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA= cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0= cloud.google.com/go/resourcemanager v1.5.0/go.mod h1:eQoXNAiAvCf5PXxWxXjhKQoTMaUSNrEfg+6qdf/wots= cloud.google.com/go/resourcemanager v1.6.0/go.mod h1:YcpXGRs8fDzcUl1Xw8uOVmI8JEadvhRIkoXXUNVYcVo= cloud.google.com/go/resourcemanager v1.7.0/go.mod h1:HlD3m6+bwhzj9XCouqmeiGuni95NTrExfhoSrkC/3EI= +cloud.google.com/go/resourcemanager v1.9.1/go.mod h1:dVCuosgrh1tINZ/RwBufr8lULmWGOkPS8gL5gqyjdT8= +cloud.google.com/go/resourcemanager v1.9.2/go.mod h1:OujkBg1UZg5lX2yIyMo5Vz9O5hf7XQOSV7WxqxxMtQE= +cloud.google.com/go/resourcemanager v1.9.3/go.mod h1:IqrY+g0ZgLsihcfcmqSe+RKp1hzjXwG904B92AwBz6U= +cloud.google.com/go/resourcemanager v1.9.4/go.mod h1:N1dhP9RFvo3lUfwtfLWVxfUWq8+KUQ+XLlHLH3BoFJ0= cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU= cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg= cloud.google.com/go/resourcesettings v1.5.0/go.mod h1:+xJF7QSG6undsQDfsCJyqWXyBwUoJLhetkRMDRnIoXA= +cloud.google.com/go/resourcesettings v1.6.1/go.mod h1:M7mk9PIZrC5Fgsu1kZJci6mpgN8o0IUzVx3eJU3y4Jw= +cloud.google.com/go/resourcesettings v1.6.2/go.mod h1:mJIEDd9MobzunWMeniaMp6tzg4I2GvD3TTmPkc8vBXk= +cloud.google.com/go/resourcesettings v1.6.3/go.mod h1:pno5D+7oDYkMWZ5BpPsb4SO0ewg3IXcmmrUZaMJrFic= +cloud.google.com/go/resourcesettings v1.6.4/go.mod h1:pYTTkWdv2lmQcjsthbZLNBP4QW140cs7wqA3DuqErVI= cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc= cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y= cloud.google.com/go/retail v1.12.0/go.mod h1:UMkelN/0Z8XvKymXFbD4EhFJlYKRx1FGhQkVPU5kF14= +cloud.google.com/go/retail v1.14.1/go.mod h1:y3Wv3Vr2k54dLNIrCzenyKG8g8dhvhncT2NcNjb/6gE= +cloud.google.com/go/retail v1.14.2/go.mod h1:W7rrNRChAEChX336QF7bnMxbsjugcOCPU44i5kbLiL8= +cloud.google.com/go/retail v1.14.3/go.mod h1:Omz2akDHeSlfCq8ArPKiBxlnRpKEBjUH386JYFLUvXo= +cloud.google.com/go/retail v1.14.4/go.mod h1:l/N7cMtY78yRnJqp5JW8emy7MB1nz8E4t2yfOmklYfg= cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do= cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo= cloud.google.com/go/run v0.8.0/go.mod h1:VniEnuBwqjigv0A7ONfQUaEItaiCRVujlMqerPPiktM= cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg= +cloud.google.com/go/run v1.2.0/go.mod h1:36V1IlDzQ0XxbQjUx6IYbw8H3TJnWvhii963WW3B/bo= +cloud.google.com/go/run v1.3.0/go.mod h1:S/osX/4jIPZGg+ssuqh6GNgg7syixKe3YnprwehzHKU= +cloud.google.com/go/run v1.3.1/go.mod h1:cymddtZOzdwLIAsmS6s+Asl4JoXIDm/K1cpZTxV4Q5s= +cloud.google.com/go/run v1.3.2/go.mod h1:SIhmqArbjdU/D9M6JoHaAqnAMKLFtXaVdNeq04NjnVE= +cloud.google.com/go/run v1.3.3/go.mod h1:WSM5pGyJ7cfYyYbONVQBN4buz42zFqwG67Q3ch07iK4= cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk= cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44= cloud.google.com/go/scheduler v1.8.0/go.mod h1:TCET+Y5Gp1YgHT8py4nlg2Sew8nUHMqcpousDgXJVQc= cloud.google.com/go/scheduler v1.9.0/go.mod h1:yexg5t+KSmqu+njTIh3b7oYPheFtBWGcbVUYF1GGMIc= +cloud.google.com/go/scheduler v1.10.1/go.mod h1:R63Ldltd47Bs4gnhQkmNDse5w8gBRrhObZ54PxgR2Oo= +cloud.google.com/go/scheduler v1.10.2/go.mod h1:O3jX6HRH5eKCA3FutMw375XHZJudNIKVonSCHv7ropY= +cloud.google.com/go/scheduler v1.10.3/go.mod h1:8ANskEM33+sIbpJ+R4xRfw/jzOG+ZFE8WVLy7/yGvbc= +cloud.google.com/go/scheduler v1.10.4/go.mod h1:MTuXcrJC9tqOHhixdbHDFSIuh7xZF2IysiINDuiq6NI= cloud.google.com/go/secretmanager v1.5.0/go.mod h1:5C9kM+RwSpkURNovKySkNvGQLUaOgyoR5W0RUx2SyHQ= cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU= +cloud.google.com/go/secretmanager v1.11.1/go.mod h1:znq9JlXgTNdBeQk9TBW/FnR/W4uChEKGeqQWAJ8SXFw= +cloud.google.com/go/secretmanager v1.11.2/go.mod h1:MQm4t3deoSub7+WNwiC4/tRYgDBHJgJPvswqQVB1Vss= +cloud.google.com/go/secretmanager v1.11.3/go.mod h1:0bA2o6FabmShrEy328i67aV+65XoUFFSmVeLBn/51jI= +cloud.google.com/go/secretmanager v1.11.4/go.mod h1:wreJlbS9Zdq21lMzWmJ0XhWW2ZxgPeahsqeV/vZoJ3w= cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= @@ -502,12 +945,20 @@ cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= cloud.google.com/go/security v1.12.0/go.mod h1:rV6EhrpbNHrrxqlvW0BWAIawFWq3X90SduMJdFwtLB8= cloud.google.com/go/security v1.13.0/go.mod h1:Q1Nvxl1PAgmeW0y3HTt54JYIvUdtcpYKVfIB8AOMZ+0= +cloud.google.com/go/security v1.15.1/go.mod h1:MvTnnbsWnehoizHi09zoiZob0iCHVcL4AUBj76h9fXA= +cloud.google.com/go/security v1.15.2/go.mod h1:2GVE/v1oixIRHDaClVbHuPcZwAqFM28mXuAKCfMgYIg= +cloud.google.com/go/security v1.15.3/go.mod h1:gQ/7Q2JYUZZgOzqKtw9McShH+MjNvtDpL40J1cT+vBs= +cloud.google.com/go/security v1.15.4/go.mod h1:oN7C2uIZKhxCLiAAijKUCuHLZbIt/ghYEo8MqwD/Ty4= cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk= cloud.google.com/go/securitycenter v1.18.1/go.mod h1:0/25gAzCM/9OL9vVx4ChPeM/+DlfGQJDwBy/UC8AKK0= cloud.google.com/go/securitycenter v1.19.0/go.mod h1:LVLmSg8ZkkyaNy4u7HCIshAngSQ8EcIRREP3xBnyfag= +cloud.google.com/go/securitycenter v1.23.0/go.mod h1:8pwQ4n+Y9WCWM278R8W3nF65QtY172h4S8aXyI9/hsQ= +cloud.google.com/go/securitycenter v1.23.1/go.mod h1:w2HV3Mv/yKhbXKwOCu2i8bCuLtNP1IMHuiYQn4HJq5s= +cloud.google.com/go/securitycenter v1.24.1/go.mod h1:3h9IdjjHhVMXdQnmqzVnM7b0wMn/1O/U20eWVpMpZjI= +cloud.google.com/go/securitycenter v1.24.2/go.mod h1:l1XejOngggzqwr4Fa2Cn+iWZGf+aBLTXtB/vXjy5vXM= cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU= cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s= cloud.google.com/go/servicecontrol v1.10.0/go.mod h1:pQvyvSRh7YzUF2efw7H87V92mxU8FnFDawMClGCNuAA= @@ -519,6 +970,11 @@ cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPj cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U= cloud.google.com/go/servicedirectory v1.8.0/go.mod h1:srXodfhY1GFIPvltunswqXpVxFPpZjf8nkKQT7XcXaY= cloud.google.com/go/servicedirectory v1.9.0/go.mod h1:29je5JjiygNYlmsGz8k6o+OZ8vd4f//bQLtvzkPPT/s= +cloud.google.com/go/servicedirectory v1.10.1/go.mod h1:Xv0YVH8s4pVOwfM/1eMTl0XJ6bzIOSLDt8f8eLaGOxQ= +cloud.google.com/go/servicedirectory v1.11.0/go.mod h1:Xv0YVH8s4pVOwfM/1eMTl0XJ6bzIOSLDt8f8eLaGOxQ= +cloud.google.com/go/servicedirectory v1.11.1/go.mod h1:tJywXimEWzNzw9FvtNjsQxxJ3/41jseeILgwU/QLrGI= +cloud.google.com/go/servicedirectory v1.11.2/go.mod h1:KD9hCLhncWRV5jJphwIpugKwM5bn1x0GyVVD4NO8mGg= +cloud.google.com/go/servicedirectory v1.11.3/go.mod h1:LV+cHkomRLr67YoQy3Xq2tUXBGOs5z5bPofdq7qtiAw= cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco= cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo= cloud.google.com/go/servicemanagement v1.6.0/go.mod h1:aWns7EeeCOtGEX4OvZUWCCJONRZeFKiptqKf1D0l/Jc= @@ -530,15 +986,28 @@ cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DR cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4= cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw= cloud.google.com/go/shell v1.6.0/go.mod h1:oHO8QACS90luWgxP3N9iZVuEiSF84zNyLytb+qE2f9A= +cloud.google.com/go/shell v1.7.1/go.mod h1:u1RaM+huXFaTojTbW4g9P5emOrrmLE69KrxqQahKn4g= +cloud.google.com/go/shell v1.7.2/go.mod h1:KqRPKwBV0UyLickMn0+BY1qIyE98kKyI216sH/TuHmc= +cloud.google.com/go/shell v1.7.3/go.mod h1:cTTEz/JdaBsQAeTQ3B6HHldZudFoYBOqjteev07FbIc= +cloud.google.com/go/shell v1.7.4/go.mod h1:yLeXB8eKLxw0dpEmXQ/FjriYrBijNsONpwnWsdPqlKM= cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= cloud.google.com/go/spanner v1.44.0/go.mod h1:G8XIgYdOK+Fbcpbs7p2fiprDw4CaZX63whnSMLVBxjk= cloud.google.com/go/spanner v1.45.0/go.mod h1:FIws5LowYz8YAE1J8fOS7DJup8ff7xJeetWEo5REA2M= +cloud.google.com/go/spanner v1.47.0/go.mod h1:IXsJwVW2j4UKs0eYDqodab6HgGuA1bViSqW4uH9lfUI= +cloud.google.com/go/spanner v1.49.0/go.mod h1:eGj9mQGK8+hkgSVbHNQ06pQ4oS+cyc4tXXd6Dif1KoM= +cloud.google.com/go/spanner v1.50.0/go.mod h1:eGj9mQGK8+hkgSVbHNQ06pQ4oS+cyc4tXXd6Dif1KoM= +cloud.google.com/go/spanner v1.51.0/go.mod h1:c5KNo5LQ1X5tJwma9rSQZsXNBDNvj4/n8BVc3LNahq0= cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco= cloud.google.com/go/speech v1.14.1/go.mod h1:gEosVRPJ9waG7zqqnsHpYTOoAS4KouMRLDFMekpJ0J0= cloud.google.com/go/speech v1.15.0/go.mod h1:y6oH7GhqCaZANH7+Oe0BhgIogsNInLlz542tg3VqeYI= +cloud.google.com/go/speech v1.17.1/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo= +cloud.google.com/go/speech v1.19.0/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo= +cloud.google.com/go/speech v1.19.1/go.mod h1:WcuaWz/3hOlzPFOVo9DUsblMIHwxP589y6ZMtaG+iAA= +cloud.google.com/go/speech v1.19.2/go.mod h1:2OYFfj+Ch5LWjsaSINuCZsre/789zlcCI3SY4oAi2oI= +cloud.google.com/go/speech v1.20.1/go.mod h1:wwolycgONvfz2EDU8rKuHRW3+wc9ILPsAWoikBEWavY= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -551,45 +1020,82 @@ cloud.google.com/go/storage v1.24.0/go.mod h1:3xrJEFMXBsQLgxwThyjuD3aYlroL0TMRec cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= +cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= cloud.google.com/go/storage v1.36.0 h1:P0mOkAcaJxhCTvAkMhxMfrTKiNcub4YmmPBtlhAyTr8= cloud.google.com/go/storage v1.36.0/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYEsng2xgOs8= cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4= cloud.google.com/go/storagetransfer v1.8.0/go.mod h1:JpegsHHU1eXg7lMHkvf+KE5XDJ7EQu0GwNJbbVGanEw= +cloud.google.com/go/storagetransfer v1.10.0/go.mod h1:DM4sTlSmGiNczmV6iZyceIh2dbs+7z2Ayg6YAiQlYfA= +cloud.google.com/go/storagetransfer v1.10.1/go.mod h1:rS7Sy0BtPviWYTTJVWCSV4QrbBitgPeuK4/FKa4IdLs= +cloud.google.com/go/storagetransfer v1.10.2/go.mod h1:meIhYQup5rg9juQJdyppnA/WLQCOguxtk1pr3/vBWzA= +cloud.google.com/go/storagetransfer v1.10.3/go.mod h1:Up8LY2p6X68SZ+WToswpQbQHnJpOty/ACcMafuey8gc= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM= cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA= cloud.google.com/go/talent v1.5.0/go.mod h1:G+ODMj9bsasAEJkQSzO2uHQWXHHXUomArjWQQYkqK6c= +cloud.google.com/go/talent v1.6.2/go.mod h1:CbGvmKCG61mkdjcqTcLOkb2ZN1SrQI8MDyma2l7VD24= +cloud.google.com/go/talent v1.6.3/go.mod h1:xoDO97Qd4AK43rGjJvyBHMskiEf3KulgYzcH6YWOVoo= +cloud.google.com/go/talent v1.6.4/go.mod h1:QsWvi5eKeh6gG2DlBkpMaFYZYrYUnIpo34f6/V5QykY= +cloud.google.com/go/talent v1.6.5/go.mod h1:Mf5cma696HmE+P2BWJ/ZwYqeJXEeU0UqjHFXVLadEDI= cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8= cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4= cloud.google.com/go/texttospeech v1.6.0/go.mod h1:YmwmFT8pj1aBblQOI3TfKmwibnsfvhIBzPXcW4EBovc= +cloud.google.com/go/texttospeech v1.7.1/go.mod h1:m7QfG5IXxeneGqTapXNxv2ItxP/FS0hCZBwXYqucgSk= +cloud.google.com/go/texttospeech v1.7.2/go.mod h1:VYPT6aTOEl3herQjFHYErTlSZJ4vB00Q2ZTmuVgluD4= +cloud.google.com/go/texttospeech v1.7.3/go.mod h1:Av/zpkcgWfXlDLRYob17lqMstGZ3GqlvJXqKMp2u8so= +cloud.google.com/go/texttospeech v1.7.4/go.mod h1:vgv0002WvR4liGuSd5BJbWy4nDn5Ozco0uJymY5+U74= cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ= cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg= cloud.google.com/go/tpu v1.5.0/go.mod h1:8zVo1rYDFuW2l4yZVY0R0fb/v44xLh3llq7RuV61fPM= +cloud.google.com/go/tpu v1.6.1/go.mod h1:sOdcHVIgDEEOKuqUoi6Fq53MKHJAtOwtz0GuKsWSH3E= +cloud.google.com/go/tpu v1.6.2/go.mod h1:NXh3NDwt71TsPZdtGWgAG5ThDfGd32X1mJ2cMaRlVgU= +cloud.google.com/go/tpu v1.6.3/go.mod h1:lxiueqfVMlSToZY1151IaZqp89ELPSrk+3HIQ5HRkbY= +cloud.google.com/go/tpu v1.6.4/go.mod h1:NAm9q3Rq2wIlGnOhpYICNI7+bpBebMJbh0yyp3aNw1Y= cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A= cloud.google.com/go/trace v1.2.0/go.mod h1:Wc8y/uYyOhPy12KEnXG9XGrvfMz5F5SrYecQlbW1rwM= cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk= +cloud.google.com/go/trace v1.10.1/go.mod h1:gbtL94KE5AJLH3y+WVpfWILmqgc6dXcqgNXdOPAQTYk= +cloud.google.com/go/trace v1.10.2/go.mod h1:NPXemMi6MToRFcSxRl2uDnu/qAlAQ3oULUphcHGh1vA= +cloud.google.com/go/trace v1.10.3/go.mod h1:Ke1bgfc73RV3wUFml+uQp7EsDw4dGaETLxB7Iq/r4CY= +cloud.google.com/go/trace v1.10.4/go.mod h1:Nso99EDIK8Mj5/zmB+iGr9dosS/bzWCJ8wGmE6TXNWY= cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0= cloud.google.com/go/translate v1.6.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= cloud.google.com/go/translate v1.7.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= +cloud.google.com/go/translate v1.8.1/go.mod h1:d1ZH5aaOA0CNhWeXeC8ujd4tdCFw8XoNWRljklu5RHs= +cloud.google.com/go/translate v1.8.2/go.mod h1:d1ZH5aaOA0CNhWeXeC8ujd4tdCFw8XoNWRljklu5RHs= +cloud.google.com/go/translate v1.9.0/go.mod h1:d1ZH5aaOA0CNhWeXeC8ujd4tdCFw8XoNWRljklu5RHs= +cloud.google.com/go/translate v1.9.1/go.mod h1:TWIgDZknq2+JD4iRcojgeDtqGEp154HN/uL6hMvylS8= +cloud.google.com/go/translate v1.9.2/go.mod h1:E3Tc6rUTsQkVrXW6avbUhKJSr7ZE3j7zNmqzXKHqRrY= +cloud.google.com/go/translate v1.9.3/go.mod h1:Kbq9RggWsbqZ9W5YpM94Q1Xv4dshw/gr/SHfsl5yCZ0= cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw= cloud.google.com/go/video v1.12.0/go.mod h1:MLQew95eTuaNDEGriQdcYn0dTwf9oWiA4uYebxM5kdg= cloud.google.com/go/video v1.13.0/go.mod h1:ulzkYlYgCp15N2AokzKjy7MQ9ejuynOJdf1tR5lGthk= cloud.google.com/go/video v1.14.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= cloud.google.com/go/video v1.15.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= +cloud.google.com/go/video v1.17.1/go.mod h1:9qmqPqw/Ib2tLqaeHgtakU+l5TcJxCJbhFXM7UJjVzU= +cloud.google.com/go/video v1.19.0/go.mod h1:9qmqPqw/Ib2tLqaeHgtakU+l5TcJxCJbhFXM7UJjVzU= +cloud.google.com/go/video v1.20.0/go.mod h1:U3G3FTnsvAGqglq9LxgqzOiBc/Nt8zis8S+850N2DUM= +cloud.google.com/go/video v1.20.1/go.mod h1:3gJS+iDprnj8SY6pe0SwLeC5BUW80NjhwX7INWEuWGU= +cloud.google.com/go/video v1.20.2/go.mod h1:lrixr5JeKNThsgfM9gqtwb6Okuqzfo4VrY2xynaViTA= +cloud.google.com/go/video v1.20.3/go.mod h1:TnH/mNZKVHeNtpamsSPygSR0iHtvrR/cW1/GDjN5+GU= cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M= cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU= cloud.google.com/go/videointelligence v1.10.0/go.mod h1:LHZngX1liVtUhZvi2uNS0VQuOzNi2TkY1OakiuoUOjU= +cloud.google.com/go/videointelligence v1.11.1/go.mod h1:76xn/8InyQHarjTWsBR058SmlPCwQjgcvoW0aZykOvo= +cloud.google.com/go/videointelligence v1.11.2/go.mod h1:ocfIGYtIVmIcWk1DsSGOoDiXca4vaZQII1C85qtoplc= +cloud.google.com/go/videointelligence v1.11.3/go.mod h1:tf0NUaGTjU1iS2KEkGWvO5hRHeCkFK3nPo0/cOZhZAo= +cloud.google.com/go/videointelligence v1.11.4/go.mod h1:kPBMAYsTPFiQxMLmmjpcZUMklJp3nC9+ipJJtprccD8= cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= @@ -597,29 +1103,59 @@ cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E= cloud.google.com/go/vision/v2 v2.6.0/go.mod h1:158Hes0MvOS9Z/bDMSFpjwsUrZ5fPrdwuyyvKSGAGMY= cloud.google.com/go/vision/v2 v2.7.0/go.mod h1:H89VysHy21avemp6xcf9b9JvZHVehWbET0uT/bcuY/0= +cloud.google.com/go/vision/v2 v2.7.2/go.mod h1:jKa8oSYBWhYiXarHPvP4USxYANYUEdEsQrloLjrSwJU= +cloud.google.com/go/vision/v2 v2.7.3/go.mod h1:V0IcLCY7W+hpMKXK1JYE0LV5llEqVmj+UJChjvA1WsM= +cloud.google.com/go/vision/v2 v2.7.4/go.mod h1:ynDKnsDN/0RtqkKxQZ2iatv3Dm9O+HfRb5djl7l4Vvw= +cloud.google.com/go/vision/v2 v2.7.5/go.mod h1:GcviprJLFfK9OLf0z8Gm6lQb6ZFUulvpZws+mm6yPLM= cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE= cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g= cloud.google.com/go/vmmigration v1.5.0/go.mod h1:E4YQ8q7/4W9gobHjQg4JJSgXXSgY21nA5r8swQV+Xxc= cloud.google.com/go/vmmigration v1.6.0/go.mod h1:bopQ/g4z+8qXzichC7GW1w2MjbErL54rk3/C843CjfY= +cloud.google.com/go/vmmigration v1.7.1/go.mod h1:WD+5z7a/IpZ5bKK//YmT9E047AD+rjycCAvyMxGJbro= +cloud.google.com/go/vmmigration v1.7.2/go.mod h1:iA2hVj22sm2LLYXGPT1pB63mXHhrH1m/ruux9TwWLd8= +cloud.google.com/go/vmmigration v1.7.3/go.mod h1:ZCQC7cENwmSWlwyTrZcWivchn78YnFniEQYRWQ65tBo= +cloud.google.com/go/vmmigration v1.7.4/go.mod h1:yBXCmiLaB99hEl/G9ZooNx2GyzgsjKnw5fWcINRgD70= cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208= cloud.google.com/go/vmwareengine v0.2.2/go.mod h1:sKdctNJxb3KLZkE/6Oui94iw/xs9PRNC2wnNLXsHvH8= cloud.google.com/go/vmwareengine v0.3.0/go.mod h1:wvoyMvNWdIzxMYSpH/R7y2h5h3WFkx6d+1TIsP39WGY= +cloud.google.com/go/vmwareengine v0.4.1/go.mod h1:Px64x+BvjPZwWuc4HdmVhoygcXqEkGHXoa7uyfTgSI0= +cloud.google.com/go/vmwareengine v1.0.0/go.mod h1:Px64x+BvjPZwWuc4HdmVhoygcXqEkGHXoa7uyfTgSI0= +cloud.google.com/go/vmwareengine v1.0.1/go.mod h1:aT3Xsm5sNx0QShk1Jc1B8OddrxAScYLwzVoaiXfdzzk= +cloud.google.com/go/vmwareengine v1.0.2/go.mod h1:xMSNjIk8/itYrz1JA8nV3Ajg4L4n3N+ugP8JKzk3OaA= +cloud.google.com/go/vmwareengine v1.0.3/go.mod h1:QSpdZ1stlbfKtyt6Iu19M6XRxjmXO+vb5a/R6Fvy2y4= cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w= cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8= cloud.google.com/go/vpcaccess v1.6.0/go.mod h1:wX2ILaNhe7TlVa4vC5xce1bCnqE3AeH27RV31lnmZes= +cloud.google.com/go/vpcaccess v1.7.1/go.mod h1:FogoD46/ZU+JUBX9D606X21EnxiszYi2tArQwLY4SXs= +cloud.google.com/go/vpcaccess v1.7.2/go.mod h1:mmg/MnRHv+3e8FJUjeSibVFvQF1cCy2MsFaFqxeY1HU= +cloud.google.com/go/vpcaccess v1.7.3/go.mod h1:YX4skyfW3NC8vI3Fk+EegJnlYFatA+dXK4o236EUCUc= +cloud.google.com/go/vpcaccess v1.7.4/go.mod h1:lA0KTvhtEOb/VOdnH/gwPuOzGgM+CWsmGu6bb4IoMKk= cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc= cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A= cloud.google.com/go/webrisk v1.8.0/go.mod h1:oJPDuamzHXgUc+b8SiHRcVInZQuybnvEW72PqTc7sSg= +cloud.google.com/go/webrisk v1.9.1/go.mod h1:4GCmXKcOa2BZcZPn6DCEvE7HypmEJcJkr4mtM+sqYPc= +cloud.google.com/go/webrisk v1.9.2/go.mod h1:pY9kfDgAqxUpDBOrG4w8deLfhvJmejKB0qd/5uQIPBc= +cloud.google.com/go/webrisk v1.9.3/go.mod h1:RUYXe9X/wBDXhVilss7EDLW9ZNa06aowPuinUOPCXH8= +cloud.google.com/go/webrisk v1.9.4/go.mod h1:w7m4Ib4C+OseSr2GL66m0zMBywdrVNTDKsdEsfMl7X0= cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo= cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ= cloud.google.com/go/websecurityscanner v1.5.0/go.mod h1:Y6xdCPy81yi0SQnDY1xdNTNpfY1oAgXUlcfN3B3eSng= +cloud.google.com/go/websecurityscanner v1.6.1/go.mod h1:Njgaw3rttgRHXzwCB8kgCYqv5/rGpFCsBOvPbYgszpg= +cloud.google.com/go/websecurityscanner v1.6.2/go.mod h1:7YgjuU5tun7Eg2kpKgGnDuEOXWIrh8x8lWrJT4zfmas= +cloud.google.com/go/websecurityscanner v1.6.3/go.mod h1:x9XANObUFR+83Cya3g/B9M/yoHVqzxPnFtgF8yYGAXw= +cloud.google.com/go/websecurityscanner v1.6.4/go.mod h1:mUiyMQ+dGpPPRkHgknIZeCzSHJ45+fY4F52nZFDHm2o= cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= +cloud.google.com/go/workflows v1.11.1/go.mod h1:Z+t10G1wF7h8LgdY/EmRcQY8ptBD/nvofaL6FqlET6g= +cloud.google.com/go/workflows v1.12.0/go.mod h1:PYhSk2b6DhZ508tj8HXKaBh+OFe+xdl0dHF/tJdzPQM= +cloud.google.com/go/workflows v1.12.1/go.mod h1:5A95OhD/edtOhQd/O741NSfIMezNTbCwLM1P1tBRGHM= +cloud.google.com/go/workflows v1.12.2/go.mod h1:+OmBIgNqYJPVggnMo9nqmizW0qEXHhmnAzK/CnBqsHc= +cloud.google.com/go/workflows v1.12.3/go.mod h1:fmOUeeqEwPzIU81foMjTRQIdwQHADi/vEr1cx9R1m5g= code.cloudfoundry.org/clock v0.0.0-20180518195852-02e53af36e6c/go.mod h1:QD9Lzhd/ux6eNQVUDVRJX/RKTigpewimNYBi7ivZKY8= contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/stackdriver v0.13.13/go.mod h1:5pSSGY0Bhuk7waTHuDf4aQ8D2DrhgETRo9fy6k3Xlzc= @@ -702,11 +1238,12 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= -github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= -github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -735,9 +1272,9 @@ github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:m github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.1.0-alpha.0 h1:nHGfwXmFvJrSR9xu8qL7BkO4DqTHXE9N5vPhgY2I+j0= +github.com/ProtonMail/go-crypto v1.1.0-alpha.0/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= @@ -746,7 +1283,6 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:H github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= @@ -773,6 +1309,7 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= +github.com/apache/arrow/go/v12 v12.0.0/go.mod h1:d+tV/eHZZ7Dz7RPrFKtPK02tpr+c9/PEd/zm8mDS9Vg= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= @@ -975,7 +1512,10 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230428030218-4003588d1b74/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= @@ -1156,6 +1696,7 @@ github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= @@ -1163,7 +1704,6 @@ github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaB github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8= @@ -1183,11 +1723,16 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= +github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= +github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= +github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs= +github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/ettle/strcase v0.1.1 h1:htFueZyVeE1XNnMEfbqp5r67qAN/4r6ya1ysq8Q+Zcw= @@ -1200,8 +1745,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= +github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= @@ -1246,14 +1791,12 @@ github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2H github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo= +github.com/go-git/go-git/v5 v5.10.1/go.mod h1:uEuHjxkHap8kAl//V5F/nNWwqIYtP/402ddd05mp0wg= github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -1280,6 +1823,7 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= @@ -1326,6 +1870,7 @@ github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -1392,6 +1937,7 @@ github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGw github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= +github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1458,6 +2004,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= +github.com/google/go-pkcs11 v0.2.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= +github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -1489,6 +2037,7 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210506205249-923b5ab0fc1a/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= @@ -1496,6 +2045,9 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= github.com/google/pprof v0.0.0-20220608213341-c488b8fa1db3/go.mod h1:gSuNB+gJaOiQKLEZ+q+PK9Mq3SOzhRcw2GsGS/FhYDk= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= +github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= +github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -1506,6 +2058,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8= @@ -1515,6 +2069,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= @@ -1528,6 +2084,9 @@ github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqE github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= +github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= @@ -1565,6 +2124,7 @@ github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1 github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= github.com/hanwen/go-fuse v1.0.0/go.mod h1:unqXarDXqzAk0rt98O2tVndEPIpUgLD9+rwFisZH3Ok= github.com/hanwen/go-fuse/v2 v2.1.0/go.mod h1:oRyA5eK+pvJyv5otpO/DgccS8y/RvYMaO00GgRLGryc= +github.com/hashicorp/cli v1.1.6/go.mod h1:MPon5QYlgjjo0BSoAiN0ESeT5fRzDjVRp+uioJ0piz4= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= @@ -1611,7 +2171,6 @@ github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9 github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= -github.com/hashicorp/go-plugin v1.5.1/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4= github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= @@ -1653,14 +2212,15 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hc-install v0.6.0 h1:fDHnU7JNFNSQebVKYhHZ0va1bC6SrPQ8fpebsvNr2w4= -github.com/hashicorp/hc-install v0.6.0/go.mod h1:10I912u3nntx9Umo1VAeYPUUuehk0aRQJYpMwbX5wQA= +github.com/hashicorp/hc-install v0.6.2/go.mod h1:2JBpd+NCFKiHiu/yYCGaPyPHhZLxXTpz8oreHa/a3Ps= +github.com/hashicorp/hc-install v0.6.3 h1:yE/r1yJvWbtrJ0STwScgEnCanb0U9v7zp0Gbkmcoxqs= +github.com/hashicorp/hc-install v0.6.3/go.mod h1:KamGdbodYzlufbWh4r9NRo8y6GLHWZP2GBtdnms1Ln0= github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90= -github.com/hashicorp/hcl/v2 v2.18.0 h1:wYnG7Lt31t2zYkcquwgKo6MWXzRUDIeIVU5naZwHLl8= -github.com/hashicorp/hcl/v2 v2.18.0/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= +github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= +github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/hashicorp/hil v0.0.0-20190212132231-97b3a9cdfa93 h1:T1Q6ag9tCwun16AW+XK3tAql24P4uTGUMIn1/92WsQQ= github.com/hashicorp/hil v0.0.0-20190212132231-97b3a9cdfa93/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= @@ -1674,12 +2234,12 @@ github.com/hashicorp/nomad/api v0.0.0-20220629141207-c2428e1673ec/go.mod h1:jP79 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/terraform-config-inspect v0.0.0-20191115094559-17f92b0546e8/go.mod h1:p+ivJws3dpqbp1iP84+npOyAmTTOLMgCzrXd3GSdn/A= -github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM= -github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg= +github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= +github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= github.com/hashicorp/terraform-json v0.4.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU= -github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA= -github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o= -github.com/hashicorp/terraform-plugin-go v0.19.0/go.mod h1:EhRSkEPNoylLQntYsk5KrDHTZJh9HQoumZXbOGOXmec= +github.com/hashicorp/terraform-json v0.19.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= +github.com/hashicorp/terraform-json v0.21.0 h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U= +github.com/hashicorp/terraform-json v0.21.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= github.com/hashicorp/terraform-plugin-go v0.22.0 h1:1OS1Jk5mO0f5hrziWJGXXIxBrMe2j/B8E+DVGw43Xmc= github.com/hashicorp/terraform-plugin-go v0.22.0/go.mod h1:mPULV91VKss7sik6KFEcEu7HuTogMLLO/EvWCuFkRVE= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= @@ -1687,7 +2247,6 @@ github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwU github.com/hashicorp/terraform-plugin-sdk v1.7.0 h1:B//oq0ZORG+EkVrIJy0uPGSonvmXqxSzXe8+GhknoW0= github.com/hashicorp/terraform-plugin-sdk v1.7.0/go.mod h1:OjgQmey5VxnPej/buEhe+YqKm0KNvV3QqU4hkqHqPCY= github.com/hashicorp/terraform-plugin-test v1.2.0/go.mod h1:QIJHYz8j+xJtdtLrFTlzQVC0ocr3rf/OjIpgZLK56Hs= -github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= @@ -1716,8 +2275,9 @@ github.com/hexops/valast v1.4.4 h1:rETyycw+/L2ZVJHHNxEBgh8KUn+87WugH9MxcEv9PGs= github.com/hexops/valast v1.4.4/go.mod h1:Jcy1pNH7LNraVaAZDLyv21hHg2WBv9Nf9FL6fGxU7o4= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= @@ -1874,6 +2434,7 @@ github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o= +github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -1886,7 +2447,6 @@ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= -github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -1906,8 +2466,9 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= -github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= @@ -1919,6 +2480,7 @@ github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= @@ -2041,6 +2603,20 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108 github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= +github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= +github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= +github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= +github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= +github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw= +github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= +github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= +github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= +github.com/onsi/ginkgo/v2 v2.9.1/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo= +github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= +github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= +github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -2051,6 +2627,20 @@ github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= +github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= +github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= +github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= +github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= +github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= +github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= +github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= +github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw= +github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw= +github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ= +github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= +github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= +github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= @@ -2163,6 +2753,7 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -2202,29 +2793,30 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= -github.com/pulumi/providertest v0.0.10 h1:bx77G0JYPO2Alf/SHRP05XpAYMrboKJkMIVkbFclVhI= -github.com/pulumi/providertest v0.0.10/go.mod h1:HsxjVsytcMIuNj19w1lT2W0QXY0oReXl1+h6eD2JXP8= +github.com/pulumi/providertest v0.0.11 h1:mg8MQ7Cq7+9XlHIkBD+aCqQO4mwAJEISngZgVdnQUe8= +github.com/pulumi/providertest v0.0.11/go.mod h1:HsxjVsytcMIuNj19w1lT2W0QXY0oReXl1+h6eD2JXP8= github.com/pulumi/pulumi-java/pkg v0.9.9 h1:F3xJUtMFDVrTGCxb7Rh2Q8s6tj7gMfM5pcoUthz7vFY= github.com/pulumi/pulumi-java/pkg v0.9.9/go.mod h1:LVF1zeg3UkToHWxb67V+zEIxQc3EdMnlot5NWSt+FpA= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.76.0 h1:o8XQDN0KH1LE1SNYjk512HdQujxmnOVhMp4mlqIGqVo= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.76.0/go.mod h1:iSQ4IXK9AD/ne+pFcR+kqtrEuOD43/1f8jugbYWvt4c= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.0 h1:BZhD7yNZz7O5MWeM4WofY6XBLjtiA3qH2UJJTg8+Nts= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.0/go.mod h1:OCfjEGPU2fbBlda8UZhN/N3FljW6R08SK6lXPXzahwA= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 h1:mav2tSitA9BPJPLLahKgepHyYsMzwaTm4cvp0dcTMYw= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8/go.mod h1:qUYk2c9i/yqMGNj9/bQyXpS39BxNDSXYjVN1njnq0zY= github.com/pulumi/pulumi-yaml v1.5.0 h1:HfXu+WSFNpycref9CK935cViYJzXwSgHGWM/RepyrW0= github.com/pulumi/pulumi-yaml v1.5.0/go.mod h1:AvKSmEQv2EkPbpvAQroR1eP1LkJGC8z5NDM34rVWOtg= -github.com/pulumi/pulumi/pkg/v3 v3.107.0 h1:HRyIl1c9ur0PVQW+GuFL1APBEuGa/fQQMp3F+WluxW8= -github.com/pulumi/pulumi/pkg/v3 v3.107.0/go.mod h1:7edfZu4FlrXdIn4339tJ+SQX5VKGqbFntmpc8cai0Zg= -github.com/pulumi/pulumi/sdk/v3 v3.107.0 h1:bef+ayh9+4KkAqXih4EjlHfQXRY24NWPwWBIQhBxTjg= -github.com/pulumi/pulumi/sdk/v3 v3.107.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/pkg/v3 v3.108.1 h1:K1UK40v5IpEPIaJ2un3WNOTBbLQaKR26HbLLh5EmMHY= +github.com/pulumi/pulumi/pkg/v3 v3.108.1/go.mod h1:48uCfxkPXUq/XTBqei9VuR0CRWObnSVlqcLkD6DhII8= +github.com/pulumi/pulumi/sdk/v3 v3.108.1 h1:5idjc3JmzToYVizRPbFyjJ5UU4AbExd04pcSP9AhPEc= +github.com/pulumi/pulumi/sdk/v3 v3.108.1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= github.com/pulumi/terraform-diff-reader v0.0.2/go.mod h1:sZ9FUzGO+yM41hsQHs/yIcj/Y993qMdBxBU5mpDmAfQ= -github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240202163305-e2a20ae13ef9 h1:k3SdGlmaJ49yaRV79Ktb5KGdPvuNfeiv4+oHXN+wyhs= -github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240202163305-e2a20ae13ef9/go.mod h1:qH/34G25Ugdj5FcM95cSoXzUgIbgfhVLXCcEcYaMwq8= +github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240229143312-4f60ee4e2975 h1:1WBy43K/lHEdS5Hliwf3ylVSfAu5s0KhhEs6wNeP11Y= +github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240229143312-4f60ee4e2975/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A= github.com/rakyll/embedmd v0.0.0-20171029212350-c8060a0752a2/go.mod h1:7jOTMgqac46PZcF54q6l2hkLEG8op93fZu61KmxWDV4= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= @@ -2293,7 +2885,6 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -2354,6 +2945,7 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= @@ -2439,9 +3031,9 @@ github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty v1.13.0/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= github.com/zclconf/go-cty v1.13.1/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= -github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= -github.com/zclconf/go-cty v1.14.0 h1:/Xrd39K7DXbHzlisFP9c4pHao4yyf+/Ug9LEz+Y/yhc= -github.com/zclconf/go-cty v1.14.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.14.2 h1:kTG7lqmBou0Zkx35r6HJHUQTvaRPr5bIAf3AoHS0izI= +github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= github.com/zclconf/go-cty-yaml v1.0.1 h1:up11wlgAaDvlAGENcFDnZgkn0qUJurso7k6EpURKNF8= @@ -2598,19 +3190,27 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2672,9 +3272,12 @@ golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2762,6 +3365,7 @@ golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfS golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= @@ -2769,8 +3373,14 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2807,6 +3417,11 @@ golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= +golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= +golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2826,6 +3441,10 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2963,8 +3582,10 @@ golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2987,10 +3608,16 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -3005,10 +3632,15 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -3025,7 +3657,9 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= @@ -3136,8 +3770,14 @@ golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= +golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -3224,6 +3864,14 @@ google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= +google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E= +google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= +google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4= +google.golang.org/api v0.125.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= +google.golang.org/api v0.139.0/go.mod h1:CVagp6Eekz9CjGZ718Z+sloknzkDJE7Vc1Ckj9+viBk= +google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI= google.golang.org/api v0.155.0 h1:vBmGhCYs0djJttDNynWo44zosHlPvHmA0XiN2zP2DtA= google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -3386,16 +4034,67 @@ google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVix google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= +google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= +google.golang.org/genproto v0.0.0-20230629202037-9506855d4529/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= +google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:O9kGHb51iE/nOGvQaDUuadVYqovW56s5emA88lQnj6Y= +google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= +google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= +google.golang.org/genproto v0.0.0-20230821184602-ccc8af3d0e93/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= +google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= +google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= +google.golang.org/genproto v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:CCviP9RmpZ1mxVr8MUjCnSiY09IbAXZxhLE6EhHIdPU= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk= +google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:EMfReVxb80Dq1hhioy0sOsY9jCE46YDgHlJ7fWVUWRE= +google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI= +google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405/go.mod h1:3WDQMjmJk36UQhjQ89emUzb1mdaHcPeeAh4SCBKznB4= +google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230629202037-9506855d4529/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ= +google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= +google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= +google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5/go.mod h1:5DZzOUPCLYL3mNkQ0ms0F3EuUNZ7py1Bqeq6sxzI7/Q= +google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= +google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= +google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U= +google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0= +google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:SUBoKXbI1Efip18FClrQVGjWcyd0QZd8KkvdP34t7ww= +google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870= +google.golang.org/genproto/googleapis/api v0.0.0-20231030173426-d783a09b4405/go.mod h1:oT32Z4o8Zv2xPQTg0pbVaPr0MPOH6f14RgXt7zfIpwg= +google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU= google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20230807174057-1744710a1577/go.mod h1:NjCQG/D8JandXxM57PZbAJL1DCNL6EypA0vPPwfsc7c= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230629202037-9506855d4529/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:8mL13HKkDa+IuJ8yruA3ci0q+0vsUz4m//+ottjwS5o= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230731190214-cbb8c96f2d6d/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.mod h1:zBEcrKX2ZOcEkHWxBPAIvYUWOKKMIhYcmNiUIu2ji3I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230920183334-c177e329c48b/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM= google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= @@ -3446,10 +4145,18 @@ google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= +google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= +google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= +google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -3600,12 +4307,17 @@ lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= modernc.org/cc/v3 v3.36.2/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= modernc.org/cc/v3 v3.36.3/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/cc/v3 v3.37.0/go.mod h1:vtL+3mdHx/wcj3iEGz84rQa8vEqR6XM84v5Lcvfph20= +modernc.org/cc/v3 v3.40.0/go.mod h1:/bTg4dnWkSXowUO6ssQKnOV0yMVxDYNIsIrzqTFDGH0= modernc.org/ccgo/v3 v3.0.0-20220428102840-41399a37e894/go.mod h1:eI31LL8EwEBKPpNpA4bU1/i+sKOwOrQy8D87zWUcRZc= modernc.org/ccgo/v3 v3.0.0-20220430103911-bc99d88307be/go.mod h1:bwdAnOoaIt8Ax9YdWGjxWsdkPcZyRPHqrOvJxaKAKGw= +modernc.org/ccgo/v3 v3.0.0-20220904174949-82d86e1b6d56/go.mod h1:YSXjPL62P2AMSxBphRHPn7IkzhVHqkvOnRKAKh+W6ZI= modernc.org/ccgo/v3 v3.16.4/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= modernc.org/ccgo/v3 v3.16.6/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= modernc.org/ccgo/v3 v3.16.8/go.mod h1:zNjwkizS+fIFDrDjIAgBSCLkWbJuHF+ar3QRn+Z9aws= modernc.org/ccgo/v3 v3.16.9/go.mod h1:zNMzC9A9xeNUepy6KuZBbugn3c0Mc9TeiJO4lgvkJDo= +modernc.org/ccgo/v3 v3.16.13-0.20221017192402-261537637ce8/go.mod h1:fUB3Vn0nVPReA+7IG7yZDfjv1TMWjhQP8gCxrFAtL5g= +modernc.org/ccgo/v3 v3.16.13/go.mod h1:2Quk+5YgpImhPjv2Qsob1DnZ/4som1lJTodubIcoUkY= modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ= modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM= modernc.org/libc v0.0.0-20220428101251-2d5f3daf273b/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= @@ -3615,19 +4327,31 @@ modernc.org/libc v1.16.17/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU= modernc.org/libc v1.16.19/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0= modernc.org/libc v1.17.1/go.mod h1:FZ23b+8LjxZs7XtFMbSzL/EhPxNbfZbErxEHc7cbD9s= +modernc.org/libc v1.17.4/go.mod h1:WNg2ZH56rDEwdropAJeZPQkXmDwh+JCA1s/htl6r2fA= +modernc.org/libc v1.18.0/go.mod h1:vj6zehR5bfc98ipowQOM2nIDUZnVew/wNC/2tOGS+q0= +modernc.org/libc v1.20.3/go.mod h1:ZRfIaEkgrYgZDl6pa4W39HgN5G/yDW+NRmNKZBDFrk0= +modernc.org/libc v1.21.4/go.mod h1:przBsL5RDOZajTVslkugzLBj1evTue36jEomFQOoYuI= +modernc.org/libc v1.22.2/go.mod h1:uvQavJ1pZ0hIoC/jfqNoMLURIMhKzINIWypNM17puug= modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= +modernc.org/memory v1.3.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= +modernc.org/memory v1.4.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= +modernc.org/memory v1.5.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= modernc.org/sqlite v1.18.1/go.mod h1:6ho+Gow7oX5V+OiOQ6Tr4xeqbx13UZ6t+Fw9IRUG4d4= +modernc.org/sqlite v1.18.2/go.mod h1:kvrTLEWgxUcHa2GfHBQtanR1H9ht3hTJNtKpzH9k1u0= modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw= modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw= modernc.org/tcl v1.13.1/go.mod h1:XOLfOwzhkljL4itZkK6T72ckMgvj0BDsnKNdZVUOecw= +modernc.org/tcl v1.13.2/go.mod h1:7CLiGIPo1M8Rv1Mitpv5akc2+8fxUd2y2UzC/MfMzy0= modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= +modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= +modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8= mvdan.cc/gofumpt v0.5.0 h1:0EQ+Z56k8tXjj/6TQD25BFNKQXpCvT0rnansIc7Ug5E= mvdan.cc/gofumpt v0.5.0/go.mod h1:HBeVDtMKRZpXyxFciAirzdKklDlGu8aAy1wEbH5Y9js= diff --git a/sdk/dotnet/AttributeImporterIdentityProviderMapper.cs b/sdk/dotnet/AttributeImporterIdentityProviderMapper.cs index 067cbe2c..b251e0ce 100644 --- a/sdk/dotnet/AttributeImporterIdentityProviderMapper.cs +++ b/sdk/dotnet/AttributeImporterIdentityProviderMapper.cs @@ -10,17 +10,13 @@ namespace Pulumi.Keycloak { /// - /// Allows for creating and managing an attribute importer identity provider mapper within Keycloak. + /// ## # keycloak.AttributeImporterIdentityProviderMapper /// - /// The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user: - /// - For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user. - /// - For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user. - /// - For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user. + /// Allows to create and manage identity provider mappers within Keycloak. /// - /// > If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper. - /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -29,99 +25,81 @@ namespace Pulumi.Keycloak /// /// return await Deployment.RunAsync(() => /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider("oidcIdentityProvider", new() + /// var testMapper = new Keycloak.AttributeImporterIdentityProviderMapper("testMapper", new() /// { - /// Realm = realm.Id, - /// Alias = "oidc", - /// AuthorizationUrl = "https://example.com/auth", - /// TokenUrl = "https://example.com/token", - /// ClientId = "example_id", - /// ClientSecret = "example_token", - /// DefaultScopes = "openid random profile", - /// }); - /// - /// var oidcAttributeImporterIdentityProviderMapper = new Keycloak.AttributeImporterIdentityProviderMapper("oidcAttributeImporterIdentityProviderMapper", new() - /// { - /// Realm = realm.Id, - /// ClaimName = "my-email-claim", - /// IdentityProviderAlias = oidcIdentityProvider.Alias, - /// UserAttribute = "email", - /// ExtraConfig = - /// { - /// { "syncMode", "INHERIT" }, - /// }, + /// AttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", + /// IdentityProviderAlias = "idp_alias", + /// Realm = "my-realm", + /// UserAttribute = "lastName", /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + /// The following arguments are supported: /// - /// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + /// - `realm` - (Required) The name of the realm. + /// - `name` - (Required) The name of the mapper. + /// - `identity_provider_alias` - (Required) The alias of the associated identity provider. + /// - `user_attribute` - (Required) The user attribute name to store SAML attribute. + /// - `attribute_name` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead. + /// - `attribute_friendly_name` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead. + /// - `claim_name` - (Optional) The claim name. /// - /// Example: + /// ### Import /// - /// bash + /// Identity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + /// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. /// - /// ```sh - /// $ pulumi import keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper")] public partial class AttributeImporterIdentityProviderMapper : global::Pulumi.CustomResource { /// - /// For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + /// Attribute Friendly Name /// [Output("attributeFriendlyName")] public Output AttributeFriendlyName { get; private set; } = null!; /// - /// For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + /// Attribute Name /// [Output("attributeName")] public Output AttributeName { get; private set; } = null!; /// - /// For OIDC based providers, this is the name of the claim to use. + /// Claim Name /// [Output("claimName")] public Output ClaimName { get; private set; } = null!; - /// - /// Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - /// [Output("extraConfig")] public Output?> ExtraConfig { get; private set; } = null!; /// - /// The alias of the associated identity provider. + /// IDP Alias /// [Output("identityProviderAlias")] public Output IdentityProviderAlias { get; private set; } = null!; /// - /// The name of the mapper. + /// IDP Mapper Name /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The name of the realm. + /// Realm Name /// [Output("realm")] public Output Realm { get; private set; } = null!; /// - /// The user attribute or property name to store the mapped result. + /// User Attribute /// [Output("userAttribute")] public Output UserAttribute { get; private set; } = null!; @@ -173,29 +151,25 @@ public static AttributeImporterIdentityProviderMapper Get(string name, Input - /// For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + /// Attribute Friendly Name /// [Input("attributeFriendlyName")] public Input? AttributeFriendlyName { get; set; } /// - /// For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + /// Attribute Name /// [Input("attributeName")] public Input? AttributeName { get; set; } /// - /// For OIDC based providers, this is the name of the claim to use. + /// Claim Name /// [Input("claimName")] public Input? ClaimName { get; set; } [Input("extraConfig")] private InputMap? _extraConfig; - - /// - /// Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - /// public InputMap ExtraConfig { get => _extraConfig ?? (_extraConfig = new InputMap()); @@ -203,25 +177,25 @@ public InputMap ExtraConfig } /// - /// The alias of the associated identity provider. + /// IDP Alias /// [Input("identityProviderAlias", required: true)] public Input IdentityProviderAlias { get; set; } = null!; /// - /// The name of the mapper. + /// IDP Mapper Name /// [Input("name")] public Input? Name { get; set; } /// - /// The name of the realm. + /// Realm Name /// [Input("realm", required: true)] public Input Realm { get; set; } = null!; /// - /// The user attribute or property name to store the mapped result. + /// User Attribute /// [Input("userAttribute", required: true)] public Input UserAttribute { get; set; } = null!; @@ -235,29 +209,25 @@ public AttributeImporterIdentityProviderMapperArgs() public sealed class AttributeImporterIdentityProviderMapperState : global::Pulumi.ResourceArgs { /// - /// For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + /// Attribute Friendly Name /// [Input("attributeFriendlyName")] public Input? AttributeFriendlyName { get; set; } /// - /// For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + /// Attribute Name /// [Input("attributeName")] public Input? AttributeName { get; set; } /// - /// For OIDC based providers, this is the name of the claim to use. + /// Claim Name /// [Input("claimName")] public Input? ClaimName { get; set; } [Input("extraConfig")] private InputMap? _extraConfig; - - /// - /// Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - /// public InputMap ExtraConfig { get => _extraConfig ?? (_extraConfig = new InputMap()); @@ -265,25 +235,25 @@ public InputMap ExtraConfig } /// - /// The alias of the associated identity provider. + /// IDP Alias /// [Input("identityProviderAlias")] public Input? IdentityProviderAlias { get; set; } /// - /// The name of the mapper. + /// IDP Mapper Name /// [Input("name")] public Input? Name { get; set; } /// - /// The name of the realm. + /// Realm Name /// [Input("realm")] public Input? Realm { get; set; } /// - /// The user attribute or property name to store the mapped result. + /// User Attribute /// [Input("userAttribute")] public Input? UserAttribute { get; set; } diff --git a/sdk/dotnet/AttributeToRoleIdentityMapper.cs b/sdk/dotnet/AttributeToRoleIdentityMapper.cs index 0e8b8dba..8a076557 100644 --- a/sdk/dotnet/AttributeToRoleIdentityMapper.cs +++ b/sdk/dotnet/AttributeToRoleIdentityMapper.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -62,16 +63,17 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak /// - /// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + /// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/dotnet/Authentication/Bindings.cs b/sdk/dotnet/Authentication/Bindings.cs index da8bcf8f..b1397de5 100644 --- a/sdk/dotnet/Authentication/Bindings.cs +++ b/sdk/dotnet/Authentication/Bindings.cs @@ -26,6 +26,7 @@ namespace Pulumi.Keycloak.Authentication /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -78,6 +79,7 @@ namespace Pulumi.Keycloak.Authentication /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// [KeycloakResourceType("keycloak:authentication/bindings:Bindings")] public partial class Bindings : global::Pulumi.CustomResource diff --git a/sdk/dotnet/Authentication/Execution.cs b/sdk/dotnet/Authentication/Execution.cs index e9ccc6c3..8e829230 100644 --- a/sdk/dotnet/Authentication/Execution.cs +++ b/sdk/dotnet/Authentication/Execution.cs @@ -19,6 +19,7 @@ namespace Pulumi.Keycloak.Authentication /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -65,14 +66,15 @@ namespace Pulumi.Keycloak.Authentication /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Authentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/dotnet/Authentication/ExecutionConfig.cs b/sdk/dotnet/Authentication/ExecutionConfig.cs index fc829981..d4d3fc4e 100644 --- a/sdk/dotnet/Authentication/ExecutionConfig.cs +++ b/sdk/dotnet/Authentication/ExecutionConfig.cs @@ -15,6 +15,7 @@ namespace Pulumi.Keycloak.Authentication /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -55,18 +56,19 @@ namespace Pulumi.Keycloak.Authentication /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Configurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`. /// - /// If the `authenticationExecutionId` is incorrect, the import will still be successful. + /// If the `authenticationExecutionId` is incorrect, the import will still be successful. /// - /// A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. + /// A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:authentication/executionConfig:ExecutionConfig config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/dotnet/Authentication/Flow.cs b/sdk/dotnet/Authentication/Flow.cs index fd79f9de..e1e18c4f 100644 --- a/sdk/dotnet/Authentication/Flow.cs +++ b/sdk/dotnet/Authentication/Flow.cs @@ -18,6 +18,7 @@ namespace Pulumi.Keycloak.Authentication /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -48,22 +49,23 @@ namespace Pulumi.Keycloak.Authentication /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Authentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is /// - /// typically a GUID which is autogenerated when the flow is created via Keycloak. + /// typically a GUID which is autogenerated when the flow is created via Keycloak. /// - /// Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the + /// Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the /// - /// "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, + /// "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, /// - /// which will be a list of authentication flows. + /// which will be a list of authentication flows. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:authentication/flow:Flow flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1 diff --git a/sdk/dotnet/Authentication/Subflow.cs b/sdk/dotnet/Authentication/Subflow.cs index 7d4836f3..ab91e008 100644 --- a/sdk/dotnet/Authentication/Subflow.cs +++ b/sdk/dotnet/Authentication/Subflow.cs @@ -17,6 +17,7 @@ namespace Pulumi.Keycloak.Authentication /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -48,24 +49,25 @@ namespace Pulumi.Keycloak.Authentication /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Authentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`. /// - /// The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. + /// The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. /// - /// Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the + /// Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the /// - /// "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to + /// "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to /// - /// `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. + /// `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. /// - /// __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). + /// __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/"Parent Flow"/3bad1172-bb5c-4a77-9615-c2606eb03081 diff --git a/sdk/dotnet/CustomIdentityProviderMapping.cs b/sdk/dotnet/CustomIdentityProviderMapping.cs index 2638b33f..10799b77 100644 --- a/sdk/dotnet/CustomIdentityProviderMapping.cs +++ b/sdk/dotnet/CustomIdentityProviderMapping.cs @@ -12,6 +12,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -52,16 +53,17 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak /// - /// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + /// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b @@ -83,7 +85,7 @@ public partial class CustomIdentityProviderMapping : global::Pulumi.CustomResour public Output IdentityProviderAlias { get; private set; } = null!; /// - /// The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + /// The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. /// [Output("identityProviderMapper")] public Output IdentityProviderMapper { get; private set; } = null!; @@ -165,7 +167,7 @@ public InputMap ExtraConfig public Input IdentityProviderAlias { get; set; } = null!; /// - /// The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + /// The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. /// [Input("identityProviderMapper", required: true)] public Input IdentityProviderMapper { get; set; } = null!; @@ -209,7 +211,7 @@ public InputMap ExtraConfig public Input? IdentityProviderAlias { get; set; } /// - /// The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + /// The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. /// [Input("identityProviderMapper")] public Input? IdentityProviderMapper { get; set; } diff --git a/sdk/dotnet/CustomUserFederation.cs b/sdk/dotnet/CustomUserFederation.cs index 6c628e32..69b5e7fc 100644 --- a/sdk/dotnet/CustomUserFederation.cs +++ b/sdk/dotnet/CustomUserFederation.cs @@ -10,13 +10,17 @@ namespace Pulumi.Keycloak { /// + /// ## # keycloak.CustomUserFederation + /// /// Allows for creating and managing custom user federation providers within Keycloak. /// - /// A custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). + /// A custom user federation provider is an implementation of Keycloak's + /// [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). /// An example of this implementation can be found here. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -27,61 +31,55 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "test", /// Enabled = true, + /// RealmName = "test", /// }); /// /// var customUserFederation = new Keycloak.CustomUserFederation("customUserFederation", new() /// { - /// RealmId = realm.Id, - /// ProviderId = "custom", /// Enabled = true, - /// Config = - /// { - /// { "dummyString", "foobar" }, - /// { "dummyBool", true }, - /// { "multivalue", "value1##value2" }, - /// }, + /// ProviderId = "custom", + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + /// The following arguments are supported: /// - /// The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: + /// - `realm_id` - (Required) The realm that this provider will provide user federation for. + /// - `name` - (Required) Display name of the provider when displayed in the console. + /// - `provider_id` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + /// - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + /// - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + /// - `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:index/customUserFederation:CustomUserFederation custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - /// ``` + /// Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + /// The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: /// [KeycloakResourceType("keycloak:index/customUserFederation:CustomUserFederation")] public partial class CustomUserFederation : global::Pulumi.CustomResource { - /// - /// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - /// [Output("cachePolicy")] public Output CachePolicy { get; private set; } = null!; /// - /// How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + /// How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + /// sync. /// [Output("changedSyncPeriod")] public Output ChangedSyncPeriod { get; private set; } = null!; - /// - /// The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - /// [Output("config")] public Output?> Config { get; private set; } = null!; /// - /// When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + /// When false, this provider will not be used when performing queries for users. /// [Output("enabled")] public Output Enabled { get; private set; } = null!; @@ -99,25 +97,26 @@ public partial class CustomUserFederation : global::Pulumi.CustomResource public Output Name { get; private set; } = null!; /// - /// Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + /// The parent_id of the generated component. will use realm_id if not specified. /// [Output("parentId")] public Output ParentId { get; private set; } = null!; /// - /// Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + /// Priority of this provider when looking up users. Lower values are first. /// [Output("priority")] public Output Priority { get; private set; } = null!; /// - /// The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + /// The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + /// interface /// [Output("providerId")] public Output ProviderId { get; private set; } = null!; /// - /// The realm that this provider will provide user federation for. + /// The realm (name) this provider will provide user federation for. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -168,24 +167,18 @@ public static CustomUserFederation Get(string name, Input id, CustomUser public sealed class CustomUserFederationArgs : global::Pulumi.ResourceArgs { - /// - /// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - /// [Input("cachePolicy")] public Input? CachePolicy { get; set; } /// - /// How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + /// How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + /// sync. /// [Input("changedSyncPeriod")] public Input? ChangedSyncPeriod { get; set; } [Input("config")] private InputMap? _config; - - /// - /// The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - /// public InputMap Config { get => _config ?? (_config = new InputMap()); @@ -193,7 +186,7 @@ public InputMap Config } /// - /// When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + /// When false, this provider will not be used when performing queries for users. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -211,25 +204,26 @@ public InputMap Config public Input? Name { get; set; } /// - /// Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + /// The parent_id of the generated component. will use realm_id if not specified. /// [Input("parentId")] public Input? ParentId { get; set; } /// - /// Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + /// Priority of this provider when looking up users. Lower values are first. /// [Input("priority")] public Input? Priority { get; set; } /// - /// The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + /// The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + /// interface /// [Input("providerId", required: true)] public Input ProviderId { get; set; } = null!; /// - /// The realm that this provider will provide user federation for. + /// The realm (name) this provider will provide user federation for. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -242,24 +236,18 @@ public CustomUserFederationArgs() public sealed class CustomUserFederationState : global::Pulumi.ResourceArgs { - /// - /// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - /// [Input("cachePolicy")] public Input? CachePolicy { get; set; } /// - /// How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + /// How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + /// sync. /// [Input("changedSyncPeriod")] public Input? ChangedSyncPeriod { get; set; } [Input("config")] private InputMap? _config; - - /// - /// The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - /// public InputMap Config { get => _config ?? (_config = new InputMap()); @@ -267,7 +255,7 @@ public InputMap Config } /// - /// When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + /// When false, this provider will not be used when performing queries for users. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -285,25 +273,26 @@ public InputMap Config public Input? Name { get; set; } /// - /// Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + /// The parent_id of the generated component. will use realm_id if not specified. /// [Input("parentId")] public Input? ParentId { get; set; } /// - /// Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + /// Priority of this provider when looking up users. Lower values are first. /// [Input("priority")] public Input? Priority { get; set; } /// - /// The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + /// The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + /// interface /// [Input("providerId")] public Input? ProviderId { get; set; } /// - /// The realm that this provider will provide user federation for. + /// The realm (name) this provider will provide user federation for. /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/DefaultGroups.cs b/sdk/dotnet/DefaultGroups.cs index 45c44991..d306c71f 100644 --- a/sdk/dotnet/DefaultGroups.cs +++ b/sdk/dotnet/DefaultGroups.cs @@ -10,12 +10,16 @@ namespace Pulumi.Keycloak { /// + /// ## # keycloak.DefaultGroups + /// /// Allows for managing a realm's default groups. /// - /// > You should not use `keycloak.DefaultGroups` with a group whose members are managed by `keycloak.GroupMemberships`. + /// Note that you should not use `keycloak.DefaultGroups` with a group with memberships managed + /// by `keycloak.GroupMemberships`. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -26,8 +30,8 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var @group = new Keycloak.Group("group", new() @@ -37,40 +41,36 @@ namespace Pulumi.Keycloak /// /// var @default = new Keycloak.DefaultGroups("default", new() /// { - /// RealmId = realm.Id, /// GroupIds = new[] /// { /// @group.Id, /// }, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Default groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + /// The following arguments are supported: /// - /// Example: + /// - `realm_id` - (Required) The realm this group exists in. + /// - `group_ids` - (Required) A set of group ids that should be default groups on the realm referenced by `realm_id`. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:index/defaultGroups:DefaultGroups default my-realm - /// ``` + /// Groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + /// + /// Example: /// [KeycloakResourceType("keycloak:index/defaultGroups:DefaultGroups")] public partial class DefaultGroups : global::Pulumi.CustomResource { - /// - /// A set of group ids that should be default groups on the realm referenced by `realm_id`. - /// [Output("groupIds")] public Output> GroupIds { get; private set; } = null!; - /// - /// The realm this group exists in. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -122,19 +122,12 @@ public sealed class DefaultGroupsArgs : global::Pulumi.ResourceArgs { [Input("groupIds", required: true)] private InputList? _groupIds; - - /// - /// A set of group ids that should be default groups on the realm referenced by `realm_id`. - /// public InputList GroupIds { get => _groupIds ?? (_groupIds = new InputList()); set => _groupIds = value; } - /// - /// The realm this group exists in. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -148,19 +141,12 @@ public sealed class DefaultGroupsState : global::Pulumi.ResourceArgs { [Input("groupIds")] private InputList? _groupIds; - - /// - /// A set of group ids that should be default groups on the realm referenced by `realm_id`. - /// public InputList GroupIds { get => _groupIds ?? (_groupIds = new InputList()); set => _groupIds = value; } - /// - /// The realm this group exists in. - /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/DefaultRoles.cs b/sdk/dotnet/DefaultRoles.cs index db2d7ec3..46c64eb7 100644 --- a/sdk/dotnet/DefaultRoles.cs +++ b/sdk/dotnet/DefaultRoles.cs @@ -15,8 +15,10 @@ namespace Pulumi.Keycloak /// Note: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak. /// /// ## Example Usage + /// /// ### Realm Role) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -42,18 +44,19 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Default roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite /// - /// role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing + /// role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing /// - /// the default roles. + /// the default roles. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d diff --git a/sdk/dotnet/GenericClientProtocolMapper.cs b/sdk/dotnet/GenericClientProtocolMapper.cs index 652430d5..0f54b0fc 100644 --- a/sdk/dotnet/GenericClientProtocolMapper.cs +++ b/sdk/dotnet/GenericClientProtocolMapper.cs @@ -10,9 +10,9 @@ namespace Pulumi.Keycloak { /// - /// !> **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `keycloak.GenericProtocolMapper` instead. + /// ## # keycloak.GenericClientProtocolMapper /// - /// Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. + /// Allows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak. /// /// There are two uses cases for using this resource: /// * If you implemented a custom protocol mapper, this resource can be used to configure it @@ -21,8 +21,9 @@ namespace Pulumi.Keycloak /// Due to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. /// Therefore, if possible, a specific mapper should be used. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -33,22 +34,19 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var samlClient = new Keycloak.Saml.Client("samlClient", new() /// { - /// RealmId = realm.Id, /// ClientId = "test-client", + /// RealmId = realm.Id, /// }); /// /// var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", new() /// { - /// RealmId = realm.Id, /// ClientId = samlClient.Id, - /// Protocol = "saml", - /// ProtocolMapper = "saml-hardcode-attribute-mapper", /// Config = /// { /// { "attribute.name", "name" }, @@ -56,28 +54,38 @@ namespace Pulumi.Keycloak /// { "attribute.value", "value" }, /// { "friendly.name", "display name" }, /// }, + /// Protocol = "saml", + /// ProtocolMapper = "saml-hardcode-attribute-mapper", + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// The following arguments are supported: /// - /// Example: + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required) The client this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + /// - `protocol_mapper` - (Required) The name of the protocol mapper. The protocol mapper must be + /// compatible with the specified client. + /// - `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// + /// Example: /// [KeycloakResourceType("keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper")] public partial class GenericClientProtocolMapper : global::Pulumi.CustomResource { /// - /// The client this protocol mapper is attached to. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; @@ -88,32 +96,29 @@ public partial class GenericClientProtocolMapper : global::Pulumi.CustomResource [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; - /// - /// A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - /// [Output("config")] public Output> Config { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + /// The protocol of the client (openid-connect / saml). /// [Output("protocol")] public Output Protocol { get; private set; } = null!; /// - /// The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + /// The type of the protocol mapper. /// [Output("protocolMapper")] public Output ProtocolMapper { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -165,7 +170,7 @@ public static GenericClientProtocolMapper Get(string name, Input id, Gen public sealed class GenericClientProtocolMapperArgs : global::Pulumi.ResourceArgs { /// - /// The client this protocol mapper is attached to. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } @@ -178,10 +183,6 @@ public sealed class GenericClientProtocolMapperArgs : global::Pulumi.ResourceArg [Input("config", required: true)] private InputMap? _config; - - /// - /// A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - /// public InputMap Config { get => _config ?? (_config = new InputMap()); @@ -189,25 +190,25 @@ public InputMap Config } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + /// The protocol of the client (openid-connect / saml). /// [Input("protocol", required: true)] public Input Protocol { get; set; } = null!; /// - /// The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + /// The type of the protocol mapper. /// [Input("protocolMapper", required: true)] public Input ProtocolMapper { get; set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -221,7 +222,7 @@ public GenericClientProtocolMapperArgs() public sealed class GenericClientProtocolMapperState : global::Pulumi.ResourceArgs { /// - /// The client this protocol mapper is attached to. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } @@ -234,10 +235,6 @@ public sealed class GenericClientProtocolMapperState : global::Pulumi.ResourceAr [Input("config")] private InputMap? _config; - - /// - /// A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - /// public InputMap Config { get => _config ?? (_config = new InputMap()); @@ -245,25 +242,25 @@ public InputMap Config } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + /// The protocol of the client (openid-connect / saml). /// [Input("protocol")] public Input? Protocol { get; set; } /// - /// The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + /// The type of the protocol mapper. /// [Input("protocolMapper")] public Input? ProtocolMapper { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/GenericClientRoleMapper.cs b/sdk/dotnet/GenericClientRoleMapper.cs index d4c9d8ee..f1803e13 100644 --- a/sdk/dotnet/GenericClientRoleMapper.cs +++ b/sdk/dotnet/GenericClientRoleMapper.cs @@ -19,8 +19,10 @@ namespace Pulumi.Keycloak /// inside an access token for a client. /// /// ## Example Usage + /// /// ### Realm Role To Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -58,8 +60,11 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Role To Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -114,8 +119,11 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Realm Role To Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -150,8 +158,11 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Role To Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -195,18 +206,19 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Generic client role mappers can be imported using one of the following two formats: /// - /// - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + /// - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` /// - /// - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + /// - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/dotnet/GenericProtocolMapper.cs b/sdk/dotnet/GenericProtocolMapper.cs index 80749e4c..1bbdf3ea 100644 --- a/sdk/dotnet/GenericProtocolMapper.cs +++ b/sdk/dotnet/GenericProtocolMapper.cs @@ -21,6 +21,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -58,14 +59,15 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/dotnet/GenericRoleMapper.cs b/sdk/dotnet/GenericRoleMapper.cs index 1f8c3f07..45bd491a 100644 --- a/sdk/dotnet/GenericRoleMapper.cs +++ b/sdk/dotnet/GenericRoleMapper.cs @@ -17,8 +17,10 @@ namespace Pulumi.Keycloak /// inside an access token for a client. /// /// ## Example Usage + /// /// ### Realm Role To Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -56,8 +58,11 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Role To Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -112,8 +117,11 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Realm Role To Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -148,8 +156,11 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Role To Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -193,18 +204,19 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Generic client role mappers can be imported using one of the following two formats: /// - /// - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + /// - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` /// - /// - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + /// - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/dotnet/GetAuthenticationExecution.cs b/sdk/dotnet/GetAuthenticationExecution.cs index 3220f11f..027416f8 100644 --- a/sdk/dotnet/GetAuthenticationExecution.cs +++ b/sdk/dotnet/GetAuthenticationExecution.cs @@ -14,10 +14,9 @@ public static class GetAuthenticationExecution /// /// This data source can be used to fetch the ID of an authentication execution within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -41,8 +40,7 @@ public static class GetAuthenticationExecution /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetAuthenticationExecutionArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getAuthenticationExecution:getAuthenticationExecution", args ?? new GetAuthenticationExecutionArgs(), options.WithDefaults()); @@ -50,10 +48,9 @@ public static Task InvokeAsync(GetAuthenticati /// /// This data source can be used to fetch the ID of an authentication execution within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -77,8 +74,7 @@ public static Task InvokeAsync(GetAuthenticati /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetAuthenticationExecutionInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getAuthenticationExecution:getAuthenticationExecution", args ?? new GetAuthenticationExecutionInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/GetAuthenticationFlow.cs b/sdk/dotnet/GetAuthenticationFlow.cs index abf84b71..7f305f5d 100644 --- a/sdk/dotnet/GetAuthenticationFlow.cs +++ b/sdk/dotnet/GetAuthenticationFlow.cs @@ -14,10 +14,9 @@ public static class GetAuthenticationFlow /// /// This data source can be used to fetch the ID of an authentication flow within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -40,8 +39,7 @@ public static class GetAuthenticationFlow /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetAuthenticationFlowArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getAuthenticationFlow:getAuthenticationFlow", args ?? new GetAuthenticationFlowArgs(), options.WithDefaults()); @@ -49,10 +47,9 @@ public static Task InvokeAsync(GetAuthenticationFlo /// /// This data source can be used to fetch the ID of an authentication flow within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -75,8 +72,7 @@ public static Task InvokeAsync(GetAuthenticationFlo /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetAuthenticationFlowInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getAuthenticationFlow:getAuthenticationFlow", args ?? new GetAuthenticationFlowInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/GetClientDescriptionConverter.cs b/sdk/dotnet/GetClientDescriptionConverter.cs index 2b41a80b..5d89d57a 100644 --- a/sdk/dotnet/GetClientDescriptionConverter.cs +++ b/sdk/dotnet/GetClientDescriptionConverter.cs @@ -15,10 +15,9 @@ public static class GetClientDescriptionConverter /// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak /// client. This data can then be used to manage the client within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -74,8 +73,7 @@ public static class GetClientDescriptionConverter /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetClientDescriptionConverterArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter", args ?? new GetClientDescriptionConverterArgs(), options.WithDefaults()); @@ -84,10 +82,9 @@ public static Task InvokeAsync(GetClientDes /// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak /// client. This data can then be used to manage the client within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -143,8 +140,7 @@ public static Task InvokeAsync(GetClientDes /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetClientDescriptionConverterInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter", args ?? new GetClientDescriptionConverterInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/GetGroup.cs b/sdk/dotnet/GetGroup.cs index d908b07a..336fa3d3 100644 --- a/sdk/dotnet/GetGroup.cs +++ b/sdk/dotnet/GetGroup.cs @@ -12,105 +12,19 @@ namespace Pulumi.Keycloak public static class GetGroup { /// + /// ## # keycloak.Group data source + /// /// This data source can be used to fetch properties of a Keycloak group for /// usage with other resources, such as `keycloak.GroupRoles`. - /// - /// {{% examples %}} - /// ## Example Usage - /// {{% example %}} - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var offlineAccess = Keycloak.GetRole.Invoke(new() - /// { - /// RealmId = realm.Id, - /// Name = "offline_access", - /// }); - /// - /// var @group = Keycloak.GetGroup.Invoke(new() - /// { - /// RealmId = realm.Id, - /// Name = "group", - /// }); - /// - /// var groupRoles = new Keycloak.GroupRoles("groupRoles", new() - /// { - /// RealmId = realm.Id, - /// GroupId = @group.Apply(@group => @group.Apply(getGroupResult => getGroupResult.Id)), - /// RoleIds = new[] - /// { - /// offlineAccess.Apply(getRoleResult => getRoleResult.Id), - /// }, - /// }); - /// - /// }); - /// ``` - /// {{% /example %}} - /// {{% /examples %}} /// public static Task InvokeAsync(GetGroupArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getGroup:getGroup", args ?? new GetGroupArgs(), options.WithDefaults()); /// + /// ## # keycloak.Group data source + /// /// This data source can be used to fetch properties of a Keycloak group for /// usage with other resources, such as `keycloak.GroupRoles`. - /// - /// {{% examples %}} - /// ## Example Usage - /// {{% example %}} - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var offlineAccess = Keycloak.GetRole.Invoke(new() - /// { - /// RealmId = realm.Id, - /// Name = "offline_access", - /// }); - /// - /// var @group = Keycloak.GetGroup.Invoke(new() - /// { - /// RealmId = realm.Id, - /// Name = "group", - /// }); - /// - /// var groupRoles = new Keycloak.GroupRoles("groupRoles", new() - /// { - /// RealmId = realm.Id, - /// GroupId = @group.Apply(@group => @group.Apply(getGroupResult => getGroupResult.Id)), - /// RoleIds = new[] - /// { - /// offlineAccess.Apply(getRoleResult => getRoleResult.Id), - /// }, - /// }); - /// - /// }); - /// ``` - /// {{% /example %}} - /// {{% /examples %}} /// public static Output Invoke(GetGroupInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getGroup:getGroup", args ?? new GetGroupInvokeArgs(), options.WithDefaults()); @@ -119,15 +33,9 @@ public static Output Invoke(GetGroupInvokeArgs args, InvokeOptio public sealed class GetGroupArgs : global::Pulumi.InvokeArgs { - /// - /// The name of the group. If there are multiple groups match `name`, the first result will be returned. - /// [Input("name", required: true)] public string Name { get; set; } = null!; - /// - /// The realm this group exists within. - /// [Input("realmId", required: true)] public string RealmId { get; set; } = null!; @@ -139,15 +47,9 @@ public GetGroupArgs() public sealed class GetGroupInvokeArgs : global::Pulumi.InvokeArgs { - /// - /// The name of the group. If there are multiple groups match `name`, the first result will be returned. - /// [Input("name", required: true)] public Input Name { get; set; } = null!; - /// - /// The realm this group exists within. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; diff --git a/sdk/dotnet/GetRealm.cs b/sdk/dotnet/GetRealm.cs index f252abc3..cc15d0c1 100644 --- a/sdk/dotnet/GetRealm.cs +++ b/sdk/dotnet/GetRealm.cs @@ -12,13 +12,14 @@ namespace Pulumi.Keycloak public static class GetRealm { /// + /// ## # keycloak.Realm data source + /// /// This data source can be used to fetch properties of a Keycloak realm for /// usage with other resources. /// - /// {{% examples %}} - /// ## Example Usage - /// {{% example %}} + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -34,25 +35,35 @@ public static class GetRealm /// /// var @group = new Keycloak.Role("group", new() /// { - /// RealmId = realm.Apply(getRealmResult => getRealmResult.Id), + /// RealmId = data.Keycloak_realm.Id, /// }); /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> + /// + /// ### Argument Reference + /// + /// The following arguments are supported: + /// + /// - `realm` - (Required) The realm name. + /// + /// ### Attributes Reference + /// + /// See the docs for the `keycloak.Realm` resource for details on the exported attributes. /// public static Task InvokeAsync(GetRealmArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getRealm:getRealm", args ?? new GetRealmArgs(), options.WithDefaults()); /// + /// ## # keycloak.Realm data source + /// /// This data source can be used to fetch properties of a Keycloak realm for /// usage with other resources. /// - /// {{% examples %}} - /// ## Example Usage - /// {{% example %}} + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -68,13 +79,22 @@ public static Task InvokeAsync(GetRealmArgs args, InvokeOptions? /// /// var @group = new Keycloak.Role("group", new() /// { - /// RealmId = realm.Apply(getRealmResult => getRealmResult.Id), + /// RealmId = data.Keycloak_realm.Id, /// }); /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> + /// + /// ### Argument Reference + /// + /// The following arguments are supported: + /// + /// - `realm` - (Required) The realm name. + /// + /// ### Attributes Reference + /// + /// See the docs for the `keycloak.Realm` resource for details on the exported attributes. /// public static Output Invoke(GetRealmInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getRealm:getRealm", args ?? new GetRealmInvokeArgs(), options.WithDefaults()); @@ -121,9 +141,6 @@ public List Internationalizations [Input("otpPolicy")] public Inputs.GetRealmOtpPolicyArgs? OtpPolicy { get; set; } - /// - /// The realm name. - /// [Input("realm", required: true)] public string Realm { get; set; } = null!; @@ -195,9 +212,6 @@ public InputList Internationalizat [Input("otpPolicy")] public Input? OtpPolicy { get; set; } - /// - /// The realm name. - /// [Input("realm", required: true)] public Input Realm { get; set; } = null!; diff --git a/sdk/dotnet/GetRealmKeys.cs b/sdk/dotnet/GetRealmKeys.cs index 909cd03e..af89f1f5 100644 --- a/sdk/dotnet/GetRealmKeys.cs +++ b/sdk/dotnet/GetRealmKeys.cs @@ -12,25 +12,29 @@ namespace Pulumi.Keycloak public static class GetRealmKeys { /// + /// ## # keycloak.getRealmKeys data source + /// /// Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. /// /// Remarks: /// /// - A key must meet all filter criteria - /// - This data source may return more than one value. - /// - If no key matches the filter criteria, then an error will be returned. + /// - This datasource may return more than one value. + /// - If no key matches the filter criteria, then an error is returned. /// public static Task InvokeAsync(GetRealmKeysArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getRealmKeys:getRealmKeys", args ?? new GetRealmKeysArgs(), options.WithDefaults()); /// + /// ## # keycloak.getRealmKeys data source + /// /// Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. /// /// Remarks: /// /// - A key must meet all filter criteria - /// - This data source may return more than one value. - /// - If no key matches the filter criteria, then an error will be returned. + /// - This datasource may return more than one value. + /// - If no key matches the filter criteria, then an error is returned. /// public static Output Invoke(GetRealmKeysInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getRealmKeys:getRealmKeys", args ?? new GetRealmKeysInvokeArgs(), options.WithDefaults()); @@ -41,28 +45,17 @@ public sealed class GetRealmKeysArgs : global::Pulumi.InvokeArgs { [Input("algorithms")] private List? _algorithms; - - /// - /// When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - /// public List Algorithms { get => _algorithms ?? (_algorithms = new List()); set => _algorithms = value; } - /// - /// The realm from which the keys will be retrieved. - /// [Input("realmId", required: true)] public string RealmId { get; set; } = null!; [Input("statuses")] private List? _statuses; - - /// - /// When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - /// public List Statuses { get => _statuses ?? (_statuses = new List()); @@ -79,28 +72,17 @@ public sealed class GetRealmKeysInvokeArgs : global::Pulumi.InvokeArgs { [Input("algorithms")] private InputList? _algorithms; - - /// - /// When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - /// public InputList Algorithms { get => _algorithms ?? (_algorithms = new InputList()); set => _algorithms = value; } - /// - /// The realm from which the keys will be retrieved. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; [Input("statuses")] private InputList? _statuses; - - /// - /// When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - /// public InputList Statuses { get => _statuses ?? (_statuses = new InputList()); @@ -122,14 +104,8 @@ public sealed class GetRealmKeysResult /// The provider-assigned unique ID for this managed resource. /// public readonly string Id; - /// - /// (Computed) A list of keys that match the filter criteria. Each key has the following attributes: - /// public readonly ImmutableArray Keys; public readonly string RealmId; - /// - /// Key status (string) - /// public readonly ImmutableArray Statuses; [OutputConstructor] diff --git a/sdk/dotnet/GetRole.cs b/sdk/dotnet/GetRole.cs index 62970819..1e84ee83 100644 --- a/sdk/dotnet/GetRole.cs +++ b/sdk/dotnet/GetRole.cs @@ -12,103 +12,19 @@ namespace Pulumi.Keycloak public static class GetRole { /// + /// ## # keycloak.Role data source + /// /// This data source can be used to fetch properties of a Keycloak role for /// usage with other resources, such as `keycloak.GroupRoles`. - /// - /// {{% examples %}} - /// ## Example Usage - /// {{% example %}} - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var offlineAccess = Keycloak.GetRole.Invoke(new() - /// { - /// RealmId = realm.Id, - /// Name = "offline_access", - /// }); - /// - /// var @group = new Keycloak.Group("group", new() - /// { - /// RealmId = realm.Id, - /// }); - /// - /// var groupRoles = new Keycloak.GroupRoles("groupRoles", new() - /// { - /// RealmId = realm.Id, - /// GroupId = @group.Id, - /// RoleIds = new[] - /// { - /// offlineAccess.Apply(getRoleResult => getRoleResult.Id), - /// }, - /// }); - /// - /// }); - /// ``` - /// {{% /example %}} - /// {{% /examples %}} /// public static Task InvokeAsync(GetRoleArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getRole:getRole", args ?? new GetRoleArgs(), options.WithDefaults()); /// + /// ## # keycloak.Role data source + /// /// This data source can be used to fetch properties of a Keycloak role for /// usage with other resources, such as `keycloak.GroupRoles`. - /// - /// {{% examples %}} - /// ## Example Usage - /// {{% example %}} - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var offlineAccess = Keycloak.GetRole.Invoke(new() - /// { - /// RealmId = realm.Id, - /// Name = "offline_access", - /// }); - /// - /// var @group = new Keycloak.Group("group", new() - /// { - /// RealmId = realm.Id, - /// }); - /// - /// var groupRoles = new Keycloak.GroupRoles("groupRoles", new() - /// { - /// RealmId = realm.Id, - /// GroupId = @group.Id, - /// RoleIds = new[] - /// { - /// offlineAccess.Apply(getRoleResult => getRoleResult.Id), - /// }, - /// }); - /// - /// }); - /// ``` - /// {{% /example %}} - /// {{% /examples %}} /// public static Output Invoke(GetRoleInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getRole:getRole", args ?? new GetRoleInvokeArgs(), options.WithDefaults()); @@ -117,21 +33,12 @@ public static Output Invoke(GetRoleInvokeArgs args, InvokeOptions public sealed class GetRoleArgs : global::Pulumi.InvokeArgs { - /// - /// When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - /// [Input("clientId")] public string? ClientId { get; set; } - /// - /// The name of the role. - /// [Input("name", required: true)] public string Name { get; set; } = null!; - /// - /// The realm this role exists within. - /// [Input("realmId", required: true)] public string RealmId { get; set; } = null!; @@ -143,21 +50,12 @@ public GetRoleArgs() public sealed class GetRoleInvokeArgs : global::Pulumi.InvokeArgs { - /// - /// When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - /// [Input("clientId")] public Input? ClientId { get; set; } - /// - /// The name of the role. - /// [Input("name", required: true)] public Input Name { get; set; } = null!; - /// - /// The realm this role exists within. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -174,9 +72,6 @@ public sealed class GetRoleResult public readonly ImmutableDictionary Attributes; public readonly string? ClientId; public readonly ImmutableArray CompositeRoles; - /// - /// (Computed) The description of the role. - /// public readonly string Description; /// /// The provider-assigned unique ID for this managed resource. diff --git a/sdk/dotnet/GetUser.cs b/sdk/dotnet/GetUser.cs index 8f1c444a..7e4d5a5c 100644 --- a/sdk/dotnet/GetUser.cs +++ b/sdk/dotnet/GetUser.cs @@ -14,10 +14,9 @@ public static class GetUser /// /// This data source can be used to fetch properties of a user within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -43,8 +42,7 @@ public static class GetUser /// }; /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetUserArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getUser:getUser", args ?? new GetUserArgs(), options.WithDefaults()); @@ -52,10 +50,9 @@ public static Task InvokeAsync(GetUserArgs args, InvokeOptions? o /// /// This data source can be used to fetch properties of a user within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -81,8 +78,7 @@ public static Task InvokeAsync(GetUserArgs args, InvokeOptions? o /// }; /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetUserInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getUser:getUser", args ?? new GetUserInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/GetUserRealmRoles.cs b/sdk/dotnet/GetUserRealmRoles.cs index 583577df..fcb8c531 100644 --- a/sdk/dotnet/GetUserRealmRoles.cs +++ b/sdk/dotnet/GetUserRealmRoles.cs @@ -14,10 +14,9 @@ public static class GetUserRealmRoles /// /// This data source can be used to fetch the realm roles of a user within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -49,8 +48,7 @@ public static class GetUserRealmRoles /// }; /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetUserRealmRolesArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getUserRealmRoles:getUserRealmRoles", args ?? new GetUserRealmRolesArgs(), options.WithDefaults()); @@ -58,10 +56,9 @@ public static Task InvokeAsync(GetUserRealmRolesArgs ar /// /// This data source can be used to fetch the realm roles of a user within Keycloak. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -93,8 +90,7 @@ public static Task InvokeAsync(GetUserRealmRolesArgs ar /// }; /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetUserRealmRolesInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getUserRealmRoles:getUserRealmRoles", args ?? new GetUserRealmRolesInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/Group.cs b/sdk/dotnet/Group.cs index 2ee50fcf..374880eb 100644 --- a/sdk/dotnet/Group.cs +++ b/sdk/dotnet/Group.cs @@ -10,18 +10,22 @@ namespace Pulumi.Keycloak { /// + /// ## # keycloak.Group + /// /// Allows for creating and managing Groups within Keycloak. /// - /// Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and - /// group membership can be mapped to a claim. + /// Groups provide a logical wrapping for users within Keycloak. Users within a + /// group can share attributes and roles, and group membership can be mapped + /// to a claim. /// /// Attributes can also be defined on Groups. /// - /// Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource **should not** - /// be used to manage groups that were created this way. + /// Groups can also be federated from external data sources, such as LDAP or Active Directory. + /// This resource **should not** be used to manage groups that were created this way. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -32,8 +36,8 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var parentGroup = new Keycloak.Group("parentGroup", new() @@ -43,68 +47,62 @@ namespace Pulumi.Keycloak /// /// var childGroup = new Keycloak.Group("childGroup", new() /// { - /// RealmId = realm.Id, /// ParentId = parentGroup.Id, + /// RealmId = realm.Id, /// }); /// /// var childGroupWithOptionalAttributes = new Keycloak.Group("childGroupWithOptionalAttributes", new() /// { - /// RealmId = realm.Id, - /// ParentId = parentGroup.Id, /// Attributes = /// { - /// { "foo", "bar" }, - /// { "multivalue", "value1##value2" }, + /// { "key1", "value1" }, + /// { "key2", "value2" }, /// }, + /// ParentId = parentGroup.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + /// The following arguments are supported: /// - /// assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + /// - `realm_id` - (Required) The realm this group exists in. + /// - `parent_id` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level. + /// - `name` - (Required) The name of the group. + /// - `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group. /// - /// Example: + /// ### Attributes Reference /// - /// bash + /// In addition to the arguments listed above, the following computed attributes are exported: /// - /// ```sh - /// $ pulumi import keycloak:index/group:Group child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd - /// ``` + /// - `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. + /// + /// ### Import + /// + /// Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + /// assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + /// + /// Example: /// [KeycloakResourceType("keycloak:index/group:Group")] public partial class Group : global::Pulumi.CustomResource { - /// - /// A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// [Output("attributes")] public Output?> Attributes { get; private set; } = null!; - /// - /// The name of the group. - /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// The ID of this group's parent. If omitted, this group will be defined at the root level. - /// [Output("parentId")] public Output ParentId { get; private set; } = null!; - /// - /// (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - /// [Output("path")] public Output Path { get; private set; } = null!; - /// - /// The realm this group exists in. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -156,31 +154,18 @@ public sealed class GroupArgs : global::Pulumi.ResourceArgs { [Input("attributes")] private InputMap? _attributes; - - /// - /// A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// public InputMap Attributes { get => _attributes ?? (_attributes = new InputMap()); set => _attributes = value; } - /// - /// The name of the group. - /// [Input("name")] public Input? Name { get; set; } - /// - /// The ID of this group's parent. If omitted, this group will be defined at the root level. - /// [Input("parentId")] public Input? ParentId { get; set; } - /// - /// The realm this group exists in. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -194,37 +179,21 @@ public sealed class GroupState : global::Pulumi.ResourceArgs { [Input("attributes")] private InputMap? _attributes; - - /// - /// A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// public InputMap Attributes { get => _attributes ?? (_attributes = new InputMap()); set => _attributes = value; } - /// - /// The name of the group. - /// [Input("name")] public Input? Name { get; set; } - /// - /// The ID of this group's parent. If omitted, this group will be defined at the root level. - /// [Input("parentId")] public Input? ParentId { get; set; } - /// - /// (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - /// [Input("path")] public Input? Path { get; set; } - /// - /// The realm this group exists in. - /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/GroupMemberships.cs b/sdk/dotnet/GroupMemberships.cs index 585c028c..ee63b3cc 100644 --- a/sdk/dotnet/GroupMemberships.cs +++ b/sdk/dotnet/GroupMemberships.cs @@ -10,24 +10,25 @@ namespace Pulumi.Keycloak { /// - /// Allows for managing a Keycloak group's members. - /// - /// Note that this resource attempts to be an **authoritative** source over group members. When this resource takes control - /// over a group's members, users that are manually added to the group will be removed, and users that are manually removed - /// from the group will be added upon the next run of `pulumi up`. + /// ## # keycloak.GroupMemberships /// - /// Also note that you should not use `keycloak.GroupMemberships` with a group has been assigned as a default group via - /// `keycloak.DefaultGroups`. + /// Allows for managing a Keycloak group's members. /// - /// This resource **should not** be used to control membership of a group that has its members federated from an external - /// source via group mapping. + /// Note that this resource attempts to be an **authoritative** source over group members. + /// When this resource takes control over a group's members, users that are manually added + /// to the group will be removed, and users that are manually removed from the group will + /// be added upon the next run of `pulumi up`. Eventually, a non-authoritative resource + /// for group membership will be added to this provider. /// - /// To non-exclusively manage the group's of a user, see the [`keycloak.UserGroups` resource][1] + /// Also note that you should not use `keycloak.GroupMemberships` with a group has been assigned + /// as a default group via `keycloak.DefaultGroups`. /// - /// This resource paginates its data loading on refresh by 50 items. + /// This resource **should not** be used to control membership of a group that has its members + /// federated from an external source via group mapping. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -38,8 +39,8 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var @group = new Keycloak.Group("group", new() @@ -55,43 +56,40 @@ namespace Pulumi.Keycloak /// /// var groupMembers = new Keycloak.GroupMemberships("groupMembers", new() /// { - /// RealmId = realm.Id, /// GroupId = @group.Id, /// Members = new[] /// { /// user.Username, /// }, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// This resource does not support import. Instead of importing, feel free to create this resource + /// The following arguments are supported: /// - /// as if it did not already exist on the server. + /// - `realm_id` - (Required) The realm this group exists in. + /// - `group_id` - (Required) The ID of the group this resource should manage memberships for. + /// - `members` - (Required) An array of usernames that belong to this group. /// - /// [1]: providers/mrparkers/keycloak/latest/docs/resources/group_memberships + /// ### Import + /// + /// This resource does not support import. Instead of importing, feel free to create this resource + /// as if it did not already exist on the server. /// [KeycloakResourceType("keycloak:index/groupMemberships:GroupMemberships")] public partial class GroupMemberships : global::Pulumi.CustomResource { - /// - /// The ID of the group this resource should manage memberships for. - /// [Output("groupId")] public Output GroupId { get; private set; } = null!; - /// - /// A list of usernames that belong to this group. - /// [Output("members")] public Output> Members { get; private set; } = null!; - /// - /// The realm this group exists in. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -141,27 +139,17 @@ public static GroupMemberships Get(string name, Input id, GroupMembershi public sealed class GroupMembershipsArgs : global::Pulumi.ResourceArgs { - /// - /// The ID of the group this resource should manage memberships for. - /// [Input("groupId")] public Input? GroupId { get; set; } [Input("members", required: true)] private InputList? _members; - - /// - /// A list of usernames that belong to this group. - /// public InputList Members { get => _members ?? (_members = new InputList()); set => _members = value; } - /// - /// The realm this group exists in. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -173,27 +161,17 @@ public GroupMembershipsArgs() public sealed class GroupMembershipsState : global::Pulumi.ResourceArgs { - /// - /// The ID of the group this resource should manage memberships for. - /// [Input("groupId")] public Input? GroupId { get; set; } [Input("members")] private InputList? _members; - - /// - /// A list of usernames that belong to this group. - /// public InputList Members { get => _members ?? (_members = new InputList()); set => _members = value; } - /// - /// The realm this group exists in. - /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/GroupRoles.cs b/sdk/dotnet/GroupRoles.cs index 79605310..dd3a8129 100644 --- a/sdk/dotnet/GroupRoles.cs +++ b/sdk/dotnet/GroupRoles.cs @@ -10,18 +10,23 @@ namespace Pulumi.Keycloak { /// + /// ## # keycloak.GroupRoles + /// /// Allows you to manage roles assigned to a Keycloak group. /// - /// If `exhaustive` is true, this resource attempts to be an **authoritative** source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the - /// group will be added upon the next run of `pulumi up`. - /// If `exhaustive` is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple `keycloak.GroupRoles` for the same `group_id`. + /// Note that this resource attempts to be an **authoritative** source over + /// group roles. When this resource takes control over a group's roles, + /// roles that are manually added to the group will be removed, and roles + /// that are manually removed from the group will be added upon the next run + /// of `pulumi up`. /// - /// Note that when assigning composite roles to a group, you may see a non-empty plan following a `pulumi up` if you - /// assign a role and a composite that includes that role to the same group. + /// Note that when assigning composite roles to a group, you may see a + /// non-empty plan following a `pulumi up` if you assign a role and a + /// composite that includes that role to the same group. /// - /// ## Example Usage - /// ### Exhaustive Roles) + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -32,29 +37,29 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var realmRole = new Keycloak.Role("realmRole", new() /// { - /// RealmId = realm.Id, /// Description = "My Realm Role", + /// RealmId = realm.Id, /// }); /// /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// RealmId = realm.Id, + /// AccessType = "BEARER-ONLY", /// ClientId = "client", /// Enabled = true, - /// AccessType = "BEARER-ONLY", + /// RealmId = realm.Id, /// }); /// /// var clientRole = new Keycloak.Role("clientRole", new() /// { - /// RealmId = realm.Id, /// ClientId = keycloak_client.Client.Id, /// Description = "My Client Role", + /// RealmId = realm.Id, /// }); /// /// var @group = new Keycloak.Group("group", new() @@ -64,124 +69,49 @@ namespace Pulumi.Keycloak /// /// var groupRoles = new Keycloak.GroupRoles("groupRoles", new() /// { - /// RealmId = realm.Id, /// GroupId = @group.Id, - /// RoleIds = new[] - /// { - /// realmRole.Id, - /// clientRole.Id, - /// }, - /// }); - /// - /// }); - /// ``` - /// ### Non Exhaustive Roles) - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var realmRole = new Keycloak.Role("realmRole", new() - /// { - /// RealmId = realm.Id, - /// Description = "My Realm Role", - /// }); - /// - /// var client = new Keycloak.OpenId.Client("client", new() - /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, - /// AccessType = "BEARER-ONLY", - /// }); - /// - /// var clientRole = new Keycloak.Role("clientRole", new() - /// { - /// RealmId = realm.Id, - /// ClientId = keycloak_client.Client.Id, - /// Description = "My Client Role", - /// }); - /// - /// var @group = new Keycloak.Group("group", new() - /// { - /// RealmId = realm.Id, - /// }); - /// - /// var groupRoleAssociation1 = new Keycloak.GroupRoles("groupRoleAssociation1", new() - /// { /// RealmId = realm.Id, - /// GroupId = @group.Id, - /// Exhaustive = false, /// RoleIds = new[] /// { /// realmRole.Id, - /// }, - /// }); - /// - /// var groupRoleAssociation2 = new Keycloak.GroupRoles("groupRoleAssociation2", new() - /// { - /// RealmId = realm.Id, - /// GroupId = @group.Id, - /// Exhaustive = false, - /// RoleIds = new[] - /// { /// clientRole.Id, /// }, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// This resource can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + /// The following arguments are supported: /// - /// assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically + /// - `realm_id` - (Required) The realm this group exists in. + /// - `group_id` - (Required) The ID of the group this resource should + /// manage roles for. + /// - `role_ids` - (Required) A list of role IDs to map to the group /// - /// a GUID. + /// ### Import /// - /// Example: + /// This resource can be imported using the format + /// `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that + /// Keycloak assigns to the group upon creation. This value can be found in + /// the URI when editing this group in the GUI, and is typically a GUID. /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:index/groupRoles:GroupRoles group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:index/groupRoles:GroupRoles")] public partial class GroupRoles : global::Pulumi.CustomResource { - /// - /// Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - /// [Output("exhaustive")] public Output Exhaustive { get; private set; } = null!; - /// - /// The ID of the group this resource should manage roles for. - /// [Output("groupId")] public Output GroupId { get; private set; } = null!; - /// - /// The realm this group exists in. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// A list of role IDs to map to the group. - /// [Output("roleIds")] public Output> RoleIds { get; private set; } = null!; @@ -231,30 +161,17 @@ public static GroupRoles Get(string name, Input id, GroupRolesState? sta public sealed class GroupRolesArgs : global::Pulumi.ResourceArgs { - /// - /// Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - /// [Input("exhaustive")] public Input? Exhaustive { get; set; } - /// - /// The ID of the group this resource should manage roles for. - /// [Input("groupId", required: true)] public Input GroupId { get; set; } = null!; - /// - /// The realm this group exists in. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; [Input("roleIds", required: true)] private InputList? _roleIds; - - /// - /// A list of role IDs to map to the group. - /// public InputList RoleIds { get => _roleIds ?? (_roleIds = new InputList()); @@ -269,30 +186,17 @@ public GroupRolesArgs() public sealed class GroupRolesState : global::Pulumi.ResourceArgs { - /// - /// Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - /// [Input("exhaustive")] public Input? Exhaustive { get; set; } - /// - /// The ID of the group this resource should manage roles for. - /// [Input("groupId")] public Input? GroupId { get; set; } - /// - /// The realm this group exists in. - /// [Input("realmId")] public Input? RealmId { get; set; } [Input("roleIds")] private InputList? _roleIds; - - /// - /// A list of role IDs to map to the group. - /// public InputList RoleIds { get => _roleIds ?? (_roleIds = new InputList()); diff --git a/sdk/dotnet/HardcodedAttributeIdentityProviderMapper.cs b/sdk/dotnet/HardcodedAttributeIdentityProviderMapper.cs index 337074f8..bd88c461 100644 --- a/sdk/dotnet/HardcodedAttributeIdentityProviderMapper.cs +++ b/sdk/dotnet/HardcodedAttributeIdentityProviderMapper.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -55,6 +56,7 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// [KeycloakResourceType("keycloak:index/hardcodedAttributeIdentityProviderMapper:HardcodedAttributeIdentityProviderMapper")] public partial class HardcodedAttributeIdentityProviderMapper : global::Pulumi.CustomResource diff --git a/sdk/dotnet/HardcodedRoleIdentityMapper.cs b/sdk/dotnet/HardcodedRoleIdentityMapper.cs index 96bbf9bb..639fc826 100644 --- a/sdk/dotnet/HardcodedRoleIdentityMapper.cs +++ b/sdk/dotnet/HardcodedRoleIdentityMapper.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -59,6 +60,7 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// [KeycloakResourceType("keycloak:index/hardcodedRoleIdentityMapper:HardcodedRoleIdentityMapper")] public partial class HardcodedRoleIdentityMapper : global::Pulumi.CustomResource diff --git a/sdk/dotnet/IdentityProviderTokenExchangeScopePermission.cs b/sdk/dotnet/IdentityProviderTokenExchangeScopePermission.cs index 049770e7..58a6b74d 100644 --- a/sdk/dotnet/IdentityProviderTokenExchangeScopePermission.cs +++ b/sdk/dotnet/IdentityProviderTokenExchangeScopePermission.cs @@ -12,6 +12,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -65,16 +66,17 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// This resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that /// - /// you assign to the identity provider upon creation. + /// you assign to the identity provider upon creation. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp diff --git a/sdk/dotnet/Inputs/RealmInternationalizationArgs.cs b/sdk/dotnet/Inputs/RealmInternationalizationArgs.cs index 71aa11fc..67846725 100644 --- a/sdk/dotnet/Inputs/RealmInternationalizationArgs.cs +++ b/sdk/dotnet/Inputs/RealmInternationalizationArgs.cs @@ -12,18 +12,11 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmInternationalizationArgs : global::Pulumi.ResourceArgs { - /// - /// The locale to use by default. This locale code must be present within the `supported_locales` list. - /// [Input("defaultLocale", required: true)] public Input DefaultLocale { get; set; } = null!; [Input("supportedLocales", required: true)] private InputList? _supportedLocales; - - /// - /// A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - /// public InputList SupportedLocales { get => _supportedLocales ?? (_supportedLocales = new InputList()); diff --git a/sdk/dotnet/Inputs/RealmInternationalizationGetArgs.cs b/sdk/dotnet/Inputs/RealmInternationalizationGetArgs.cs index f83787ae..b82eabaa 100644 --- a/sdk/dotnet/Inputs/RealmInternationalizationGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmInternationalizationGetArgs.cs @@ -12,18 +12,11 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmInternationalizationGetArgs : global::Pulumi.ResourceArgs { - /// - /// The locale to use by default. This locale code must be present within the `supported_locales` list. - /// [Input("defaultLocale", required: true)] public Input DefaultLocale { get; set; } = null!; [Input("supportedLocales", required: true)] private InputList? _supportedLocales; - - /// - /// A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - /// public InputList SupportedLocales { get => _supportedLocales ?? (_supportedLocales = new InputList()); diff --git a/sdk/dotnet/Inputs/RealmOtpPolicyArgs.cs b/sdk/dotnet/Inputs/RealmOtpPolicyArgs.cs index a327de3f..58b28767 100644 --- a/sdk/dotnet/Inputs/RealmOtpPolicyArgs.cs +++ b/sdk/dotnet/Inputs/RealmOtpPolicyArgs.cs @@ -13,37 +13,25 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmOtpPolicyArgs : global::Pulumi.ResourceArgs { /// - /// What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + /// What hashing algorithm should be used to generate the OTP. /// [Input("algorithm")] public Input? Algorithm { get; set; } - /// - /// How many digits the OTP have. Defaults to `6`. - /// [Input("digits")] public Input? Digits { get; set; } - /// - /// What should the initial counter value be. Defaults to `2`. - /// [Input("initialCounter")] public Input? InitialCounter { get; set; } - /// - /// How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - /// [Input("lookAheadWindow")] public Input? LookAheadWindow { get; set; } - /// - /// How many seconds should an OTP token be valid. Defaults to `30`. - /// [Input("period")] public Input? Period { get; set; } /// - /// One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + /// OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password /// [Input("type")] public Input? Type { get; set; } diff --git a/sdk/dotnet/Inputs/RealmOtpPolicyGetArgs.cs b/sdk/dotnet/Inputs/RealmOtpPolicyGetArgs.cs index c190e0ae..ca981b59 100644 --- a/sdk/dotnet/Inputs/RealmOtpPolicyGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmOtpPolicyGetArgs.cs @@ -13,37 +13,25 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmOtpPolicyGetArgs : global::Pulumi.ResourceArgs { /// - /// What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + /// What hashing algorithm should be used to generate the OTP. /// [Input("algorithm")] public Input? Algorithm { get; set; } - /// - /// How many digits the OTP have. Defaults to `6`. - /// [Input("digits")] public Input? Digits { get; set; } - /// - /// What should the initial counter value be. Defaults to `2`. - /// [Input("initialCounter")] public Input? InitialCounter { get; set; } - /// - /// How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - /// [Input("lookAheadWindow")] public Input? LookAheadWindow { get; set; } - /// - /// How many seconds should an OTP token be valid. Defaults to `30`. - /// [Input("period")] public Input? Period { get; set; } /// - /// One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + /// OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password /// [Input("type")] public Input? Type { get; set; } diff --git a/sdk/dotnet/Inputs/RealmSecurityDefensesBruteForceDetectionArgs.cs b/sdk/dotnet/Inputs/RealmSecurityDefensesBruteForceDetectionArgs.cs index d7bb4a19..3128fe67 100644 --- a/sdk/dotnet/Inputs/RealmSecurityDefensesBruteForceDetectionArgs.cs +++ b/sdk/dotnet/Inputs/RealmSecurityDefensesBruteForceDetectionArgs.cs @@ -12,43 +12,24 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmSecurityDefensesBruteForceDetectionArgs : global::Pulumi.ResourceArgs { - /// - /// When will failure count be reset? - /// [Input("failureResetTimeSeconds")] public Input? FailureResetTimeSeconds { get; set; } [Input("maxFailureWaitSeconds")] public Input? MaxFailureWaitSeconds { get; set; } - /// - /// How many failures before wait is triggered. - /// [Input("maxLoginFailures")] public Input? MaxLoginFailures { get; set; } - /// - /// How long to wait after a quick login failure. - /// - `max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - /// [Input("minimumQuickLoginWaitSeconds")] public Input? MinimumQuickLoginWaitSeconds { get; set; } - /// - /// When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - /// [Input("permanentLockout")] public Input? PermanentLockout { get; set; } - /// - /// Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - /// [Input("quickLoginCheckMilliSeconds")] public Input? QuickLoginCheckMilliSeconds { get; set; } - /// - /// This represents the amount of time a user should be locked out when the login failure threshold has been met. - /// [Input("waitIncrementSeconds")] public Input? WaitIncrementSeconds { get; set; } diff --git a/sdk/dotnet/Inputs/RealmSecurityDefensesBruteForceDetectionGetArgs.cs b/sdk/dotnet/Inputs/RealmSecurityDefensesBruteForceDetectionGetArgs.cs index 1db5ac31..f1b06b66 100644 --- a/sdk/dotnet/Inputs/RealmSecurityDefensesBruteForceDetectionGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmSecurityDefensesBruteForceDetectionGetArgs.cs @@ -12,43 +12,24 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmSecurityDefensesBruteForceDetectionGetArgs : global::Pulumi.ResourceArgs { - /// - /// When will failure count be reset? - /// [Input("failureResetTimeSeconds")] public Input? FailureResetTimeSeconds { get; set; } [Input("maxFailureWaitSeconds")] public Input? MaxFailureWaitSeconds { get; set; } - /// - /// How many failures before wait is triggered. - /// [Input("maxLoginFailures")] public Input? MaxLoginFailures { get; set; } - /// - /// How long to wait after a quick login failure. - /// - `max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - /// [Input("minimumQuickLoginWaitSeconds")] public Input? MinimumQuickLoginWaitSeconds { get; set; } - /// - /// When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - /// [Input("permanentLockout")] public Input? PermanentLockout { get; set; } - /// - /// Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - /// [Input("quickLoginCheckMilliSeconds")] public Input? QuickLoginCheckMilliSeconds { get; set; } - /// - /// This represents the amount of time a user should be locked out when the login failure threshold has been met. - /// [Input("waitIncrementSeconds")] public Input? WaitIncrementSeconds { get; set; } diff --git a/sdk/dotnet/Inputs/RealmSecurityDefensesHeadersArgs.cs b/sdk/dotnet/Inputs/RealmSecurityDefensesHeadersArgs.cs index 6e3646f2..a9911e0f 100644 --- a/sdk/dotnet/Inputs/RealmSecurityDefensesHeadersArgs.cs +++ b/sdk/dotnet/Inputs/RealmSecurityDefensesHeadersArgs.cs @@ -12,51 +12,27 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmSecurityDefensesHeadersArgs : global::Pulumi.ResourceArgs { - /// - /// Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - /// [Input("contentSecurityPolicy")] public Input? ContentSecurityPolicy { get; set; } - /// - /// Used for testing Content Security Policies. - /// [Input("contentSecurityPolicyReportOnly")] public Input? ContentSecurityPolicyReportOnly { get; set; } - /// - /// The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - /// [Input("referrerPolicy")] public Input? ReferrerPolicy { get; set; } - /// - /// The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - /// [Input("strictTransportSecurity")] public Input? StrictTransportSecurity { get; set; } - /// - /// Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - /// [Input("xContentTypeOptions")] public Input? XContentTypeOptions { get; set; } - /// - /// Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - /// [Input("xFrameOptions")] public Input? XFrameOptions { get; set; } - /// - /// Prevent pages from appearing in search engines. - /// [Input("xRobotsTag")] public Input? XRobotsTag { get; set; } - /// - /// This header configures the Cross-site scripting (XSS) filter in your browser. - /// [Input("xXssProtection")] public Input? XXssProtection { get; set; } diff --git a/sdk/dotnet/Inputs/RealmSecurityDefensesHeadersGetArgs.cs b/sdk/dotnet/Inputs/RealmSecurityDefensesHeadersGetArgs.cs index 3411184c..ada410ba 100644 --- a/sdk/dotnet/Inputs/RealmSecurityDefensesHeadersGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmSecurityDefensesHeadersGetArgs.cs @@ -12,51 +12,27 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmSecurityDefensesHeadersGetArgs : global::Pulumi.ResourceArgs { - /// - /// Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - /// [Input("contentSecurityPolicy")] public Input? ContentSecurityPolicy { get; set; } - /// - /// Used for testing Content Security Policies. - /// [Input("contentSecurityPolicyReportOnly")] public Input? ContentSecurityPolicyReportOnly { get; set; } - /// - /// The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - /// [Input("referrerPolicy")] public Input? ReferrerPolicy { get; set; } - /// - /// The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - /// [Input("strictTransportSecurity")] public Input? StrictTransportSecurity { get; set; } - /// - /// Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - /// [Input("xContentTypeOptions")] public Input? XContentTypeOptions { get; set; } - /// - /// Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - /// [Input("xFrameOptions")] public Input? XFrameOptions { get; set; } - /// - /// Prevent pages from appearing in search engines. - /// [Input("xRobotsTag")] public Input? XRobotsTag { get; set; } - /// - /// This header configures the Cross-site scripting (XSS) filter in your browser. - /// [Input("xXssProtection")] public Input? XXssProtection { get; set; } diff --git a/sdk/dotnet/Inputs/RealmSmtpServerArgs.cs b/sdk/dotnet/Inputs/RealmSmtpServerArgs.cs index b82e0082..da22fdaf 100644 --- a/sdk/dotnet/Inputs/RealmSmtpServerArgs.cs +++ b/sdk/dotnet/Inputs/RealmSmtpServerArgs.cs @@ -12,63 +12,33 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmSmtpServerArgs : global::Pulumi.ResourceArgs { - /// - /// Enables authentication to the SMTP server. This block supports the following arguments: - /// [Input("auth")] public Input? Auth { get; set; } - /// - /// The email address uses for bounces. - /// [Input("envelopeFrom")] public Input? EnvelopeFrom { get; set; } - /// - /// The email address for the sender. - /// [Input("from", required: true)] public Input From { get; set; } = null!; - /// - /// The display name of the sender email address. - /// [Input("fromDisplayName")] public Input? FromDisplayName { get; set; } - /// - /// The host of the SMTP server. - /// [Input("host", required: true)] public Input Host { get; set; } = null!; - /// - /// The port of the SMTP server (defaults to 25). - /// [Input("port")] public Input? Port { get; set; } - /// - /// The "reply to" email address. - /// [Input("replyTo")] public Input? ReplyTo { get; set; } - /// - /// The display name of the "reply to" email address. - /// [Input("replyToDisplayName")] public Input? ReplyToDisplayName { get; set; } - /// - /// When `true`, enables SSL. Defaults to `false`. - /// [Input("ssl")] public Input? Ssl { get; set; } - /// - /// When `true`, enables StartTLS. Defaults to `false`. - /// [Input("starttls")] public Input? Starttls { get; set; } diff --git a/sdk/dotnet/Inputs/RealmSmtpServerAuthArgs.cs b/sdk/dotnet/Inputs/RealmSmtpServerAuthArgs.cs index 40eb6e0b..1aea2c9b 100644 --- a/sdk/dotnet/Inputs/RealmSmtpServerAuthArgs.cs +++ b/sdk/dotnet/Inputs/RealmSmtpServerAuthArgs.cs @@ -14,10 +14,6 @@ public sealed class RealmSmtpServerAuthArgs : global::Pulumi.ResourceArgs { [Input("password", required: true)] private Input? _password; - - /// - /// The SMTP server password. - /// public Input? Password { get => _password; @@ -28,9 +24,6 @@ public Input? Password } } - /// - /// The SMTP server username. - /// [Input("username", required: true)] public Input Username { get; set; } = null!; diff --git a/sdk/dotnet/Inputs/RealmSmtpServerAuthGetArgs.cs b/sdk/dotnet/Inputs/RealmSmtpServerAuthGetArgs.cs index 2b6eced4..443bb57f 100644 --- a/sdk/dotnet/Inputs/RealmSmtpServerAuthGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmSmtpServerAuthGetArgs.cs @@ -14,10 +14,6 @@ public sealed class RealmSmtpServerAuthGetArgs : global::Pulumi.ResourceArgs { [Input("password", required: true)] private Input? _password; - - /// - /// The SMTP server password. - /// public Input? Password { get => _password; @@ -28,9 +24,6 @@ public Input? Password } } - /// - /// The SMTP server username. - /// [Input("username", required: true)] public Input Username { get; set; } = null!; diff --git a/sdk/dotnet/Inputs/RealmSmtpServerGetArgs.cs b/sdk/dotnet/Inputs/RealmSmtpServerGetArgs.cs index 8b3fd44a..57c54c35 100644 --- a/sdk/dotnet/Inputs/RealmSmtpServerGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmSmtpServerGetArgs.cs @@ -12,63 +12,33 @@ namespace Pulumi.Keycloak.Inputs public sealed class RealmSmtpServerGetArgs : global::Pulumi.ResourceArgs { - /// - /// Enables authentication to the SMTP server. This block supports the following arguments: - /// [Input("auth")] public Input? Auth { get; set; } - /// - /// The email address uses for bounces. - /// [Input("envelopeFrom")] public Input? EnvelopeFrom { get; set; } - /// - /// The email address for the sender. - /// [Input("from", required: true)] public Input From { get; set; } = null!; - /// - /// The display name of the sender email address. - /// [Input("fromDisplayName")] public Input? FromDisplayName { get; set; } - /// - /// The host of the SMTP server. - /// [Input("host", required: true)] public Input Host { get; set; } = null!; - /// - /// The port of the SMTP server (defaults to 25). - /// [Input("port")] public Input? Port { get; set; } - /// - /// The "reply to" email address. - /// [Input("replyTo")] public Input? ReplyTo { get; set; } - /// - /// The display name of the "reply to" email address. - /// [Input("replyToDisplayName")] public Input? ReplyToDisplayName { get; set; } - /// - /// When `true`, enables SSL. Defaults to `false`. - /// [Input("ssl")] public Input? Ssl { get; set; } - /// - /// When `true`, enables StartTLS. Defaults to `false`. - /// [Input("starttls")] public Input? Starttls { get; set; } diff --git a/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyArgs.cs b/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyArgs.cs index ac157811..3ca97ed4 100644 --- a/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyArgs.cs +++ b/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyArgs.cs @@ -14,10 +14,6 @@ public sealed class RealmWebAuthnPasswordlessPolicyArgs : global::Pulumi.Resourc { [Input("acceptableAaguids")] private InputList? _acceptableAaguids; - - /// - /// A set of AAGUIDs for which an authenticator can be registered. - /// public InputList AcceptableAaguids { get => _acceptableAaguids ?? (_acceptableAaguids = new InputList()); @@ -25,43 +21,31 @@ public InputList AcceptableAaguids } /// - /// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + /// Either none, indirect or direct /// [Input("attestationConveyancePreference")] public Input? AttestationConveyancePreference { get; set; } /// - /// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + /// Either platform or cross-platform /// [Input("authenticatorAttachment")] public Input? AuthenticatorAttachment { get; set; } - /// - /// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - /// [Input("avoidSameAuthenticatorRegister")] public Input? AvoidSameAuthenticatorRegister { get; set; } - /// - /// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - /// [Input("createTimeout")] public Input? CreateTimeout { get; set; } - /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - /// [Input("relyingPartyEntityName")] public Input? RelyingPartyEntityName { get; set; } - /// - /// The WebAuthn relying party ID. - /// [Input("relyingPartyId")] public Input? RelyingPartyId { get; set; } /// - /// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + /// Either Yes or No /// [Input("requireResidentKey")] public Input? RequireResidentKey { get; set; } @@ -70,7 +54,7 @@ public InputList AcceptableAaguids private InputList? _signatureAlgorithms; /// - /// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + /// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing /// public InputList SignatureAlgorithms { @@ -79,7 +63,7 @@ public InputList SignatureAlgorithms } /// - /// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + /// Either required, preferred or discouraged /// [Input("userVerificationRequirement")] public Input? UserVerificationRequirement { get; set; } diff --git a/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyGetArgs.cs b/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyGetArgs.cs index 1b439b9a..4df7ea21 100644 --- a/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyGetArgs.cs @@ -14,10 +14,6 @@ public sealed class RealmWebAuthnPasswordlessPolicyGetArgs : global::Pulumi.Reso { [Input("acceptableAaguids")] private InputList? _acceptableAaguids; - - /// - /// A set of AAGUIDs for which an authenticator can be registered. - /// public InputList AcceptableAaguids { get => _acceptableAaguids ?? (_acceptableAaguids = new InputList()); @@ -25,43 +21,31 @@ public InputList AcceptableAaguids } /// - /// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + /// Either none, indirect or direct /// [Input("attestationConveyancePreference")] public Input? AttestationConveyancePreference { get; set; } /// - /// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + /// Either platform or cross-platform /// [Input("authenticatorAttachment")] public Input? AuthenticatorAttachment { get; set; } - /// - /// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - /// [Input("avoidSameAuthenticatorRegister")] public Input? AvoidSameAuthenticatorRegister { get; set; } - /// - /// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - /// [Input("createTimeout")] public Input? CreateTimeout { get; set; } - /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - /// [Input("relyingPartyEntityName")] public Input? RelyingPartyEntityName { get; set; } - /// - /// The WebAuthn relying party ID. - /// [Input("relyingPartyId")] public Input? RelyingPartyId { get; set; } /// - /// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + /// Either Yes or No /// [Input("requireResidentKey")] public Input? RequireResidentKey { get; set; } @@ -70,7 +54,7 @@ public InputList AcceptableAaguids private InputList? _signatureAlgorithms; /// - /// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + /// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing /// public InputList SignatureAlgorithms { @@ -79,7 +63,7 @@ public InputList SignatureAlgorithms } /// - /// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + /// Either required, preferred or discouraged /// [Input("userVerificationRequirement")] public Input? UserVerificationRequirement { get; set; } diff --git a/sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs b/sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs index abe6e31e..66a3e02c 100644 --- a/sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs +++ b/sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs @@ -14,10 +14,6 @@ public sealed class RealmWebAuthnPolicyArgs : global::Pulumi.ResourceArgs { [Input("acceptableAaguids")] private InputList? _acceptableAaguids; - - /// - /// A set of AAGUIDs for which an authenticator can be registered. - /// public InputList AcceptableAaguids { get => _acceptableAaguids ?? (_acceptableAaguids = new InputList()); @@ -25,43 +21,31 @@ public InputList AcceptableAaguids } /// - /// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + /// Either none, indirect or direct /// [Input("attestationConveyancePreference")] public Input? AttestationConveyancePreference { get; set; } /// - /// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + /// Either platform or cross-platform /// [Input("authenticatorAttachment")] public Input? AuthenticatorAttachment { get; set; } - /// - /// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - /// [Input("avoidSameAuthenticatorRegister")] public Input? AvoidSameAuthenticatorRegister { get; set; } - /// - /// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - /// [Input("createTimeout")] public Input? CreateTimeout { get; set; } - /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - /// [Input("relyingPartyEntityName")] public Input? RelyingPartyEntityName { get; set; } - /// - /// The WebAuthn relying party ID. - /// [Input("relyingPartyId")] public Input? RelyingPartyId { get; set; } /// - /// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + /// Either Yes or No /// [Input("requireResidentKey")] public Input? RequireResidentKey { get; set; } @@ -70,7 +54,7 @@ public InputList AcceptableAaguids private InputList? _signatureAlgorithms; /// - /// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + /// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing /// public InputList SignatureAlgorithms { @@ -79,7 +63,7 @@ public InputList SignatureAlgorithms } /// - /// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + /// Either required, preferred or discouraged /// [Input("userVerificationRequirement")] public Input? UserVerificationRequirement { get; set; } diff --git a/sdk/dotnet/Inputs/RealmWebAuthnPolicyGetArgs.cs b/sdk/dotnet/Inputs/RealmWebAuthnPolicyGetArgs.cs index 9cfa4588..b69f6ed7 100644 --- a/sdk/dotnet/Inputs/RealmWebAuthnPolicyGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmWebAuthnPolicyGetArgs.cs @@ -14,10 +14,6 @@ public sealed class RealmWebAuthnPolicyGetArgs : global::Pulumi.ResourceArgs { [Input("acceptableAaguids")] private InputList? _acceptableAaguids; - - /// - /// A set of AAGUIDs for which an authenticator can be registered. - /// public InputList AcceptableAaguids { get => _acceptableAaguids ?? (_acceptableAaguids = new InputList()); @@ -25,43 +21,31 @@ public InputList AcceptableAaguids } /// - /// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + /// Either none, indirect or direct /// [Input("attestationConveyancePreference")] public Input? AttestationConveyancePreference { get; set; } /// - /// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + /// Either platform or cross-platform /// [Input("authenticatorAttachment")] public Input? AuthenticatorAttachment { get; set; } - /// - /// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - /// [Input("avoidSameAuthenticatorRegister")] public Input? AvoidSameAuthenticatorRegister { get; set; } - /// - /// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - /// [Input("createTimeout")] public Input? CreateTimeout { get; set; } - /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - /// [Input("relyingPartyEntityName")] public Input? RelyingPartyEntityName { get; set; } - /// - /// The WebAuthn relying party ID. - /// [Input("relyingPartyId")] public Input? RelyingPartyId { get; set; } /// - /// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + /// Either Yes or No /// [Input("requireResidentKey")] public Input? RequireResidentKey { get; set; } @@ -70,7 +54,7 @@ public InputList AcceptableAaguids private InputList? _signatureAlgorithms; /// - /// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + /// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing /// public InputList SignatureAlgorithms { @@ -79,7 +63,7 @@ public InputList SignatureAlgorithms } /// - /// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + /// Either required, preferred or discouraged /// [Input("userVerificationRequirement")] public Input? UserVerificationRequirement { get; set; } diff --git a/sdk/dotnet/Inputs/UserFederatedIdentityArgs.cs b/sdk/dotnet/Inputs/UserFederatedIdentityArgs.cs index 20dbd459..803e1725 100644 --- a/sdk/dotnet/Inputs/UserFederatedIdentityArgs.cs +++ b/sdk/dotnet/Inputs/UserFederatedIdentityArgs.cs @@ -12,21 +12,12 @@ namespace Pulumi.Keycloak.Inputs public sealed class UserFederatedIdentityArgs : global::Pulumi.ResourceArgs { - /// - /// The name of the identity provider - /// [Input("identityProvider", required: true)] public Input IdentityProvider { get; set; } = null!; - /// - /// The ID of the user defined in the identity provider - /// [Input("userId", required: true)] public Input UserId { get; set; } = null!; - /// - /// The user name of the user defined in the identity provider - /// [Input("userName", required: true)] public Input UserName { get; set; } = null!; diff --git a/sdk/dotnet/Inputs/UserFederatedIdentityGetArgs.cs b/sdk/dotnet/Inputs/UserFederatedIdentityGetArgs.cs index 797a438a..a52f28a6 100644 --- a/sdk/dotnet/Inputs/UserFederatedIdentityGetArgs.cs +++ b/sdk/dotnet/Inputs/UserFederatedIdentityGetArgs.cs @@ -12,21 +12,12 @@ namespace Pulumi.Keycloak.Inputs public sealed class UserFederatedIdentityGetArgs : global::Pulumi.ResourceArgs { - /// - /// The name of the identity provider - /// [Input("identityProvider", required: true)] public Input IdentityProvider { get; set; } = null!; - /// - /// The ID of the user defined in the identity provider - /// [Input("userId", required: true)] public Input UserId { get; set; } = null!; - /// - /// The user name of the user defined in the identity provider - /// [Input("userName", required: true)] public Input UserName { get; set; } = null!; diff --git a/sdk/dotnet/Inputs/UserInitialPasswordArgs.cs b/sdk/dotnet/Inputs/UserInitialPasswordArgs.cs index 4a2bda3e..27e4c2ae 100644 --- a/sdk/dotnet/Inputs/UserInitialPasswordArgs.cs +++ b/sdk/dotnet/Inputs/UserInitialPasswordArgs.cs @@ -12,18 +12,11 @@ namespace Pulumi.Keycloak.Inputs public sealed class UserInitialPasswordArgs : global::Pulumi.ResourceArgs { - /// - /// If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - /// [Input("temporary")] public Input? Temporary { get; set; } [Input("value", required: true)] private Input? _value; - - /// - /// The initial password. - /// public Input? Value { get => _value; diff --git a/sdk/dotnet/Inputs/UserInitialPasswordGetArgs.cs b/sdk/dotnet/Inputs/UserInitialPasswordGetArgs.cs index 51a096a7..96cef579 100644 --- a/sdk/dotnet/Inputs/UserInitialPasswordGetArgs.cs +++ b/sdk/dotnet/Inputs/UserInitialPasswordGetArgs.cs @@ -12,18 +12,11 @@ namespace Pulumi.Keycloak.Inputs public sealed class UserInitialPasswordGetArgs : global::Pulumi.ResourceArgs { - /// - /// If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - /// [Input("temporary")] public Input? Temporary { get; set; } [Input("value", required: true)] private Input? _value; - - /// - /// The initial password. - /// public Input? Value { get => _value; diff --git a/sdk/dotnet/Ldap/CustomMapper.cs b/sdk/dotnet/Ldap/CustomMapper.cs index 53542b66..048fec2b 100644 --- a/sdk/dotnet/Ldap/CustomMapper.cs +++ b/sdk/dotnet/Ldap/CustomMapper.cs @@ -20,6 +20,7 @@ namespace Pulumi.Keycloak.Ldap /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -66,16 +67,17 @@ namespace Pulumi.Keycloak.Ldap /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/dotnet/Ldap/FullNameMapper.cs b/sdk/dotnet/Ldap/FullNameMapper.cs index 9c62b6f5..06e2b77c 100644 --- a/sdk/dotnet/Ldap/FullNameMapper.cs +++ b/sdk/dotnet/Ldap/FullNameMapper.cs @@ -10,13 +10,17 @@ namespace Pulumi.Keycloak.Ldap { /// - /// Allows for creating and managing full name mappers for Keycloak users federated via LDAP. + /// ## # keycloak.ldap.FullNameMapper /// - /// The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a - /// Keycloak user. + /// Allows for creating and managing full name mappers for Keycloak users federated + /// via LDAP. /// - /// ## Example Usage + /// The LDAP full name mapper can map a user's full name from an LDAP attribute + /// to the first and last name attributes of a Keycloak user. /// + /// ### Example Usage + /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -27,87 +31,82 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "test", /// }); /// /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() /// { - /// RealmId = realm.Id, - /// UsernameLdapAttribute = "cn", + /// BindCredential = "admin", + /// BindDn = "cn=admin,dc=example,dc=org", + /// ConnectionUrl = "ldap://openldap", /// RdnLdapAttribute = "cn", - /// UuidLdapAttribute = "entryDN", + /// RealmId = realm.Id, /// UserObjectClasses = new[] /// { /// "simpleSecurityObject", /// "organizationalRole", /// }, - /// ConnectionUrl = "ldap://openldap", + /// UsernameLdapAttribute = "cn", /// UsersDn = "dc=example,dc=org", - /// BindDn = "cn=admin,dc=example,dc=org", - /// BindCredential = "admin", + /// UuidLdapAttribute = "entryDN", /// }); /// /// var ldapFullNameMapper = new Keycloak.Ldap.FullNameMapper("ldapFullNameMapper", new() /// { - /// RealmId = realm.Id, - /// LdapUserFederationId = ldapUserFederation.Id, /// LdapFullNameAttribute = "cn", + /// LdapUserFederationId = ldapUserFederation.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + /// The following arguments are supported: /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + /// - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + /// - `name` - (Required) Display name of this mapper when displayed in the console. + /// - `ldap_full_name_attribute` - (Required) The name of the LDAP attribute containing the user's full name. + /// - `read_only` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. + /// - `write_only` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. /// - /// Example: + /// ### Import /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - /// ``` + /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + /// The ID of the LDAP user federation provider and the mapper can be found within + /// the Keycloak GUI, and they are typically GUIDs: /// [KeycloakResourceType("keycloak:ldap/fullNameMapper:FullNameMapper")] public partial class FullNameMapper : global::Pulumi.CustomResource { - /// - /// The name of the LDAP attribute containing the user's full name. - /// [Output("ldapFullNameAttribute")] public Output LdapFullNameAttribute { get; private set; } = null!; /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Output("ldapUserFederationId")] public Output LdapUserFederationId { get; private set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - /// [Output("readOnly")] public Output ReadOnly { get; private set; } = null!; /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - /// [Output("writeOnly")] public Output WriteOnly { get; private set; } = null!; @@ -157,39 +156,30 @@ public static FullNameMapper Get(string name, Input id, FullNameMapperSt public sealed class FullNameMapperArgs : global::Pulumi.ResourceArgs { - /// - /// The name of the LDAP attribute containing the user's full name. - /// [Input("ldapFullNameAttribute", required: true)] public Input LdapFullNameAttribute { get; set; } = null!; /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId", required: true)] public Input LdapUserFederationId { get; set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } - /// - /// When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - /// [Input("readOnly")] public Input? ReadOnly { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - /// [Input("writeOnly")] public Input? WriteOnly { get; set; } @@ -201,39 +191,30 @@ public FullNameMapperArgs() public sealed class FullNameMapperState : global::Pulumi.ResourceArgs { - /// - /// The name of the LDAP attribute containing the user's full name. - /// [Input("ldapFullNameAttribute")] public Input? LdapFullNameAttribute { get; set; } /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId")] public Input? LdapUserFederationId { get; set; } /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } - /// - /// When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - /// [Input("readOnly")] public Input? ReadOnly { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - /// [Input("writeOnly")] public Input? WriteOnly { get; set; } diff --git a/sdk/dotnet/Ldap/GroupMapper.cs b/sdk/dotnet/Ldap/GroupMapper.cs index e8f45067..ec82608e 100644 --- a/sdk/dotnet/Ldap/GroupMapper.cs +++ b/sdk/dotnet/Ldap/GroupMapper.cs @@ -10,13 +10,18 @@ namespace Pulumi.Keycloak.Ldap { /// - /// Allows for creating and managing group mappers for Keycloak users federated via LDAP. + /// ## # keycloak.ldap.GroupMapper /// - /// The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also - /// create the groups within Keycloak if they do not already exist. + /// Allows for creating and managing group mappers for Keycloak users federated + /// via LDAP. /// - /// ## Example Usage + /// The LDAP group mapper can be used to map an LDAP user's groups from some DN + /// to Keycloak groups. This group mapper will also create the groups within Keycloak + /// if they do not already exist. /// + /// ### Example Usage + /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -27,168 +32,138 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "test", /// }); /// /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() /// { - /// RealmId = realm.Id, - /// UsernameLdapAttribute = "cn", + /// BindCredential = "admin", + /// BindDn = "cn=admin,dc=example,dc=org", + /// ConnectionUrl = "ldap://openldap", /// RdnLdapAttribute = "cn", - /// UuidLdapAttribute = "entryDN", + /// RealmId = realm.Id, /// UserObjectClasses = new[] /// { /// "simpleSecurityObject", /// "organizationalRole", /// }, - /// ConnectionUrl = "ldap://openldap", + /// UsernameLdapAttribute = "cn", /// UsersDn = "dc=example,dc=org", - /// BindDn = "cn=admin,dc=example,dc=org", - /// BindCredential = "admin", + /// UuidLdapAttribute = "entryDN", /// }); /// /// var ldapGroupMapper = new Keycloak.Ldap.GroupMapper("ldapGroupMapper", new() /// { - /// RealmId = realm.Id, - /// LdapUserFederationId = ldapUserFederation.Id, - /// LdapGroupsDn = "dc=example,dc=org", /// GroupNameLdapAttribute = "cn", /// GroupObjectClasses = new[] /// { /// "groupOfNames", /// }, + /// LdapGroupsDn = "dc=example,dc=org", + /// LdapUserFederationId = ldapUserFederation.Id, + /// MemberofLdapAttribute = "memberOf", /// MembershipAttributeType = "DN", /// MembershipLdapAttribute = "member", /// MembershipUserLdapAttribute = "cn", - /// MemberofLdapAttribute = "memberOf", + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import - /// - /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + /// ### Argument Reference /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// The following arguments are supported: /// - /// Example: + /// - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + /// - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + /// - `name` - (Required) Display name of this mapper when displayed in the console. + /// - `ldap_groups_dn` - (Required) The LDAP DN where groups can be found. + /// - `group_name_ldap_attribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. + /// - `group_object_classes` - (Required) Array of strings representing the object classes for the group. Must contain at least one. + /// - `preserve_group_inheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. + /// - `ignore_missing_groups` - (Optional) When `true`, missing groups in the hierarchy will be ignored. + /// - `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings. + /// - `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. + /// - `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. + /// - `groups_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + /// - `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`. + /// - `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + /// - `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. + /// - `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. + /// - `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - /// ``` + /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + /// The ID of the LDAP user federation provider and the mapper can be found within + /// the Keycloak GUI, and they are typically GUIDs: /// [KeycloakResourceType("keycloak:ldap/groupMapper:GroupMapper")] public partial class GroupMapper : global::Pulumi.CustomResource { - /// - /// When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - /// [Output("dropNonExistingGroupsDuringSync")] public Output DropNonExistingGroupsDuringSync { get; private set; } = null!; - /// - /// The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - /// [Output("groupNameLdapAttribute")] public Output GroupNameLdapAttribute { get; private set; } = null!; - /// - /// List of strings representing the object classes for the group. Must contain at least one. - /// [Output("groupObjectClasses")] public Output> GroupObjectClasses { get; private set; } = null!; - /// - /// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - /// [Output("groupsLdapFilter")] public Output GroupsLdapFilter { get; private set; } = null!; - /// - /// Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - /// [Output("groupsPath")] public Output GroupsPath { get; private set; } = null!; - /// - /// When `true`, missing groups in the hierarchy will be ignored. - /// [Output("ignoreMissingGroups")] public Output IgnoreMissingGroups { get; private set; } = null!; - /// - /// The LDAP DN where groups can be found. - /// [Output("ldapGroupsDn")] public Output LdapGroupsDn { get; private set; } = null!; /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Output("ldapUserFederationId")] public Output LdapUserFederationId { get; private set; } = null!; - /// - /// Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - /// [Output("mappedGroupAttributes")] public Output> MappedGroupAttributes { get; private set; } = null!; - /// - /// Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - /// [Output("memberofLdapAttribute")] public Output MemberofLdapAttribute { get; private set; } = null!; - /// - /// Can be one of `DN` or `UID`. Defaults to `DN`. - /// [Output("membershipAttributeType")] public Output MembershipAttributeType { get; private set; } = null!; - /// - /// The name of the LDAP attribute that is used for membership mappings. - /// [Output("membershipLdapAttribute")] public Output MembershipLdapAttribute { get; private set; } = null!; - /// - /// The name of the LDAP attribute on a user that is used for membership mappings. - /// [Output("membershipUserLdapAttribute")] public Output MembershipUserLdapAttribute { get; private set; } = null!; - /// - /// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - /// [Output("mode")] public Output Mode { get; private set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - /// [Output("preserveGroupInheritance")] public Output PreserveGroupInheritance { get; private set; } = null!; /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - /// [Output("userRolesRetrieveStrategy")] public Output UserRolesRetrieveStrategy { get; private set; } = null!; @@ -238,123 +213,76 @@ public static GroupMapper Get(string name, Input id, GroupMapperState? s public sealed class GroupMapperArgs : global::Pulumi.ResourceArgs { - /// - /// When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - /// [Input("dropNonExistingGroupsDuringSync")] public Input? DropNonExistingGroupsDuringSync { get; set; } - /// - /// The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - /// [Input("groupNameLdapAttribute", required: true)] public Input GroupNameLdapAttribute { get; set; } = null!; [Input("groupObjectClasses", required: true)] private InputList? _groupObjectClasses; - - /// - /// List of strings representing the object classes for the group. Must contain at least one. - /// public InputList GroupObjectClasses { get => _groupObjectClasses ?? (_groupObjectClasses = new InputList()); set => _groupObjectClasses = value; } - /// - /// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - /// [Input("groupsLdapFilter")] public Input? GroupsLdapFilter { get; set; } - /// - /// Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - /// [Input("groupsPath")] public Input? GroupsPath { get; set; } - /// - /// When `true`, missing groups in the hierarchy will be ignored. - /// [Input("ignoreMissingGroups")] public Input? IgnoreMissingGroups { get; set; } - /// - /// The LDAP DN where groups can be found. - /// [Input("ldapGroupsDn", required: true)] public Input LdapGroupsDn { get; set; } = null!; /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId", required: true)] public Input LdapUserFederationId { get; set; } = null!; [Input("mappedGroupAttributes")] private InputList? _mappedGroupAttributes; - - /// - /// Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - /// public InputList MappedGroupAttributes { get => _mappedGroupAttributes ?? (_mappedGroupAttributes = new InputList()); set => _mappedGroupAttributes = value; } - /// - /// Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - /// [Input("memberofLdapAttribute")] public Input? MemberofLdapAttribute { get; set; } - /// - /// Can be one of `DN` or `UID`. Defaults to `DN`. - /// [Input("membershipAttributeType")] public Input? MembershipAttributeType { get; set; } - /// - /// The name of the LDAP attribute that is used for membership mappings. - /// [Input("membershipLdapAttribute", required: true)] public Input MembershipLdapAttribute { get; set; } = null!; - /// - /// The name of the LDAP attribute on a user that is used for membership mappings. - /// [Input("membershipUserLdapAttribute", required: true)] public Input MembershipUserLdapAttribute { get; set; } = null!; - /// - /// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - /// [Input("mode")] public Input? Mode { get; set; } /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } - /// - /// When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - /// [Input("preserveGroupInheritance")] public Input? PreserveGroupInheritance { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - /// [Input("userRolesRetrieveStrategy")] public Input? UserRolesRetrieveStrategy { get; set; } @@ -366,123 +294,76 @@ public GroupMapperArgs() public sealed class GroupMapperState : global::Pulumi.ResourceArgs { - /// - /// When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - /// [Input("dropNonExistingGroupsDuringSync")] public Input? DropNonExistingGroupsDuringSync { get; set; } - /// - /// The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - /// [Input("groupNameLdapAttribute")] public Input? GroupNameLdapAttribute { get; set; } [Input("groupObjectClasses")] private InputList? _groupObjectClasses; - - /// - /// List of strings representing the object classes for the group. Must contain at least one. - /// public InputList GroupObjectClasses { get => _groupObjectClasses ?? (_groupObjectClasses = new InputList()); set => _groupObjectClasses = value; } - /// - /// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - /// [Input("groupsLdapFilter")] public Input? GroupsLdapFilter { get; set; } - /// - /// Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - /// [Input("groupsPath")] public Input? GroupsPath { get; set; } - /// - /// When `true`, missing groups in the hierarchy will be ignored. - /// [Input("ignoreMissingGroups")] public Input? IgnoreMissingGroups { get; set; } - /// - /// The LDAP DN where groups can be found. - /// [Input("ldapGroupsDn")] public Input? LdapGroupsDn { get; set; } /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId")] public Input? LdapUserFederationId { get; set; } [Input("mappedGroupAttributes")] private InputList? _mappedGroupAttributes; - - /// - /// Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - /// public InputList MappedGroupAttributes { get => _mappedGroupAttributes ?? (_mappedGroupAttributes = new InputList()); set => _mappedGroupAttributes = value; } - /// - /// Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - /// [Input("memberofLdapAttribute")] public Input? MemberofLdapAttribute { get; set; } - /// - /// Can be one of `DN` or `UID`. Defaults to `DN`. - /// [Input("membershipAttributeType")] public Input? MembershipAttributeType { get; set; } - /// - /// The name of the LDAP attribute that is used for membership mappings. - /// [Input("membershipLdapAttribute")] public Input? MembershipLdapAttribute { get; set; } - /// - /// The name of the LDAP attribute on a user that is used for membership mappings. - /// [Input("membershipUserLdapAttribute")] public Input? MembershipUserLdapAttribute { get; set; } - /// - /// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - /// [Input("mode")] public Input? Mode { get; set; } /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } - /// - /// When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - /// [Input("preserveGroupInheritance")] public Input? PreserveGroupInheritance { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - /// [Input("userRolesRetrieveStrategy")] public Input? UserRolesRetrieveStrategy { get; set; } diff --git a/sdk/dotnet/Ldap/HardcodedAttributeMapper.cs b/sdk/dotnet/Ldap/HardcodedAttributeMapper.cs index 4034645a..ceea4733 100644 --- a/sdk/dotnet/Ldap/HardcodedAttributeMapper.cs +++ b/sdk/dotnet/Ldap/HardcodedAttributeMapper.cs @@ -18,6 +18,7 @@ namespace Pulumi.Keycloak.Ldap /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -60,16 +61,17 @@ namespace Pulumi.Keycloak.Ldap /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/dotnet/Ldap/HardcodedGroupMapper.cs b/sdk/dotnet/Ldap/HardcodedGroupMapper.cs index 6acef945..46ae3b04 100644 --- a/sdk/dotnet/Ldap/HardcodedGroupMapper.cs +++ b/sdk/dotnet/Ldap/HardcodedGroupMapper.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak.Ldap /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -61,16 +62,17 @@ namespace Pulumi.Keycloak.Ldap /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/dotnet/Ldap/HardcodedRoleMapper.cs b/sdk/dotnet/Ldap/HardcodedRoleMapper.cs index 5d8b0f88..caa511c2 100644 --- a/sdk/dotnet/Ldap/HardcodedRoleMapper.cs +++ b/sdk/dotnet/Ldap/HardcodedRoleMapper.cs @@ -10,13 +10,13 @@ namespace Pulumi.Keycloak.Ldap { /// - /// Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP. + /// ## # keycloak.ldap.HardcodedRoleMapper /// - /// The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. + /// This mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. /// - /// ## Example Usage - /// ### Realm Role) + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -27,7 +27,7 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", + /// RealmName = "test", /// Enabled = true, /// }); /// @@ -48,119 +48,55 @@ namespace Pulumi.Keycloak.Ldap /// BindCredential = "admin", /// }); /// - /// var realmAdminRole = new Keycloak.Role("realmAdminRole", new() - /// { - /// RealmId = realm.Id, - /// Description = "My Realm Role", - /// }); - /// /// var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", new() /// { /// RealmId = realm.Id, /// LdapUserFederationId = ldapUserFederation.Id, - /// Role = realmAdminRole.Name, + /// Role = "admin", /// }); /// /// }); /// ``` - /// ### Client Role) - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() - /// { - /// RealmId = realm.Id, - /// UsernameLdapAttribute = "cn", - /// RdnLdapAttribute = "cn", - /// UuidLdapAttribute = "entryDN", - /// UserObjectClasses = new[] - /// { - /// "simpleSecurityObject", - /// "organizationalRole", - /// }, - /// ConnectionUrl = "ldap://openldap", - /// UsersDn = "dc=example,dc=org", - /// BindDn = "cn=admin,dc=example,dc=org", - /// BindCredential = "admin", - /// }); + /// <!--End PulumiCodeChooser --> /// - /// var realmManagement = Keycloak.OpenId.GetClient.Invoke(new() - /// { - /// RealmId = realm.Id, - /// ClientId = "realm-management", - /// }); + /// ### Argument Reference /// - /// var createClient = Keycloak.GetRole.Invoke(new() - /// { - /// RealmId = realm.Id, - /// ClientId = realmManagement.Apply(getClientResult => getClientResult.Id), - /// Name = "create-client", - /// }); + /// The following arguments are supported: /// - /// var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", new() - /// { - /// RealmId = realm.Id, - /// LdapUserFederationId = ldapUserFederation.Id, - /// Role = Output.Tuple(realmManagement, createClient).Apply(values => - /// { - /// var realmManagement = values.Item1; - /// var createClient = values.Item2; - /// return $"{realmManagement.Apply(getClientResult => getClientResult.ClientId)}.{createClient.Apply(getRoleResult => getRoleResult.Name)}"; - /// }), - /// }); + /// - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + /// - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + /// - `name` - (Required) Display name of this mapper when displayed in the console. + /// - `role` - (Required) The role which should be assigned to the users. /// - /// }); - /// ``` - /// - /// ## Import + /// ### Import /// /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - /// - /// Example: - /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - /// ``` + /// The ID of the LDAP user federation provider and the mapper can be found within + /// the Keycloak GUI, and they are typically GUIDs: /// [KeycloakResourceType("keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper")] public partial class HardcodedRoleMapper : global::Pulumi.CustomResource { /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Output("ldapUserFederationId")] public Output LdapUserFederationId { get; private set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; /// - /// The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + /// Role to grant to user. /// [Output("role")] public Output Role { get; private set; } = null!; @@ -212,25 +148,25 @@ public static HardcodedRoleMapper Get(string name, Input id, HardcodedRo public sealed class HardcodedRoleMapperArgs : global::Pulumi.ResourceArgs { /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId", required: true)] public Input LdapUserFederationId { get; set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; /// - /// The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + /// Role to grant to user. /// [Input("role", required: true)] public Input Role { get; set; } = null!; @@ -244,25 +180,25 @@ public HardcodedRoleMapperArgs() public sealed class HardcodedRoleMapperState : global::Pulumi.ResourceArgs { /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId")] public Input? LdapUserFederationId { get; set; } /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId")] public Input? RealmId { get; set; } /// - /// The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + /// Role to grant to user. /// [Input("role")] public Input? Role { get; set; } diff --git a/sdk/dotnet/Ldap/Inputs/UserFederationCacheArgs.cs b/sdk/dotnet/Ldap/Inputs/UserFederationCacheArgs.cs index d46c8aa2..0caca897 100644 --- a/sdk/dotnet/Ldap/Inputs/UserFederationCacheArgs.cs +++ b/sdk/dotnet/Ldap/Inputs/UserFederationCacheArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.Keycloak.Ldap.Inputs public sealed class UserFederationCacheArgs : global::Pulumi.ResourceArgs { /// - /// Day of the week the entry will become invalid on + /// Day of the week the entry will become invalid on. /// [Input("evictionDay")] public Input? EvictionDay { get; set; } @@ -36,9 +36,6 @@ public sealed class UserFederationCacheArgs : global::Pulumi.ResourceArgs [Input("maxLifespan")] public Input? MaxLifespan { get; set; } - /// - /// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - /// [Input("policy")] public Input? Policy { get; set; } diff --git a/sdk/dotnet/Ldap/Inputs/UserFederationCacheGetArgs.cs b/sdk/dotnet/Ldap/Inputs/UserFederationCacheGetArgs.cs index 012e27b9..12f4b364 100644 --- a/sdk/dotnet/Ldap/Inputs/UserFederationCacheGetArgs.cs +++ b/sdk/dotnet/Ldap/Inputs/UserFederationCacheGetArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.Keycloak.Ldap.Inputs public sealed class UserFederationCacheGetArgs : global::Pulumi.ResourceArgs { /// - /// Day of the week the entry will become invalid on + /// Day of the week the entry will become invalid on. /// [Input("evictionDay")] public Input? EvictionDay { get; set; } @@ -36,9 +36,6 @@ public sealed class UserFederationCacheGetArgs : global::Pulumi.ResourceArgs [Input("maxLifespan")] public Input? MaxLifespan { get; set; } - /// - /// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - /// [Input("policy")] public Input? Policy { get; set; } diff --git a/sdk/dotnet/Ldap/Inputs/UserFederationKerberosArgs.cs b/sdk/dotnet/Ldap/Inputs/UserFederationKerberosArgs.cs index 3b7ca931..9e718b98 100644 --- a/sdk/dotnet/Ldap/Inputs/UserFederationKerberosArgs.cs +++ b/sdk/dotnet/Ldap/Inputs/UserFederationKerberosArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.Keycloak.Ldap.Inputs public sealed class UserFederationKerberosArgs : global::Pulumi.ResourceArgs { /// - /// The name of the kerberos realm, e.g. FOO.LOCAL. + /// The name of the kerberos realm, e.g. FOO.LOCAL /// [Input("kerberosRealm", required: true)] public Input KerberosRealm { get; set; } = null!; diff --git a/sdk/dotnet/Ldap/Inputs/UserFederationKerberosGetArgs.cs b/sdk/dotnet/Ldap/Inputs/UserFederationKerberosGetArgs.cs index 296828c4..65c7f9c4 100644 --- a/sdk/dotnet/Ldap/Inputs/UserFederationKerberosGetArgs.cs +++ b/sdk/dotnet/Ldap/Inputs/UserFederationKerberosGetArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.Keycloak.Ldap.Inputs public sealed class UserFederationKerberosGetArgs : global::Pulumi.ResourceArgs { /// - /// The name of the kerberos realm, e.g. FOO.LOCAL. + /// The name of the kerberos realm, e.g. FOO.LOCAL /// [Input("kerberosRealm", required: true)] public Input KerberosRealm { get; set; } = null!; diff --git a/sdk/dotnet/Ldap/MsadLdsUserAccountControlMapper.cs b/sdk/dotnet/Ldap/MsadLdsUserAccountControlMapper.cs index 033269e4..88ca213e 100644 --- a/sdk/dotnet/Ldap/MsadLdsUserAccountControlMapper.cs +++ b/sdk/dotnet/Ldap/MsadLdsUserAccountControlMapper.cs @@ -20,6 +20,7 @@ namespace Pulumi.Keycloak.Ldap /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -60,16 +61,17 @@ namespace Pulumi.Keycloak.Ldap /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/dotnet/Ldap/MsadUserAccountControlMapper.cs b/sdk/dotnet/Ldap/MsadUserAccountControlMapper.cs index 6f7bc643..455c2ed1 100644 --- a/sdk/dotnet/Ldap/MsadUserAccountControlMapper.cs +++ b/sdk/dotnet/Ldap/MsadUserAccountControlMapper.cs @@ -10,6 +10,8 @@ namespace Pulumi.Keycloak.Ldap { /// + /// ## # keycloak.ldap.MsadUserAccountControlMapper + /// /// Allows for creating and managing MSAD user account control mappers for Keycloak /// users federated via LDAP. /// @@ -18,8 +20,9 @@ namespace Pulumi.Keycloak.Ldap /// AD user state to Keycloak in order to enforce settings like expired passwords /// or disabled accounts. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,74 +33,73 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "test", /// }); /// /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() /// { - /// RealmId = realm.Id, - /// UsernameLdapAttribute = "cn", + /// BindCredential = "admin", + /// BindDn = "cn=admin,dc=example,dc=org", + /// ConnectionUrl = "ldap://my-ad-server", /// RdnLdapAttribute = "cn", - /// UuidLdapAttribute = "objectGUID", + /// RealmId = realm.Id, /// UserObjectClasses = new[] /// { /// "person", /// "organizationalPerson", /// "user", /// }, - /// ConnectionUrl = "ldap://my-ad-server", + /// UsernameLdapAttribute = "cn", /// UsersDn = "dc=example,dc=org", - /// BindDn = "cn=admin,dc=example,dc=org", - /// BindCredential = "admin", + /// UuidLdapAttribute = "objectGUID", /// }); /// /// var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", new() /// { - /// RealmId = realm.Id, /// LdapUserFederationId = ldapUserFederation.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import - /// - /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + /// ### Argument Reference /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// The following arguments are supported: /// - /// Example: + /// - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + /// - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + /// - `name` - (Required) Display name of this mapper when displayed in the console. + /// - `ldap_password_policy_hints_enabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - /// ``` + /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + /// The ID of the LDAP user federation provider and the mapper can be found within + /// the Keycloak GUI, and they are typically GUIDs: /// [KeycloakResourceType("keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper")] public partial class MsadUserAccountControlMapper : global::Pulumi.CustomResource { - /// - /// When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - /// [Output("ldapPasswordPolicyHintsEnabled")] public Output LdapPasswordPolicyHintsEnabled { get; private set; } = null!; /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Output("ldapUserFederationId")] public Output LdapUserFederationId { get; private set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -148,26 +150,23 @@ public static MsadUserAccountControlMapper Get(string name, Input id, Ms public sealed class MsadUserAccountControlMapperArgs : global::Pulumi.ResourceArgs { - /// - /// When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - /// [Input("ldapPasswordPolicyHintsEnabled")] public Input? LdapPasswordPolicyHintsEnabled { get; set; } /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId", required: true)] public Input LdapUserFederationId { get; set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -180,26 +179,23 @@ public MsadUserAccountControlMapperArgs() public sealed class MsadUserAccountControlMapperState : global::Pulumi.ResourceArgs { - /// - /// When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - /// [Input("ldapPasswordPolicyHintsEnabled")] public Input? LdapPasswordPolicyHintsEnabled { get; set; } /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId")] public Input? LdapUserFederationId { get; set; } /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/Ldap/Outputs/UserFederationCache.cs b/sdk/dotnet/Ldap/Outputs/UserFederationCache.cs index 1ac84829..469a3663 100644 --- a/sdk/dotnet/Ldap/Outputs/UserFederationCache.cs +++ b/sdk/dotnet/Ldap/Outputs/UserFederationCache.cs @@ -14,7 +14,7 @@ namespace Pulumi.Keycloak.Ldap.Outputs public sealed class UserFederationCache { /// - /// Day of the week the entry will become invalid on + /// Day of the week the entry will become invalid on. /// public readonly int? EvictionDay; /// @@ -29,9 +29,6 @@ public sealed class UserFederationCache /// Max lifespan of cache entry (duration string). /// public readonly string? MaxLifespan; - /// - /// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - /// public readonly string? Policy; [OutputConstructor] diff --git a/sdk/dotnet/Ldap/Outputs/UserFederationKerberos.cs b/sdk/dotnet/Ldap/Outputs/UserFederationKerberos.cs index 62058956..f1f760ad 100644 --- a/sdk/dotnet/Ldap/Outputs/UserFederationKerberos.cs +++ b/sdk/dotnet/Ldap/Outputs/UserFederationKerberos.cs @@ -14,7 +14,7 @@ namespace Pulumi.Keycloak.Ldap.Outputs public sealed class UserFederationKerberos { /// - /// The name of the kerberos realm, e.g. FOO.LOCAL. + /// The name of the kerberos realm, e.g. FOO.LOCAL /// public readonly string KerberosRealm; /// diff --git a/sdk/dotnet/Ldap/RoleMapper.cs b/sdk/dotnet/Ldap/RoleMapper.cs index 2f249bbe..edde865d 100644 --- a/sdk/dotnet/Ldap/RoleMapper.cs +++ b/sdk/dotnet/Ldap/RoleMapper.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak.Ldap /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -66,16 +67,17 @@ namespace Pulumi.Keycloak.Ldap /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/dotnet/Ldap/UserAttributeMapper.cs b/sdk/dotnet/Ldap/UserAttributeMapper.cs index cbbc02aa..fe8ff3be 100644 --- a/sdk/dotnet/Ldap/UserAttributeMapper.cs +++ b/sdk/dotnet/Ldap/UserAttributeMapper.cs @@ -10,14 +10,17 @@ namespace Pulumi.Keycloak.Ldap { /// + /// ## # keycloak.ldap.UserAttributeMapper + /// /// Allows for creating and managing user attribute mappers for Keycloak users /// federated via LDAP. /// /// The LDAP user attribute mapper can be used to map a single LDAP attribute /// to an attribute on the Keycloak user model. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -28,111 +31,117 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "test", /// }); /// /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() /// { - /// RealmId = realm.Id, - /// UsernameLdapAttribute = "cn", + /// BindCredential = "admin", + /// BindDn = "cn=admin,dc=example,dc=org", + /// ConnectionUrl = "ldap://openldap", /// RdnLdapAttribute = "cn", - /// UuidLdapAttribute = "entryDN", + /// RealmId = realm.Id, /// UserObjectClasses = new[] /// { /// "simpleSecurityObject", /// "organizationalRole", /// }, - /// ConnectionUrl = "ldap://openldap", + /// UsernameLdapAttribute = "cn", /// UsersDn = "dc=example,dc=org", - /// BindDn = "cn=admin,dc=example,dc=org", - /// BindCredential = "admin", + /// UuidLdapAttribute = "entryDN", /// }); /// /// var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper("ldapUserAttributeMapper", new() /// { - /// RealmId = realm.Id, + /// LdapAttribute = "bar", /// LdapUserFederationId = ldapUserFederation.Id, + /// RealmId = realm.Id, /// UserModelAttribute = "foo", - /// LdapAttribute = "bar", /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import - /// - /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + /// ### Argument Reference /// - /// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + /// The following arguments are supported: /// - /// Example: + /// - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + /// - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + /// - `name` - (Required) Display name of this mapper when displayed in the console. + /// - `user_model_attribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into. + /// - `ldap_attribute` - (Required) Name of the mapped attribute on the LDAP object. + /// - `read_only` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + /// - `always_read_value_from_ldap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + /// - `is_mandatory_in_ldap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - /// ``` + /// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + /// The ID of the LDAP user federation provider and the mapper can be found within + /// the Keycloak GUI, and they are typically GUIDs: /// [KeycloakResourceType("keycloak:ldap/userAttributeMapper:UserAttributeMapper")] public partial class UserAttributeMapper : global::Pulumi.CustomResource { /// - /// When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + /// When true, the value fetched from LDAP will override the value stored in Keycloak. /// [Output("alwaysReadValueFromLdap")] public Output AlwaysReadValueFromLdap { get; private set; } = null!; /// - /// Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + /// Default value to set in LDAP if is_mandatory_in_ldap and the value is empty /// [Output("attributeDefaultValue")] public Output AttributeDefaultValue { get; private set; } = null!; /// - /// Should be true for binary LDAP attributes. + /// Should be true for binary LDAP attributes /// [Output("isBinaryAttribute")] public Output IsBinaryAttribute { get; private set; } = null!; /// - /// When `true`, this attribute must exist in LDAP. Defaults to `false`. + /// When true, this attribute must exist in LDAP. /// [Output("isMandatoryInLdap")] public Output IsMandatoryInLdap { get; private set; } = null!; /// - /// Name of the mapped attribute on the LDAP object. + /// Name of the mapped attribute on LDAP object. /// [Output("ldapAttribute")] public Output LdapAttribute { get; private set; } = null!; /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Output("ldapUserFederationId")] public Output LdapUserFederationId { get; private set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + /// When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. /// [Output("readOnly")] public Output ReadOnly { get; private set; } = null!; /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; /// - /// Name of the user property or attribute you want to map the LDAP attribute into. + /// Name of the UserModel property or attribute you want to map the LDAP attribute into. /// [Output("userModelAttribute")] public Output UserModelAttribute { get; private set; } = null!; @@ -184,61 +193,61 @@ public static UserAttributeMapper Get(string name, Input id, UserAttribu public sealed class UserAttributeMapperArgs : global::Pulumi.ResourceArgs { /// - /// When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + /// When true, the value fetched from LDAP will override the value stored in Keycloak. /// [Input("alwaysReadValueFromLdap")] public Input? AlwaysReadValueFromLdap { get; set; } /// - /// Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + /// Default value to set in LDAP if is_mandatory_in_ldap and the value is empty /// [Input("attributeDefaultValue")] public Input? AttributeDefaultValue { get; set; } /// - /// Should be true for binary LDAP attributes. + /// Should be true for binary LDAP attributes /// [Input("isBinaryAttribute")] public Input? IsBinaryAttribute { get; set; } /// - /// When `true`, this attribute must exist in LDAP. Defaults to `false`. + /// When true, this attribute must exist in LDAP. /// [Input("isMandatoryInLdap")] public Input? IsMandatoryInLdap { get; set; } /// - /// Name of the mapped attribute on the LDAP object. + /// Name of the mapped attribute on LDAP object. /// [Input("ldapAttribute", required: true)] public Input LdapAttribute { get; set; } = null!; /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId", required: true)] public Input LdapUserFederationId { get; set; } = null!; /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } /// - /// When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + /// When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. /// [Input("readOnly")] public Input? ReadOnly { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; /// - /// Name of the user property or attribute you want to map the LDAP attribute into. + /// Name of the UserModel property or attribute you want to map the LDAP attribute into. /// [Input("userModelAttribute", required: true)] public Input UserModelAttribute { get; set; } = null!; @@ -252,61 +261,61 @@ public UserAttributeMapperArgs() public sealed class UserAttributeMapperState : global::Pulumi.ResourceArgs { /// - /// When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + /// When true, the value fetched from LDAP will override the value stored in Keycloak. /// [Input("alwaysReadValueFromLdap")] public Input? AlwaysReadValueFromLdap { get; set; } /// - /// Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + /// Default value to set in LDAP if is_mandatory_in_ldap and the value is empty /// [Input("attributeDefaultValue")] public Input? AttributeDefaultValue { get; set; } /// - /// Should be true for binary LDAP attributes. + /// Should be true for binary LDAP attributes /// [Input("isBinaryAttribute")] public Input? IsBinaryAttribute { get; set; } /// - /// When `true`, this attribute must exist in LDAP. Defaults to `false`. + /// When true, this attribute must exist in LDAP. /// [Input("isMandatoryInLdap")] public Input? IsMandatoryInLdap { get; set; } /// - /// Name of the mapped attribute on the LDAP object. + /// Name of the mapped attribute on LDAP object. /// [Input("ldapAttribute")] public Input? LdapAttribute { get; set; } /// - /// The ID of the LDAP user federation provider to attach this mapper to. + /// The ldap user federation provider to attach this mapper to. /// [Input("ldapUserFederationId")] public Input? LdapUserFederationId { get; set; } /// - /// Display name of this mapper when displayed in the console. + /// Display name of the mapper when displayed in the console. /// [Input("name")] public Input? Name { get; set; } /// - /// When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + /// When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. /// [Input("readOnly")] public Input? ReadOnly { get; set; } /// - /// The realm that this LDAP mapper will exist in. + /// The realm in which the ldap user federation provider exists. /// [Input("realmId")] public Input? RealmId { get; set; } /// - /// Name of the user property or attribute you want to map the LDAP attribute into. + /// Name of the UserModel property or attribute you want to map the LDAP attribute into. /// [Input("userModelAttribute")] public Input? UserModelAttribute { get; set; } diff --git a/sdk/dotnet/Ldap/UserFederation.cs b/sdk/dotnet/Ldap/UserFederation.cs index 6c6f9e7f..6c817e32 100644 --- a/sdk/dotnet/Ldap/UserFederation.cs +++ b/sdk/dotnet/Ldap/UserFederation.cs @@ -10,6 +10,8 @@ namespace Pulumi.Keycloak.Ldap { /// + /// ## # keycloak.ldap.UserFederation + /// /// Allows for creating and managing LDAP user federation providers within Keycloak. /// /// Keycloak can use an LDAP user federation provider to federate users to Keycloak @@ -17,8 +19,9 @@ namespace Pulumi.Keycloak.Ldap /// will exist within the realm and will be able to log in to clients. Federated /// users can have their attributes defined using mappers. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -29,86 +32,112 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "test", /// }); /// /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() /// { - /// RealmId = realm.Id, + /// BindCredential = "admin", + /// BindDn = "cn=admin,dc=example,dc=org", + /// ConnectionTimeout = "5s", + /// ConnectionUrl = "ldap://openldap", /// Enabled = true, - /// UsernameLdapAttribute = "cn", /// RdnLdapAttribute = "cn", - /// UuidLdapAttribute = "entryDN", + /// ReadTimeout = "10s", + /// RealmId = realm.Id, /// UserObjectClasses = new[] /// { /// "simpleSecurityObject", /// "organizationalRole", /// }, - /// ConnectionUrl = "ldap://openldap", + /// UsernameLdapAttribute = "cn", /// UsersDn = "dc=example,dc=org", - /// BindDn = "cn=admin,dc=example,dc=org", - /// BindCredential = "admin", - /// ConnectionTimeout = "5s", - /// ReadTimeout = "10s", - /// Kerberos = new Keycloak.Ldap.Inputs.UserFederationKerberosArgs - /// { - /// KerberosRealm = "FOO.LOCAL", - /// ServerPrincipal = "HTTP/host.foo.com@FOO.LOCAL", - /// KeyTab = "/etc/host.keytab", - /// }, + /// UuidLdapAttribute = "entryDN", /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. + /// The following arguments are supported: /// - /// The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: + /// - `realm_id` - (Required) The realm that this provider will provide user federation for. + /// - `name` - (Required) Display name of the provider when displayed in the console. + /// - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + /// - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + /// - `import_enabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + /// - `edit_mode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + /// - `sync_registrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + /// - `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`. + /// - `username_ldap_attribute` - (Required) Name of the LDAP attribute to use as the Keycloak username. + /// - `rdn_ldap_attribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name. + /// - `uuid_ldap_attribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. + /// - `user_object_classes` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + /// - `connection_url` - (Required) Connection URL to the LDAP server. + /// - `users_dn` - (Required) Full DN of LDAP tree where your users are. + /// - `bind_dn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + /// - `bind_credential` - (Optional) Password of LDAP admin. This attribute must be set if `bind_dn` is set. + /// - `custom_user_search_filter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + /// - `search_scope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`: + /// - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`. + /// - `SUBTREE`: Search entire LDAP subtree. + /// - `validate_password_policy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it. + /// - `use_truststore_spi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: + /// - `ALWAYS` - Always use the truststore SPI for LDAP connections. + /// - `NEVER` - Never use the truststore SPI for LDAP connections. + /// - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol. + /// - `connection_timeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + /// - `read_timeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + /// - `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + /// - `batch_size_for_sync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`. + /// - `full_sync_period` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. + /// - `changed_sync_period` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + /// - `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - /// ``` + /// LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. + /// The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: /// [KeycloakResourceType("keycloak:ldap/userFederation:UserFederation")] public partial class UserFederation : global::Pulumi.CustomResource { /// - /// The number of users to sync within a single transaction. Defaults to `1000`. + /// The number of users to sync within a single transaction. /// [Output("batchSizeForSync")] public Output BatchSizeForSync { get; private set; } = null!; /// - /// Password of LDAP admin. This attribute must be set if `bind_dn` is set. + /// Password of LDAP admin. /// [Output("bindCredential")] public Output BindCredential { get; private set; } = null!; /// - /// DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + /// DN of LDAP admin, which will be used by Keycloak to access LDAP server. /// [Output("bindDn")] public Output BindDn { get; private set; } = null!; /// - /// A block containing the cache settings. + /// Settings regarding cache policy for this realm. /// [Output("cache")] public Output Cache { get; private set; } = null!; /// - /// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + /// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + /// sync. /// [Output("changedSyncPeriod")] public Output ChangedSyncPeriod { get; private set; } = null!; /// - /// LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + /// LDAP connection timeout (duration string) /// [Output("connectionTimeout")] public Output ConnectionTimeout { get; private set; } = null!; @@ -120,25 +149,26 @@ public partial class UserFederation : global::Pulumi.CustomResource public Output ConnectionUrl { get; private set; } = null!; /// - /// Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + /// Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. /// [Output("customUserSearchFilter")] public Output CustomUserSearchFilter { get; private set; } = null!; /// - /// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + /// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + /// user federation provider. /// [Output("deleteDefaultMappers")] public Output DeleteDefaultMappers { get; private set; } = null!; /// - /// Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + /// READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. /// [Output("editMode")] public Output EditMode { get; private set; } = null!; /// - /// When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + /// When false, this provider will not be used when performing queries for users. /// [Output("enabled")] public Output Enabled { get; private set; } = null!; @@ -150,13 +180,13 @@ public partial class UserFederation : global::Pulumi.CustomResource public Output FullSyncPeriod { get; private set; } = null!; /// - /// When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + /// When true, LDAP users will be imported into the Keycloak database. /// [Output("importEnabled")] public Output ImportEnabled { get; private set; } = null!; /// - /// A block containing the kerberos settings. + /// Settings regarding kerberos authentication for this realm. /// [Output("kerberos")] public Output Kerberos { get; private set; } = null!; @@ -168,13 +198,13 @@ public partial class UserFederation : global::Pulumi.CustomResource public Output Name { get; private set; } = null!; /// - /// When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + /// When true, Keycloak assumes the LDAP server supports pagination. /// [Output("pagination")] public Output Pagination { get; private set; } = null!; /// - /// Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + /// Priority of this provider when looking up users. Lower values are first. /// [Output("priority")] public Output Priority { get; private set; } = null!; @@ -186,31 +216,31 @@ public partial class UserFederation : global::Pulumi.CustomResource public Output RdnLdapAttribute { get; private set; } = null!; /// - /// LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + /// LDAP read timeout (duration string) /// [Output("readTimeout")] public Output ReadTimeout { get; private set; } = null!; /// - /// The realm that this provider will provide user federation for. + /// The realm this provider will provide user federation for. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; /// - /// Can be one of `ONE_LEVEL` or `SUBTREE`: + /// ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. /// [Output("searchScope")] public Output SearchScope { get; private set; } = null!; /// - /// When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + /// When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. /// [Output("startTls")] public Output StartTls { get; private set; } = null!; /// - /// When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + /// When true, newly created users will be synced back to LDAP. /// [Output("syncRegistrations")] public Output SyncRegistrations { get; private set; } = null!; @@ -227,14 +257,11 @@ public partial class UserFederation : global::Pulumi.CustomResource [Output("usePasswordModifyExtendedOp")] public Output UsePasswordModifyExtendedOp { get; private set; } = null!; - /// - /// Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - /// [Output("useTruststoreSpi")] public Output UseTruststoreSpi { get; private set; } = null!; /// - /// Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + /// All values of LDAP objectClass attribute for users in LDAP. /// [Output("userObjectClasses")] public Output> UserObjectClasses { get; private set; } = null!; @@ -258,13 +285,13 @@ public partial class UserFederation : global::Pulumi.CustomResource public Output UuidLdapAttribute { get; private set; } = null!; /// - /// When `true`, Keycloak will validate passwords using the realm policy before updating it. + /// When true, Keycloak will validate passwords using the realm policy before updating it. /// [Output("validatePasswordPolicy")] public Output ValidatePasswordPolicy { get; private set; } = null!; /// - /// Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + /// LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. /// [Output("vendor")] public Output Vendor { get; private set; } = null!; @@ -320,7 +347,7 @@ public static UserFederation Get(string name, Input id, UserFederationSt public sealed class UserFederationArgs : global::Pulumi.ResourceArgs { /// - /// The number of users to sync within a single transaction. Defaults to `1000`. + /// The number of users to sync within a single transaction. /// [Input("batchSizeForSync")] public Input? BatchSizeForSync { get; set; } @@ -329,7 +356,7 @@ public sealed class UserFederationArgs : global::Pulumi.ResourceArgs private Input? _bindCredential; /// - /// Password of LDAP admin. This attribute must be set if `bind_dn` is set. + /// Password of LDAP admin. /// public Input? BindCredential { @@ -342,25 +369,26 @@ public Input? BindCredential } /// - /// DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + /// DN of LDAP admin, which will be used by Keycloak to access LDAP server. /// [Input("bindDn")] public Input? BindDn { get; set; } /// - /// A block containing the cache settings. + /// Settings regarding cache policy for this realm. /// [Input("cache")] public Input? Cache { get; set; } /// - /// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + /// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + /// sync. /// [Input("changedSyncPeriod")] public Input? ChangedSyncPeriod { get; set; } /// - /// LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + /// LDAP connection timeout (duration string) /// [Input("connectionTimeout")] public Input? ConnectionTimeout { get; set; } @@ -372,25 +400,26 @@ public Input? BindCredential public Input ConnectionUrl { get; set; } = null!; /// - /// Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + /// Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. /// [Input("customUserSearchFilter")] public Input? CustomUserSearchFilter { get; set; } /// - /// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + /// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + /// user federation provider. /// [Input("deleteDefaultMappers")] public Input? DeleteDefaultMappers { get; set; } /// - /// Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + /// READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. /// [Input("editMode")] public Input? EditMode { get; set; } /// - /// When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + /// When false, this provider will not be used when performing queries for users. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -402,13 +431,13 @@ public Input? BindCredential public Input? FullSyncPeriod { get; set; } /// - /// When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + /// When true, LDAP users will be imported into the Keycloak database. /// [Input("importEnabled")] public Input? ImportEnabled { get; set; } /// - /// A block containing the kerberos settings. + /// Settings regarding kerberos authentication for this realm. /// [Input("kerberos")] public Input? Kerberos { get; set; } @@ -420,13 +449,13 @@ public Input? BindCredential public Input? Name { get; set; } /// - /// When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + /// When true, Keycloak assumes the LDAP server supports pagination. /// [Input("pagination")] public Input? Pagination { get; set; } /// - /// Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + /// Priority of this provider when looking up users. Lower values are first. /// [Input("priority")] public Input? Priority { get; set; } @@ -438,31 +467,31 @@ public Input? BindCredential public Input RdnLdapAttribute { get; set; } = null!; /// - /// LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + /// LDAP read timeout (duration string) /// [Input("readTimeout")] public Input? ReadTimeout { get; set; } /// - /// The realm that this provider will provide user federation for. + /// The realm this provider will provide user federation for. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; /// - /// Can be one of `ONE_LEVEL` or `SUBTREE`: + /// ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. /// [Input("searchScope")] public Input? SearchScope { get; set; } /// - /// When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + /// When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. /// [Input("startTls")] public Input? StartTls { get; set; } /// - /// When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + /// When true, newly created users will be synced back to LDAP. /// [Input("syncRegistrations")] public Input? SyncRegistrations { get; set; } @@ -479,9 +508,6 @@ public Input? BindCredential [Input("usePasswordModifyExtendedOp")] public Input? UsePasswordModifyExtendedOp { get; set; } - /// - /// Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - /// [Input("useTruststoreSpi")] public Input? UseTruststoreSpi { get; set; } @@ -489,7 +515,7 @@ public Input? BindCredential private InputList? _userObjectClasses; /// - /// Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + /// All values of LDAP objectClass attribute for users in LDAP. /// public InputList UserObjectClasses { @@ -516,13 +542,13 @@ public InputList UserObjectClasses public Input UuidLdapAttribute { get; set; } = null!; /// - /// When `true`, Keycloak will validate passwords using the realm policy before updating it. + /// When true, Keycloak will validate passwords using the realm policy before updating it. /// [Input("validatePasswordPolicy")] public Input? ValidatePasswordPolicy { get; set; } /// - /// Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + /// LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. /// [Input("vendor")] public Input? Vendor { get; set; } @@ -536,7 +562,7 @@ public UserFederationArgs() public sealed class UserFederationState : global::Pulumi.ResourceArgs { /// - /// The number of users to sync within a single transaction. Defaults to `1000`. + /// The number of users to sync within a single transaction. /// [Input("batchSizeForSync")] public Input? BatchSizeForSync { get; set; } @@ -545,7 +571,7 @@ public sealed class UserFederationState : global::Pulumi.ResourceArgs private Input? _bindCredential; /// - /// Password of LDAP admin. This attribute must be set if `bind_dn` is set. + /// Password of LDAP admin. /// public Input? BindCredential { @@ -558,25 +584,26 @@ public Input? BindCredential } /// - /// DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + /// DN of LDAP admin, which will be used by Keycloak to access LDAP server. /// [Input("bindDn")] public Input? BindDn { get; set; } /// - /// A block containing the cache settings. + /// Settings regarding cache policy for this realm. /// [Input("cache")] public Input? Cache { get; set; } /// - /// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + /// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + /// sync. /// [Input("changedSyncPeriod")] public Input? ChangedSyncPeriod { get; set; } /// - /// LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + /// LDAP connection timeout (duration string) /// [Input("connectionTimeout")] public Input? ConnectionTimeout { get; set; } @@ -588,25 +615,26 @@ public Input? BindCredential public Input? ConnectionUrl { get; set; } /// - /// Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + /// Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. /// [Input("customUserSearchFilter")] public Input? CustomUserSearchFilter { get; set; } /// - /// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + /// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + /// user federation provider. /// [Input("deleteDefaultMappers")] public Input? DeleteDefaultMappers { get; set; } /// - /// Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + /// READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. /// [Input("editMode")] public Input? EditMode { get; set; } /// - /// When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + /// When false, this provider will not be used when performing queries for users. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -618,13 +646,13 @@ public Input? BindCredential public Input? FullSyncPeriod { get; set; } /// - /// When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + /// When true, LDAP users will be imported into the Keycloak database. /// [Input("importEnabled")] public Input? ImportEnabled { get; set; } /// - /// A block containing the kerberos settings. + /// Settings regarding kerberos authentication for this realm. /// [Input("kerberos")] public Input? Kerberos { get; set; } @@ -636,13 +664,13 @@ public Input? BindCredential public Input? Name { get; set; } /// - /// When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + /// When true, Keycloak assumes the LDAP server supports pagination. /// [Input("pagination")] public Input? Pagination { get; set; } /// - /// Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + /// Priority of this provider when looking up users. Lower values are first. /// [Input("priority")] public Input? Priority { get; set; } @@ -654,31 +682,31 @@ public Input? BindCredential public Input? RdnLdapAttribute { get; set; } /// - /// LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + /// LDAP read timeout (duration string) /// [Input("readTimeout")] public Input? ReadTimeout { get; set; } /// - /// The realm that this provider will provide user federation for. + /// The realm this provider will provide user federation for. /// [Input("realmId")] public Input? RealmId { get; set; } /// - /// Can be one of `ONE_LEVEL` or `SUBTREE`: + /// ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. /// [Input("searchScope")] public Input? SearchScope { get; set; } /// - /// When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + /// When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. /// [Input("startTls")] public Input? StartTls { get; set; } /// - /// When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + /// When true, newly created users will be synced back to LDAP. /// [Input("syncRegistrations")] public Input? SyncRegistrations { get; set; } @@ -695,9 +723,6 @@ public Input? BindCredential [Input("usePasswordModifyExtendedOp")] public Input? UsePasswordModifyExtendedOp { get; set; } - /// - /// Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - /// [Input("useTruststoreSpi")] public Input? UseTruststoreSpi { get; set; } @@ -705,7 +730,7 @@ public Input? BindCredential private InputList? _userObjectClasses; /// - /// Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + /// All values of LDAP objectClass attribute for users in LDAP. /// public InputList UserObjectClasses { @@ -732,13 +757,13 @@ public InputList UserObjectClasses public Input? UuidLdapAttribute { get; set; } /// - /// When `true`, Keycloak will validate passwords using the realm policy before updating it. + /// When true, Keycloak will validate passwords using the realm policy before updating it. /// [Input("validatePasswordPolicy")] public Input? ValidatePasswordPolicy { get; set; } /// - /// Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + /// LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. /// [Input("vendor")] public Input? Vendor { get; set; } diff --git a/sdk/dotnet/Oidc/GoogleIdentityProvider.cs b/sdk/dotnet/Oidc/GoogleIdentityProvider.cs index 5c3fb964..ad2f2c2c 100644 --- a/sdk/dotnet/Oidc/GoogleIdentityProvider.cs +++ b/sdk/dotnet/Oidc/GoogleIdentityProvider.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak.Oidc /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -46,14 +47,15 @@ namespace Pulumi.Keycloak.Oidc /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Google Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp diff --git a/sdk/dotnet/Oidc/IdentityProvider.cs b/sdk/dotnet/Oidc/IdentityProvider.cs index 5f5cb2d8..fa4bc840 100644 --- a/sdk/dotnet/Oidc/IdentityProvider.cs +++ b/sdk/dotnet/Oidc/IdentityProvider.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak.Oidc /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -46,14 +47,15 @@ namespace Pulumi.Keycloak.Oidc /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp diff --git a/sdk/dotnet/OpenId/AudienceProtocolMapper.cs b/sdk/dotnet/OpenId/AudienceProtocolMapper.cs index f916e6e3..dfd59fef 100644 --- a/sdk/dotnet/OpenId/AudienceProtocolMapper.cs +++ b/sdk/dotnet/OpenId/AudienceProtocolMapper.cs @@ -10,14 +10,18 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing audience protocol mappers within Keycloak. + /// ## # keycloak.openid.AudienceProtocolMapper /// - /// Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom - /// string, or it can be mapped to the ID of a pre-existing client. + /// Allows for creating and managing audience protocol mappers within + /// Keycloak. This mapper was added in Keycloak v4.6.0.Final. /// - /// ## Example Usage - /// ### Client) + /// Audience protocol mappers allow you add audiences to the `aud` claim + /// within issued tokens. The audience can be a custom string, or it can be + /// mapped to the ID of a pre-existing client. /// + /// ### Example Usage (Client) + /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -28,16 +32,16 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// Enabled = true, + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", @@ -46,15 +50,18 @@ namespace Pulumi.Keycloak.OpenId /// /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audienceMapper", new() /// { - /// RealmId = realm.Id, /// ClientId = openidClient.Id, /// IncludedCustomAudience = "foo", + /// RealmId = realm.Id, /// }); /// /// }); /// ``` - /// ### Client Scope) + /// <!--End PulumiCodeChooser --> + /// + /// ### Example Usage (Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -65,8 +72,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -76,81 +83,83 @@ namespace Pulumi.Keycloak.OpenId /// /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audienceMapper", new() /// { - /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, /// IncludedCustomAudience = "foo", + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import - /// - /// Protocol mappers can be imported using one of the following formats: - /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// ### Argument Reference /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// The following arguments are supported: /// - /// Example: + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `included_client_audience` - (Required if `included_custom_audience` is not specified) A client ID to include within the token's `aud` claim. + /// - `included_custom_audience` - (Required if `included_client_audience` is not specified) A custom audience to include within the token's `aud` claim. + /// - `add_to_id_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + /// - `add_to_access_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper")] public partial class AudienceProtocolMapper : global::Pulumi.CustomResource { /// - /// Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + /// Indicates if this claim should be added to the access token. /// [Output("addToAccessToken")] public Output AddToAccessToken { get; private set; } = null!; /// - /// Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + /// Indicates if this claim should be added to the id token. /// [Output("addToIdToken")] public Output AddToIdToken { get; private set; } = null!; /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; /// - /// A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + /// A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience /// [Output("includedClientAudience")] public Output IncludedClientAudience { get; private set; } = null!; /// - /// A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + /// A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience /// [Output("includedCustomAudience")] public Output IncludedCustomAudience { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -202,49 +211,49 @@ public static AudienceProtocolMapper Get(string name, Input id, Audience public sealed class AudienceProtocolMapperArgs : global::Pulumi.ResourceArgs { /// - /// Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + /// Indicates if this claim should be added to the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + /// Indicates if this claim should be added to the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + /// A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience /// [Input("includedClientAudience")] public Input? IncludedClientAudience { get; set; } /// - /// A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + /// A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience /// [Input("includedCustomAudience")] public Input? IncludedCustomAudience { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -258,49 +267,49 @@ public AudienceProtocolMapperArgs() public sealed class AudienceProtocolMapperState : global::Pulumi.ResourceArgs { /// - /// Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + /// Indicates if this claim should be added to the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + /// Indicates if this claim should be added to the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + /// A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience /// [Input("includedClientAudience")] public Input? IncludedClientAudience { get; set; } /// - /// A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + /// A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience /// [Input("includedCustomAudience")] public Input? IncludedCustomAudience { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/OpenId/AudienceResolveProtocolMapper.cs b/sdk/dotnet/OpenId/AudienceResolveProtocolMapper.cs index 7ef8d1dc..5f2c72bd 100644 --- a/sdk/dotnet/OpenId/AudienceResolveProtocolMapper.cs +++ b/sdk/dotnet/OpenId/AudienceResolveProtocolMapper.cs @@ -17,8 +17,10 @@ namespace Pulumi.Keycloak.OpenId /// [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. /// /// ## Example Usage + /// /// ### Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -53,8 +55,11 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -82,18 +87,19 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Protocol mappers can be imported using one of the following formats: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/dotnet/OpenId/AudienceResolveProtocolMappter.cs b/sdk/dotnet/OpenId/AudienceResolveProtocolMappter.cs index 94fb8924..f473562a 100644 --- a/sdk/dotnet/OpenId/AudienceResolveProtocolMappter.cs +++ b/sdk/dotnet/OpenId/AudienceResolveProtocolMappter.cs @@ -17,8 +17,10 @@ namespace Pulumi.Keycloak.OpenId /// [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. /// /// ## Example Usage + /// /// ### Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -53,8 +55,11 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -82,18 +87,19 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Protocol mappers can be imported using one of the following formats: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/dotnet/OpenId/Client.cs b/sdk/dotnet/OpenId/Client.cs index 389dd668..7dec4305 100644 --- a/sdk/dotnet/OpenId/Client.cs +++ b/sdk/dotnet/OpenId/Client.cs @@ -10,14 +10,17 @@ namespace Pulumi.Keycloak.OpenId { /// + /// ## # keycloak.openid.Client + /// /// Allows for creating and managing Keycloak clients that use the OpenID Connect protocol. /// /// Clients are entities that can use Keycloak for user authentication. Typically, /// clients are applications that redirect users to Keycloak for authentication /// in order to take advantage of Keycloak's user sessions for SSO. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -28,324 +31,207 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ClientId = "test-client", /// Enabled = true, - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, - /// LoginTheme = "keycloak", - /// ExtraConfig = - /// { - /// { "key1", "value1" }, - /// { "key2", "value2" }, - /// }, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + /// The following arguments are supported: /// - /// assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + /// - `realm_id` - (Required) The realm this client is attached to. + /// - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + /// - `name` - (Optional) The display name of this client in the GUI. + /// - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + /// - `description` - (Optional) The description of this client in the GUI. + /// - `access_type` - (Required) Specifies the type of client, which can be one of the following: + /// - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating. + /// This client should be used for applications using the Authorization Code or Client Credentials grant flows. + /// - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect + /// URIs for security. This client should be used for applications using the Implicit grant flow. + /// - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests. + /// - `client_secret` - (Optional) The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and + /// should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute. + /// - `standard_flow_enabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. + /// - `implicit_flow_enabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. + /// - `direct_access_grants_enabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. + /// - `service_accounts_enabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. + /// - `valid_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple + /// wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` + /// is set to `true`. + /// - `web_origins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins. + /// - `admin_url` - (Optional) URL to the admin interface of the client. + /// - `base_url` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client. + /// - `pkce_code_challenge_method` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. + /// - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token. /// - /// Example: + /// ### Attributes Reference /// - /// bash + /// In addition to the arguments listed above, the following computed attributes are exported: /// - /// ```sh - /// $ pulumi import keycloak:openid/client:Client openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - /// ``` + /// - `service_account_user_id` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. + /// + /// ### Import + /// + /// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + /// assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + /// + /// Example: /// [KeycloakResourceType("keycloak:openid/client:Client")] public partial class Client : global::Pulumi.CustomResource { - /// - /// The amount of time in seconds before an access token expires. This will override the default for the realm. - /// [Output("accessTokenLifespan")] public Output AccessTokenLifespan { get; private set; } = null!; - /// - /// Specifies the type of client, which can be one of the following: - /// [Output("accessType")] public Output AccessType { get; private set; } = null!; - /// - /// URL to the admin interface of the client. - /// [Output("adminUrl")] public Output AdminUrl { get; private set; } = null!; - /// - /// Override realm authentication flow bindings - /// [Output("authenticationFlowBindingOverrides")] public Output AuthenticationFlowBindingOverrides { get; private set; } = null!; - /// - /// When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - /// [Output("authorization")] public Output Authorization { get; private set; } = null!; - /// - /// Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - /// [Output("backchannelLogoutRevokeOfflineSessions")] public Output BackchannelLogoutRevokeOfflineSessions { get; private set; } = null!; - /// - /// When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - /// [Output("backchannelLogoutSessionRequired")] public Output BackchannelLogoutSessionRequired { get; private set; } = null!; - /// - /// The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - /// [Output("backchannelLogoutUrl")] public Output BackchannelLogoutUrl { get; private set; } = null!; - /// - /// Default URL to use when the auth server needs to redirect or link back to the client. - /// [Output("baseUrl")] public Output BaseUrl { get; private set; } = null!; - /// - /// Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - /// - `client-secret` (Default) Use client id and client secret to authenticate client. - /// - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - /// - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - /// - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - /// [Output("clientAuthenticatorType")] public Output ClientAuthenticatorType { get; private set; } = null!; - /// - /// The Client ID for this client, referenced in the URI during authentication and in issued tokens. - /// [Output("clientId")] public Output ClientId { get; private set; } = null!; - /// - /// Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - /// [Output("clientOfflineSessionIdleTimeout")] public Output ClientOfflineSessionIdleTimeout { get; private set; } = null!; - /// - /// Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - /// [Output("clientOfflineSessionMaxLifespan")] public Output ClientOfflineSessionMaxLifespan { get; private set; } = null!; - /// - /// The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - /// [Output("clientSecret")] public Output ClientSecret { get; private set; } = null!; - /// - /// Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - /// [Output("clientSessionIdleTimeout")] public Output ClientSessionIdleTimeout { get; private set; } = null!; - /// - /// Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - /// [Output("clientSessionMaxLifespan")] public Output ClientSessionMaxLifespan { get; private set; } = null!; - /// - /// When `true`, users have to consent to client access. Defaults to `false`. - /// [Output("consentRequired")] public Output ConsentRequired { get; private set; } = null!; - /// - /// The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - /// [Output("consentScreenText")] public Output ConsentScreenText { get; private set; } = null!; - /// - /// The description of this client in the GUI. - /// [Output("description")] public Output Description { get; private set; } = null!; - /// - /// When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - /// [Output("directAccessGrantsEnabled")] public Output DirectAccessGrantsEnabled { get; private set; } = null!; - /// - /// When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - /// [Output("displayOnConsentScreen")] public Output DisplayOnConsentScreen { get; private set; } = null!; - /// - /// When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - /// [Output("enabled")] public Output Enabled { get; private set; } = null!; - /// - /// When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - /// [Output("excludeSessionStateFromAuthResponse")] public Output ExcludeSessionStateFromAuthResponse { get; private set; } = null!; [Output("extraConfig")] public Output?> ExtraConfig { get; private set; } = null!; - /// - /// When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - /// [Output("frontchannelLogoutEnabled")] public Output FrontchannelLogoutEnabled { get; private set; } = null!; - /// - /// The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - /// [Output("frontchannelLogoutUrl")] public Output FrontchannelLogoutUrl { get; private set; } = null!; - /// - /// Allow to include all roles mappings in the access token. - /// [Output("fullScopeAllowed")] public Output FullScopeAllowed { get; private set; } = null!; - /// - /// When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - /// [Output("implicitFlowEnabled")] public Output ImplicitFlowEnabled { get; private set; } = null!; - /// - /// When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - /// [Output("import")] public Output Import { get; private set; } = null!; - /// - /// The client login theme. This will override the default theme for the realm. - /// [Output("loginTheme")] public Output LoginTheme { get; private set; } = null!; - /// - /// The display name of this client in the GUI. - /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - /// [Output("oauth2DeviceAuthorizationGrantEnabled")] public Output Oauth2DeviceAuthorizationGrantEnabled { get; private set; } = null!; - /// - /// The maximum amount of time a client has to finish the device code flow before it expires. - /// [Output("oauth2DeviceCodeLifespan")] public Output Oauth2DeviceCodeLifespan { get; private set; } = null!; - /// - /// The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - /// [Output("oauth2DevicePollingInterval")] public Output Oauth2DevicePollingInterval { get; private set; } = null!; - /// - /// The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - /// [Output("pkceCodeChallengeMethod")] public Output PkceCodeChallengeMethod { get; private set; } = null!; - /// - /// The realm this client is attached to. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - /// [Output("resourceServerId")] public Output ResourceServerId { get; private set; } = null!; - /// - /// When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - /// [Output("rootUrl")] public Output RootUrl { get; private set; } = null!; - /// - /// (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - /// [Output("serviceAccountUserId")] public Output ServiceAccountUserId { get; private set; } = null!; - /// - /// When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - /// [Output("serviceAccountsEnabled")] public Output ServiceAccountsEnabled { get; private set; } = null!; - /// - /// When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - /// [Output("standardFlowEnabled")] public Output StandardFlowEnabled { get; private set; } = null!; - /// - /// If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - /// [Output("useRefreshTokens")] public Output UseRefreshTokens { get; private set; } = null!; - /// - /// If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - /// [Output("useRefreshTokensClientCredentials")] public Output UseRefreshTokensClientCredentials { get; private set; } = null!; - /// - /// A list of valid URIs a browser is permitted to redirect to after a successful logout. - /// [Output("validPostLogoutRedirectUris")] public Output> ValidPostLogoutRedirectUris { get; private set; } = null!; - /// - /// A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - /// wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - /// is set to `true`. - /// [Output("validRedirectUris")] public Output> ValidRedirectUris { get; private set; } = null!; - /// - /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - /// [Output("webOrigins")] public Output> WebOrigins { get; private set; } = null!; @@ -399,94 +285,47 @@ public static Client Get(string name, Input id, ClientState? state = nul public sealed class ClientArgs : global::Pulumi.ResourceArgs { - /// - /// The amount of time in seconds before an access token expires. This will override the default for the realm. - /// [Input("accessTokenLifespan")] public Input? AccessTokenLifespan { get; set; } - /// - /// Specifies the type of client, which can be one of the following: - /// [Input("accessType", required: true)] public Input AccessType { get; set; } = null!; - /// - /// URL to the admin interface of the client. - /// [Input("adminUrl")] public Input? AdminUrl { get; set; } - /// - /// Override realm authentication flow bindings - /// [Input("authenticationFlowBindingOverrides")] public Input? AuthenticationFlowBindingOverrides { get; set; } - /// - /// When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - /// [Input("authorization")] public Input? Authorization { get; set; } - /// - /// Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - /// [Input("backchannelLogoutRevokeOfflineSessions")] public Input? BackchannelLogoutRevokeOfflineSessions { get; set; } - /// - /// When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - /// [Input("backchannelLogoutSessionRequired")] public Input? BackchannelLogoutSessionRequired { get; set; } - /// - /// The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - /// [Input("backchannelLogoutUrl")] public Input? BackchannelLogoutUrl { get; set; } - /// - /// Default URL to use when the auth server needs to redirect or link back to the client. - /// [Input("baseUrl")] public Input? BaseUrl { get; set; } - /// - /// Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - /// - `client-secret` (Default) Use client id and client secret to authenticate client. - /// - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - /// - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - /// - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - /// [Input("clientAuthenticatorType")] public Input? ClientAuthenticatorType { get; set; } - /// - /// The Client ID for this client, referenced in the URI during authentication and in issued tokens. - /// [Input("clientId", required: true)] public Input ClientId { get; set; } = null!; - /// - /// Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - /// [Input("clientOfflineSessionIdleTimeout")] public Input? ClientOfflineSessionIdleTimeout { get; set; } - /// - /// Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - /// [Input("clientOfflineSessionMaxLifespan")] public Input? ClientOfflineSessionMaxLifespan { get; set; } [Input("clientSecret")] private Input? _clientSecret; - - /// - /// The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - /// public Input? ClientSecret { get => _clientSecret; @@ -497,57 +336,30 @@ public Input? ClientSecret } } - /// - /// Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - /// [Input("clientSessionIdleTimeout")] public Input? ClientSessionIdleTimeout { get; set; } - /// - /// Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - /// [Input("clientSessionMaxLifespan")] public Input? ClientSessionMaxLifespan { get; set; } - /// - /// When `true`, users have to consent to client access. Defaults to `false`. - /// [Input("consentRequired")] public Input? ConsentRequired { get; set; } - /// - /// The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - /// [Input("consentScreenText")] public Input? ConsentScreenText { get; set; } - /// - /// The description of this client in the GUI. - /// [Input("description")] public Input? Description { get; set; } - /// - /// When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - /// [Input("directAccessGrantsEnabled")] public Input? DirectAccessGrantsEnabled { get; set; } - /// - /// When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - /// [Input("displayOnConsentScreen")] public Input? DisplayOnConsentScreen { get; set; } - /// - /// When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - /// [Input("enabled")] public Input? Enabled { get; set; } - /// - /// When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - /// [Input("excludeSessionStateFromAuthResponse")] public Input? ExcludeSessionStateFromAuthResponse { get; set; } @@ -559,114 +371,59 @@ public InputMap ExtraConfig set => _extraConfig = value; } - /// - /// When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - /// [Input("frontchannelLogoutEnabled")] public Input? FrontchannelLogoutEnabled { get; set; } - /// - /// The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - /// [Input("frontchannelLogoutUrl")] public Input? FrontchannelLogoutUrl { get; set; } - /// - /// Allow to include all roles mappings in the access token. - /// [Input("fullScopeAllowed")] public Input? FullScopeAllowed { get; set; } - /// - /// When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - /// [Input("implicitFlowEnabled")] public Input? ImplicitFlowEnabled { get; set; } - /// - /// When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - /// [Input("import")] public Input? Import { get; set; } - /// - /// The client login theme. This will override the default theme for the realm. - /// [Input("loginTheme")] public Input? LoginTheme { get; set; } - /// - /// The display name of this client in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - /// [Input("oauth2DeviceAuthorizationGrantEnabled")] public Input? Oauth2DeviceAuthorizationGrantEnabled { get; set; } - /// - /// The maximum amount of time a client has to finish the device code flow before it expires. - /// [Input("oauth2DeviceCodeLifespan")] public Input? Oauth2DeviceCodeLifespan { get; set; } - /// - /// The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - /// [Input("oauth2DevicePollingInterval")] public Input? Oauth2DevicePollingInterval { get; set; } - /// - /// The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - /// [Input("pkceCodeChallengeMethod")] public Input? PkceCodeChallengeMethod { get; set; } - /// - /// The realm this client is attached to. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - /// [Input("rootUrl")] public Input? RootUrl { get; set; } - /// - /// When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - /// [Input("serviceAccountsEnabled")] public Input? ServiceAccountsEnabled { get; set; } - /// - /// When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - /// [Input("standardFlowEnabled")] public Input? StandardFlowEnabled { get; set; } - /// - /// If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - /// [Input("useRefreshTokens")] public Input? UseRefreshTokens { get; set; } - /// - /// If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - /// [Input("useRefreshTokensClientCredentials")] public Input? UseRefreshTokensClientCredentials { get; set; } [Input("validPostLogoutRedirectUris")] private InputList? _validPostLogoutRedirectUris; - - /// - /// A list of valid URIs a browser is permitted to redirect to after a successful logout. - /// public InputList ValidPostLogoutRedirectUris { get => _validPostLogoutRedirectUris ?? (_validPostLogoutRedirectUris = new InputList()); @@ -675,12 +432,6 @@ public InputList ValidPostLogoutRedirectUris [Input("validRedirectUris")] private InputList? _validRedirectUris; - - /// - /// A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - /// wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - /// is set to `true`. - /// public InputList ValidRedirectUris { get => _validRedirectUris ?? (_validRedirectUris = new InputList()); @@ -689,10 +440,6 @@ public InputList ValidRedirectUris [Input("webOrigins")] private InputList? _webOrigins; - - /// - /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - /// public InputList WebOrigins { get => _webOrigins ?? (_webOrigins = new InputList()); @@ -707,94 +454,47 @@ public ClientArgs() public sealed class ClientState : global::Pulumi.ResourceArgs { - /// - /// The amount of time in seconds before an access token expires. This will override the default for the realm. - /// [Input("accessTokenLifespan")] public Input? AccessTokenLifespan { get; set; } - /// - /// Specifies the type of client, which can be one of the following: - /// [Input("accessType")] public Input? AccessType { get; set; } - /// - /// URL to the admin interface of the client. - /// [Input("adminUrl")] public Input? AdminUrl { get; set; } - /// - /// Override realm authentication flow bindings - /// [Input("authenticationFlowBindingOverrides")] public Input? AuthenticationFlowBindingOverrides { get; set; } - /// - /// When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - /// [Input("authorization")] public Input? Authorization { get; set; } - /// - /// Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - /// [Input("backchannelLogoutRevokeOfflineSessions")] public Input? BackchannelLogoutRevokeOfflineSessions { get; set; } - /// - /// When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - /// [Input("backchannelLogoutSessionRequired")] public Input? BackchannelLogoutSessionRequired { get; set; } - /// - /// The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - /// [Input("backchannelLogoutUrl")] public Input? BackchannelLogoutUrl { get; set; } - /// - /// Default URL to use when the auth server needs to redirect or link back to the client. - /// [Input("baseUrl")] public Input? BaseUrl { get; set; } - /// - /// Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - /// - `client-secret` (Default) Use client id and client secret to authenticate client. - /// - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - /// - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - /// - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - /// [Input("clientAuthenticatorType")] public Input? ClientAuthenticatorType { get; set; } - /// - /// The Client ID for this client, referenced in the URI during authentication and in issued tokens. - /// [Input("clientId")] public Input? ClientId { get; set; } - /// - /// Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - /// [Input("clientOfflineSessionIdleTimeout")] public Input? ClientOfflineSessionIdleTimeout { get; set; } - /// - /// Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - /// [Input("clientOfflineSessionMaxLifespan")] public Input? ClientOfflineSessionMaxLifespan { get; set; } [Input("clientSecret")] private Input? _clientSecret; - - /// - /// The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - /// public Input? ClientSecret { get => _clientSecret; @@ -805,57 +505,30 @@ public Input? ClientSecret } } - /// - /// Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - /// [Input("clientSessionIdleTimeout")] public Input? ClientSessionIdleTimeout { get; set; } - /// - /// Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - /// [Input("clientSessionMaxLifespan")] public Input? ClientSessionMaxLifespan { get; set; } - /// - /// When `true`, users have to consent to client access. Defaults to `false`. - /// [Input("consentRequired")] public Input? ConsentRequired { get; set; } - /// - /// The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - /// [Input("consentScreenText")] public Input? ConsentScreenText { get; set; } - /// - /// The description of this client in the GUI. - /// [Input("description")] public Input? Description { get; set; } - /// - /// When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - /// [Input("directAccessGrantsEnabled")] public Input? DirectAccessGrantsEnabled { get; set; } - /// - /// When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - /// [Input("displayOnConsentScreen")] public Input? DisplayOnConsentScreen { get; set; } - /// - /// When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - /// [Input("enabled")] public Input? Enabled { get; set; } - /// - /// When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - /// [Input("excludeSessionStateFromAuthResponse")] public Input? ExcludeSessionStateFromAuthResponse { get; set; } @@ -867,126 +540,65 @@ public InputMap ExtraConfig set => _extraConfig = value; } - /// - /// When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - /// [Input("frontchannelLogoutEnabled")] public Input? FrontchannelLogoutEnabled { get; set; } - /// - /// The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - /// [Input("frontchannelLogoutUrl")] public Input? FrontchannelLogoutUrl { get; set; } - /// - /// Allow to include all roles mappings in the access token. - /// [Input("fullScopeAllowed")] public Input? FullScopeAllowed { get; set; } - /// - /// When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - /// [Input("implicitFlowEnabled")] public Input? ImplicitFlowEnabled { get; set; } - /// - /// When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - /// [Input("import")] public Input? Import { get; set; } - /// - /// The client login theme. This will override the default theme for the realm. - /// [Input("loginTheme")] public Input? LoginTheme { get; set; } - /// - /// The display name of this client in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - /// [Input("oauth2DeviceAuthorizationGrantEnabled")] public Input? Oauth2DeviceAuthorizationGrantEnabled { get; set; } - /// - /// The maximum amount of time a client has to finish the device code flow before it expires. - /// [Input("oauth2DeviceCodeLifespan")] public Input? Oauth2DeviceCodeLifespan { get; set; } - /// - /// The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - /// [Input("oauth2DevicePollingInterval")] public Input? Oauth2DevicePollingInterval { get; set; } - /// - /// The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - /// [Input("pkceCodeChallengeMethod")] public Input? PkceCodeChallengeMethod { get; set; } - /// - /// The realm this client is attached to. - /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - /// [Input("resourceServerId")] public Input? ResourceServerId { get; set; } - /// - /// When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - /// [Input("rootUrl")] public Input? RootUrl { get; set; } - /// - /// (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - /// [Input("serviceAccountUserId")] public Input? ServiceAccountUserId { get; set; } - /// - /// When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - /// [Input("serviceAccountsEnabled")] public Input? ServiceAccountsEnabled { get; set; } - /// - /// When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - /// [Input("standardFlowEnabled")] public Input? StandardFlowEnabled { get; set; } - /// - /// If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - /// [Input("useRefreshTokens")] public Input? UseRefreshTokens { get; set; } - /// - /// If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - /// [Input("useRefreshTokensClientCredentials")] public Input? UseRefreshTokensClientCredentials { get; set; } [Input("validPostLogoutRedirectUris")] private InputList? _validPostLogoutRedirectUris; - - /// - /// A list of valid URIs a browser is permitted to redirect to after a successful logout. - /// public InputList ValidPostLogoutRedirectUris { get => _validPostLogoutRedirectUris ?? (_validPostLogoutRedirectUris = new InputList()); @@ -995,12 +607,6 @@ public InputList ValidPostLogoutRedirectUris [Input("validRedirectUris")] private InputList? _validRedirectUris; - - /// - /// A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - /// wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - /// is set to `true`. - /// public InputList ValidRedirectUris { get => _validRedirectUris ?? (_validRedirectUris = new InputList()); @@ -1009,10 +615,6 @@ public InputList ValidRedirectUris [Input("webOrigins")] private InputList? _webOrigins; - - /// - /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - /// public InputList WebOrigins { get => _webOrigins ?? (_webOrigins = new InputList()); diff --git a/sdk/dotnet/OpenId/ClientAuthorizationPermission.cs b/sdk/dotnet/OpenId/ClientAuthorizationPermission.cs index b167b0ff..1180b11b 100644 --- a/sdk/dotnet/OpenId/ClientAuthorizationPermission.cs +++ b/sdk/dotnet/OpenId/ClientAuthorizationPermission.cs @@ -16,9 +16,9 @@ namespace Pulumi.Keycloak.OpenId /// /// Client authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9 diff --git a/sdk/dotnet/OpenId/ClientDefaultScopes.cs b/sdk/dotnet/OpenId/ClientDefaultScopes.cs index a8976e0e..31817c78 100644 --- a/sdk/dotnet/OpenId/ClientDefaultScopes.cs +++ b/sdk/dotnet/OpenId/ClientDefaultScopes.cs @@ -12,6 +12,7 @@ namespace Pulumi.Keycloak.OpenId /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -22,15 +23,15 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// RealmId = realm.Id, - /// ClientId = "test-client", /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// RealmId = realm.Id, /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -40,7 +41,6 @@ namespace Pulumi.Keycloak.OpenId /// /// var clientDefaultScopes = new Keycloak.OpenId.ClientDefaultScopes("clientDefaultScopes", new() /// { - /// RealmId = realm.Id, /// ClientId = client.Id, /// DefaultScopes = new[] /// { @@ -50,35 +50,35 @@ namespace Pulumi.Keycloak.OpenId /// "web-origins", /// clientScope.Name, /// }, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// This resource does not support import. Instead of importing, feel free to create this resource + /// The following arguments are supported: + /// + /// - `realm_id` - (Required) The realm this client and scopes exists in. + /// - `client_id` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. + /// - `default_scopes` - (Required) An array of client scope names to attach to this client. /// - /// as if it did not already exist on the server. + /// ### Import + /// + /// This resource does not support import. Instead of importing, feel free to create this resource + /// as if it did not already exist on the server. /// [KeycloakResourceType("keycloak:openid/clientDefaultScopes:ClientDefaultScopes")] public partial class ClientDefaultScopes : global::Pulumi.CustomResource { - /// - /// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - /// [Output("clientId")] public Output ClientId { get; private set; } = null!; - /// - /// An array of client scope names to attach to this client. - /// [Output("defaultScopes")] public Output> DefaultScopes { get; private set; } = null!; - /// - /// The realm this client and scopes exists in. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -128,27 +128,17 @@ public static ClientDefaultScopes Get(string name, Input id, ClientDefau public sealed class ClientDefaultScopesArgs : global::Pulumi.ResourceArgs { - /// - /// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - /// [Input("clientId", required: true)] public Input ClientId { get; set; } = null!; [Input("defaultScopes", required: true)] private InputList? _defaultScopes; - - /// - /// An array of client scope names to attach to this client. - /// public InputList DefaultScopes { get => _defaultScopes ?? (_defaultScopes = new InputList()); set => _defaultScopes = value; } - /// - /// The realm this client and scopes exists in. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -160,27 +150,17 @@ public ClientDefaultScopesArgs() public sealed class ClientDefaultScopesState : global::Pulumi.ResourceArgs { - /// - /// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - /// [Input("clientId")] public Input? ClientId { get; set; } [Input("defaultScopes")] private InputList? _defaultScopes; - - /// - /// An array of client scope names to attach to this client. - /// public InputList DefaultScopes { get => _defaultScopes ?? (_defaultScopes = new InputList()); set => _defaultScopes = value; } - /// - /// The realm this client and scopes exists in. - /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/OpenId/ClientOptionalScopes.cs b/sdk/dotnet/OpenId/ClientOptionalScopes.cs index 8c39497d..9a757604 100644 --- a/sdk/dotnet/OpenId/ClientOptionalScopes.cs +++ b/sdk/dotnet/OpenId/ClientOptionalScopes.cs @@ -12,6 +12,7 @@ namespace Pulumi.Keycloak.OpenId /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -22,15 +23,15 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// RealmId = realm.Id, - /// ClientId = "test-client", /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// RealmId = realm.Id, /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -40,45 +41,43 @@ namespace Pulumi.Keycloak.OpenId /// /// var clientOptionalScopes = new Keycloak.OpenId.ClientOptionalScopes("clientOptionalScopes", new() /// { - /// RealmId = realm.Id, /// ClientId = client.Id, /// OptionalScopes = new[] /// { /// "address", /// "phone", /// "offline_access", - /// "microprofile-jwt", /// clientScope.Name, /// }, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// This resource does not support import. Instead of importing, feel free to create this resource + /// The following arguments are supported: + /// + /// - `realm_id` - (Required) The realm this client and scopes exists in. + /// - `client_id` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. + /// - `optional_scopes` - (Required) An array of client scope names to attach to this client as optional scopes. /// - /// as if it did not already exist on the server. + /// ### Import + /// + /// This resource does not support import. Instead of importing, feel free to create this resource + /// as if it did not already exist on the server. /// [KeycloakResourceType("keycloak:openid/clientOptionalScopes:ClientOptionalScopes")] public partial class ClientOptionalScopes : global::Pulumi.CustomResource { - /// - /// The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - /// [Output("clientId")] public Output ClientId { get; private set; } = null!; - /// - /// An array of client scope names to attach to this client as optional scopes. - /// [Output("optionalScopes")] public Output> OptionalScopes { get; private set; } = null!; - /// - /// The realm this client and scopes exists in. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -128,27 +127,17 @@ public static ClientOptionalScopes Get(string name, Input id, ClientOpti public sealed class ClientOptionalScopesArgs : global::Pulumi.ResourceArgs { - /// - /// The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - /// [Input("clientId", required: true)] public Input ClientId { get; set; } = null!; [Input("optionalScopes", required: true)] private InputList? _optionalScopes; - - /// - /// An array of client scope names to attach to this client as optional scopes. - /// public InputList OptionalScopes { get => _optionalScopes ?? (_optionalScopes = new InputList()); set => _optionalScopes = value; } - /// - /// The realm this client and scopes exists in. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -160,27 +149,17 @@ public ClientOptionalScopesArgs() public sealed class ClientOptionalScopesState : global::Pulumi.ResourceArgs { - /// - /// The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - /// [Input("clientId")] public Input? ClientId { get; set; } [Input("optionalScopes")] private InputList? _optionalScopes; - - /// - /// An array of client scope names to attach to this client as optional scopes. - /// public InputList OptionalScopes { get => _optionalScopes ?? (_optionalScopes = new InputList()); set => _optionalScopes = value; } - /// - /// The realm this client and scopes exists in. - /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/OpenId/ClientPolicy.cs b/sdk/dotnet/OpenId/ClientPolicy.cs index 5a0bde08..efbc44fc 100644 --- a/sdk/dotnet/OpenId/ClientPolicy.cs +++ b/sdk/dotnet/OpenId/ClientPolicy.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak.OpenId /// /// In this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `keycloak.openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id. /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -64,6 +65,7 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// [KeycloakResourceType("keycloak:openid/clientPolicy:ClientPolicy")] public partial class ClientPolicy : global::Pulumi.CustomResource diff --git a/sdk/dotnet/OpenId/ClientScope.cs b/sdk/dotnet/OpenId/ClientScope.cs index 085963af..3af42d89 100644 --- a/sdk/dotnet/OpenId/ClientScope.cs +++ b/sdk/dotnet/OpenId/ClientScope.cs @@ -10,13 +10,18 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol. + /// ## # keycloak.openid.ClientScope /// - /// Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also - /// be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 `scope` parameter. + /// Allows for creating and managing Keycloak client scopes that can be attached to + /// clients that use the OpenID Connect protocol. /// - /// ## Example Usage + /// Client Scopes can be used to share common protocol and role mappings between multiple + /// clients within a realm. They can also be used by clients to conditionally request + /// claims or roles for a user based on the OAuth 2.0 `scope` parameter. /// + /// ### Example Usage + /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -27,71 +32,56 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClientScope = new Keycloak.OpenId.ClientScope("openidClientScope", new() /// { - /// RealmId = realm.Id, /// Description = "When requested, this scope will map a user's group memberships to a claim", - /// IncludeInTokenScope = true, - /// GuiOrder = 1, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + /// The following arguments are supported: /// - /// assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + /// - `realm_id` - (Required) The realm this client scope belongs to. + /// - `name` - (Required) The display name of this client scope in the GUI. + /// - `description` - (Optional) The description of this client scope in the GUI. + /// - `consent_screen_text` - (Optional) When set, a consent screen will be displayed to users + /// authenticating to clients with this scope attached. The consent screen will display the string + /// value of this attribute. /// - /// Example: + /// ### Import /// - /// bash + /// Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + /// assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. /// - /// ```sh - /// $ pulumi import keycloak:openid/clientScope:ClientScope openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/clientScope:ClientScope")] public partial class ClientScope : global::Pulumi.CustomResource { - /// - /// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - /// [Output("consentScreenText")] public Output ConsentScreenText { get; private set; } = null!; - /// - /// The description of this client scope in the GUI. - /// [Output("description")] public Output Description { get; private set; } = null!; - /// - /// Specify order of the client scope in GUI (such as in Consent page) as integer. - /// [Output("guiOrder")] public Output GuiOrder { get; private set; } = null!; - /// - /// When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - /// [Output("includeInTokenScope")] public Output IncludeInTokenScope { get; private set; } = null!; - /// - /// The display name of this client scope in the GUI. - /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// The realm this client scope belongs to. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -141,39 +131,21 @@ public static ClientScope Get(string name, Input id, ClientScopeState? s public sealed class ClientScopeArgs : global::Pulumi.ResourceArgs { - /// - /// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - /// [Input("consentScreenText")] public Input? ConsentScreenText { get; set; } - /// - /// The description of this client scope in the GUI. - /// [Input("description")] public Input? Description { get; set; } - /// - /// Specify order of the client scope in GUI (such as in Consent page) as integer. - /// [Input("guiOrder")] public Input? GuiOrder { get; set; } - /// - /// When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - /// [Input("includeInTokenScope")] public Input? IncludeInTokenScope { get; set; } - /// - /// The display name of this client scope in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// The realm this client scope belongs to. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -185,39 +157,21 @@ public ClientScopeArgs() public sealed class ClientScopeState : global::Pulumi.ResourceArgs { - /// - /// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - /// [Input("consentScreenText")] public Input? ConsentScreenText { get; set; } - /// - /// The description of this client scope in the GUI. - /// [Input("description")] public Input? Description { get; set; } - /// - /// Specify order of the client scope in GUI (such as in Consent page) as integer. - /// [Input("guiOrder")] public Input? GuiOrder { get; set; } - /// - /// When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - /// [Input("includeInTokenScope")] public Input? IncludeInTokenScope { get; set; } - /// - /// The display name of this client scope in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// The realm this client scope belongs to. - /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/OpenId/ClientServiceAccountRealmRole.cs b/sdk/dotnet/OpenId/ClientServiceAccountRealmRole.cs index 588655e0..7ab6383e 100644 --- a/sdk/dotnet/OpenId/ClientServiceAccountRealmRole.cs +++ b/sdk/dotnet/OpenId/ClientServiceAccountRealmRole.cs @@ -18,6 +18,7 @@ namespace Pulumi.Keycloak.OpenId /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -52,14 +53,15 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/dotnet/OpenId/ClientServiceAccountRole.cs b/sdk/dotnet/OpenId/ClientServiceAccountRole.cs index 9f7036b0..e6e2db03 100644 --- a/sdk/dotnet/OpenId/ClientServiceAccountRole.cs +++ b/sdk/dotnet/OpenId/ClientServiceAccountRole.cs @@ -18,6 +18,7 @@ namespace Pulumi.Keycloak.OpenId /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -62,14 +63,15 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/dotnet/OpenId/FullNameProtocolMapper.cs b/sdk/dotnet/OpenId/FullNameProtocolMapper.cs index 027f5897..bed6bfa2 100644 --- a/sdk/dotnet/OpenId/FullNameProtocolMapper.cs +++ b/sdk/dotnet/OpenId/FullNameProtocolMapper.cs @@ -10,16 +10,19 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing full name protocol mappers within Keycloak. + /// ## # keycloak.openid.FullNameProtocolMapper /// - /// Full name protocol mappers allow you to map a user's first and last name to the OpenID Connect `name` claim in a token. + /// Allows for creating and managing full name protocol mappers within + /// Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// Full name protocol mappers allow you to map a user's first and last name + /// to the OpenID Connect `name` claim in a token. Protocol mappers can be defined + /// for a single client, or they can be defined for a client scope which can + /// be shared between multiple different clients. /// - /// ## Example Usage - /// ### Client) + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,16 +33,16 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// Enabled = true, + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", @@ -48,14 +51,17 @@ namespace Pulumi.Keycloak.OpenId /// /// var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper("fullNameMapper", new() /// { - /// RealmId = realm.Id, /// ClientId = openidClient.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` - /// ### Client Scope) + /// <!--End PulumiCodeChooser --> /// + /// ### Example Usage (Client Scope) + /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -66,8 +72,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -77,74 +83,66 @@ namespace Pulumi.Keycloak.OpenId /// /// var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper("fullNameMapper", new() /// { - /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import - /// - /// Protocol mappers can be imported using one of the following formats: + /// ### Argument Reference /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// The following arguments are supported: /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `add_to_id_token` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. + /// - `add_to_access_token` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. + /// - `add_to_userinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. /// - /// Example: + /// ### Import /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper")] public partial class FullNameProtocolMapper : global::Pulumi.CustomResource { - /// - /// Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - /// [Output("addToAccessToken")] public Output AddToAccessToken { get; private set; } = null!; - /// - /// Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - /// [Output("addToIdToken")] public Output AddToIdToken { get; private set; } = null!; - /// - /// Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - /// [Output("addToUserinfo")] public Output AddToUserinfo { get; private set; } = null!; /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -195,44 +193,35 @@ public static FullNameProtocolMapper Get(string name, Input id, FullName public sealed class FullNameProtocolMapperArgs : global::Pulumi.ResourceArgs { - /// - /// Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } - /// - /// Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } - /// - /// Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -245,44 +234,35 @@ public FullNameProtocolMapperArgs() public sealed class FullNameProtocolMapperState : global::Pulumi.ResourceArgs { - /// - /// Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } - /// - /// Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } - /// - /// Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/OpenId/GetClient.cs b/sdk/dotnet/OpenId/GetClient.cs index 6e6c3d7f..3d9d244e 100644 --- a/sdk/dotnet/OpenId/GetClient.cs +++ b/sdk/dotnet/OpenId/GetClient.cs @@ -12,12 +12,13 @@ namespace Pulumi.Keycloak.OpenId public static class GetClient { /// + /// ## # keycloak.openid.Client data source + /// /// This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. /// - /// {{% examples %}} - /// ## Example Usage - /// {{% example %}} + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -41,19 +42,30 @@ public static class GetClient /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> + /// + /// ### Argument Reference + /// + /// The following arguments are supported: + /// + /// - `realm_id` - (Required) The realm id. + /// - `client_id` - (Required) The client id. + /// + /// ### Attributes Reference + /// + /// See the docs for the `keycloak.openid.Client` resource for details on the exported attributes. /// public static Task InvokeAsync(GetClientArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:openid/getClient:getClient", args ?? new GetClientArgs(), options.WithDefaults()); /// + /// ## # keycloak.openid.Client data source + /// /// This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. /// - /// {{% examples %}} - /// ## Example Usage - /// {{% example %}} + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -77,8 +89,18 @@ public static Task InvokeAsync(GetClientArgs args, InvokeOption /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> + /// + /// ### Argument Reference + /// + /// The following arguments are supported: + /// + /// - `realm_id` - (Required) The realm id. + /// - `client_id` - (Required) The client id. + /// + /// ### Attributes Reference + /// + /// See the docs for the `keycloak.openid.Client` resource for details on the exported attributes. /// public static Output Invoke(GetClientInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:openid/getClient:getClient", args ?? new GetClientInvokeArgs(), options.WithDefaults()); @@ -87,9 +109,6 @@ public static Output Invoke(GetClientInvokeArgs args, InvokeOpt public sealed class GetClientArgs : global::Pulumi.InvokeArgs { - /// - /// The client id (not its unique ID). - /// [Input("clientId", required: true)] public string ClientId { get; set; } = null!; @@ -116,9 +135,6 @@ public Dictionary ExtraConfig [Input("oauth2DevicePollingInterval")] public string? Oauth2DevicePollingInterval { get; set; } - /// - /// The realm id. - /// [Input("realmId", required: true)] public string RealmId { get; set; } = null!; @@ -130,9 +146,6 @@ public GetClientArgs() public sealed class GetClientInvokeArgs : global::Pulumi.InvokeArgs { - /// - /// The client id (not its unique ID). - /// [Input("clientId", required: true)] public Input ClientId { get; set; } = null!; @@ -159,9 +172,6 @@ public InputMap ExtraConfig [Input("oauth2DevicePollingInterval")] public Input? Oauth2DevicePollingInterval { get; set; } - /// - /// The realm id. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; diff --git a/sdk/dotnet/OpenId/GetClientAuthorizationPolicy.cs b/sdk/dotnet/OpenId/GetClientAuthorizationPolicy.cs index 84ace767..ec46c891 100644 --- a/sdk/dotnet/OpenId/GetClientAuthorizationPolicy.cs +++ b/sdk/dotnet/OpenId/GetClientAuthorizationPolicy.cs @@ -14,14 +14,13 @@ public static class GetClientAuthorizationPolicy /// /// This data source can be used to fetch policy and permission information for an OpenID client that has authorization enabled. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// /// In this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default /// permission for this client called "Default Permission". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data /// source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -85,8 +84,7 @@ public static class GetClientAuthorizationPolicy /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetClientAuthorizationPolicyArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:openid/getClientAuthorizationPolicy:getClientAuthorizationPolicy", args ?? new GetClientAuthorizationPolicyArgs(), options.WithDefaults()); @@ -94,14 +92,13 @@ public static Task InvokeAsync(GetClientAuth /// /// This data source can be used to fetch policy and permission information for an OpenID client that has authorization enabled. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// /// In this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default /// permission for this client called "Default Permission". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data /// source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -165,8 +162,7 @@ public static Task InvokeAsync(GetClientAuth /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetClientAuthorizationPolicyInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:openid/getClientAuthorizationPolicy:getClientAuthorizationPolicy", args ?? new GetClientAuthorizationPolicyInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/OpenId/GetClientScope.cs b/sdk/dotnet/OpenId/GetClientScope.cs index e8406b71..731f024b 100644 --- a/sdk/dotnet/OpenId/GetClientScope.cs +++ b/sdk/dotnet/OpenId/GetClientScope.cs @@ -14,10 +14,9 @@ public static class GetClientScope /// /// This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -42,8 +41,7 @@ public static class GetClientScope /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetClientScopeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:openid/getClientScope:getClientScope", args ?? new GetClientScopeArgs(), options.WithDefaults()); @@ -51,10 +49,9 @@ public static Task InvokeAsync(GetClientScopeArgs args, In /// /// This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -79,8 +76,7 @@ public static Task InvokeAsync(GetClientScopeArgs args, In /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetClientScopeInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:openid/getClientScope:getClientScope", args ?? new GetClientScopeInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/OpenId/GetClientServiceAccountUser.cs b/sdk/dotnet/OpenId/GetClientServiceAccountUser.cs index 494f5461..0b1f3b2d 100644 --- a/sdk/dotnet/OpenId/GetClientServiceAccountUser.cs +++ b/sdk/dotnet/OpenId/GetClientServiceAccountUser.cs @@ -15,14 +15,13 @@ public static class GetClientServiceAccountUser /// This data source can be used to fetch information about the service account user that is associated with an OpenID client /// that has service accounts enabled. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// /// In this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user /// that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this /// user, using the `keycloak.UserRoles` resource. /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -69,8 +68,7 @@ public static class GetClientServiceAccountUser /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetClientServiceAccountUserArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:openid/getClientServiceAccountUser:getClientServiceAccountUser", args ?? new GetClientServiceAccountUserArgs(), options.WithDefaults()); @@ -79,14 +77,13 @@ public static Task InvokeAsync(GetClientServi /// This data source can be used to fetch information about the service account user that is associated with an OpenID client /// that has service accounts enabled. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// /// In this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user /// that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this /// user, using the `keycloak.UserRoles` resource. /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -133,8 +130,7 @@ public static Task InvokeAsync(GetClientServi /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetClientServiceAccountUserInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:openid/getClientServiceAccountUser:getClientServiceAccountUser", args ?? new GetClientServiceAccountUserInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/OpenId/GroupMembershipProtocolMapper.cs b/sdk/dotnet/OpenId/GroupMembershipProtocolMapper.cs index b65b895f..9aef40b1 100644 --- a/sdk/dotnet/OpenId/GroupMembershipProtocolMapper.cs +++ b/sdk/dotnet/OpenId/GroupMembershipProtocolMapper.cs @@ -10,16 +10,19 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing group membership protocol mappers within Keycloak. + /// ## # keycloak.openid.GroupMembershipProtocolMapper /// - /// Group membership protocol mappers allow you to map a user's group memberships to a claim in a token. + /// Allows for creating and managing group membership protocol mappers within + /// Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// Group membership protocol mappers allow you to map a user's group memberships + /// to a claim in a token. Protocol mappers can be defined for a single client, + /// or they can be defined for a client scope which can be shared between multiple + /// different clients. /// - /// ## Example Usage - /// ### Client) + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,16 +33,16 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// Enabled = true, + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", @@ -48,15 +51,18 @@ namespace Pulumi.Keycloak.OpenId /// /// var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper("groupMembershipMapper", new() /// { - /// RealmId = realm.Id, - /// ClientId = openidClient.Id, /// ClaimName = "groups", + /// ClientId = openidClient.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` - /// ### Client Scope) + /// <!--End PulumiCodeChooser --> + /// + /// ### Example Usage (Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -67,8 +73,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -78,87 +84,75 @@ namespace Pulumi.Keycloak.OpenId /// /// var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper("groupMembershipMapper", new() /// { - /// RealmId = realm.Id, - /// ClientScopeId = clientScope.Id, /// ClaimName = "groups", + /// ClientScopeId = clientScope.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Protocol mappers can be imported using one of the following formats: + /// The following arguments are supported: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `claim_name` - (Required) The name of the claim to insert into a token. + /// - `full_path` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`. + /// - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// ### Import /// - /// Example: - /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper")] public partial class GroupMembershipProtocolMapper : global::Pulumi.CustomResource { - /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. - /// [Output("addToAccessToken")] public Output AddToAccessToken { get; private set; } = null!; - /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. - /// [Output("addToIdToken")] public Output AddToIdToken { get; private set; } = null!; - /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - /// [Output("addToUserinfo")] public Output AddToUserinfo { get; private set; } = null!; - /// - /// The name of the claim to insert into a token. - /// [Output("claimName")] public Output ClaimName { get; private set; } = null!; /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; - /// - /// Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - /// [Output("fullPath")] public Output FullPath { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -209,56 +203,41 @@ public static GroupMembershipProtocolMapper Get(string name, Input id, G public sealed class GroupMembershipProtocolMapperArgs : global::Pulumi.ResourceArgs { - /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. - /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } - /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. - /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } - /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName", required: true)] public Input ClaimName { get; set; } = null!; /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } - /// - /// Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - /// [Input("fullPath")] public Input? FullPath { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -271,56 +250,41 @@ public GroupMembershipProtocolMapperArgs() public sealed class GroupMembershipProtocolMapperState : global::Pulumi.ResourceArgs { - /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. - /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } - /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. - /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } - /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName")] public Input? ClaimName { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } - /// - /// Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - /// [Input("fullPath")] public Input? FullPath { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/OpenId/HardcodedClaimProtocolMapper.cs b/sdk/dotnet/OpenId/HardcodedClaimProtocolMapper.cs index 63d97834..f7c60a59 100644 --- a/sdk/dotnet/OpenId/HardcodedClaimProtocolMapper.cs +++ b/sdk/dotnet/OpenId/HardcodedClaimProtocolMapper.cs @@ -10,16 +10,19 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing hardcoded claim protocol mappers within Keycloak. + /// ## # keycloak.openid.HardcodedClaimProtocolMapper /// - /// Hardcoded claim protocol mappers allow you to define a claim with a hardcoded value. + /// Allows for creating and managing hardcoded claim protocol mappers within + /// Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// Hardcoded claim protocol mappers allow you to define a claim with a hardcoded + /// value. Protocol mappers can be defined for a single client, or they can + /// be defined for a client scope which can be shared between multiple different + /// clients. /// - /// ## Example Usage - /// ### Client) + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,16 +33,16 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// Enabled = true, + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", @@ -48,16 +51,19 @@ namespace Pulumi.Keycloak.OpenId /// /// var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper("hardcodedClaimMapper", new() /// { - /// RealmId = realm.Id, - /// ClientId = openidClient.Id, /// ClaimName = "foo", /// ClaimValue = "bar", + /// ClientId = openidClient.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` - /// ### Client Scope) + /// <!--End PulumiCodeChooser --> + /// + /// ### Example Usage (Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -68,8 +74,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -79,94 +85,92 @@ namespace Pulumi.Keycloak.OpenId /// /// var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper("hardcodedClaimMapper", new() /// { - /// RealmId = realm.Id, - /// ClientScopeId = clientScope.Id, /// ClaimName = "foo", /// ClaimValue = "bar", + /// ClientScopeId = clientScope.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Protocol mappers can be imported using one of the following formats: + /// The following arguments are supported: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `claim_name` - (Required) The name of the claim to insert into a token. + /// - `claim_value` - (Required) The hardcoded value of the claim. + /// - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + /// - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// ### Import /// - /// Example: - /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper")] public partial class HardcodedClaimProtocolMapper : global::Pulumi.CustomResource { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Output("addToAccessToken")] public Output AddToAccessToken { get; private set; } = null!; /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Output("addToIdToken")] public Output AddToIdToken { get; private set; } = null!; /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Output("addToUserinfo")] public Output AddToUserinfo { get; private set; } = null!; - /// - /// The name of the claim to insert into a token. - /// [Output("claimName")] public Output ClaimName { get; private set; } = null!; - /// - /// The hardcoded value of the claim. - /// [Output("claimValue")] public Output ClaimValue { get; private set; } = null!; /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Output("claimValueType")] public Output ClaimValueType { get; private set; } = null!; /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -218,61 +222,55 @@ public static HardcodedClaimProtocolMapper Get(string name, Input id, Ha public sealed class HardcodedClaimProtocolMapperArgs : global::Pulumi.ResourceArgs { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName", required: true)] public Input ClaimName { get; set; } = null!; - /// - /// The hardcoded value of the claim. - /// [Input("claimValue", required: true)] public Input ClaimValue { get; set; } = null!; /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Input("claimValueType")] public Input? ClaimValueType { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -286,61 +284,55 @@ public HardcodedClaimProtocolMapperArgs() public sealed class HardcodedClaimProtocolMapperState : global::Pulumi.ResourceArgs { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName")] public Input? ClaimName { get; set; } - /// - /// The hardcoded value of the claim. - /// [Input("claimValue")] public Input? ClaimValue { get; set; } /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Input("claimValueType")] public Input? ClaimValueType { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/OpenId/HardcodedRoleProtocolMapper.cs b/sdk/dotnet/OpenId/HardcodedRoleProtocolMapper.cs index 104ab3b4..a6af817f 100644 --- a/sdk/dotnet/OpenId/HardcodedRoleProtocolMapper.cs +++ b/sdk/dotnet/OpenId/HardcodedRoleProtocolMapper.cs @@ -10,16 +10,19 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing hardcoded role protocol mappers within Keycloak. + /// ## # keycloak.openid.HardcodedRoleProtocolMapper /// - /// Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. + /// Allows for creating and managing hardcoded role protocol mappers within + /// Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// Hardcoded role protocol mappers allow you to specify a single role to + /// always map to an access token for a client. Protocol mappers can be + /// defined for a single client, or they can be defined for a client scope + /// which can be shared between multiple different clients. /// - /// ## Example Usage - /// ### Client) + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,8 +33,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var role = new Keycloak.Role("role", new() @@ -41,10 +44,10 @@ namespace Pulumi.Keycloak.OpenId /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// Enabled = true, + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", @@ -53,15 +56,18 @@ namespace Pulumi.Keycloak.OpenId /// /// var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcodedRoleMapper", new() /// { - /// RealmId = realm.Id, /// ClientId = openidClient.Id, + /// RealmId = realm.Id, /// RoleId = role.Id, /// }); /// /// }); /// ``` - /// ### Client Scope) + /// <!--End PulumiCodeChooser --> + /// + /// ### Example Usage (Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -72,8 +78,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var role = new Keycloak.Role("role", new() @@ -88,64 +94,61 @@ namespace Pulumi.Keycloak.OpenId /// /// var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcodedRoleMapper", new() /// { - /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, + /// RealmId = realm.Id, /// RoleId = role.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Protocol mappers can be imported using one of the following formats: - /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// The following arguments are supported: /// - /// Example: + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the + /// GUI. + /// - `role_id` - (Required) The ID of the role to map to an access token. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper")] public partial class HardcodedRoleProtocolMapper : global::Pulumi.CustomResource { /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// The ID of the role to map to an access token. - /// [Output("roleId")] public Output RoleId { get; private set; } = null!; @@ -196,32 +199,29 @@ public static HardcodedRoleProtocolMapper Get(string name, Input id, Har public sealed class HardcodedRoleProtocolMapperArgs : global::Pulumi.ResourceArgs { /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// The ID of the role to map to an access token. - /// [Input("roleId", required: true)] public Input RoleId { get; set; } = null!; @@ -234,32 +234,29 @@ public HardcodedRoleProtocolMapperArgs() public sealed class HardcodedRoleProtocolMapperState : global::Pulumi.ResourceArgs { /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// The ID of the role to map to an access token. - /// [Input("roleId")] public Input? RoleId { get; set; } diff --git a/sdk/dotnet/OpenId/Inputs/ClientAuthenticationFlowBindingOverridesArgs.cs b/sdk/dotnet/OpenId/Inputs/ClientAuthenticationFlowBindingOverridesArgs.cs index 80ae3a66..17fa7e45 100644 --- a/sdk/dotnet/OpenId/Inputs/ClientAuthenticationFlowBindingOverridesArgs.cs +++ b/sdk/dotnet/OpenId/Inputs/ClientAuthenticationFlowBindingOverridesArgs.cs @@ -12,15 +12,9 @@ namespace Pulumi.Keycloak.OpenId.Inputs public sealed class ClientAuthenticationFlowBindingOverridesArgs : global::Pulumi.ResourceArgs { - /// - /// Browser flow id, (flow needs to exist) - /// [Input("browserId")] public Input? BrowserId { get; set; } - /// - /// Direct grant flow id (flow needs to exist) - /// [Input("directGrantId")] public Input? DirectGrantId { get; set; } diff --git a/sdk/dotnet/OpenId/Inputs/ClientAuthenticationFlowBindingOverridesGetArgs.cs b/sdk/dotnet/OpenId/Inputs/ClientAuthenticationFlowBindingOverridesGetArgs.cs index 8e27eb3a..f7695d6f 100644 --- a/sdk/dotnet/OpenId/Inputs/ClientAuthenticationFlowBindingOverridesGetArgs.cs +++ b/sdk/dotnet/OpenId/Inputs/ClientAuthenticationFlowBindingOverridesGetArgs.cs @@ -12,15 +12,9 @@ namespace Pulumi.Keycloak.OpenId.Inputs public sealed class ClientAuthenticationFlowBindingOverridesGetArgs : global::Pulumi.ResourceArgs { - /// - /// Browser flow id, (flow needs to exist) - /// [Input("browserId")] public Input? BrowserId { get; set; } - /// - /// Direct grant flow id (flow needs to exist) - /// [Input("directGrantId")] public Input? DirectGrantId { get; set; } diff --git a/sdk/dotnet/OpenId/Inputs/ClientAuthorizationArgs.cs b/sdk/dotnet/OpenId/Inputs/ClientAuthorizationArgs.cs index a8114a6f..551ecb02 100644 --- a/sdk/dotnet/OpenId/Inputs/ClientAuthorizationArgs.cs +++ b/sdk/dotnet/OpenId/Inputs/ClientAuthorizationArgs.cs @@ -12,27 +12,15 @@ namespace Pulumi.Keycloak.OpenId.Inputs public sealed class ClientAuthorizationArgs : global::Pulumi.ResourceArgs { - /// - /// When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - /// [Input("allowRemoteResourceManagement")] public Input? AllowRemoteResourceManagement { get; set; } - /// - /// Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - /// [Input("decisionStrategy")] public Input? DecisionStrategy { get; set; } - /// - /// When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - /// [Input("keepDefaults")] public Input? KeepDefaults { get; set; } - /// - /// Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - /// [Input("policyEnforcementMode", required: true)] public Input PolicyEnforcementMode { get; set; } = null!; diff --git a/sdk/dotnet/OpenId/Inputs/ClientAuthorizationGetArgs.cs b/sdk/dotnet/OpenId/Inputs/ClientAuthorizationGetArgs.cs index 2d5774d1..064b57f2 100644 --- a/sdk/dotnet/OpenId/Inputs/ClientAuthorizationGetArgs.cs +++ b/sdk/dotnet/OpenId/Inputs/ClientAuthorizationGetArgs.cs @@ -12,27 +12,15 @@ namespace Pulumi.Keycloak.OpenId.Inputs public sealed class ClientAuthorizationGetArgs : global::Pulumi.ResourceArgs { - /// - /// When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - /// [Input("allowRemoteResourceManagement")] public Input? AllowRemoteResourceManagement { get; set; } - /// - /// Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - /// [Input("decisionStrategy")] public Input? DecisionStrategy { get; set; } - /// - /// When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - /// [Input("keepDefaults")] public Input? KeepDefaults { get; set; } - /// - /// Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - /// [Input("policyEnforcementMode", required: true)] public Input PolicyEnforcementMode { get; set; } = null!; diff --git a/sdk/dotnet/OpenId/Outputs/ClientAuthenticationFlowBindingOverrides.cs b/sdk/dotnet/OpenId/Outputs/ClientAuthenticationFlowBindingOverrides.cs index 664f1ca6..b5551a9c 100644 --- a/sdk/dotnet/OpenId/Outputs/ClientAuthenticationFlowBindingOverrides.cs +++ b/sdk/dotnet/OpenId/Outputs/ClientAuthenticationFlowBindingOverrides.cs @@ -13,13 +13,7 @@ namespace Pulumi.Keycloak.OpenId.Outputs [OutputType] public sealed class ClientAuthenticationFlowBindingOverrides { - /// - /// Browser flow id, (flow needs to exist) - /// public readonly string? BrowserId; - /// - /// Direct grant flow id (flow needs to exist) - /// public readonly string? DirectGrantId; [OutputConstructor] diff --git a/sdk/dotnet/OpenId/Outputs/ClientAuthorization.cs b/sdk/dotnet/OpenId/Outputs/ClientAuthorization.cs index e61e811e..79512de2 100644 --- a/sdk/dotnet/OpenId/Outputs/ClientAuthorization.cs +++ b/sdk/dotnet/OpenId/Outputs/ClientAuthorization.cs @@ -13,21 +13,9 @@ namespace Pulumi.Keycloak.OpenId.Outputs [OutputType] public sealed class ClientAuthorization { - /// - /// When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - /// public readonly bool? AllowRemoteResourceManagement; - /// - /// Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - /// public readonly string? DecisionStrategy; - /// - /// When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - /// public readonly bool? KeepDefaults; - /// - /// Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - /// public readonly string PolicyEnforcementMode; [OutputConstructor] diff --git a/sdk/dotnet/OpenId/ScriptProtocolMapper.cs b/sdk/dotnet/OpenId/ScriptProtocolMapper.cs index 3ae021d1..3b74b601 100644 --- a/sdk/dotnet/OpenId/ScriptProtocolMapper.cs +++ b/sdk/dotnet/OpenId/ScriptProtocolMapper.cs @@ -20,8 +20,10 @@ namespace Pulumi.Keycloak.OpenId /// > Support for this protocol mapper was removed in Keycloak 18. /// /// ## Example Usage + /// /// ### Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -58,8 +60,11 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -89,18 +94,19 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Protocol mappers can be imported using one of the following formats: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/dotnet/OpenId/UserAttributeProtocolMapper.cs b/sdk/dotnet/OpenId/UserAttributeProtocolMapper.cs index 2c7346fe..964413f0 100644 --- a/sdk/dotnet/OpenId/UserAttributeProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserAttributeProtocolMapper.cs @@ -10,16 +10,19 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing user attribute protocol mappers within Keycloak. + /// ## # keycloak.openid.UserAttributeProtocolMapper /// - /// User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. + /// Allows for creating and managing user attribute protocol mappers within + /// Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// User attribute protocol mappers allow you to map custom attributes defined + /// for a user within Keycloak to a claim in a token. Protocol mappers can be + /// defined for a single client, or they can be defined for a client scope which + /// can be shared between multiple different clients. /// - /// ## Example Usage - /// ### Client) + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,16 +33,16 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// Enabled = true, + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", @@ -48,16 +51,19 @@ namespace Pulumi.Keycloak.OpenId /// /// var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("userAttributeMapper", new() /// { - /// RealmId = realm.Id, + /// ClaimName = "bar", /// ClientId = openidClient.Id, + /// RealmId = realm.Id, /// UserAttribute = "foo", - /// ClaimName = "bar", /// }); /// /// }); /// ``` - /// ### Client Scope) + /// <!--End PulumiCodeChooser --> + /// + /// ### Example Usage (Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -68,8 +74,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -79,107 +85,106 @@ namespace Pulumi.Keycloak.OpenId /// /// var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("userAttributeMapper", new() /// { - /// RealmId = realm.Id, + /// ClaimName = "bar", /// ClientScopeId = clientScope.Id, + /// RealmId = realm.Id, /// UserAttribute = "foo", - /// ClaimName = "bar", /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Protocol mappers can be imported using one of the following formats: + /// The following arguments are supported: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `user_attribute` - (Required) The custom user attribute to map a claim for. + /// - `claim_name` - (Required) The name of the claim to insert into a token. + /// - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + /// - `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + /// - `add_to_id_token` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + /// - `add_to_access_token` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + /// - `add_to_userinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// ### Import /// - /// Example: - /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper")] public partial class UserAttributeProtocolMapper : global::Pulumi.CustomResource { /// - /// Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Output("addToAccessToken")] public Output AddToAccessToken { get; private set; } = null!; /// - /// Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Output("addToIdToken")] public Output AddToIdToken { get; private set; } = null!; /// - /// Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Output("addToUserinfo")] public Output AddToUserinfo { get; private set; } = null!; /// - /// Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + /// Indicates if attribute values should be aggregated within the group attributes /// [Output("aggregateAttributes")] public Output AggregateAttributes { get; private set; } = null!; - /// - /// The name of the claim to insert into a token. - /// [Output("claimName")] public Output ClaimName { get; private set; } = null!; /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Output("claimValueType")] public Output ClaimValueType { get; private set; } = null!; /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; /// - /// Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + /// Indicates whether this attribute is a single value or an array of values. /// [Output("multivalued")] public Output Multivalued { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// The custom user attribute to map a claim for. - /// [Output("userAttribute")] public Output UserAttribute { get; private set; } = null!; @@ -230,74 +235,68 @@ public static UserAttributeProtocolMapper Get(string name, Input id, Use public sealed class UserAttributeProtocolMapperArgs : global::Pulumi.ResourceArgs { /// - /// Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } /// - /// Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + /// Indicates if attribute values should be aggregated within the group attributes /// [Input("aggregateAttributes")] public Input? AggregateAttributes { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName", required: true)] public Input ClaimName { get; set; } = null!; /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Input("claimValueType")] public Input? ClaimValueType { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + /// Indicates whether this attribute is a single value or an array of values. /// [Input("multivalued")] public Input? Multivalued { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// The custom user attribute to map a claim for. - /// [Input("userAttribute", required: true)] public Input UserAttribute { get; set; } = null!; @@ -310,74 +309,68 @@ public UserAttributeProtocolMapperArgs() public sealed class UserAttributeProtocolMapperState : global::Pulumi.ResourceArgs { /// - /// Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } /// - /// Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + /// Indicates if attribute values should be aggregated within the group attributes /// [Input("aggregateAttributes")] public Input? AggregateAttributes { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName")] public Input? ClaimName { get; set; } /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Input("claimValueType")] public Input? ClaimValueType { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + /// Indicates whether this attribute is a single value or an array of values. /// [Input("multivalued")] public Input? Multivalued { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// The custom user attribute to map a claim for. - /// [Input("userAttribute")] public Input? UserAttribute { get; set; } diff --git a/sdk/dotnet/OpenId/UserClientRoleProtocolMapper.cs b/sdk/dotnet/OpenId/UserClientRoleProtocolMapper.cs index 3f2f1a74..25301628 100644 --- a/sdk/dotnet/OpenId/UserClientRoleProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserClientRoleProtocolMapper.cs @@ -18,8 +18,10 @@ namespace Pulumi.Keycloak.OpenId /// multiple different clients. /// /// ## Example Usage + /// /// ### Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -55,8 +57,11 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -85,18 +90,19 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Protocol mappers can be imported using one of the following formats: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs b/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs index e5f94626..7b60da8a 100644 --- a/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs @@ -10,17 +10,19 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing user property protocol mappers within Keycloak. + /// ## # keycloak.openid.UserPropertyProtocolMapper /// - /// User property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in - /// a token. + /// Allows for creating and managing user property protocol mappers within + /// Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// User property protocol mappers allow you to map built in properties defined + /// on the Keycloak user interface to a claim in a token. Protocol mappers can be + /// defined for a single client, or they can be defined for a client scope which + /// can be shared between multiple different clients. /// - /// ## Example Usage - /// ### Client) + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -31,16 +33,16 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// Enabled = true, + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", @@ -49,16 +51,19 @@ namespace Pulumi.Keycloak.OpenId /// /// var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper("userPropertyMapper", new() /// { - /// RealmId = realm.Id, + /// ClaimName = "email", /// ClientId = openidClient.Id, + /// RealmId = realm.Id, /// UserProperty = "email", - /// ClaimName = "email", /// }); /// /// }); /// ``` - /// ### Client Scope) + /// <!--End PulumiCodeChooser --> + /// + /// ### Example Usage (Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -69,8 +74,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -80,95 +85,93 @@ namespace Pulumi.Keycloak.OpenId /// /// var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper("userPropertyMapper", new() /// { - /// RealmId = realm.Id, + /// ClaimName = "email", /// ClientScopeId = clientScope.Id, + /// RealmId = realm.Id, /// UserProperty = "email", - /// ClaimName = "email", /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Protocol mappers can be imported using one of the following formats: + /// The following arguments are supported: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `user_property` - (Required) The built in user property (such as email) to map a claim for. + /// - `claim_name` - (Required) The name of the claim to insert into a token. + /// - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + /// - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// ### Import /// - /// Example: - /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper")] public partial class UserPropertyProtocolMapper : global::Pulumi.CustomResource { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the property should be a claim in the access token. /// [Output("addToAccessToken")] public Output AddToAccessToken { get; private set; } = null!; /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the property should be a claim in the id token. /// [Output("addToIdToken")] public Output AddToIdToken { get; private set; } = null!; /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the property should appear in the userinfo response body. /// [Output("addToUserinfo")] public Output AddToUserinfo { get; private set; } = null!; - /// - /// The name of the claim to insert into a token. - /// [Output("claimName")] public Output ClaimName { get; private set; } = null!; /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Output("claimValueType")] public Output ClaimValueType { get; private set; } = null!; /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// The built in user property (such as email) to map a claim for. - /// [Output("userProperty")] public Output UserProperty { get; private set; } = null!; @@ -219,62 +222,56 @@ public static UserPropertyProtocolMapper Get(string name, Input id, User public sealed class UserPropertyProtocolMapperArgs : global::Pulumi.ResourceArgs { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the property should be a claim in the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the property should be a claim in the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the property should appear in the userinfo response body. /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName", required: true)] public Input ClaimName { get; set; } = null!; /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Input("claimValueType")] public Input? ClaimValueType { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// The built in user property (such as email) to map a claim for. - /// [Input("userProperty", required: true)] public Input UserProperty { get; set; } = null!; @@ -287,62 +284,56 @@ public UserPropertyProtocolMapperArgs() public sealed class UserPropertyProtocolMapperState : global::Pulumi.ResourceArgs { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the property should be a claim in the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the property should be a claim in the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the property should appear in the userinfo response body. /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName")] public Input? ClaimName { get; set; } /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Input("claimValueType")] public Input? ClaimValueType { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// The built in user property (such as email) to map a claim for. - /// [Input("userProperty")] public Input? UserProperty { get; set; } diff --git a/sdk/dotnet/OpenId/UserRealmRoleProtocolMapper.cs b/sdk/dotnet/OpenId/UserRealmRoleProtocolMapper.cs index f9901f37..8f0c3753 100644 --- a/sdk/dotnet/OpenId/UserRealmRoleProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserRealmRoleProtocolMapper.cs @@ -10,16 +10,19 @@ namespace Pulumi.Keycloak.OpenId { /// - /// Allows for creating and managing user realm role protocol mappers within Keycloak. + /// ## # keycloak.openid.UserRealmRoleProtocolMapper /// - /// User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + /// Allows for creating and managing user realm role protocol mappers within + /// Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + /// Protocol mappers can be defined for a single client, or they can + /// be defined for a client scope which can be shared between multiple different + /// clients. /// - /// ## Example Usage - /// ### Client) + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,16 +33,16 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "client", - /// Enabled = true, /// AccessType = "CONFIDENTIAL", + /// ClientId = "test-client", + /// Enabled = true, + /// RealmId = realm.Id, /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", @@ -48,15 +51,18 @@ namespace Pulumi.Keycloak.OpenId /// /// var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper("userRealmRoleMapper", new() /// { - /// RealmId = realm.Id, - /// ClientId = openidClient.Id, /// ClaimName = "foo", + /// ClientId = openidClient.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` - /// ### Client Scope) + /// <!--End PulumiCodeChooser --> /// + /// ### Example Usage (Client Scope) + /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -67,8 +73,8 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() @@ -78,99 +84,101 @@ namespace Pulumi.Keycloak.OpenId /// /// var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper("userRealmRoleMapper", new() /// { - /// RealmId = realm.Id, - /// ClientScopeId = clientScope.Id, /// ClaimName = "foo", + /// ClientScopeId = clientScope.Id, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import - /// - /// Protocol mappers can be imported using one of the following formats: - /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// ### Argument Reference /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// The following arguments are supported: /// - /// Example: + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `claim_name` - (Required) The name of the claim to insert into a token. + /// - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + /// - `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`. + /// - `realm_role_prefix` - (Optional) A prefix for each Realm Role. + /// - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. /// - /// bash + /// ### Import /// - /// ```sh - /// $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper")] public partial class UserRealmRoleProtocolMapper : global::Pulumi.CustomResource { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Output("addToAccessToken")] public Output AddToAccessToken { get; private set; } = null!; /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Output("addToIdToken")] public Output AddToIdToken { get; private set; } = null!; /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Output("addToUserinfo")] public Output AddToUserinfo { get; private set; } = null!; - /// - /// The name of the claim to insert into a token. - /// [Output("claimName")] public Output ClaimName { get; private set; } = null!; /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Output("claimValueType")] public Output ClaimValueType { get; private set; } = null!; /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Output("clientId")] public Output ClientId { get; private set; } = null!; /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; /// - /// Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + /// Indicates whether this attribute is a single value or an array of values. /// [Output("multivalued")] public Output Multivalued { get; private set; } = null!; /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Output("name")] public Output Name { get; private set; } = null!; /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Output("realmId")] public Output RealmId { get; private set; } = null!; /// - /// A prefix for each Realm Role. + /// Prefix that will be added to each realm role. /// [Output("realmRolePrefix")] public Output RealmRolePrefix { get; private set; } = null!; @@ -222,67 +230,64 @@ public static UserRealmRoleProtocolMapper Get(string name, Input id, Use public sealed class UserRealmRoleProtocolMapperArgs : global::Pulumi.ResourceArgs { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName", required: true)] public Input ClaimName { get; set; } = null!; /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Input("claimValueType")] public Input? ClaimValueType { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + /// Indicates whether this attribute is a single value or an array of values. /// [Input("multivalued")] public Input? Multivalued { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; /// - /// A prefix for each Realm Role. + /// Prefix that will be added to each realm role. /// [Input("realmRolePrefix")] public Input? RealmRolePrefix { get; set; } @@ -296,67 +301,64 @@ public UserRealmRoleProtocolMapperArgs() public sealed class UserRealmRoleProtocolMapperState : global::Pulumi.ResourceArgs { /// - /// Indicates if the property should be added as a claim to the access token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the access token. /// [Input("addToAccessToken")] public Input? AddToAccessToken { get; set; } /// - /// Indicates if the property should be added as a claim to the id token. Defaults to `true`. + /// Indicates if the attribute should be a claim in the id token. /// [Input("addToIdToken")] public Input? AddToIdToken { get; set; } /// - /// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + /// Indicates if the attribute should appear in the userinfo response body. /// [Input("addToUserinfo")] public Input? AddToUserinfo { get; set; } - /// - /// The name of the claim to insert into a token. - /// [Input("claimName")] public Input? ClaimName { get; set; } /// - /// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + /// Claim type used when serializing tokens. /// [Input("claimValueType")] public Input? ClaimValueType { get; set; } /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client. Cannot be used at the same time as client_scope_id. /// [Input("clientId")] public Input? ClientId { get; set; } /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + /// The mapper's associated client scope. Cannot be used at the same time as client_id. /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } /// - /// Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + /// Indicates whether this attribute is a single value or an array of values. /// [Input("multivalued")] public Input? Multivalued { get; set; } /// - /// The display name of this protocol mapper in the GUI. + /// A human-friendly name that will appear in the Keycloak console. /// [Input("name")] public Input? Name { get; set; } /// - /// The realm this protocol mapper exists within. + /// The realm id where the associated client or client scope exists. /// [Input("realmId")] public Input? RealmId { get; set; } /// - /// A prefix for each Realm Role. + /// Prefix that will be added to each realm role. /// [Input("realmRolePrefix")] public Input? RealmRolePrefix { get; set; } diff --git a/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs b/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs index 6763ac19..7a659062 100644 --- a/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs @@ -18,8 +18,10 @@ namespace Pulumi.Keycloak.OpenId /// multiple different clients. /// /// ## Example Usage + /// /// ### Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -57,8 +59,11 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Client Scope) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -89,18 +94,19 @@ namespace Pulumi.Keycloak.OpenId /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Protocol mappers can be imported using one of the following formats: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/dotnet/Outputs/GetRealmKeysKeyResult.cs b/sdk/dotnet/Outputs/GetRealmKeysKeyResult.cs index f99a6b09..bd880630 100644 --- a/sdk/dotnet/Outputs/GetRealmKeysKeyResult.cs +++ b/sdk/dotnet/Outputs/GetRealmKeysKeyResult.cs @@ -13,37 +13,13 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class GetRealmKeysKeyResult { - /// - /// Key algorithm (string) - /// public readonly string Algorithm; - /// - /// Key certificate (string) - /// public readonly string Certificate; - /// - /// Key ID (string) - /// public readonly string Kid; - /// - /// Key provider ID (string) - /// public readonly string ProviderId; - /// - /// Key provider priority (int64) - /// public readonly int ProviderPriority; - /// - /// Key public key (string) - /// public readonly string PublicKey; - /// - /// When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - /// public readonly string Status; - /// - /// Key type (string) - /// public readonly string Type; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/RealmInternationalization.cs b/sdk/dotnet/Outputs/RealmInternationalization.cs index e0e1ae85..6ff534ef 100644 --- a/sdk/dotnet/Outputs/RealmInternationalization.cs +++ b/sdk/dotnet/Outputs/RealmInternationalization.cs @@ -13,13 +13,7 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class RealmInternationalization { - /// - /// The locale to use by default. This locale code must be present within the `supported_locales` list. - /// public readonly string DefaultLocale; - /// - /// A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - /// public readonly ImmutableArray SupportedLocales; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/RealmOtpPolicy.cs b/sdk/dotnet/Outputs/RealmOtpPolicy.cs index aacb117c..2333259a 100644 --- a/sdk/dotnet/Outputs/RealmOtpPolicy.cs +++ b/sdk/dotnet/Outputs/RealmOtpPolicy.cs @@ -14,27 +14,15 @@ namespace Pulumi.Keycloak.Outputs public sealed class RealmOtpPolicy { /// - /// What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + /// What hashing algorithm should be used to generate the OTP. /// public readonly string? Algorithm; - /// - /// How many digits the OTP have. Defaults to `6`. - /// public readonly int? Digits; - /// - /// What should the initial counter value be. Defaults to `2`. - /// public readonly int? InitialCounter; - /// - /// How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - /// public readonly int? LookAheadWindow; - /// - /// How many seconds should an OTP token be valid. Defaults to `30`. - /// public readonly int? Period; /// - /// One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + /// OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password /// public readonly string? Type; diff --git a/sdk/dotnet/Outputs/RealmSecurityDefensesBruteForceDetection.cs b/sdk/dotnet/Outputs/RealmSecurityDefensesBruteForceDetection.cs index eddefa2f..c0e28cfa 100644 --- a/sdk/dotnet/Outputs/RealmSecurityDefensesBruteForceDetection.cs +++ b/sdk/dotnet/Outputs/RealmSecurityDefensesBruteForceDetection.cs @@ -13,31 +13,12 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class RealmSecurityDefensesBruteForceDetection { - /// - /// When will failure count be reset? - /// public readonly int? FailureResetTimeSeconds; public readonly int? MaxFailureWaitSeconds; - /// - /// How many failures before wait is triggered. - /// public readonly int? MaxLoginFailures; - /// - /// How long to wait after a quick login failure. - /// - `max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - /// public readonly int? MinimumQuickLoginWaitSeconds; - /// - /// When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - /// public readonly bool? PermanentLockout; - /// - /// Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - /// public readonly int? QuickLoginCheckMilliSeconds; - /// - /// This represents the amount of time a user should be locked out when the login failure threshold has been met. - /// public readonly int? WaitIncrementSeconds; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/RealmSecurityDefensesHeaders.cs b/sdk/dotnet/Outputs/RealmSecurityDefensesHeaders.cs index 986e469d..398978aa 100644 --- a/sdk/dotnet/Outputs/RealmSecurityDefensesHeaders.cs +++ b/sdk/dotnet/Outputs/RealmSecurityDefensesHeaders.cs @@ -13,37 +13,13 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class RealmSecurityDefensesHeaders { - /// - /// Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - /// public readonly string? ContentSecurityPolicy; - /// - /// Used for testing Content Security Policies. - /// public readonly string? ContentSecurityPolicyReportOnly; - /// - /// The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - /// public readonly string? ReferrerPolicy; - /// - /// The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - /// public readonly string? StrictTransportSecurity; - /// - /// Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - /// public readonly string? XContentTypeOptions; - /// - /// Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - /// public readonly string? XFrameOptions; - /// - /// Prevent pages from appearing in search engines. - /// public readonly string? XRobotsTag; - /// - /// This header configures the Cross-site scripting (XSS) filter in your browser. - /// public readonly string? XXssProtection; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/RealmSmtpServer.cs b/sdk/dotnet/Outputs/RealmSmtpServer.cs index 797bd028..01e73870 100644 --- a/sdk/dotnet/Outputs/RealmSmtpServer.cs +++ b/sdk/dotnet/Outputs/RealmSmtpServer.cs @@ -13,45 +13,15 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class RealmSmtpServer { - /// - /// Enables authentication to the SMTP server. This block supports the following arguments: - /// public readonly Outputs.RealmSmtpServerAuth? Auth; - /// - /// The email address uses for bounces. - /// public readonly string? EnvelopeFrom; - /// - /// The email address for the sender. - /// public readonly string From; - /// - /// The display name of the sender email address. - /// public readonly string? FromDisplayName; - /// - /// The host of the SMTP server. - /// public readonly string Host; - /// - /// The port of the SMTP server (defaults to 25). - /// public readonly string? Port; - /// - /// The "reply to" email address. - /// public readonly string? ReplyTo; - /// - /// The display name of the "reply to" email address. - /// public readonly string? ReplyToDisplayName; - /// - /// When `true`, enables SSL. Defaults to `false`. - /// public readonly bool? Ssl; - /// - /// When `true`, enables StartTLS. Defaults to `false`. - /// public readonly bool? Starttls; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/RealmSmtpServerAuth.cs b/sdk/dotnet/Outputs/RealmSmtpServerAuth.cs index bbe2763d..4733a250 100644 --- a/sdk/dotnet/Outputs/RealmSmtpServerAuth.cs +++ b/sdk/dotnet/Outputs/RealmSmtpServerAuth.cs @@ -13,13 +13,7 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class RealmSmtpServerAuth { - /// - /// The SMTP server password. - /// public readonly string Password; - /// - /// The SMTP server username. - /// public readonly string Username; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/RealmWebAuthnPasswordlessPolicy.cs b/sdk/dotnet/Outputs/RealmWebAuthnPasswordlessPolicy.cs index 53e1fa90..c7b134dc 100644 --- a/sdk/dotnet/Outputs/RealmWebAuthnPasswordlessPolicy.cs +++ b/sdk/dotnet/Outputs/RealmWebAuthnPasswordlessPolicy.cs @@ -13,44 +13,29 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class RealmWebAuthnPasswordlessPolicy { - /// - /// A set of AAGUIDs for which an authenticator can be registered. - /// public readonly ImmutableArray AcceptableAaguids; /// - /// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + /// Either none, indirect or direct /// public readonly string? AttestationConveyancePreference; /// - /// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + /// Either platform or cross-platform /// public readonly string? AuthenticatorAttachment; - /// - /// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - /// public readonly bool? AvoidSameAuthenticatorRegister; - /// - /// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - /// public readonly int? CreateTimeout; - /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - /// public readonly string? RelyingPartyEntityName; - /// - /// The WebAuthn relying party ID. - /// public readonly string? RelyingPartyId; /// - /// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + /// Either Yes or No /// public readonly string? RequireResidentKey; /// - /// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + /// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing /// public readonly ImmutableArray SignatureAlgorithms; /// - /// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + /// Either required, preferred or discouraged /// public readonly string? UserVerificationRequirement; diff --git a/sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs b/sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs index fe141e4b..83f2a42e 100644 --- a/sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs +++ b/sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs @@ -13,44 +13,29 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class RealmWebAuthnPolicy { - /// - /// A set of AAGUIDs for which an authenticator can be registered. - /// public readonly ImmutableArray AcceptableAaguids; /// - /// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + /// Either none, indirect or direct /// public readonly string? AttestationConveyancePreference; /// - /// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + /// Either platform or cross-platform /// public readonly string? AuthenticatorAttachment; - /// - /// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - /// public readonly bool? AvoidSameAuthenticatorRegister; - /// - /// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - /// public readonly int? CreateTimeout; - /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - /// public readonly string? RelyingPartyEntityName; - /// - /// The WebAuthn relying party ID. - /// public readonly string? RelyingPartyId; /// - /// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + /// Either Yes or No /// public readonly string? RequireResidentKey; /// - /// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + /// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing /// public readonly ImmutableArray SignatureAlgorithms; /// - /// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + /// Either required, preferred or discouraged /// public readonly string? UserVerificationRequirement; diff --git a/sdk/dotnet/Outputs/UserFederatedIdentity.cs b/sdk/dotnet/Outputs/UserFederatedIdentity.cs index 92163beb..7f925ef5 100644 --- a/sdk/dotnet/Outputs/UserFederatedIdentity.cs +++ b/sdk/dotnet/Outputs/UserFederatedIdentity.cs @@ -13,17 +13,8 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class UserFederatedIdentity { - /// - /// The name of the identity provider - /// public readonly string IdentityProvider; - /// - /// The ID of the user defined in the identity provider - /// public readonly string UserId; - /// - /// The user name of the user defined in the identity provider - /// public readonly string UserName; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/UserInitialPassword.cs b/sdk/dotnet/Outputs/UserInitialPassword.cs index df9f5add..54fd1cd1 100644 --- a/sdk/dotnet/Outputs/UserInitialPassword.cs +++ b/sdk/dotnet/Outputs/UserInitialPassword.cs @@ -13,13 +13,7 @@ namespace Pulumi.Keycloak.Outputs [OutputType] public sealed class UserInitialPassword { - /// - /// If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - /// public readonly bool? Temporary; - /// - /// The initial password. - /// public readonly string Value; [OutputConstructor] diff --git a/sdk/dotnet/Realm.cs b/sdk/dotnet/Realm.cs index 88b54fab..0281b6e9 100644 --- a/sdk/dotnet/Realm.cs +++ b/sdk/dotnet/Realm.cs @@ -9,194 +9,54 @@ namespace Pulumi.Keycloak { - /// - /// Allows for creating and managing Realms within Keycloak. - /// - /// A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated - /// from multiple sources. - /// - /// ## Example Usage - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// AccessCodeLifespan = "1h", - /// Attributes = - /// { - /// { "mycustomAttribute", "myCustomValue" }, - /// }, - /// DisplayName = "my realm", - /// DisplayNameHtml = "<b>my realm</b>", - /// Enabled = true, - /// Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs - /// { - /// DefaultLocale = "en", - /// SupportedLocales = new[] - /// { - /// "en", - /// "de", - /// "es", - /// }, - /// }, - /// LoginTheme = "base", - /// PasswordPolicy = "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername", - /// RealmName = "my-realm", - /// SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs - /// { - /// BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs - /// { - /// FailureResetTimeSeconds = 43200, - /// MaxFailureWaitSeconds = 900, - /// MaxLoginFailures = 30, - /// MinimumQuickLoginWaitSeconds = 60, - /// PermanentLockout = false, - /// QuickLoginCheckMilliSeconds = 1000, - /// WaitIncrementSeconds = 60, - /// }, - /// Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs - /// { - /// ContentSecurityPolicy = "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - /// ContentSecurityPolicyReportOnly = "", - /// StrictTransportSecurity = "max-age=31536000; includeSubDomains", - /// XContentTypeOptions = "nosniff", - /// XFrameOptions = "DENY", - /// XRobotsTag = "none", - /// XXssProtection = "1; mode=block", - /// }, - /// }, - /// SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs - /// { - /// Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs - /// { - /// Password = "password", - /// Username = "tom", - /// }, - /// From = "example@example.com", - /// Host = "smtp.example.com", - /// }, - /// SslRequired = "external", - /// WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs - /// { - /// RelyingPartyEntityName = "Example", - /// RelyingPartyId = "keycloak.example.com", - /// SignatureAlgorithms = new[] - /// { - /// "ES256", - /// "RS256", - /// }, - /// }, - /// }); - /// - /// }); - /// ``` - /// ## Default Client Scopes - /// - /// - `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - /// - `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. - /// - /// ## Import - /// - /// Realms can be imported using their name. - /// - /// Example: - /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:index/realm:Realm realm my-realm - /// ``` - /// [KeycloakResourceType("keycloak:index/realm:Realm")] public partial class Realm : global::Pulumi.CustomResource { - /// - /// The maximum amount of time a client has to finish the authorization code flow. - /// [Output("accessCodeLifespan")] public Output AccessCodeLifespan { get; private set; } = null!; - /// - /// The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - /// [Output("accessCodeLifespanLogin")] public Output AccessCodeLifespanLogin { get; private set; } = null!; - /// - /// The maximum amount of time a user has to complete login related actions, such as updating a password. - /// [Output("accessCodeLifespanUserAction")] public Output AccessCodeLifespanUserAction { get; private set; } = null!; - /// - /// The amount of time an access token can be used before it expires. - /// [Output("accessTokenLifespan")] public Output AccessTokenLifespan { get; private set; } = null!; - /// - /// The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - /// [Output("accessTokenLifespanForImplicitFlow")] public Output AccessTokenLifespanForImplicitFlow { get; private set; } = null!; - /// - /// Used for account management pages. - /// [Output("accountTheme")] public Output AccountTheme { get; private set; } = null!; - /// - /// The maximum time a user has to use an admin-generated permit before it expires. - /// [Output("actionTokenGeneratedByAdminLifespan")] public Output ActionTokenGeneratedByAdminLifespan { get; private set; } = null!; - /// - /// The maximum time a user has to use a user-generated permit before it expires. - /// [Output("actionTokenGeneratedByUserLifespan")] public Output ActionTokenGeneratedByUserLifespan { get; private set; } = null!; - /// - /// Used for the admin console. - /// [Output("adminTheme")] public Output AdminTheme { get; private set; } = null!; - /// - /// A map of custom attributes to add to the realm. - /// [Output("attributes")] public Output?> Attributes { get; private set; } = null!; /// - /// The desired flow for browser authentication. Defaults to `browser`. + /// Which flow should be used for BrowserFlow /// [Output("browserFlow")] public Output BrowserFlow { get; private set; } = null!; /// - /// The desired flow for client authentication. Defaults to `clients`. + /// Which flow should be used for ClientAuthenticationFlow /// [Output("clientAuthenticationFlow")] public Output ClientAuthenticationFlow { get; private set; } = null!; - /// - /// The amount of time a session can be idle before it expires. Users can override it for individual clients. - /// [Output("clientSessionIdleTimeout")] public Output ClientSessionIdleTimeout { get; private set; } = null!; - /// - /// The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - /// [Output("clientSessionMaxLifespan")] public Output ClientSessionMaxLifespan { get; private set; } = null!; @@ -206,110 +66,63 @@ public partial class Realm : global::Pulumi.CustomResource [Output("defaultOptionalClientScopes")] public Output> DefaultOptionalClientScopes { get; private set; } = null!; - /// - /// Default algorithm used to sign tokens for the realm. - /// [Output("defaultSignatureAlgorithm")] public Output DefaultSignatureAlgorithm { get; private set; } = null!; /// - /// The desired flow for direct access authentication. Defaults to `direct grant`. + /// Which flow should be used for DirectGrantFlow /// [Output("directGrantFlow")] public Output DirectGrantFlow { get; private set; } = null!; - /// - /// The display name for the realm that is shown when logging in to the admin console. - /// [Output("displayName")] public Output DisplayName { get; private set; } = null!; - /// - /// The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - /// [Output("displayNameHtml")] public Output DisplayNameHtml { get; private set; } = null!; /// - /// The desired flow for Docker authentication. Defaults to `docker auth`. + /// Which flow should be used for DockerAuthenticationFlow /// [Output("dockerAuthenticationFlow")] public Output DockerAuthenticationFlow { get; private set; } = null!; - /// - /// When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - /// [Output("duplicateEmailsAllowed")] public Output DuplicateEmailsAllowed { get; private set; } = null!; - /// - /// When true, the username field is editable. - /// [Output("editUsernameAllowed")] public Output EditUsernameAllowed { get; private set; } = null!; - /// - /// Used for emails that are sent by Keycloak. - /// [Output("emailTheme")] public Output EmailTheme { get; private set; } = null!; - /// - /// When `false`, users and clients will not be able to access this realm. Defaults to `true`. - /// [Output("enabled")] public Output Enabled { get; private set; } = null!; - /// - /// When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - /// [Output("internalId")] public Output InternalId { get; private set; } = null!; [Output("internationalization")] public Output Internationalization { get; private set; } = null!; - /// - /// Used for the login, forgot password, and registration pages. - /// [Output("loginTheme")] public Output LoginTheme { get; private set; } = null!; - /// - /// When true, users may log in with their email address. - /// [Output("loginWithEmailAllowed")] public Output LoginWithEmailAllowed { get; private set; } = null!; - /// - /// The maximum amount of time a client has to finish the device code flow before it expires. - /// - /// The attributes below should be specified in seconds. - /// [Output("oauth2DeviceCodeLifespan")] public Output Oauth2DeviceCodeLifespan { get; private set; } = null!; - /// - /// The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - /// [Output("oauth2DevicePollingInterval")] public Output Oauth2DevicePollingInterval { get; private set; } = null!; - /// - /// The amount of time an offline session can be idle before it expires. - /// [Output("offlineSessionIdleTimeout")] public Output OfflineSessionIdleTimeout { get; private set; } = null!; - /// - /// The maximum amount of time before an offline session expires regardless of activity. - /// [Output("offlineSessionMaxLifespan")] public Output OfflineSessionMaxLifespan { get; private set; } = null!; - /// - /// Enable `offline_session_max_lifespan`. - /// [Output("offlineSessionMaxLifespanEnabled")] public Output OfflineSessionMaxLifespanEnabled { get; private set; } = null!; @@ -317,66 +130,43 @@ public partial class Realm : global::Pulumi.CustomResource public Output OtpPolicy { get; private set; } = null!; /// - /// The password policy for users within the realm. - /// - /// The arguments below can be used to configure authentication flow bindings: + /// String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + /// can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + /// and notUsername(undefined)" /// [Output("passwordPolicy")] public Output PasswordPolicy { get; private set; } = null!; - /// - /// The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - /// [Output("realm")] public Output RealmName { get; private set; } = null!; - /// - /// Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - /// - /// The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - /// [Output("refreshTokenMaxReuse")] public Output RefreshTokenMaxReuse { get; private set; } = null!; - /// - /// When true, user registration will be enabled, and a link for registration will be displayed on the login page. - /// [Output("registrationAllowed")] public Output RegistrationAllowed { get; private set; } = null!; - /// - /// When true, the user's email will be used as their username during registration. - /// [Output("registrationEmailAsUsername")] public Output RegistrationEmailAsUsername { get; private set; } = null!; /// - /// The desired flow for user registration. Defaults to `registration`. + /// Which flow should be used for RegistrationFlow /// [Output("registrationFlow")] public Output RegistrationFlow { get; private set; } = null!; - /// - /// When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - /// [Output("rememberMe")] public Output RememberMe { get; private set; } = null!; /// - /// The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + /// Which flow should be used for ResetCredentialsFlow /// [Output("resetCredentialsFlow")] public Output ResetCredentialsFlow { get; private set; } = null!; - /// - /// When true, a "forgot password" link will be displayed on the login page. - /// [Output("resetPasswordAllowed")] public Output ResetPasswordAllowed { get; private set; } = null!; - /// - /// If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - /// [Output("revokeRefreshToken")] public Output RevokeRefreshToken { get; private set; } = null!; @@ -387,58 +177,32 @@ public partial class Realm : global::Pulumi.CustomResource public Output SmtpServer { get; private set; } = null!; /// - /// Can be one of following values: 'none, 'external' or 'all' + /// SSL Required: Values can be 'none', 'external' or 'all'. /// [Output("sslRequired")] public Output SslRequired { get; private set; } = null!; - /// - /// The amount of time a session can be idle before it expires. - /// [Output("ssoSessionIdleTimeout")] public Output SsoSessionIdleTimeout { get; private set; } = null!; - /// - /// Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - /// [Output("ssoSessionIdleTimeoutRememberMe")] public Output SsoSessionIdleTimeoutRememberMe { get; private set; } = null!; - /// - /// The maximum amount of time before a session expires regardless of activity. - /// [Output("ssoSessionMaxLifespan")] public Output SsoSessionMaxLifespan { get; private set; } = null!; - /// - /// Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - /// [Output("ssoSessionMaxLifespanRememberMe")] public Output SsoSessionMaxLifespanRememberMe { get; private set; } = null!; - /// - /// When `true`, users are allowed to manage their own resources. Defaults to `false`. - /// [Output("userManagedAccess")] public Output UserManagedAccess { get; private set; } = null!; - /// - /// When true, users are required to verify their email address after registration and after email address changes. - /// [Output("verifyEmail")] public Output VerifyEmail { get; private set; } = null!; - /// - /// Configuration for WebAuthn Passwordless Policy authentication. - /// - /// Each of these attributes are blocks with the following attributes: - /// [Output("webAuthnPasswordlessPolicy")] public Output WebAuthnPasswordlessPolicy { get; private set; } = null!; - /// - /// Configuration for WebAuthn Policy authentication. - /// [Output("webAuthnPolicy")] public Output WebAuthnPolicy { get; private set; } = null!; @@ -488,66 +252,35 @@ public static Realm Get(string name, Input id, RealmState? state = null, public sealed class RealmArgs : global::Pulumi.ResourceArgs { - /// - /// The maximum amount of time a client has to finish the authorization code flow. - /// [Input("accessCodeLifespan")] public Input? AccessCodeLifespan { get; set; } - /// - /// The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - /// [Input("accessCodeLifespanLogin")] public Input? AccessCodeLifespanLogin { get; set; } - /// - /// The maximum amount of time a user has to complete login related actions, such as updating a password. - /// [Input("accessCodeLifespanUserAction")] public Input? AccessCodeLifespanUserAction { get; set; } - /// - /// The amount of time an access token can be used before it expires. - /// [Input("accessTokenLifespan")] public Input? AccessTokenLifespan { get; set; } - /// - /// The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - /// [Input("accessTokenLifespanForImplicitFlow")] public Input? AccessTokenLifespanForImplicitFlow { get; set; } - /// - /// Used for account management pages. - /// [Input("accountTheme")] public Input? AccountTheme { get; set; } - /// - /// The maximum time a user has to use an admin-generated permit before it expires. - /// [Input("actionTokenGeneratedByAdminLifespan")] public Input? ActionTokenGeneratedByAdminLifespan { get; set; } - /// - /// The maximum time a user has to use a user-generated permit before it expires. - /// [Input("actionTokenGeneratedByUserLifespan")] public Input? ActionTokenGeneratedByUserLifespan { get; set; } - /// - /// Used for the admin console. - /// [Input("adminTheme")] public Input? AdminTheme { get; set; } [Input("attributes")] private InputMap? _attributes; - - /// - /// A map of custom attributes to add to the realm. - /// public InputMap Attributes { get => _attributes ?? (_attributes = new InputMap()); @@ -555,26 +288,20 @@ public InputMap Attributes } /// - /// The desired flow for browser authentication. Defaults to `browser`. + /// Which flow should be used for BrowserFlow /// [Input("browserFlow")] public Input? BrowserFlow { get; set; } /// - /// The desired flow for client authentication. Defaults to `clients`. + /// Which flow should be used for ClientAuthenticationFlow /// [Input("clientAuthenticationFlow")] public Input? ClientAuthenticationFlow { get; set; } - /// - /// The amount of time a session can be idle before it expires. Users can override it for individual clients. - /// [Input("clientSessionIdleTimeout")] public Input? ClientSessionIdleTimeout { get; set; } - /// - /// The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - /// [Input("clientSessionMaxLifespan")] public Input? ClientSessionMaxLifespan { get; set; } @@ -594,110 +321,63 @@ public InputList DefaultOptionalClientScopes set => _defaultOptionalClientScopes = value; } - /// - /// Default algorithm used to sign tokens for the realm. - /// [Input("defaultSignatureAlgorithm")] public Input? DefaultSignatureAlgorithm { get; set; } /// - /// The desired flow for direct access authentication. Defaults to `direct grant`. + /// Which flow should be used for DirectGrantFlow /// [Input("directGrantFlow")] public Input? DirectGrantFlow { get; set; } - /// - /// The display name for the realm that is shown when logging in to the admin console. - /// [Input("displayName")] public Input? DisplayName { get; set; } - /// - /// The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - /// [Input("displayNameHtml")] public Input? DisplayNameHtml { get; set; } /// - /// The desired flow for Docker authentication. Defaults to `docker auth`. + /// Which flow should be used for DockerAuthenticationFlow /// [Input("dockerAuthenticationFlow")] public Input? DockerAuthenticationFlow { get; set; } - /// - /// When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - /// [Input("duplicateEmailsAllowed")] public Input? DuplicateEmailsAllowed { get; set; } - /// - /// When true, the username field is editable. - /// [Input("editUsernameAllowed")] public Input? EditUsernameAllowed { get; set; } - /// - /// Used for emails that are sent by Keycloak. - /// [Input("emailTheme")] public Input? EmailTheme { get; set; } - /// - /// When `false`, users and clients will not be able to access this realm. Defaults to `true`. - /// [Input("enabled")] public Input? Enabled { get; set; } - /// - /// When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - /// [Input("internalId")] public Input? InternalId { get; set; } [Input("internationalization")] public Input? Internationalization { get; set; } - /// - /// Used for the login, forgot password, and registration pages. - /// [Input("loginTheme")] public Input? LoginTheme { get; set; } - /// - /// When true, users may log in with their email address. - /// [Input("loginWithEmailAllowed")] public Input? LoginWithEmailAllowed { get; set; } - /// - /// The maximum amount of time a client has to finish the device code flow before it expires. - /// - /// The attributes below should be specified in seconds. - /// [Input("oauth2DeviceCodeLifespan")] public Input? Oauth2DeviceCodeLifespan { get; set; } - /// - /// The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - /// [Input("oauth2DevicePollingInterval")] public Input? Oauth2DevicePollingInterval { get; set; } - /// - /// The amount of time an offline session can be idle before it expires. - /// [Input("offlineSessionIdleTimeout")] public Input? OfflineSessionIdleTimeout { get; set; } - /// - /// The maximum amount of time before an offline session expires regardless of activity. - /// [Input("offlineSessionMaxLifespan")] public Input? OfflineSessionMaxLifespan { get; set; } - /// - /// Enable `offline_session_max_lifespan`. - /// [Input("offlineSessionMaxLifespanEnabled")] public Input? OfflineSessionMaxLifespanEnabled { get; set; } @@ -705,66 +385,43 @@ public InputList DefaultOptionalClientScopes public Input? OtpPolicy { get; set; } /// - /// The password policy for users within the realm. - /// - /// The arguments below can be used to configure authentication flow bindings: + /// String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + /// can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + /// and notUsername(undefined)" /// [Input("passwordPolicy")] public Input? PasswordPolicy { get; set; } - /// - /// The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - /// [Input("realm", required: true)] public Input RealmName { get; set; } = null!; - /// - /// Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - /// - /// The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - /// [Input("refreshTokenMaxReuse")] public Input? RefreshTokenMaxReuse { get; set; } - /// - /// When true, user registration will be enabled, and a link for registration will be displayed on the login page. - /// [Input("registrationAllowed")] public Input? RegistrationAllowed { get; set; } - /// - /// When true, the user's email will be used as their username during registration. - /// [Input("registrationEmailAsUsername")] public Input? RegistrationEmailAsUsername { get; set; } /// - /// The desired flow for user registration. Defaults to `registration`. + /// Which flow should be used for RegistrationFlow /// [Input("registrationFlow")] public Input? RegistrationFlow { get; set; } - /// - /// When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - /// [Input("rememberMe")] public Input? RememberMe { get; set; } /// - /// The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + /// Which flow should be used for ResetCredentialsFlow /// [Input("resetCredentialsFlow")] public Input? ResetCredentialsFlow { get; set; } - /// - /// When true, a "forgot password" link will be displayed on the login page. - /// [Input("resetPasswordAllowed")] public Input? ResetPasswordAllowed { get; set; } - /// - /// If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - /// [Input("revokeRefreshToken")] public Input? RevokeRefreshToken { get; set; } @@ -775,58 +432,32 @@ public InputList DefaultOptionalClientScopes public Input? SmtpServer { get; set; } /// - /// Can be one of following values: 'none, 'external' or 'all' + /// SSL Required: Values can be 'none', 'external' or 'all'. /// [Input("sslRequired")] public Input? SslRequired { get; set; } - /// - /// The amount of time a session can be idle before it expires. - /// [Input("ssoSessionIdleTimeout")] public Input? SsoSessionIdleTimeout { get; set; } - /// - /// Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - /// [Input("ssoSessionIdleTimeoutRememberMe")] public Input? SsoSessionIdleTimeoutRememberMe { get; set; } - /// - /// The maximum amount of time before a session expires regardless of activity. - /// [Input("ssoSessionMaxLifespan")] public Input? SsoSessionMaxLifespan { get; set; } - /// - /// Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - /// [Input("ssoSessionMaxLifespanRememberMe")] public Input? SsoSessionMaxLifespanRememberMe { get; set; } - /// - /// When `true`, users are allowed to manage their own resources. Defaults to `false`. - /// [Input("userManagedAccess")] public Input? UserManagedAccess { get; set; } - /// - /// When true, users are required to verify their email address after registration and after email address changes. - /// [Input("verifyEmail")] public Input? VerifyEmail { get; set; } - /// - /// Configuration for WebAuthn Passwordless Policy authentication. - /// - /// Each of these attributes are blocks with the following attributes: - /// [Input("webAuthnPasswordlessPolicy")] public Input? WebAuthnPasswordlessPolicy { get; set; } - /// - /// Configuration for WebAuthn Policy authentication. - /// [Input("webAuthnPolicy")] public Input? WebAuthnPolicy { get; set; } @@ -838,66 +469,35 @@ public RealmArgs() public sealed class RealmState : global::Pulumi.ResourceArgs { - /// - /// The maximum amount of time a client has to finish the authorization code flow. - /// [Input("accessCodeLifespan")] public Input? AccessCodeLifespan { get; set; } - /// - /// The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - /// [Input("accessCodeLifespanLogin")] public Input? AccessCodeLifespanLogin { get; set; } - /// - /// The maximum amount of time a user has to complete login related actions, such as updating a password. - /// [Input("accessCodeLifespanUserAction")] public Input? AccessCodeLifespanUserAction { get; set; } - /// - /// The amount of time an access token can be used before it expires. - /// [Input("accessTokenLifespan")] public Input? AccessTokenLifespan { get; set; } - /// - /// The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - /// [Input("accessTokenLifespanForImplicitFlow")] public Input? AccessTokenLifespanForImplicitFlow { get; set; } - /// - /// Used for account management pages. - /// [Input("accountTheme")] public Input? AccountTheme { get; set; } - /// - /// The maximum time a user has to use an admin-generated permit before it expires. - /// [Input("actionTokenGeneratedByAdminLifespan")] public Input? ActionTokenGeneratedByAdminLifespan { get; set; } - /// - /// The maximum time a user has to use a user-generated permit before it expires. - /// [Input("actionTokenGeneratedByUserLifespan")] public Input? ActionTokenGeneratedByUserLifespan { get; set; } - /// - /// Used for the admin console. - /// [Input("adminTheme")] public Input? AdminTheme { get; set; } [Input("attributes")] private InputMap? _attributes; - - /// - /// A map of custom attributes to add to the realm. - /// public InputMap Attributes { get => _attributes ?? (_attributes = new InputMap()); @@ -905,26 +505,20 @@ public InputMap Attributes } /// - /// The desired flow for browser authentication. Defaults to `browser`. + /// Which flow should be used for BrowserFlow /// [Input("browserFlow")] public Input? BrowserFlow { get; set; } /// - /// The desired flow for client authentication. Defaults to `clients`. + /// Which flow should be used for ClientAuthenticationFlow /// [Input("clientAuthenticationFlow")] public Input? ClientAuthenticationFlow { get; set; } - /// - /// The amount of time a session can be idle before it expires. Users can override it for individual clients. - /// [Input("clientSessionIdleTimeout")] public Input? ClientSessionIdleTimeout { get; set; } - /// - /// The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - /// [Input("clientSessionMaxLifespan")] public Input? ClientSessionMaxLifespan { get; set; } @@ -944,110 +538,63 @@ public InputList DefaultOptionalClientScopes set => _defaultOptionalClientScopes = value; } - /// - /// Default algorithm used to sign tokens for the realm. - /// [Input("defaultSignatureAlgorithm")] public Input? DefaultSignatureAlgorithm { get; set; } /// - /// The desired flow for direct access authentication. Defaults to `direct grant`. + /// Which flow should be used for DirectGrantFlow /// [Input("directGrantFlow")] public Input? DirectGrantFlow { get; set; } - /// - /// The display name for the realm that is shown when logging in to the admin console. - /// [Input("displayName")] public Input? DisplayName { get; set; } - /// - /// The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - /// [Input("displayNameHtml")] public Input? DisplayNameHtml { get; set; } /// - /// The desired flow for Docker authentication. Defaults to `docker auth`. + /// Which flow should be used for DockerAuthenticationFlow /// [Input("dockerAuthenticationFlow")] public Input? DockerAuthenticationFlow { get; set; } - /// - /// When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - /// [Input("duplicateEmailsAllowed")] public Input? DuplicateEmailsAllowed { get; set; } - /// - /// When true, the username field is editable. - /// [Input("editUsernameAllowed")] public Input? EditUsernameAllowed { get; set; } - /// - /// Used for emails that are sent by Keycloak. - /// [Input("emailTheme")] public Input? EmailTheme { get; set; } - /// - /// When `false`, users and clients will not be able to access this realm. Defaults to `true`. - /// [Input("enabled")] public Input? Enabled { get; set; } - /// - /// When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - /// [Input("internalId")] public Input? InternalId { get; set; } [Input("internationalization")] public Input? Internationalization { get; set; } - /// - /// Used for the login, forgot password, and registration pages. - /// [Input("loginTheme")] public Input? LoginTheme { get; set; } - /// - /// When true, users may log in with their email address. - /// [Input("loginWithEmailAllowed")] public Input? LoginWithEmailAllowed { get; set; } - /// - /// The maximum amount of time a client has to finish the device code flow before it expires. - /// - /// The attributes below should be specified in seconds. - /// [Input("oauth2DeviceCodeLifespan")] public Input? Oauth2DeviceCodeLifespan { get; set; } - /// - /// The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - /// [Input("oauth2DevicePollingInterval")] public Input? Oauth2DevicePollingInterval { get; set; } - /// - /// The amount of time an offline session can be idle before it expires. - /// [Input("offlineSessionIdleTimeout")] public Input? OfflineSessionIdleTimeout { get; set; } - /// - /// The maximum amount of time before an offline session expires regardless of activity. - /// [Input("offlineSessionMaxLifespan")] public Input? OfflineSessionMaxLifespan { get; set; } - /// - /// Enable `offline_session_max_lifespan`. - /// [Input("offlineSessionMaxLifespanEnabled")] public Input? OfflineSessionMaxLifespanEnabled { get; set; } @@ -1055,66 +602,43 @@ public InputList DefaultOptionalClientScopes public Input? OtpPolicy { get; set; } /// - /// The password policy for users within the realm. - /// - /// The arguments below can be used to configure authentication flow bindings: + /// String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + /// can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + /// and notUsername(undefined)" /// [Input("passwordPolicy")] public Input? PasswordPolicy { get; set; } - /// - /// The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - /// [Input("realm")] public Input? RealmName { get; set; } - /// - /// Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - /// - /// The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - /// [Input("refreshTokenMaxReuse")] public Input? RefreshTokenMaxReuse { get; set; } - /// - /// When true, user registration will be enabled, and a link for registration will be displayed on the login page. - /// [Input("registrationAllowed")] public Input? RegistrationAllowed { get; set; } - /// - /// When true, the user's email will be used as their username during registration. - /// [Input("registrationEmailAsUsername")] public Input? RegistrationEmailAsUsername { get; set; } /// - /// The desired flow for user registration. Defaults to `registration`. + /// Which flow should be used for RegistrationFlow /// [Input("registrationFlow")] public Input? RegistrationFlow { get; set; } - /// - /// When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - /// [Input("rememberMe")] public Input? RememberMe { get; set; } /// - /// The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + /// Which flow should be used for ResetCredentialsFlow /// [Input("resetCredentialsFlow")] public Input? ResetCredentialsFlow { get; set; } - /// - /// When true, a "forgot password" link will be displayed on the login page. - /// [Input("resetPasswordAllowed")] public Input? ResetPasswordAllowed { get; set; } - /// - /// If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - /// [Input("revokeRefreshToken")] public Input? RevokeRefreshToken { get; set; } @@ -1125,58 +649,32 @@ public InputList DefaultOptionalClientScopes public Input? SmtpServer { get; set; } /// - /// Can be one of following values: 'none, 'external' or 'all' + /// SSL Required: Values can be 'none', 'external' or 'all'. /// [Input("sslRequired")] public Input? SslRequired { get; set; } - /// - /// The amount of time a session can be idle before it expires. - /// [Input("ssoSessionIdleTimeout")] public Input? SsoSessionIdleTimeout { get; set; } - /// - /// Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - /// [Input("ssoSessionIdleTimeoutRememberMe")] public Input? SsoSessionIdleTimeoutRememberMe { get; set; } - /// - /// The maximum amount of time before a session expires regardless of activity. - /// [Input("ssoSessionMaxLifespan")] public Input? SsoSessionMaxLifespan { get; set; } - /// - /// Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - /// [Input("ssoSessionMaxLifespanRememberMe")] public Input? SsoSessionMaxLifespanRememberMe { get; set; } - /// - /// When `true`, users are allowed to manage their own resources. Defaults to `false`. - /// [Input("userManagedAccess")] public Input? UserManagedAccess { get; set; } - /// - /// When true, users are required to verify their email address after registration and after email address changes. - /// [Input("verifyEmail")] public Input? VerifyEmail { get; set; } - /// - /// Configuration for WebAuthn Passwordless Policy authentication. - /// - /// Each of these attributes are blocks with the following attributes: - /// [Input("webAuthnPasswordlessPolicy")] public Input? WebAuthnPasswordlessPolicy { get; set; } - /// - /// Configuration for WebAuthn Policy authentication. - /// [Input("webAuthnPolicy")] public Input? WebAuthnPolicy { get; set; } diff --git a/sdk/dotnet/RealmEvents.cs b/sdk/dotnet/RealmEvents.cs index 9f32aebb..a801a642 100644 --- a/sdk/dotnet/RealmEvents.cs +++ b/sdk/dotnet/RealmEvents.cs @@ -10,10 +10,13 @@ namespace Pulumi.Keycloak { /// + /// ## # keycloak.RealmEvents + /// /// Allows for managing Realm Events settings within Keycloak. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -24,77 +27,64 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", - /// Enabled = true, + /// RealmName = "test", /// }); /// /// var realmEvents = new Keycloak.RealmEvents("realmEvents", new() /// { - /// RealmId = realm.Id, - /// EventsEnabled = true, - /// EventsExpiration = 3600, - /// AdminEventsEnabled = true, /// AdminEventsDetailsEnabled = true, + /// AdminEventsEnabled = true, /// EnabledEventTypes = new[] /// { /// "LOGIN", /// "LOGOUT", /// }, + /// EventsEnabled = true, + /// EventsExpiration = 3600, /// EventsListeners = new[] /// { /// "jboss-logging", /// }, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// This resource currently does not support importing. + /// The following arguments are supported: + /// + /// - `realm_id` - (Required) The name of the realm the event settings apply to. + /// - `admin_events_enabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`. + /// - `admin_events_details_enabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`. + /// - `events_enabled` - (Optional) When true, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. + /// - `events_expiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never. + /// - `enabled_event_types` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. + /// - `events_listeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. /// [KeycloakResourceType("keycloak:index/realmEvents:RealmEvents")] public partial class RealmEvents : global::Pulumi.CustomResource { - /// - /// When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - /// [Output("adminEventsDetailsEnabled")] public Output AdminEventsDetailsEnabled { get; private set; } = null!; - /// - /// When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - /// [Output("adminEventsEnabled")] public Output AdminEventsEnabled { get; private set; } = null!; - /// - /// The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - /// [Output("enabledEventTypes")] public Output> EnabledEventTypes { get; private set; } = null!; - /// - /// When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - /// [Output("eventsEnabled")] public Output EventsEnabled { get; private set; } = null!; - /// - /// The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - /// [Output("eventsExpiration")] public Output EventsExpiration { get; private set; } = null!; - /// - /// The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - /// [Output("eventsListeners")] public Output> EventsListeners { get; private set; } = null!; - /// - /// The name of the realm the event settings apply to. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -144,57 +134,34 @@ public static RealmEvents Get(string name, Input id, RealmEventsState? s public sealed class RealmEventsArgs : global::Pulumi.ResourceArgs { - /// - /// When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - /// [Input("adminEventsDetailsEnabled")] public Input? AdminEventsDetailsEnabled { get; set; } - /// - /// When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - /// [Input("adminEventsEnabled")] public Input? AdminEventsEnabled { get; set; } [Input("enabledEventTypes")] private InputList? _enabledEventTypes; - - /// - /// The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - /// public InputList EnabledEventTypes { get => _enabledEventTypes ?? (_enabledEventTypes = new InputList()); set => _enabledEventTypes = value; } - /// - /// When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - /// [Input("eventsEnabled")] public Input? EventsEnabled { get; set; } - /// - /// The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - /// [Input("eventsExpiration")] public Input? EventsExpiration { get; set; } [Input("eventsListeners")] private InputList? _eventsListeners; - - /// - /// The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - /// public InputList EventsListeners { get => _eventsListeners ?? (_eventsListeners = new InputList()); set => _eventsListeners = value; } - /// - /// The name of the realm the event settings apply to. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -206,57 +173,34 @@ public RealmEventsArgs() public sealed class RealmEventsState : global::Pulumi.ResourceArgs { - /// - /// When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - /// [Input("adminEventsDetailsEnabled")] public Input? AdminEventsDetailsEnabled { get; set; } - /// - /// When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - /// [Input("adminEventsEnabled")] public Input? AdminEventsEnabled { get; set; } [Input("enabledEventTypes")] private InputList? _enabledEventTypes; - - /// - /// The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - /// public InputList EnabledEventTypes { get => _enabledEventTypes ?? (_enabledEventTypes = new InputList()); set => _enabledEventTypes = value; } - /// - /// When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - /// [Input("eventsEnabled")] public Input? EventsEnabled { get; set; } - /// - /// The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - /// [Input("eventsExpiration")] public Input? EventsExpiration { get; set; } [Input("eventsListeners")] private InputList? _eventsListeners; - - /// - /// The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - /// public InputList EventsListeners { get => _eventsListeners ?? (_eventsListeners = new InputList()); set => _eventsListeners = value; } - /// - /// The name of the realm the event settings apply to. - /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/RealmKeystoreAesGenerated.cs b/sdk/dotnet/RealmKeystoreAesGenerated.cs index c66e6e53..640f3cec 100644 --- a/sdk/dotnet/RealmKeystoreAesGenerated.cs +++ b/sdk/dotnet/RealmKeystoreAesGenerated.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -40,14 +41,15 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Realm keys can be imported using realm name and keystore id, you can find it in web UI. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/dotnet/RealmKeystoreEcdsaGenerated.cs b/sdk/dotnet/RealmKeystoreEcdsaGenerated.cs index 4ccc1d10..482a52a9 100644 --- a/sdk/dotnet/RealmKeystoreEcdsaGenerated.cs +++ b/sdk/dotnet/RealmKeystoreEcdsaGenerated.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -40,14 +41,15 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Realm keys can be imported using realm name and keystore id, you can find it in web UI. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/dotnet/RealmKeystoreHmacGenerated.cs b/sdk/dotnet/RealmKeystoreHmacGenerated.cs index b776d0a6..1952cfac 100644 --- a/sdk/dotnet/RealmKeystoreHmacGenerated.cs +++ b/sdk/dotnet/RealmKeystoreHmacGenerated.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -41,14 +42,15 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Realm keys can be imported using realm name and keystore id, you can find it in web UI. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/dotnet/RealmKeystoreJavaGenerated.cs b/sdk/dotnet/RealmKeystoreJavaGenerated.cs index ad7bde1d..181d0a13 100644 --- a/sdk/dotnet/RealmKeystoreJavaGenerated.cs +++ b/sdk/dotnet/RealmKeystoreJavaGenerated.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -44,14 +45,15 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Realm keys can be imported using realm name and keystore id, you can find it in web UI. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/dotnet/RealmKeystoreRsa.cs b/sdk/dotnet/RealmKeystoreRsa.cs index 3432fba3..c5a33afc 100644 --- a/sdk/dotnet/RealmKeystoreRsa.cs +++ b/sdk/dotnet/RealmKeystoreRsa.cs @@ -18,9 +18,9 @@ namespace Pulumi.Keycloak /// /// Realm keys can be imported using realm name and keystore id, you can find it in web UI. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/dotnet/RealmKeystoreRsaGenerated.cs b/sdk/dotnet/RealmKeystoreRsaGenerated.cs index 8237135d..9cfa671a 100644 --- a/sdk/dotnet/RealmKeystoreRsaGenerated.cs +++ b/sdk/dotnet/RealmKeystoreRsaGenerated.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -41,14 +42,15 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Realm keys can be imported using realm name and keystore id, you can find it in web UI. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/dotnet/RealmUserProfile.cs b/sdk/dotnet/RealmUserProfile.cs index 1a7d1595..aac6ab4d 100644 --- a/sdk/dotnet/RealmUserProfile.cs +++ b/sdk/dotnet/RealmUserProfile.cs @@ -23,6 +23,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -148,6 +149,7 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// diff --git a/sdk/dotnet/RequiredAction.cs b/sdk/dotnet/RequiredAction.cs index 01425a79..c8fadff6 100644 --- a/sdk/dotnet/RequiredAction.cs +++ b/sdk/dotnet/RequiredAction.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -39,14 +40,15 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Authentication executions can be imported using the formats: `{{realm}}/{{alias}}`. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias diff --git a/sdk/dotnet/Role.cs b/sdk/dotnet/Role.cs index 8cb484b7..2a518958 100644 --- a/sdk/dotnet/Role.cs +++ b/sdk/dotnet/Role.cs @@ -10,13 +10,16 @@ namespace Pulumi.Keycloak { /// + /// ## # keycloak.Role + /// /// Allows for creating and managing roles within Keycloak. /// - /// Roles allow you define privileges within Keycloak and map them to users and groups. + /// Roles allow you define privileges within Keycloak and map them to users + /// and groups. /// - /// ## Example Usage - /// ### Realm Role) + /// ### Example Usage (Realm role) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -27,25 +30,23 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var realmRole = new Keycloak.Role("realmRole", new() /// { - /// RealmId = realm.Id, /// Description = "My Realm Role", - /// Attributes = - /// { - /// { "key", "value" }, - /// { "multivalue", "value1##value2" }, - /// }, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` - /// ### Client Role) + /// <!--End PulumiCodeChooser --> + /// + /// ### Example Usage (Client role) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -56,37 +57,32 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// RealmId = realm.Id, + /// AccessType = "BEARER-ONLY", /// ClientId = "client", /// Enabled = true, - /// AccessType = "CONFIDENTIAL", - /// ValidRedirectUris = new[] - /// { - /// "http://localhost:8080/openid-callback", - /// }, + /// RealmId = realm.Id, /// }); /// /// var clientRole = new Keycloak.Role("clientRole", new() /// { - /// RealmId = realm.Id, - /// ClientId = keycloak_client.Openid_client.Id, + /// ClientId = keycloak_client.Client.Id, /// Description = "My Client Role", - /// Attributes = - /// { - /// { "key", "value" }, - /// }, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` - /// ### Composite Role) + /// <!--End PulumiCodeChooser --> + /// + /// ### Example Usage (Composite role) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -97,141 +93,102 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// - /// // realm roles /// var createRole = new Keycloak.Role("createRole", new() /// { /// RealmId = realm.Id, - /// Attributes = - /// { - /// { "key", "value" }, - /// }, /// }); /// /// var readRole = new Keycloak.Role("readRole", new() /// { /// RealmId = realm.Id, - /// Attributes = - /// { - /// { "key", "value" }, - /// }, /// }); /// /// var updateRole = new Keycloak.Role("updateRole", new() /// { /// RealmId = realm.Id, - /// Attributes = - /// { - /// { "key", "value" }, - /// }, /// }); /// /// var deleteRole = new Keycloak.Role("deleteRole", new() /// { /// RealmId = realm.Id, - /// Attributes = - /// { - /// { "key", "value" }, - /// }, /// }); /// - /// // client role - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// RealmId = realm.Id, + /// AccessType = "BEARER-ONLY", /// ClientId = "client", /// Enabled = true, - /// AccessType = "CONFIDENTIAL", - /// ValidRedirectUris = new[] - /// { - /// "http://localhost:8080/openid-callback", - /// }, + /// RealmId = realm.Id, /// }); /// /// var clientRole = new Keycloak.Role("clientRole", new() /// { - /// RealmId = realm.Id, - /// ClientId = keycloak_client.Openid_client.Id, + /// ClientId = keycloak_client.Client.Id, /// Description = "My Client Role", - /// Attributes = - /// { - /// { "key", "value" }, - /// }, + /// RealmId = realm.Id, /// }); /// /// var adminRole = new Keycloak.Role("adminRole", new() /// { - /// RealmId = realm.Id, /// CompositeRoles = new[] /// { - /// createRole.Id, - /// readRole.Id, - /// updateRole.Id, - /// deleteRole.Id, - /// clientRole.Id, - /// }, - /// Attributes = - /// { - /// { "key", "value" }, + /// "{keycloak_role.create_role.id}", + /// "{keycloak_role.read_role.id}", + /// "{keycloak_role.update_role.id}", + /// "{keycloak_role.delete_role.id}", + /// "{keycloak_role.client_role.id}", /// }, + /// RealmId = realm.Id, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns + /// The following arguments are supported: /// - /// to the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role. + /// - `realm_id` - (Required) The realm this role exists within. + /// - `client_id` - (Optional) When specified, this role will be created as + /// a client role attached to the client with the provided ID + /// - `name` - (Required) The name of the role + /// - `description` - (Optional) The description of the role + /// - `composite_roles` - (Optional) When specified, this role will be a + /// composite role, composed of all roles that have an ID present within + /// this list. /// - /// Example: + /// ### Import /// - /// bash + /// Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where + /// `role_id` is the unique ID that Keycloak assigns to the role. The ID is + /// not easy to find in the GUI, but it appears in the URL when editing the + /// role. /// - /// ```sh - /// $ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:index/role:Role")] public partial class Role : global::Pulumi.CustomResource { - /// - /// A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// [Output("attributes")] public Output?> Attributes { get; private set; } = null!; - /// - /// When specified, this role will be created as a client role attached to the client with the provided ID - /// [Output("clientId")] public Output ClientId { get; private set; } = null!; - /// - /// When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - /// [Output("compositeRoles")] public Output> CompositeRoles { get; private set; } = null!; - /// - /// The description of the role - /// [Output("description")] public Output Description { get; private set; } = null!; - /// - /// The name of the role - /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// The realm this role exists within. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; @@ -283,49 +240,29 @@ public sealed class RoleArgs : global::Pulumi.ResourceArgs { [Input("attributes")] private InputMap? _attributes; - - /// - /// A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// public InputMap Attributes { get => _attributes ?? (_attributes = new InputMap()); set => _attributes = value; } - /// - /// When specified, this role will be created as a client role attached to the client with the provided ID - /// [Input("clientId")] public Input? ClientId { get; set; } [Input("compositeRoles")] private InputList? _compositeRoles; - - /// - /// When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - /// public InputList CompositeRoles { get => _compositeRoles ?? (_compositeRoles = new InputList()); set => _compositeRoles = value; } - /// - /// The description of the role - /// [Input("description")] public Input? Description { get; set; } - /// - /// The name of the role - /// [Input("name")] public Input? Name { get; set; } - /// - /// The realm this role exists within. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; @@ -339,49 +276,29 @@ public sealed class RoleState : global::Pulumi.ResourceArgs { [Input("attributes")] private InputMap? _attributes; - - /// - /// A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// public InputMap Attributes { get => _attributes ?? (_attributes = new InputMap()); set => _attributes = value; } - /// - /// When specified, this role will be created as a client role attached to the client with the provided ID - /// [Input("clientId")] public Input? ClientId { get; set; } [Input("compositeRoles")] private InputList? _compositeRoles; - - /// - /// When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - /// public InputList CompositeRoles { get => _compositeRoles ?? (_compositeRoles = new InputList()); set => _compositeRoles = value; } - /// - /// The description of the role - /// [Input("description")] public Input? Description { get; set; } - /// - /// The name of the role - /// [Input("name")] public Input? Name { get; set; } - /// - /// The realm this role exists within. - /// [Input("realmId")] public Input? RealmId { get; set; } diff --git a/sdk/dotnet/Saml/Client.cs b/sdk/dotnet/Saml/Client.cs index 3a79cf16..b6c4be2e 100644 --- a/sdk/dotnet/Saml/Client.cs +++ b/sdk/dotnet/Saml/Client.cs @@ -10,13 +10,17 @@ namespace Pulumi.Keycloak.Saml { /// + /// ## # keycloak.saml.Client + /// /// Allows for creating and managing Keycloak clients that use the SAML protocol. /// - /// Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users - /// to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. + /// Clients are entities that can use Keycloak for user authentication. Typically, + /// clients are applications that redirect users to Keycloak for authentication + /// in order to take advantage of Keycloak's user sessions for SSO. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.IO; @@ -28,257 +32,173 @@ namespace Pulumi.Keycloak.Saml /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var samlClient = new Keycloak.Saml.Client("samlClient", new() /// { + /// ClientId = "test-saml-client", + /// IncludeAuthnStatement = true, /// RealmId = realm.Id, - /// ClientId = "saml-client", - /// SignDocuments = false, /// SignAssertions = true, - /// IncludeAuthnStatement = true, + /// SignDocuments = false, /// SigningCertificate = File.ReadAllText("saml-cert.pem"), /// SigningPrivateKey = File.ReadAllText("saml-key.pem"), /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + /// The following arguments are supported: /// - /// assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + /// - `realm_id` - (Required) The realm this client is attached to. + /// - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + /// - `name` - (Optional) The display name of this client in the GUI. + /// - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + /// - `description` - (Optional) The description of this client in the GUI. + /// - `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. + /// - `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. + /// - `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. + /// - `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. + /// - `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. + /// - `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. + /// - `name_id_format` - (Optional) Sets the Name ID format for the subject. + /// - `root_url` - (Optional) When specified, this value is prepended to all relative URLs. + /// - `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. + /// - `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. + /// - `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests. + /// - `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. + /// - `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. + /// - `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. + /// - `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. + /// - `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). + /// - `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). + /// - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. + /// - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. + /// - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token /// - /// Example: + /// ### Import /// - /// bash + /// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + /// assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. /// - /// ```sh - /// $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:saml/client:Client")] public partial class Client : global::Pulumi.CustomResource { - /// - /// SAML POST Binding URL for the client's assertion consumer service (login responses). - /// [Output("assertionConsumerPostUrl")] public Output AssertionConsumerPostUrl { get; private set; } = null!; - /// - /// SAML Redirect Binding URL for the client's assertion consumer service (login responses). - /// [Output("assertionConsumerRedirectUrl")] public Output AssertionConsumerRedirectUrl { get; private set; } = null!; - /// - /// Override realm authentication flow bindings - /// [Output("authenticationFlowBindingOverrides")] public Output AuthenticationFlowBindingOverrides { get; private set; } = null!; - /// - /// When specified, this URL will be used whenever Keycloak needs to link to this client. - /// [Output("baseUrl")] public Output BaseUrl { get; private set; } = null!; - /// - /// The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - /// [Output("canonicalizationMethod")] public Output CanonicalizationMethod { get; private set; } = null!; - /// - /// The unique ID of this client, referenced in the URI during authentication and in issued tokens. - /// [Output("clientId")] public Output ClientId { get; private set; } = null!; - /// - /// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - /// [Output("clientSignatureRequired")] public Output ClientSignatureRequired { get; private set; } = null!; - /// - /// The description of this client in the GUI. - /// [Output("description")] public Output Description { get; private set; } = null!; - /// - /// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - /// [Output("enabled")] public Output Enabled { get; private set; } = null!; - /// - /// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - /// [Output("encryptAssertions")] public Output EncryptAssertions { get; private set; } = null!; - /// - /// If assertions for the client are encrypted, this certificate will be used for encryption. - /// [Output("encryptionCertificate")] public Output EncryptionCertificate { get; private set; } = null!; - /// - /// (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - /// [Output("encryptionCertificateSha1")] public Output EncryptionCertificateSha1 { get; private set; } = null!; [Output("extraConfig")] public Output?> ExtraConfig { get; private set; } = null!; - /// - /// Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - /// [Output("forceNameIdFormat")] public Output ForceNameIdFormat { get; private set; } = null!; - /// - /// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - /// [Output("forcePostBinding")] public Output ForcePostBinding { get; private set; } = null!; - /// - /// When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - /// [Output("frontChannelLogout")] public Output FrontChannelLogout { get; private set; } = null!; - /// - /// Allow to include all roles mappings in the access token - /// [Output("fullScopeAllowed")] public Output FullScopeAllowed { get; private set; } = null!; - /// - /// Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - /// [Output("idpInitiatedSsoRelayState")] public Output IdpInitiatedSsoRelayState { get; private set; } = null!; - /// - /// URL fragment name to reference client when you want to do IDP Initiated SSO. - /// [Output("idpInitiatedSsoUrlName")] public Output IdpInitiatedSsoUrlName { get; private set; } = null!; - /// - /// When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - /// [Output("includeAuthnStatement")] public Output IncludeAuthnStatement { get; private set; } = null!; - /// - /// The login theme of this client. - /// [Output("loginTheme")] public Output LoginTheme { get; private set; } = null!; - /// - /// SAML POST Binding URL for the client's single logout service. - /// [Output("logoutServicePostBindingUrl")] public Output LogoutServicePostBindingUrl { get; private set; } = null!; - /// - /// SAML Redirect Binding URL for the client's single logout service. - /// [Output("logoutServiceRedirectBindingUrl")] public Output LogoutServiceRedirectBindingUrl { get; private set; } = null!; - /// - /// When specified, this URL will be used for all SAML requests. - /// [Output("masterSamlProcessingUrl")] public Output MasterSamlProcessingUrl { get; private set; } = null!; - /// - /// The display name of this client in the GUI. - /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// Sets the Name ID format for the subject. - /// [Output("nameIdFormat")] public Output NameIdFormat { get; private set; } = null!; - /// - /// The realm this client is attached to. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// When specified, this value is prepended to all relative URLs. - /// [Output("rootUrl")] public Output RootUrl { get; private set; } = null!; - /// - /// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - /// [Output("signAssertions")] public Output SignAssertions { get; private set; } = null!; - /// - /// When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - /// [Output("signDocuments")] public Output SignDocuments { get; private set; } = null!; - /// - /// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - /// [Output("signatureAlgorithm")] public Output SignatureAlgorithm { get; private set; } = null!; - /// - /// The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - /// [Output("signatureKeyName")] public Output SignatureKeyName { get; private set; } = null!; - /// - /// If documents or assertions from the client are signed, this certificate will be used to verify the signature. - /// [Output("signingCertificate")] public Output SigningCertificate { get; private set; } = null!; - /// - /// (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - /// [Output("signingCertificateSha1")] public Output SigningCertificateSha1 { get; private set; } = null!; - /// - /// If documents or assertions from the client are signed, this private key will be used to verify the signature. - /// [Output("signingPrivateKey")] public Output SigningPrivateKey { get; private set; } = null!; - /// - /// (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - /// [Output("signingPrivateKeySha1")] public Output SigningPrivateKeySha1 { get; private set; } = null!; - /// - /// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - /// [Output("validRedirectUris")] public Output> ValidRedirectUris { get; private set; } = null!; @@ -328,69 +248,36 @@ public static Client Get(string name, Input id, ClientState? state = nul public sealed class ClientArgs : global::Pulumi.ResourceArgs { - /// - /// SAML POST Binding URL for the client's assertion consumer service (login responses). - /// [Input("assertionConsumerPostUrl")] public Input? AssertionConsumerPostUrl { get; set; } - /// - /// SAML Redirect Binding URL for the client's assertion consumer service (login responses). - /// [Input("assertionConsumerRedirectUrl")] public Input? AssertionConsumerRedirectUrl { get; set; } - /// - /// Override realm authentication flow bindings - /// [Input("authenticationFlowBindingOverrides")] public Input? AuthenticationFlowBindingOverrides { get; set; } - /// - /// When specified, this URL will be used whenever Keycloak needs to link to this client. - /// [Input("baseUrl")] public Input? BaseUrl { get; set; } - /// - /// The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - /// [Input("canonicalizationMethod")] public Input? CanonicalizationMethod { get; set; } - /// - /// The unique ID of this client, referenced in the URI during authentication and in issued tokens. - /// [Input("clientId", required: true)] public Input ClientId { get; set; } = null!; - /// - /// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - /// [Input("clientSignatureRequired")] public Input? ClientSignatureRequired { get; set; } - /// - /// The description of this client in the GUI. - /// [Input("description")] public Input? Description { get; set; } - /// - /// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - /// [Input("enabled")] public Input? Enabled { get; set; } - /// - /// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - /// [Input("encryptAssertions")] public Input? EncryptAssertions { get; set; } - /// - /// If assertions for the client are encrypted, this certificate will be used for encryption. - /// [Input("encryptionCertificate")] public Input? EncryptionCertificate { get; set; } @@ -402,138 +289,71 @@ public InputMap ExtraConfig set => _extraConfig = value; } - /// - /// Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - /// [Input("forceNameIdFormat")] public Input? ForceNameIdFormat { get; set; } - /// - /// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - /// [Input("forcePostBinding")] public Input? ForcePostBinding { get; set; } - /// - /// When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - /// [Input("frontChannelLogout")] public Input? FrontChannelLogout { get; set; } - /// - /// Allow to include all roles mappings in the access token - /// [Input("fullScopeAllowed")] public Input? FullScopeAllowed { get; set; } - /// - /// Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - /// [Input("idpInitiatedSsoRelayState")] public Input? IdpInitiatedSsoRelayState { get; set; } - /// - /// URL fragment name to reference client when you want to do IDP Initiated SSO. - /// [Input("idpInitiatedSsoUrlName")] public Input? IdpInitiatedSsoUrlName { get; set; } - /// - /// When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - /// [Input("includeAuthnStatement")] public Input? IncludeAuthnStatement { get; set; } - /// - /// The login theme of this client. - /// [Input("loginTheme")] public Input? LoginTheme { get; set; } - /// - /// SAML POST Binding URL for the client's single logout service. - /// [Input("logoutServicePostBindingUrl")] public Input? LogoutServicePostBindingUrl { get; set; } - /// - /// SAML Redirect Binding URL for the client's single logout service. - /// [Input("logoutServiceRedirectBindingUrl")] public Input? LogoutServiceRedirectBindingUrl { get; set; } - /// - /// When specified, this URL will be used for all SAML requests. - /// [Input("masterSamlProcessingUrl")] public Input? MasterSamlProcessingUrl { get; set; } - /// - /// The display name of this client in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// Sets the Name ID format for the subject. - /// [Input("nameIdFormat")] public Input? NameIdFormat { get; set; } - /// - /// The realm this client is attached to. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// When specified, this value is prepended to all relative URLs. - /// [Input("rootUrl")] public Input? RootUrl { get; set; } - /// - /// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - /// [Input("signAssertions")] public Input? SignAssertions { get; set; } - /// - /// When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - /// [Input("signDocuments")] public Input? SignDocuments { get; set; } - /// - /// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - /// [Input("signatureAlgorithm")] public Input? SignatureAlgorithm { get; set; } - /// - /// The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - /// [Input("signatureKeyName")] public Input? SignatureKeyName { get; set; } - /// - /// If documents or assertions from the client are signed, this certificate will be used to verify the signature. - /// [Input("signingCertificate")] public Input? SigningCertificate { get; set; } - /// - /// If documents or assertions from the client are signed, this private key will be used to verify the signature. - /// [Input("signingPrivateKey")] public Input? SigningPrivateKey { get; set; } [Input("validRedirectUris")] private InputList? _validRedirectUris; - - /// - /// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - /// public InputList ValidRedirectUris { get => _validRedirectUris ?? (_validRedirectUris = new InputList()); @@ -548,75 +368,39 @@ public ClientArgs() public sealed class ClientState : global::Pulumi.ResourceArgs { - /// - /// SAML POST Binding URL for the client's assertion consumer service (login responses). - /// [Input("assertionConsumerPostUrl")] public Input? AssertionConsumerPostUrl { get; set; } - /// - /// SAML Redirect Binding URL for the client's assertion consumer service (login responses). - /// [Input("assertionConsumerRedirectUrl")] public Input? AssertionConsumerRedirectUrl { get; set; } - /// - /// Override realm authentication flow bindings - /// [Input("authenticationFlowBindingOverrides")] public Input? AuthenticationFlowBindingOverrides { get; set; } - /// - /// When specified, this URL will be used whenever Keycloak needs to link to this client. - /// [Input("baseUrl")] public Input? BaseUrl { get; set; } - /// - /// The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - /// [Input("canonicalizationMethod")] public Input? CanonicalizationMethod { get; set; } - /// - /// The unique ID of this client, referenced in the URI during authentication and in issued tokens. - /// [Input("clientId")] public Input? ClientId { get; set; } - /// - /// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - /// [Input("clientSignatureRequired")] public Input? ClientSignatureRequired { get; set; } - /// - /// The description of this client in the GUI. - /// [Input("description")] public Input? Description { get; set; } - /// - /// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - /// [Input("enabled")] public Input? Enabled { get; set; } - /// - /// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - /// [Input("encryptAssertions")] public Input? EncryptAssertions { get; set; } - /// - /// If assertions for the client are encrypted, this certificate will be used for encryption. - /// [Input("encryptionCertificate")] public Input? EncryptionCertificate { get; set; } - /// - /// (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - /// [Input("encryptionCertificateSha1")] public Input? EncryptionCertificateSha1 { get; set; } @@ -628,150 +412,77 @@ public InputMap ExtraConfig set => _extraConfig = value; } - /// - /// Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - /// [Input("forceNameIdFormat")] public Input? ForceNameIdFormat { get; set; } - /// - /// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - /// [Input("forcePostBinding")] public Input? ForcePostBinding { get; set; } - /// - /// When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - /// [Input("frontChannelLogout")] public Input? FrontChannelLogout { get; set; } - /// - /// Allow to include all roles mappings in the access token - /// [Input("fullScopeAllowed")] public Input? FullScopeAllowed { get; set; } - /// - /// Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - /// [Input("idpInitiatedSsoRelayState")] public Input? IdpInitiatedSsoRelayState { get; set; } - /// - /// URL fragment name to reference client when you want to do IDP Initiated SSO. - /// [Input("idpInitiatedSsoUrlName")] public Input? IdpInitiatedSsoUrlName { get; set; } - /// - /// When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - /// [Input("includeAuthnStatement")] public Input? IncludeAuthnStatement { get; set; } - /// - /// The login theme of this client. - /// [Input("loginTheme")] public Input? LoginTheme { get; set; } - /// - /// SAML POST Binding URL for the client's single logout service. - /// [Input("logoutServicePostBindingUrl")] public Input? LogoutServicePostBindingUrl { get; set; } - /// - /// SAML Redirect Binding URL for the client's single logout service. - /// [Input("logoutServiceRedirectBindingUrl")] public Input? LogoutServiceRedirectBindingUrl { get; set; } - /// - /// When specified, this URL will be used for all SAML requests. - /// [Input("masterSamlProcessingUrl")] public Input? MasterSamlProcessingUrl { get; set; } - /// - /// The display name of this client in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// Sets the Name ID format for the subject. - /// [Input("nameIdFormat")] public Input? NameIdFormat { get; set; } - /// - /// The realm this client is attached to. - /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// When specified, this value is prepended to all relative URLs. - /// [Input("rootUrl")] public Input? RootUrl { get; set; } - /// - /// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - /// [Input("signAssertions")] public Input? SignAssertions { get; set; } - /// - /// When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - /// [Input("signDocuments")] public Input? SignDocuments { get; set; } - /// - /// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - /// [Input("signatureAlgorithm")] public Input? SignatureAlgorithm { get; set; } - /// - /// The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - /// [Input("signatureKeyName")] public Input? SignatureKeyName { get; set; } - /// - /// If documents or assertions from the client are signed, this certificate will be used to verify the signature. - /// [Input("signingCertificate")] public Input? SigningCertificate { get; set; } - /// - /// (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - /// [Input("signingCertificateSha1")] public Input? SigningCertificateSha1 { get; set; } - /// - /// If documents or assertions from the client are signed, this private key will be used to verify the signature. - /// [Input("signingPrivateKey")] public Input? SigningPrivateKey { get; set; } - /// - /// (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - /// [Input("signingPrivateKeySha1")] public Input? SigningPrivateKeySha1 { get; set; } [Input("validRedirectUris")] private InputList? _validRedirectUris; - - /// - /// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - /// public InputList ValidRedirectUris { get => _validRedirectUris ?? (_validRedirectUris = new InputList()); diff --git a/sdk/dotnet/Saml/ClientDefaultScope.cs b/sdk/dotnet/Saml/ClientDefaultScope.cs index f2fb69fc..241d38f3 100644 --- a/sdk/dotnet/Saml/ClientDefaultScope.cs +++ b/sdk/dotnet/Saml/ClientDefaultScope.cs @@ -12,6 +12,7 @@ namespace Pulumi.Keycloak.Saml /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.IO; @@ -56,12 +57,13 @@ namespace Pulumi.Keycloak.Saml /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist /// - /// on the server. + /// on the server. /// [KeycloakResourceType("keycloak:saml/clientDefaultScope:ClientDefaultScope")] public partial class ClientDefaultScope : global::Pulumi.CustomResource diff --git a/sdk/dotnet/Saml/ClientScope.cs b/sdk/dotnet/Saml/ClientScope.cs index f5a043c7..c0b76597 100644 --- a/sdk/dotnet/Saml/ClientScope.cs +++ b/sdk/dotnet/Saml/ClientScope.cs @@ -16,6 +16,7 @@ namespace Pulumi.Keycloak.Saml /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -39,16 +40,17 @@ namespace Pulumi.Keycloak.Saml /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak /// - /// assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + /// assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e diff --git a/sdk/dotnet/Saml/GetClient.cs b/sdk/dotnet/Saml/GetClient.cs index c369aae0..6024ee50 100644 --- a/sdk/dotnet/Saml/GetClient.cs +++ b/sdk/dotnet/Saml/GetClient.cs @@ -14,10 +14,9 @@ public static class GetClient /// /// This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -41,8 +40,7 @@ public static class GetClient /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetClientArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:saml/getClient:getClient", args ?? new GetClientArgs(), options.WithDefaults()); @@ -50,10 +48,9 @@ public static Task InvokeAsync(GetClientArgs args, InvokeOption /// /// This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -77,8 +74,7 @@ public static Task InvokeAsync(GetClientArgs args, InvokeOption /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetClientInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:saml/getClient:getClient", args ?? new GetClientInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/Saml/GetClientInstallationProvider.cs b/sdk/dotnet/Saml/GetClientInstallationProvider.cs index ddbce4c0..bc3053c3 100644 --- a/sdk/dotnet/Saml/GetClientInstallationProvider.cs +++ b/sdk/dotnet/Saml/GetClientInstallationProvider.cs @@ -14,12 +14,11 @@ public static class GetClientInstallationProvider /// /// This data source can be used to retrieve Installation Provider of a SAML Client. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// /// In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.IO; @@ -61,8 +60,7 @@ public static class GetClientInstallationProvider /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetClientInstallationProviderArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:saml/getClientInstallationProvider:getClientInstallationProvider", args ?? new GetClientInstallationProviderArgs(), options.WithDefaults()); @@ -70,12 +68,11 @@ public static Task InvokeAsync(GetClientIns /// /// This data source can be used to retrieve Installation Provider of a SAML Client. /// - /// {{% examples %}} /// ## Example Usage - /// {{% example %}} /// /// In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.IO; @@ -117,8 +114,7 @@ public static Task InvokeAsync(GetClientIns /// /// }); /// ``` - /// {{% /example %}} - /// {{% /examples %}} + /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetClientInstallationProviderInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:saml/getClientInstallationProvider:getClientInstallationProvider", args ?? new GetClientInstallationProviderInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/Saml/IdentityProvider.cs b/sdk/dotnet/Saml/IdentityProvider.cs index a10a292f..4870d763 100644 --- a/sdk/dotnet/Saml/IdentityProvider.cs +++ b/sdk/dotnet/Saml/IdentityProvider.cs @@ -10,12 +10,15 @@ namespace Pulumi.Keycloak.Saml { /// - /// Allows for creating and managing SAML Identity Providers within Keycloak. + /// ## # keycloak.saml.IdentityProvider /// - /// SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol. + /// Allows to create and manage SAML Identity Providers within Keycloak. /// - /// ## Example Usage + /// SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard. /// + /// ### Example Usage + /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -24,96 +27,118 @@ namespace Pulumi.Keycloak.Saml /// /// return await Deployment.RunAsync(() => /// { - /// var realm = new Keycloak.Realm("realm", new() + /// var realmIdentityProvider = new Keycloak.Saml.IdentityProvider("realmIdentityProvider", new() /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var realmSamlIdentityProvider = new Keycloak.Saml.IdentityProvider("realmSamlIdentityProvider", new() - /// { - /// Realm = realm.Id, - /// Alias = "my-saml-idp", - /// EntityId = "https://domain.com/entity_id", - /// SingleSignOnServiceUrl = "https://domain.com/adfs/ls/", - /// SingleLogoutServiceUrl = "https://domain.com/adfs/ls/?wa=wsignout1.0", + /// Alias = "my-idp", /// BackchannelSupported = true, - /// PostBindingResponse = true, - /// PostBindingLogout = true, + /// ForceAuthn = true, /// PostBindingAuthnRequest = true, + /// PostBindingLogout = true, + /// PostBindingResponse = true, + /// Realm = "my-realm", + /// SingleLogoutServiceUrl = "https://domain.com/adfs/ls/?wa=wsignout1.0", + /// SingleSignOnServiceUrl = "https://domain.com/adfs/ls/", /// StoreToken = false, /// TrustEmail = true, - /// ForceAuthn = true, /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. + /// The following arguments are supported: /// - /// Example: + /// - `realm` - (Required) The name of the realm. This is unique across Keycloak. + /// - `alias` - (Optional) The uniq name of identity provider. + /// - `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`. + /// - `display_name` - (Optional) The display name for the realm that is shown when logging in to the admin console. + /// - `store_token` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`. + /// - `add_read_token_role_on_create` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`. + /// - `trust_email` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`. + /// - `link_only` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`. + /// - `hide_on_login_page` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + /// - `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + /// - `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + /// - `authenticate_by_default` - (Optional) Authenticate users by default. Defaults to `false`. /// - /// bash + /// #### SAML Configuration /// - /// ```sh - /// $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp - /// ``` + /// - `single_sign_on_service_url` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest). + /// - `single_logout_service_url` - (Optional) The Url that must be used to send logout requests. + /// - `backchannel_supported` - (Optional) Does the external IDP support back-channel logout ?. + /// - `name_id_policy_format` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + /// - `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + /// - `post_binding_authn_request` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + /// - `post_binding_logout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + /// - `want_assertions_signed` - (Optional) Indicates whether this service provider expects a signed Assertion. + /// - `want_assertions_encrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion. + /// - `force_authn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + /// - `validate_signature` - (Optional) Enable/disable signature validation of SAML responses. + /// - `signing_certificate` - (Optional) Signing Certificate. + /// - `signature_algorithm` - (Optional) Signing Algorithm. Defaults to empty. + /// - `xml_sign_key_info_key_name_transformer` - (Optional) Sign Key Transformer. Defaults to empty. + /// + /// ### Import + /// + /// Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. + /// + /// Example: /// [KeycloakResourceType("keycloak:saml/identityProvider:IdentityProvider")] public partial class IdentityProvider : global::Pulumi.CustomResource { /// - /// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + /// Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. /// [Output("addReadTokenRoleOnCreate")] public Output AddReadTokenRoleOnCreate { get; private set; } = null!; /// - /// The unique name of identity provider. + /// The alias uniquely identifies an identity provider and it is also used to build the redirect uri. /// [Output("alias")] public Output Alias { get; private set; } = null!; /// - /// Authenticate users by default. Defaults to `false`. + /// Enable/disable authenticate users by default. /// [Output("authenticateByDefault")] public Output AuthenticateByDefault { get; private set; } = null!; /// - /// Ordered list of requested AuthnContext ClassRefs. + /// AuthnContext ClassRefs /// [Output("authnContextClassRefs")] public Output> AuthnContextClassRefs { get; private set; } = null!; /// - /// Specifies the comparison method used to evaluate the requested context classes or statements. + /// AuthnContext Comparison /// [Output("authnContextComparisonType")] public Output AuthnContextComparisonType { get; private set; } = null!; /// - /// Ordered list of requested AuthnContext DeclRefs. + /// AuthnContext DeclRefs /// [Output("authnContextDeclRefs")] public Output> AuthnContextDeclRefs { get; private set; } = null!; /// - /// Does the external IDP support backchannel logout?. Defaults to `false`. + /// Does the external IDP support backchannel logout? /// [Output("backchannelSupported")] public Output BackchannelSupported { get; private set; } = null!; /// - /// The display name for the realm that is shown when logging in to the admin console. + /// Friendly name for Identity Providers. /// [Output("displayName")] public Output DisplayName { get; private set; } = null!; /// - /// When `false`, users and clients will not be able to access this realm. Defaults to `true`. + /// Enable/disable this identity provider. /// [Output("enabled")] public Output Enabled { get; private set; } = null!; @@ -128,25 +153,26 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output?> ExtraConfig { get; private set; } = null!; /// - /// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + /// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + /// that there is not yet existing Keycloak account linked with the authenticated identity provider account. /// [Output("firstBrokerLoginFlowAlias")] public Output FirstBrokerLoginFlowAlias { get; private set; } = null!; /// - /// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + /// Require Force Authn. /// [Output("forceAuthn")] public Output ForceAuthn { get; private set; } = null!; /// - /// A number defining the order of this identity provider in the GUI. + /// GUI Order /// [Output("guiOrder")] public Output GuiOrder { get; private set; } = null!; /// - /// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + /// Hide On Login Page. /// [Output("hideOnLoginPage")] public Output HideOnLoginPage { get; private set; } = null!; @@ -158,7 +184,8 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output InternalId { get; private set; } = null!; /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + /// want to allow login from the provider, but want to integrate with a provider /// [Output("linkOnly")] public Output LinkOnly { get; private set; } = null!; @@ -170,61 +197,64 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output LoginHint { get; private set; } = null!; /// - /// Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + /// Name ID Policy Format. /// [Output("nameIdPolicyFormat")] public Output NameIdPolicyFormat { get; private set; } = null!; /// - /// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + /// Post Binding Authn Request. /// [Output("postBindingAuthnRequest")] public Output PostBindingAuthnRequest { get; private set; } = null!; /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + /// Post Binding Logout. /// [Output("postBindingLogout")] public Output PostBindingLogout { get; private set; } = null!; /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + /// Post Binding Response. /// [Output("postBindingResponse")] public Output PostBindingResponse { get; private set; } = null!; /// - /// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + /// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + /// additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + /// you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + /// authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. /// [Output("postBrokerLoginFlowAlias")] public Output PostBrokerLoginFlowAlias { get; private set; } = null!; /// - /// The principal attribute. + /// Principal Attribute /// [Output("principalAttribute")] public Output PrincipalAttribute { get; private set; } = null!; /// - /// The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + /// Principal Type /// [Output("principalType")] public Output PrincipalType { get; private set; } = null!; /// - /// The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + /// provider id, is always saml, unless you have a custom implementation /// [Output("providerId")] public Output ProviderId { get; private set; } = null!; /// - /// The name of the realm. This is unique across Keycloak. + /// Realm Name /// [Output("realm")] public Output Realm { get; private set; } = null!; /// - /// Signing Algorithm. Defaults to empty. + /// Signing Algorithm. /// [Output("signatureAlgorithm")] public Output SignatureAlgorithm { get; private set; } = null!; @@ -236,31 +266,31 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output SigningCertificate { get; private set; } = null!; /// - /// The Url that must be used to send logout requests. + /// Logout URL. /// [Output("singleLogoutServiceUrl")] public Output SingleLogoutServiceUrl { get; private set; } = null!; /// - /// The Url that must be used to send authentication requests (SAML AuthnRequest). + /// SSO Logout URL. /// [Output("singleSignOnServiceUrl")] public Output SingleSignOnServiceUrl { get; private set; } = null!; /// - /// When `true`, tokens will be stored after authenticating users. Defaults to `true`. + /// Enable/disable if tokens must be stored after authenticating users. /// [Output("storeToken")] public Output StoreToken { get; private set; } = null!; /// - /// The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + /// Sync Mode /// [Output("syncMode")] public Output SyncMode { get; private set; } = null!; /// - /// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + /// If enabled then email provided by this provider is not verified even if verification is enabled for the realm. /// [Output("trustEmail")] public Output TrustEmail { get; private set; } = null!; @@ -272,19 +302,19 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output ValidateSignature { get; private set; } = null!; /// - /// Indicates whether this service provider expects an encrypted Assertion. + /// Want Assertions Encrypted. /// [Output("wantAssertionsEncrypted")] public Output WantAssertionsEncrypted { get; private set; } = null!; /// - /// Indicates whether this service provider expects a signed Assertion. + /// Want Assertions Signed. /// [Output("wantAssertionsSigned")] public Output WantAssertionsSigned { get; private set; } = null!; /// - /// The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + /// Sign Key Transformer. /// [Output("xmlSignKeyInfoKeyNameTransformer")] public Output XmlSignKeyInfoKeyNameTransformer { get; private set; } = null!; @@ -336,19 +366,19 @@ public static IdentityProvider Get(string name, Input id, IdentityProvid public sealed class IdentityProviderArgs : global::Pulumi.ResourceArgs { /// - /// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + /// Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. /// [Input("addReadTokenRoleOnCreate")] public Input? AddReadTokenRoleOnCreate { get; set; } /// - /// The unique name of identity provider. + /// The alias uniquely identifies an identity provider and it is also used to build the redirect uri. /// [Input("alias", required: true)] public Input Alias { get; set; } = null!; /// - /// Authenticate users by default. Defaults to `false`. + /// Enable/disable authenticate users by default. /// [Input("authenticateByDefault")] public Input? AuthenticateByDefault { get; set; } @@ -357,7 +387,7 @@ public sealed class IdentityProviderArgs : global::Pulumi.ResourceArgs private InputList? _authnContextClassRefs; /// - /// Ordered list of requested AuthnContext ClassRefs. + /// AuthnContext ClassRefs /// public InputList AuthnContextClassRefs { @@ -366,7 +396,7 @@ public InputList AuthnContextClassRefs } /// - /// Specifies the comparison method used to evaluate the requested context classes or statements. + /// AuthnContext Comparison /// [Input("authnContextComparisonType")] public Input? AuthnContextComparisonType { get; set; } @@ -375,7 +405,7 @@ public InputList AuthnContextClassRefs private InputList? _authnContextDeclRefs; /// - /// Ordered list of requested AuthnContext DeclRefs. + /// AuthnContext DeclRefs /// public InputList AuthnContextDeclRefs { @@ -384,19 +414,19 @@ public InputList AuthnContextDeclRefs } /// - /// Does the external IDP support backchannel logout?. Defaults to `false`. + /// Does the external IDP support backchannel logout? /// [Input("backchannelSupported")] public Input? BackchannelSupported { get; set; } /// - /// The display name for the realm that is shown when logging in to the admin console. + /// Friendly name for Identity Providers. /// [Input("displayName")] public Input? DisplayName { get; set; } /// - /// When `false`, users and clients will not be able to access this realm. Defaults to `true`. + /// Enable/disable this identity provider. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -416,31 +446,33 @@ public InputMap ExtraConfig } /// - /// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + /// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + /// that there is not yet existing Keycloak account linked with the authenticated identity provider account. /// [Input("firstBrokerLoginFlowAlias")] public Input? FirstBrokerLoginFlowAlias { get; set; } /// - /// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + /// Require Force Authn. /// [Input("forceAuthn")] public Input? ForceAuthn { get; set; } /// - /// A number defining the order of this identity provider in the GUI. + /// GUI Order /// [Input("guiOrder")] public Input? GuiOrder { get; set; } /// - /// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + /// Hide On Login Page. /// [Input("hideOnLoginPage")] public Input? HideOnLoginPage { get; set; } /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + /// want to allow login from the provider, but want to integrate with a provider /// [Input("linkOnly")] public Input? LinkOnly { get; set; } @@ -452,61 +484,64 @@ public InputMap ExtraConfig public Input? LoginHint { get; set; } /// - /// Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + /// Name ID Policy Format. /// [Input("nameIdPolicyFormat")] public Input? NameIdPolicyFormat { get; set; } /// - /// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + /// Post Binding Authn Request. /// [Input("postBindingAuthnRequest")] public Input? PostBindingAuthnRequest { get; set; } /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + /// Post Binding Logout. /// [Input("postBindingLogout")] public Input? PostBindingLogout { get; set; } /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + /// Post Binding Response. /// [Input("postBindingResponse")] public Input? PostBindingResponse { get; set; } /// - /// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + /// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + /// additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + /// you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + /// authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. /// [Input("postBrokerLoginFlowAlias")] public Input? PostBrokerLoginFlowAlias { get; set; } /// - /// The principal attribute. + /// Principal Attribute /// [Input("principalAttribute")] public Input? PrincipalAttribute { get; set; } /// - /// The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + /// Principal Type /// [Input("principalType")] public Input? PrincipalType { get; set; } /// - /// The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + /// provider id, is always saml, unless you have a custom implementation /// [Input("providerId")] public Input? ProviderId { get; set; } /// - /// The name of the realm. This is unique across Keycloak. + /// Realm Name /// [Input("realm", required: true)] public Input Realm { get; set; } = null!; /// - /// Signing Algorithm. Defaults to empty. + /// Signing Algorithm. /// [Input("signatureAlgorithm")] public Input? SignatureAlgorithm { get; set; } @@ -518,31 +553,31 @@ public InputMap ExtraConfig public Input? SigningCertificate { get; set; } /// - /// The Url that must be used to send logout requests. + /// Logout URL. /// [Input("singleLogoutServiceUrl")] public Input? SingleLogoutServiceUrl { get; set; } /// - /// The Url that must be used to send authentication requests (SAML AuthnRequest). + /// SSO Logout URL. /// [Input("singleSignOnServiceUrl", required: true)] public Input SingleSignOnServiceUrl { get; set; } = null!; /// - /// When `true`, tokens will be stored after authenticating users. Defaults to `true`. + /// Enable/disable if tokens must be stored after authenticating users. /// [Input("storeToken")] public Input? StoreToken { get; set; } /// - /// The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + /// Sync Mode /// [Input("syncMode")] public Input? SyncMode { get; set; } /// - /// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + /// If enabled then email provided by this provider is not verified even if verification is enabled for the realm. /// [Input("trustEmail")] public Input? TrustEmail { get; set; } @@ -554,19 +589,19 @@ public InputMap ExtraConfig public Input? ValidateSignature { get; set; } /// - /// Indicates whether this service provider expects an encrypted Assertion. + /// Want Assertions Encrypted. /// [Input("wantAssertionsEncrypted")] public Input? WantAssertionsEncrypted { get; set; } /// - /// Indicates whether this service provider expects a signed Assertion. + /// Want Assertions Signed. /// [Input("wantAssertionsSigned")] public Input? WantAssertionsSigned { get; set; } /// - /// The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + /// Sign Key Transformer. /// [Input("xmlSignKeyInfoKeyNameTransformer")] public Input? XmlSignKeyInfoKeyNameTransformer { get; set; } @@ -580,19 +615,19 @@ public IdentityProviderArgs() public sealed class IdentityProviderState : global::Pulumi.ResourceArgs { /// - /// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + /// Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. /// [Input("addReadTokenRoleOnCreate")] public Input? AddReadTokenRoleOnCreate { get; set; } /// - /// The unique name of identity provider. + /// The alias uniquely identifies an identity provider and it is also used to build the redirect uri. /// [Input("alias")] public Input? Alias { get; set; } /// - /// Authenticate users by default. Defaults to `false`. + /// Enable/disable authenticate users by default. /// [Input("authenticateByDefault")] public Input? AuthenticateByDefault { get; set; } @@ -601,7 +636,7 @@ public sealed class IdentityProviderState : global::Pulumi.ResourceArgs private InputList? _authnContextClassRefs; /// - /// Ordered list of requested AuthnContext ClassRefs. + /// AuthnContext ClassRefs /// public InputList AuthnContextClassRefs { @@ -610,7 +645,7 @@ public InputList AuthnContextClassRefs } /// - /// Specifies the comparison method used to evaluate the requested context classes or statements. + /// AuthnContext Comparison /// [Input("authnContextComparisonType")] public Input? AuthnContextComparisonType { get; set; } @@ -619,7 +654,7 @@ public InputList AuthnContextClassRefs private InputList? _authnContextDeclRefs; /// - /// Ordered list of requested AuthnContext DeclRefs. + /// AuthnContext DeclRefs /// public InputList AuthnContextDeclRefs { @@ -628,19 +663,19 @@ public InputList AuthnContextDeclRefs } /// - /// Does the external IDP support backchannel logout?. Defaults to `false`. + /// Does the external IDP support backchannel logout? /// [Input("backchannelSupported")] public Input? BackchannelSupported { get; set; } /// - /// The display name for the realm that is shown when logging in to the admin console. + /// Friendly name for Identity Providers. /// [Input("displayName")] public Input? DisplayName { get; set; } /// - /// When `false`, users and clients will not be able to access this realm. Defaults to `true`. + /// Enable/disable this identity provider. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -660,25 +695,26 @@ public InputMap ExtraConfig } /// - /// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + /// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + /// that there is not yet existing Keycloak account linked with the authenticated identity provider account. /// [Input("firstBrokerLoginFlowAlias")] public Input? FirstBrokerLoginFlowAlias { get; set; } /// - /// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + /// Require Force Authn. /// [Input("forceAuthn")] public Input? ForceAuthn { get; set; } /// - /// A number defining the order of this identity provider in the GUI. + /// GUI Order /// [Input("guiOrder")] public Input? GuiOrder { get; set; } /// - /// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + /// Hide On Login Page. /// [Input("hideOnLoginPage")] public Input? HideOnLoginPage { get; set; } @@ -690,7 +726,8 @@ public InputMap ExtraConfig public Input? InternalId { get; set; } /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + /// want to allow login from the provider, but want to integrate with a provider /// [Input("linkOnly")] public Input? LinkOnly { get; set; } @@ -702,61 +739,64 @@ public InputMap ExtraConfig public Input? LoginHint { get; set; } /// - /// Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + /// Name ID Policy Format. /// [Input("nameIdPolicyFormat")] public Input? NameIdPolicyFormat { get; set; } /// - /// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + /// Post Binding Authn Request. /// [Input("postBindingAuthnRequest")] public Input? PostBindingAuthnRequest { get; set; } /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + /// Post Binding Logout. /// [Input("postBindingLogout")] public Input? PostBindingLogout { get; set; } /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + /// Post Binding Response. /// [Input("postBindingResponse")] public Input? PostBindingResponse { get; set; } /// - /// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + /// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + /// additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + /// you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + /// authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. /// [Input("postBrokerLoginFlowAlias")] public Input? PostBrokerLoginFlowAlias { get; set; } /// - /// The principal attribute. + /// Principal Attribute /// [Input("principalAttribute")] public Input? PrincipalAttribute { get; set; } /// - /// The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + /// Principal Type /// [Input("principalType")] public Input? PrincipalType { get; set; } /// - /// The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + /// provider id, is always saml, unless you have a custom implementation /// [Input("providerId")] public Input? ProviderId { get; set; } /// - /// The name of the realm. This is unique across Keycloak. + /// Realm Name /// [Input("realm")] public Input? Realm { get; set; } /// - /// Signing Algorithm. Defaults to empty. + /// Signing Algorithm. /// [Input("signatureAlgorithm")] public Input? SignatureAlgorithm { get; set; } @@ -768,31 +808,31 @@ public InputMap ExtraConfig public Input? SigningCertificate { get; set; } /// - /// The Url that must be used to send logout requests. + /// Logout URL. /// [Input("singleLogoutServiceUrl")] public Input? SingleLogoutServiceUrl { get; set; } /// - /// The Url that must be used to send authentication requests (SAML AuthnRequest). + /// SSO Logout URL. /// [Input("singleSignOnServiceUrl")] public Input? SingleSignOnServiceUrl { get; set; } /// - /// When `true`, tokens will be stored after authenticating users. Defaults to `true`. + /// Enable/disable if tokens must be stored after authenticating users. /// [Input("storeToken")] public Input? StoreToken { get; set; } /// - /// The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + /// Sync Mode /// [Input("syncMode")] public Input? SyncMode { get; set; } /// - /// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + /// If enabled then email provided by this provider is not verified even if verification is enabled for the realm. /// [Input("trustEmail")] public Input? TrustEmail { get; set; } @@ -804,19 +844,19 @@ public InputMap ExtraConfig public Input? ValidateSignature { get; set; } /// - /// Indicates whether this service provider expects an encrypted Assertion. + /// Want Assertions Encrypted. /// [Input("wantAssertionsEncrypted")] public Input? WantAssertionsEncrypted { get; set; } /// - /// Indicates whether this service provider expects a signed Assertion. + /// Want Assertions Signed. /// [Input("wantAssertionsSigned")] public Input? WantAssertionsSigned { get; set; } /// - /// The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + /// Sign Key Transformer. /// [Input("xmlSignKeyInfoKeyNameTransformer")] public Input? XmlSignKeyInfoKeyNameTransformer { get; set; } diff --git a/sdk/dotnet/Saml/Inputs/ClientAuthenticationFlowBindingOverridesArgs.cs b/sdk/dotnet/Saml/Inputs/ClientAuthenticationFlowBindingOverridesArgs.cs index 493e05fa..e5e416f9 100644 --- a/sdk/dotnet/Saml/Inputs/ClientAuthenticationFlowBindingOverridesArgs.cs +++ b/sdk/dotnet/Saml/Inputs/ClientAuthenticationFlowBindingOverridesArgs.cs @@ -12,15 +12,9 @@ namespace Pulumi.Keycloak.Saml.Inputs public sealed class ClientAuthenticationFlowBindingOverridesArgs : global::Pulumi.ResourceArgs { - /// - /// Browser flow id, (flow needs to exist) - /// [Input("browserId")] public Input? BrowserId { get; set; } - /// - /// Direct grant flow id (flow needs to exist) - /// [Input("directGrantId")] public Input? DirectGrantId { get; set; } diff --git a/sdk/dotnet/Saml/Inputs/ClientAuthenticationFlowBindingOverridesGetArgs.cs b/sdk/dotnet/Saml/Inputs/ClientAuthenticationFlowBindingOverridesGetArgs.cs index 400d9414..72fe041b 100644 --- a/sdk/dotnet/Saml/Inputs/ClientAuthenticationFlowBindingOverridesGetArgs.cs +++ b/sdk/dotnet/Saml/Inputs/ClientAuthenticationFlowBindingOverridesGetArgs.cs @@ -12,15 +12,9 @@ namespace Pulumi.Keycloak.Saml.Inputs public sealed class ClientAuthenticationFlowBindingOverridesGetArgs : global::Pulumi.ResourceArgs { - /// - /// Browser flow id, (flow needs to exist) - /// [Input("browserId")] public Input? BrowserId { get; set; } - /// - /// Direct grant flow id (flow needs to exist) - /// [Input("directGrantId")] public Input? DirectGrantId { get; set; } diff --git a/sdk/dotnet/Saml/Outputs/ClientAuthenticationFlowBindingOverrides.cs b/sdk/dotnet/Saml/Outputs/ClientAuthenticationFlowBindingOverrides.cs index 10e1e40f..b00a4eea 100644 --- a/sdk/dotnet/Saml/Outputs/ClientAuthenticationFlowBindingOverrides.cs +++ b/sdk/dotnet/Saml/Outputs/ClientAuthenticationFlowBindingOverrides.cs @@ -13,13 +13,7 @@ namespace Pulumi.Keycloak.Saml.Outputs [OutputType] public sealed class ClientAuthenticationFlowBindingOverrides { - /// - /// Browser flow id, (flow needs to exist) - /// public readonly string? BrowserId; - /// - /// Direct grant flow id (flow needs to exist) - /// public readonly string? DirectGrantId; [OutputConstructor] diff --git a/sdk/dotnet/Saml/ScriptProtocolMapper.cs b/sdk/dotnet/Saml/ScriptProtocolMapper.cs index 39a2be3b..28dd219b 100644 --- a/sdk/dotnet/Saml/ScriptProtocolMapper.cs +++ b/sdk/dotnet/Saml/ScriptProtocolMapper.cs @@ -19,6 +19,7 @@ namespace Pulumi.Keycloak.Saml /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -50,18 +51,19 @@ namespace Pulumi.Keycloak.Saml /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Protocol mappers can be imported using one of the following formats: /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/dotnet/Saml/UserAttributeProtocolMapper.cs b/sdk/dotnet/Saml/UserAttributeProtocolMapper.cs index d0366621..b3013cba 100644 --- a/sdk/dotnet/Saml/UserAttributeProtocolMapper.cs +++ b/sdk/dotnet/Saml/UserAttributeProtocolMapper.cs @@ -10,16 +10,19 @@ namespace Pulumi.Keycloak.Saml { /// - /// Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak. + /// ## # keycloak.saml.UserAttributeProtocolMapper /// - /// SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute - /// in a SAML assertion. + /// Allows for creating and managing user attribute protocol mappers for + /// SAML clients within Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// SAML user attribute protocol mappers allow you to map custom attributes defined + /// for a user within Keycloak to an attribute in a SAML assertion. Protocol mappers + /// can be defined for a single client, or they can be defined for a client scope which + /// can be shared between multiple different clients. /// - /// ## Example Usage + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,96 +33,74 @@ namespace Pulumi.Keycloak.Saml /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var samlClient = new Keycloak.Saml.Client("samlClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "saml-client", + /// ClientId = "test-saml-client", + /// RealmId = keycloak_realm.Test.Id, /// }); /// /// var samlUserAttributeMapper = new Keycloak.Saml.UserAttributeProtocolMapper("samlUserAttributeMapper", new() /// { - /// RealmId = realm.Id, /// ClientId = samlClient.Id, - /// UserAttribute = "displayName", + /// RealmId = keycloak_realm.Test.Id, /// SamlAttributeName = "displayName", /// SamlAttributeNameFormat = "Unspecified", + /// UserAttribute = "displayName", /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Protocol mappers can be imported using one of the following formats: - /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// The following arguments are supported: /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `user_attribute` - (Required) The custom user attribute to map. + /// - `friendly_name` - (Optional) An optional human-friendly name for this attribute. + /// - `saml_attribute_name` - (Required) The name of the SAML attribute. + /// - `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. /// - /// Example: + /// ### Import /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper")] public partial class UserAttributeProtocolMapper : global::Pulumi.CustomResource { - /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Output("clientId")] public Output ClientId { get; private set; } = null!; - /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; - /// - /// An optional human-friendly name for this attribute. - /// [Output("friendlyName")] public Output FriendlyName { get; private set; } = null!; - /// - /// The display name of this protocol mapper in the GUI. - /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// The realm this protocol mapper exists within. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// The name of the SAML attribute. - /// [Output("samlAttributeName")] public Output SamlAttributeName { get; private set; } = null!; - /// - /// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - /// [Output("samlAttributeNameFormat")] public Output SamlAttributeNameFormat { get; private set; } = null!; - /// - /// The custom user attribute to map. - /// [Output("userAttribute")] public Output UserAttribute { get; private set; } = null!; @@ -169,51 +150,27 @@ public static UserAttributeProtocolMapper Get(string name, Input id, Use public sealed class UserAttributeProtocolMapperArgs : global::Pulumi.ResourceArgs { - /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Input("clientId")] public Input? ClientId { get; set; } - /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } - /// - /// An optional human-friendly name for this attribute. - /// [Input("friendlyName")] public Input? FriendlyName { get; set; } - /// - /// The display name of this protocol mapper in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// The realm this protocol mapper exists within. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// The name of the SAML attribute. - /// [Input("samlAttributeName", required: true)] public Input SamlAttributeName { get; set; } = null!; - /// - /// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - /// [Input("samlAttributeNameFormat", required: true)] public Input SamlAttributeNameFormat { get; set; } = null!; - /// - /// The custom user attribute to map. - /// [Input("userAttribute", required: true)] public Input UserAttribute { get; set; } = null!; @@ -225,51 +182,27 @@ public UserAttributeProtocolMapperArgs() public sealed class UserAttributeProtocolMapperState : global::Pulumi.ResourceArgs { - /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Input("clientId")] public Input? ClientId { get; set; } - /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } - /// - /// An optional human-friendly name for this attribute. - /// [Input("friendlyName")] public Input? FriendlyName { get; set; } - /// - /// The display name of this protocol mapper in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// The realm this protocol mapper exists within. - /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// The name of the SAML attribute. - /// [Input("samlAttributeName")] public Input? SamlAttributeName { get; set; } - /// - /// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - /// [Input("samlAttributeNameFormat")] public Input? SamlAttributeNameFormat { get; set; } - /// - /// The custom user attribute to map. - /// [Input("userAttribute")] public Input? UserAttribute { get; set; } diff --git a/sdk/dotnet/Saml/UserPropertyProtocolMapper.cs b/sdk/dotnet/Saml/UserPropertyProtocolMapper.cs index a15c71bc..49902191 100644 --- a/sdk/dotnet/Saml/UserPropertyProtocolMapper.cs +++ b/sdk/dotnet/Saml/UserPropertyProtocolMapper.cs @@ -10,16 +10,19 @@ namespace Pulumi.Keycloak.Saml { /// - /// Allows for creating and managing user property protocol mappers for SAML clients within Keycloak. + /// ## # keycloak.saml.UserPropertyProtocolMapper /// - /// SAML user property protocol mappers allow you to map properties of the Keycloak - /// user model to an attribute in a SAML assertion. + /// Allows for creating and managing user property protocol mappers for + /// SAML clients within Keycloak. /// - /// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - /// multiple different clients. + /// SAML user property protocol mappers allow you to map properties of the Keycloak + /// user model to an attribute in a SAML assertion. Protocol mappers + /// can be defined for a single client, or they can be defined for a client scope which + /// can be shared between multiple different clients. /// - /// ## Example Usage + /// ### Example Usage (Client) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -30,96 +33,74 @@ namespace Pulumi.Keycloak.Saml /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var samlClient = new Keycloak.Saml.Client("samlClient", new() /// { - /// RealmId = realm.Id, - /// ClientId = "saml-client", + /// ClientId = "test-saml-client", + /// RealmId = keycloak_realm.Test.Id, /// }); /// /// var samlUserPropertyMapper = new Keycloak.Saml.UserPropertyProtocolMapper("samlUserPropertyMapper", new() /// { - /// RealmId = realm.Id, /// ClientId = samlClient.Id, - /// UserProperty = "email", + /// RealmId = keycloak_realm.Test.Id, /// SamlAttributeName = "email", /// SamlAttributeNameFormat = "Unspecified", + /// UserProperty = "email", /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import - /// - /// Protocol mappers can be imported using one of the following formats: + /// ### Argument Reference /// - /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// The following arguments are supported: /// - /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + /// - `realm_id` - (Required) The realm this protocol mapper exists within. + /// - `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to. + /// - `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to. + /// - `name` - (Required) The display name of this protocol mapper in the GUI. + /// - `user_property` - (Required) The property of the Keycloak user model to map. + /// - `friendly_name` - (Optional) An optional human-friendly name for this attribute. + /// - `saml_attribute_name` - (Required) The name of the SAML attribute. + /// - `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. /// - /// Example: + /// ### Import /// - /// bash - /// - /// ```sh - /// $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Protocol mappers can be imported using one of the following formats: + /// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + /// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` /// - /// ```sh - /// $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper")] public partial class UserPropertyProtocolMapper : global::Pulumi.CustomResource { - /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Output("clientId")] public Output ClientId { get; private set; } = null!; - /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Output("clientScopeId")] public Output ClientScopeId { get; private set; } = null!; - /// - /// An optional human-friendly name for this attribute. - /// [Output("friendlyName")] public Output FriendlyName { get; private set; } = null!; - /// - /// The display name of this protocol mapper in the GUI. - /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// The realm this protocol mapper exists within. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// The name of the SAML attribute. - /// [Output("samlAttributeName")] public Output SamlAttributeName { get; private set; } = null!; - /// - /// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - /// [Output("samlAttributeNameFormat")] public Output SamlAttributeNameFormat { get; private set; } = null!; - /// - /// The property of the Keycloak user model to map. - /// [Output("userProperty")] public Output UserProperty { get; private set; } = null!; @@ -169,51 +150,27 @@ public static UserPropertyProtocolMapper Get(string name, Input id, User public sealed class UserPropertyProtocolMapperArgs : global::Pulumi.ResourceArgs { - /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Input("clientId")] public Input? ClientId { get; set; } - /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } - /// - /// An optional human-friendly name for this attribute. - /// [Input("friendlyName")] public Input? FriendlyName { get; set; } - /// - /// The display name of this protocol mapper in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// The realm this protocol mapper exists within. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; - /// - /// The name of the SAML attribute. - /// [Input("samlAttributeName", required: true)] public Input SamlAttributeName { get; set; } = null!; - /// - /// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - /// [Input("samlAttributeNameFormat", required: true)] public Input SamlAttributeNameFormat { get; set; } = null!; - /// - /// The property of the Keycloak user model to map. - /// [Input("userProperty", required: true)] public Input UserProperty { get; set; } = null!; @@ -225,51 +182,27 @@ public UserPropertyProtocolMapperArgs() public sealed class UserPropertyProtocolMapperState : global::Pulumi.ResourceArgs { - /// - /// The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Input("clientId")] public Input? ClientId { get; set; } - /// - /// The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - /// [Input("clientScopeId")] public Input? ClientScopeId { get; set; } - /// - /// An optional human-friendly name for this attribute. - /// [Input("friendlyName")] public Input? FriendlyName { get; set; } - /// - /// The display name of this protocol mapper in the GUI. - /// [Input("name")] public Input? Name { get; set; } - /// - /// The realm this protocol mapper exists within. - /// [Input("realmId")] public Input? RealmId { get; set; } - /// - /// The name of the SAML attribute. - /// [Input("samlAttributeName")] public Input? SamlAttributeName { get; set; } - /// - /// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - /// [Input("samlAttributeNameFormat")] public Input? SamlAttributeNameFormat { get; set; } - /// - /// The property of the Keycloak user model to map. - /// [Input("userProperty")] public Input? UserProperty { get; set; } diff --git a/sdk/dotnet/User.cs b/sdk/dotnet/User.cs index 6765af5e..24a6e235 100644 --- a/sdk/dotnet/User.cs +++ b/sdk/dotnet/User.cs @@ -10,14 +10,17 @@ namespace Pulumi.Keycloak { /// + /// ## # keycloak.User + /// /// Allows for creating and managing Users within Keycloak. /// - /// This resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource. Creating users within - /// Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers - /// or identity providers. + /// This resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource. + /// Creating users within Keycloak is not recommended. Instead, users should be federated from external sources + /// by configuring user federation providers or identity providers. /// - /// ## Example Usage + /// ### Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -28,123 +31,94 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// RealmName = "my-realm", /// Enabled = true, + /// RealmName = "my-realm", /// }); /// /// var user = new Keycloak.User("user", new() /// { - /// RealmId = realm.Id, - /// Username = "bob", - /// Enabled = true, /// Email = "bob@domain.com", + /// Enabled = true, /// FirstName = "Bob", /// LastName = "Bobson", + /// RealmId = realm.Id, + /// Username = "bob", /// }); /// /// var userWithInitialPassword = new Keycloak.User("userWithInitialPassword", new() /// { - /// RealmId = realm.Id, - /// Username = "alice", - /// Enabled = true, /// Email = "alice@domain.com", + /// Enabled = true, /// FirstName = "Alice", - /// LastName = "Aliceberg", - /// Attributes = - /// { - /// { "foo", "bar" }, - /// { "multivalue", "value1##value2" }, - /// }, /// InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs /// { - /// Value = "some password", /// Temporary = true, + /// Value = "some password", /// }, + /// LastName = "Aliceberg", + /// RealmId = realm.Id, + /// Username = "alice", /// }); /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// - /// ## Import + /// ### Argument Reference /// - /// Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + /// The following arguments are supported: /// - /// assigns to the user upon creation. This value can be found in the GUI when editing the user. + /// - `realm_id` - (Required) The realm this user belongs to. + /// - `username` - (Required) The unique username of this user. + /// - `initial_password` (Optional) When given, the user's initial password will be set. + /// This attribute is only respected during initial user creation. + /// - `value` (Required) The initial password. + /// - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`. + /// - `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`. + /// - `email` - (Optional) The user's email. + /// - `first_name` - (Optional) The user's first name. + /// - `last_name` - (Optional) The user's last name. /// - /// Example: + /// ### Import /// - /// bash + /// Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + /// assigns to the user upon creation. This value can be found in the GUI when editing the user. /// - /// ```sh - /// $ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4 - /// ``` + /// Example: /// [KeycloakResourceType("keycloak:index/user:User")] public partial class User : global::Pulumi.CustomResource { - /// - /// A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// [Output("attributes")] public Output?> Attributes { get; private set; } = null!; - /// - /// The user's email. - /// [Output("email")] public Output Email { get; private set; } = null!; - /// - /// Whether the email address was validated or not. Default to `false`. - /// [Output("emailVerified")] public Output EmailVerified { get; private set; } = null!; - /// - /// When false, this user cannot log in. Defaults to `true`. - /// [Output("enabled")] public Output Enabled { get; private set; } = null!; - /// - /// When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - /// [Output("federatedIdentities")] public Output> FederatedIdentities { get; private set; } = null!; - /// - /// The user's first name. - /// [Output("firstName")] public Output FirstName { get; private set; } = null!; - /// - /// When given, the user's initial password will be set. This attribute is only respected during initial user creation. - /// [Output("initialPassword")] public Output InitialPassword { get; private set; } = null!; - /// - /// The user's last name. - /// [Output("lastName")] public Output LastName { get; private set; } = null!; - /// - /// The realm this user belongs to. - /// [Output("realmId")] public Output RealmId { get; private set; } = null!; - /// - /// A list of required user actions. - /// [Output("requiredActions")] public Output> RequiredActions { get; private set; } = null!; - /// - /// The unique username of this user. - /// [Output("username")] public Output Username { get; private set; } = null!; @@ -196,85 +170,49 @@ public sealed class UserArgs : global::Pulumi.ResourceArgs { [Input("attributes")] private InputMap? _attributes; - - /// - /// A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// public InputMap Attributes { get => _attributes ?? (_attributes = new InputMap()); set => _attributes = value; } - /// - /// The user's email. - /// [Input("email")] public Input? Email { get; set; } - /// - /// Whether the email address was validated or not. Default to `false`. - /// [Input("emailVerified")] public Input? EmailVerified { get; set; } - /// - /// When false, this user cannot log in. Defaults to `true`. - /// [Input("enabled")] public Input? Enabled { get; set; } [Input("federatedIdentities")] private InputList? _federatedIdentities; - - /// - /// When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - /// public InputList FederatedIdentities { get => _federatedIdentities ?? (_federatedIdentities = new InputList()); set => _federatedIdentities = value; } - /// - /// The user's first name. - /// [Input("firstName")] public Input? FirstName { get; set; } - /// - /// When given, the user's initial password will be set. This attribute is only respected during initial user creation. - /// [Input("initialPassword")] public Input? InitialPassword { get; set; } - /// - /// The user's last name. - /// [Input("lastName")] public Input? LastName { get; set; } - /// - /// The realm this user belongs to. - /// [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; [Input("requiredActions")] private InputList? _requiredActions; - - /// - /// A list of required user actions. - /// public InputList RequiredActions { get => _requiredActions ?? (_requiredActions = new InputList()); set => _requiredActions = value; } - /// - /// The unique username of this user. - /// [Input("username", required: true)] public Input Username { get; set; } = null!; @@ -288,85 +226,49 @@ public sealed class UserState : global::Pulumi.ResourceArgs { [Input("attributes")] private InputMap? _attributes; - - /// - /// A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - /// public InputMap Attributes { get => _attributes ?? (_attributes = new InputMap()); set => _attributes = value; } - /// - /// The user's email. - /// [Input("email")] public Input? Email { get; set; } - /// - /// Whether the email address was validated or not. Default to `false`. - /// [Input("emailVerified")] public Input? EmailVerified { get; set; } - /// - /// When false, this user cannot log in. Defaults to `true`. - /// [Input("enabled")] public Input? Enabled { get; set; } [Input("federatedIdentities")] private InputList? _federatedIdentities; - - /// - /// When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - /// public InputList FederatedIdentities { get => _federatedIdentities ?? (_federatedIdentities = new InputList()); set => _federatedIdentities = value; } - /// - /// The user's first name. - /// [Input("firstName")] public Input? FirstName { get; set; } - /// - /// When given, the user's initial password will be set. This attribute is only respected during initial user creation. - /// [Input("initialPassword")] public Input? InitialPassword { get; set; } - /// - /// The user's last name. - /// [Input("lastName")] public Input? LastName { get; set; } - /// - /// The realm this user belongs to. - /// [Input("realmId")] public Input? RealmId { get; set; } [Input("requiredActions")] private InputList? _requiredActions; - - /// - /// A list of required user actions. - /// public InputList RequiredActions { get => _requiredActions ?? (_requiredActions = new InputList()); set => _requiredActions = value; } - /// - /// The unique username of this user. - /// [Input("username")] public Input? Username { get; set; } diff --git a/sdk/dotnet/UserGroups.cs b/sdk/dotnet/UserGroups.cs index b40d48cc..c3bb5b91 100644 --- a/sdk/dotnet/UserGroups.cs +++ b/sdk/dotnet/UserGroups.cs @@ -16,7 +16,9 @@ namespace Pulumi.Keycloak /// If `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `keycloak.UserGroups` for the same `user_id`. /// /// ## Example Usage + /// /// ### Exhaustive Groups) + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -54,7 +56,10 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Non Exhaustive Groups) + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -109,12 +114,13 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// This resource does not support import. Instead of importing, feel free to create this resource /// - /// as if it did not already exist on the server. + /// as if it did not already exist on the server. /// [KeycloakResourceType("keycloak:index/userGroups:UserGroups")] public partial class UserGroups : global::Pulumi.CustomResource diff --git a/sdk/dotnet/UserRoles.cs b/sdk/dotnet/UserRoles.cs index c039b022..e16ec1c4 100644 --- a/sdk/dotnet/UserRoles.cs +++ b/sdk/dotnet/UserRoles.cs @@ -20,8 +20,10 @@ namespace Pulumi.Keycloak /// a role and a composite that includes that role to the same user. /// /// ## Example Usage + /// /// ### Exhaustive Roles) /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -80,16 +82,17 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// This resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak /// - /// assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. + /// assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924 diff --git a/sdk/dotnet/UserTemplateImporterIdentityProviderMapper.cs b/sdk/dotnet/UserTemplateImporterIdentityProviderMapper.cs index 7c906743..921a373d 100644 --- a/sdk/dotnet/UserTemplateImporterIdentityProviderMapper.cs +++ b/sdk/dotnet/UserTemplateImporterIdentityProviderMapper.cs @@ -20,6 +20,7 @@ namespace Pulumi.Keycloak /// /// ## Example Usage /// + /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -58,16 +59,17 @@ namespace Pulumi.Keycloak /// /// }); /// ``` + /// <!--End PulumiCodeChooser --> /// /// ## Import /// /// Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak /// - /// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + /// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. /// - /// Example: + /// Example: /// - /// bash + /// bash /// /// ```sh /// $ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/dotnet/UsersPermissions.cs b/sdk/dotnet/UsersPermissions.cs index 990d2ab5..4c93c9aa 100644 --- a/sdk/dotnet/UsersPermissions.cs +++ b/sdk/dotnet/UsersPermissions.cs @@ -23,35 +23,6 @@ namespace Pulumi.Keycloak /// 4. Create all scope based permission for the scopes and users resources. /// /// > This resource should only be created once per realm. - /// - /// ## Example Usage - /// ### Argument Reference - /// - /// The following arguments are supported: - /// - /// - `realm_id` - (Required) The realm in which to manage fine-grained user permissions. - /// - /// Each of the scopes that can be managed are defined below: - /// - /// - `view_scope` - (Optional) When specified, set the scope based view permission. - /// - `manage_scope` - (Optional) When specified, set the scope based manage permission. - /// - `map_roles_scope` - (Optional) When specified, set the scope based map_roles permission. - /// - `manage_group_membership_scope` - (Optional) When specified, set the scope based manage_group_membership permission. - /// - `impersonate_scope` - (Optional) When specified, set the scope based impersonate permission. - /// - `user_impersonated_scope` - (Optional) When specified, set the scope based user_impersonated permission. - /// - /// The configuration block for each of these scopes supports the following arguments: - /// - /// - `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID. - /// - `description` - (Optional) Description of the permission. - /// - `decision_strategy` - (Optional) Decision strategy of the permission. - /// - /// ### Attributes Reference - /// - /// In addition to the arguments listed above, the following computed attributes are exported: - /// - /// - `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`. - /// - `authorization_resource_server_id` - Resource server id representing the realm management client on which these permissions are managed. /// [KeycloakResourceType("keycloak:index/usersPermissions:UsersPermissions")] public partial class UsersPermissions : global::Pulumi.CustomResource diff --git a/sdk/go.mod b/sdk/go.mod index 1782cea8..5f8b7000 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/blang/semver v3.5.1+incompatible - github.com/pulumi/pulumi/sdk/v3 v3.107.0 + github.com/pulumi/pulumi/sdk/v3 v3.108.1 ) require ( @@ -32,6 +32,7 @@ require ( github.com/golang/glog v1.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect diff --git a/sdk/go.sum b/sdk/go.sum index e0318b57..69dbe19d 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -75,6 +75,8 @@ github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -148,8 +150,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= -github.com/pulumi/pulumi/sdk/v3 v3.107.0 h1:bef+ayh9+4KkAqXih4EjlHfQXRY24NWPwWBIQhBxTjg= -github.com/pulumi/pulumi/sdk/v3 v3.107.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/sdk/v3 v3.108.1 h1:5idjc3JmzToYVizRPbFyjJ5UU4AbExd04pcSP9AhPEc= +github.com/pulumi/pulumi/sdk/v3 v3.108.1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= diff --git a/sdk/go/keycloak/attributeImporterIdentityProviderMapper.go b/sdk/go/keycloak/attributeImporterIdentityProviderMapper.go index 0cbee6bc..aaa4e112 100644 --- a/sdk/go/keycloak/attributeImporterIdentityProviderMapper.go +++ b/sdk/go/keycloak/attributeImporterIdentityProviderMapper.go @@ -12,57 +12,30 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing an attribute importer identity provider mapper within Keycloak. +// ## # AttributeImporterIdentityProviderMapper // -// The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user: -// - For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user. -// - For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user. -// - For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user. +// Allows to create and manage identity provider mappers within Keycloak. // -// > If you are using Keycloak 10 or higher, you will need to specify the `extraConfig` argument in order to define a `syncMode` for the mapper. -// -// ## Example Usage +// ### Example Usage // +// // ```go // package main // // import ( // // "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc" // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// oidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, "oidcIdentityProvider", &oidc.IdentityProviderArgs{ -// Realm: realm.ID(), -// Alias: pulumi.String("oidc"), -// AuthorizationUrl: pulumi.String("https://example.com/auth"), -// TokenUrl: pulumi.String("https://example.com/token"), -// ClientId: pulumi.String("example_id"), -// ClientSecret: pulumi.String("example_token"), -// DefaultScopes: pulumi.String("openid random profile"), -// }) -// if err != nil { -// return err -// } -// _, err = keycloak.NewAttributeImporterIdentityProviderMapper(ctx, "oidcAttributeImporterIdentityProviderMapper", &keycloak.AttributeImporterIdentityProviderMapperArgs{ -// Realm: realm.ID(), -// ClaimName: pulumi.String("my-email-claim"), -// IdentityProviderAlias: oidcIdentityProvider.Alias, -// UserAttribute: pulumi.String("email"), -// ExtraConfig: pulumi.Map{ -// "syncMode": pulumi.Any("INHERIT"), -// }, +// _, err := keycloak.NewAttributeImporterIdentityProviderMapper(ctx, "testMapper", &keycloak.AttributeImporterIdentityProviderMapperArgs{ +// AttributeName: pulumi.String("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"), +// IdentityProviderAlias: pulumi.String("idp_alias"), +// Realm: pulumi.String("my-realm"), +// UserAttribute: pulumi.String("lastName"), // }) // if err != nil { // return err @@ -72,38 +45,43 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak +// The following arguments are supported: // -// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. +// - `realm` - (Required) The name of the realm. +// - `name` - (Required) The name of the mapper. +// - `identityProviderAlias` - (Required) The alias of the associated identity provider. +// - `userAttribute` - (Required) The user attribute name to store SAML attribute. +// - `attributeName` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead. +// - `attributeFriendlyName` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead. +// - `claimName` - (Optional) The claim name. // -// Example: +// ### Import // -// bash +// Identity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idpAlias` is the identity provider alias, and `idpMapperId` is the unique ID that Keycloak +// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. // -// ```sh -// $ pulumi import keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b -// ``` +// Example: type AttributeImporterIdentityProviderMapper struct { pulumi.CustomResourceState - // For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. + // Attribute Friendly Name AttributeFriendlyName pulumi.StringPtrOutput `pulumi:"attributeFriendlyName"` - // For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. + // Attribute Name AttributeName pulumi.StringPtrOutput `pulumi:"attributeName"` - // For OIDC based providers, this is the name of the claim to use. - ClaimName pulumi.StringPtrOutput `pulumi:"claimName"` - // Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` - // The alias of the associated identity provider. + // Claim Name + ClaimName pulumi.StringPtrOutput `pulumi:"claimName"` + ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` + // IDP Alias IdentityProviderAlias pulumi.StringOutput `pulumi:"identityProviderAlias"` - // The name of the mapper. + // IDP Mapper Name Name pulumi.StringOutput `pulumi:"name"` - // The name of the realm. + // Realm Name Realm pulumi.StringOutput `pulumi:"realm"` - // The user attribute or property name to store the mapped result. + // User Attribute UserAttribute pulumi.StringOutput `pulumi:"userAttribute"` } @@ -146,40 +124,38 @@ func GetAttributeImporterIdentityProviderMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering AttributeImporterIdentityProviderMapper resources. type attributeImporterIdentityProviderMapperState struct { - // For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. + // Attribute Friendly Name AttributeFriendlyName *string `pulumi:"attributeFriendlyName"` - // For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. + // Attribute Name AttributeName *string `pulumi:"attributeName"` - // For OIDC based providers, this is the name of the claim to use. - ClaimName *string `pulumi:"claimName"` - // Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. + // Claim Name + ClaimName *string `pulumi:"claimName"` ExtraConfig map[string]interface{} `pulumi:"extraConfig"` - // The alias of the associated identity provider. + // IDP Alias IdentityProviderAlias *string `pulumi:"identityProviderAlias"` - // The name of the mapper. + // IDP Mapper Name Name *string `pulumi:"name"` - // The name of the realm. + // Realm Name Realm *string `pulumi:"realm"` - // The user attribute or property name to store the mapped result. + // User Attribute UserAttribute *string `pulumi:"userAttribute"` } type AttributeImporterIdentityProviderMapperState struct { - // For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. + // Attribute Friendly Name AttributeFriendlyName pulumi.StringPtrInput - // For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. + // Attribute Name AttributeName pulumi.StringPtrInput - // For OIDC based providers, this is the name of the claim to use. - ClaimName pulumi.StringPtrInput - // Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. + // Claim Name + ClaimName pulumi.StringPtrInput ExtraConfig pulumi.MapInput - // The alias of the associated identity provider. + // IDP Alias IdentityProviderAlias pulumi.StringPtrInput - // The name of the mapper. + // IDP Mapper Name Name pulumi.StringPtrInput - // The name of the realm. + // Realm Name Realm pulumi.StringPtrInput - // The user attribute or property name to store the mapped result. + // User Attribute UserAttribute pulumi.StringPtrInput } @@ -188,41 +164,39 @@ func (AttributeImporterIdentityProviderMapperState) ElementType() reflect.Type { } type attributeImporterIdentityProviderMapperArgs struct { - // For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. + // Attribute Friendly Name AttributeFriendlyName *string `pulumi:"attributeFriendlyName"` - // For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. + // Attribute Name AttributeName *string `pulumi:"attributeName"` - // For OIDC based providers, this is the name of the claim to use. - ClaimName *string `pulumi:"claimName"` - // Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. + // Claim Name + ClaimName *string `pulumi:"claimName"` ExtraConfig map[string]interface{} `pulumi:"extraConfig"` - // The alias of the associated identity provider. + // IDP Alias IdentityProviderAlias string `pulumi:"identityProviderAlias"` - // The name of the mapper. + // IDP Mapper Name Name *string `pulumi:"name"` - // The name of the realm. + // Realm Name Realm string `pulumi:"realm"` - // The user attribute or property name to store the mapped result. + // User Attribute UserAttribute string `pulumi:"userAttribute"` } // The set of arguments for constructing a AttributeImporterIdentityProviderMapper resource. type AttributeImporterIdentityProviderMapperArgs struct { - // For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. + // Attribute Friendly Name AttributeFriendlyName pulumi.StringPtrInput - // For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. + // Attribute Name AttributeName pulumi.StringPtrInput - // For OIDC based providers, this is the name of the claim to use. - ClaimName pulumi.StringPtrInput - // Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. + // Claim Name + ClaimName pulumi.StringPtrInput ExtraConfig pulumi.MapInput - // The alias of the associated identity provider. + // IDP Alias IdentityProviderAlias pulumi.StringInput - // The name of the mapper. + // IDP Mapper Name Name pulumi.StringPtrInput - // The name of the realm. + // Realm Name Realm pulumi.StringInput - // The user attribute or property name to store the mapped result. + // User Attribute UserAttribute pulumi.StringInput } @@ -313,44 +287,43 @@ func (o AttributeImporterIdentityProviderMapperOutput) ToAttributeImporterIdenti return o } -// For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. +// Attribute Friendly Name func (o AttributeImporterIdentityProviderMapperOutput) AttributeFriendlyName() pulumi.StringPtrOutput { return o.ApplyT(func(v *AttributeImporterIdentityProviderMapper) pulumi.StringPtrOutput { return v.AttributeFriendlyName }).(pulumi.StringPtrOutput) } -// For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. +// Attribute Name func (o AttributeImporterIdentityProviderMapperOutput) AttributeName() pulumi.StringPtrOutput { return o.ApplyT(func(v *AttributeImporterIdentityProviderMapper) pulumi.StringPtrOutput { return v.AttributeName }).(pulumi.StringPtrOutput) } -// For OIDC based providers, this is the name of the claim to use. +// Claim Name func (o AttributeImporterIdentityProviderMapperOutput) ClaimName() pulumi.StringPtrOutput { return o.ApplyT(func(v *AttributeImporterIdentityProviderMapper) pulumi.StringPtrOutput { return v.ClaimName }).(pulumi.StringPtrOutput) } -// Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. func (o AttributeImporterIdentityProviderMapperOutput) ExtraConfig() pulumi.MapOutput { return o.ApplyT(func(v *AttributeImporterIdentityProviderMapper) pulumi.MapOutput { return v.ExtraConfig }).(pulumi.MapOutput) } -// The alias of the associated identity provider. +// IDP Alias func (o AttributeImporterIdentityProviderMapperOutput) IdentityProviderAlias() pulumi.StringOutput { return o.ApplyT(func(v *AttributeImporterIdentityProviderMapper) pulumi.StringOutput { return v.IdentityProviderAlias }).(pulumi.StringOutput) } -// The name of the mapper. +// IDP Mapper Name func (o AttributeImporterIdentityProviderMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *AttributeImporterIdentityProviderMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The name of the realm. +// Realm Name func (o AttributeImporterIdentityProviderMapperOutput) Realm() pulumi.StringOutput { return o.ApplyT(func(v *AttributeImporterIdentityProviderMapper) pulumi.StringOutput { return v.Realm }).(pulumi.StringOutput) } -// The user attribute or property name to store the mapped result. +// User Attribute func (o AttributeImporterIdentityProviderMapperOutput) UserAttribute() pulumi.StringOutput { return o.ApplyT(func(v *AttributeImporterIdentityProviderMapper) pulumi.StringOutput { return v.UserAttribute }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/attributeToRoleIdentityMapper.go b/sdk/go/keycloak/attributeToRoleIdentityMapper.go index a94f6e8b..3fded273 100644 --- a/sdk/go/keycloak/attributeToRoleIdentityMapper.go +++ b/sdk/go/keycloak/attributeToRoleIdentityMapper.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -75,16 +76,17 @@ import ( // } // // ``` +// // // ## Import // // Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak // -// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. +// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/go/keycloak/authentication/bindings.go b/sdk/go/keycloak/authentication/bindings.go index 58fc2da5..a9392634 100644 --- a/sdk/go/keycloak/authentication/bindings.go +++ b/sdk/go/keycloak/authentication/bindings.go @@ -28,6 +28,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -89,6 +90,7 @@ import ( // } // // ``` +// type Bindings struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/authentication/execution.go b/sdk/go/keycloak/authentication/execution.go index a38b1c5b..696e5dcb 100644 --- a/sdk/go/keycloak/authentication/execution.go +++ b/sdk/go/keycloak/authentication/execution.go @@ -21,6 +21,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -75,14 +76,15 @@ import ( // } // // ``` +// // // ## Import // // Authentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/go/keycloak/authentication/executionConfig.go b/sdk/go/keycloak/authentication/executionConfig.go index e193e333..67134481 100644 --- a/sdk/go/keycloak/authentication/executionConfig.go +++ b/sdk/go/keycloak/authentication/executionConfig.go @@ -17,6 +17,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -68,18 +69,19 @@ import ( // } // // ``` +// // // ## Import // // Configurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`. // -// If the `authenticationExecutionId` is incorrect, the import will still be successful. +// If the `authenticationExecutionId` is incorrect, the import will still be successful. // -// A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. +// A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:authentication/executionConfig:ExecutionConfig config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/go/keycloak/authentication/flow.go b/sdk/go/keycloak/authentication/flow.go index a00fac8b..dd303705 100644 --- a/sdk/go/keycloak/authentication/flow.go +++ b/sdk/go/keycloak/authentication/flow.go @@ -20,6 +20,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -61,22 +62,23 @@ import ( // } // // ``` +// // // ## Import // // Authentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is // -// typically a GUID which is autogenerated when the flow is created via Keycloak. +// typically a GUID which is autogenerated when the flow is created via Keycloak. // -// Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the +// Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the // -// "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, +// "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, // -// which will be a list of authentication flows. +// which will be a list of authentication flows. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:authentication/flow:Flow flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1 diff --git a/sdk/go/keycloak/authentication/subflow.go b/sdk/go/keycloak/authentication/subflow.go index 272c0a0a..3937a2da 100644 --- a/sdk/go/keycloak/authentication/subflow.go +++ b/sdk/go/keycloak/authentication/subflow.go @@ -19,6 +19,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -61,24 +62,25 @@ import ( // } // // ``` +// // // ## Import // // Authentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`. // -// The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. +// The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. // -// Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the +// Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the // -// "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to +// "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to // -// `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. +// `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. // -// __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). +// __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/"Parent Flow"/3bad1172-bb5c-4a77-9615-c2606eb03081 diff --git a/sdk/go/keycloak/customIdentityProviderMapping.go b/sdk/go/keycloak/customIdentityProviderMapping.go index 70056b33..7d2b2b22 100644 --- a/sdk/go/keycloak/customIdentityProviderMapping.go +++ b/sdk/go/keycloak/customIdentityProviderMapping.go @@ -14,6 +14,7 @@ import ( // ## Example Usage // +// // ```go // package main // @@ -64,16 +65,17 @@ import ( // } // // ``` +// // // ## Import // // Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak // -// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. +// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b @@ -85,7 +87,7 @@ type CustomIdentityProviderMapping struct { ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` // The alias of the associated identity provider. IdentityProviderAlias pulumi.StringOutput `pulumi:"identityProviderAlias"` - // The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + // The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. IdentityProviderMapper pulumi.StringOutput `pulumi:"identityProviderMapper"` // The name of the mapper. Name pulumi.StringOutput `pulumi:"name"` @@ -136,7 +138,7 @@ type customIdentityProviderMappingState struct { ExtraConfig map[string]interface{} `pulumi:"extraConfig"` // The alias of the associated identity provider. IdentityProviderAlias *string `pulumi:"identityProviderAlias"` - // The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + // The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. IdentityProviderMapper *string `pulumi:"identityProviderMapper"` // The name of the mapper. Name *string `pulumi:"name"` @@ -149,7 +151,7 @@ type CustomIdentityProviderMappingState struct { ExtraConfig pulumi.MapInput // The alias of the associated identity provider. IdentityProviderAlias pulumi.StringPtrInput - // The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + // The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. IdentityProviderMapper pulumi.StringPtrInput // The name of the mapper. Name pulumi.StringPtrInput @@ -166,7 +168,7 @@ type customIdentityProviderMappingArgs struct { ExtraConfig map[string]interface{} `pulumi:"extraConfig"` // The alias of the associated identity provider. IdentityProviderAlias string `pulumi:"identityProviderAlias"` - // The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + // The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. IdentityProviderMapper string `pulumi:"identityProviderMapper"` // The name of the mapper. Name *string `pulumi:"name"` @@ -180,7 +182,7 @@ type CustomIdentityProviderMappingArgs struct { ExtraConfig pulumi.MapInput // The alias of the associated identity provider. IdentityProviderAlias pulumi.StringInput - // The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + // The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. IdentityProviderMapper pulumi.StringInput // The name of the mapper. Name pulumi.StringPtrInput @@ -285,7 +287,7 @@ func (o CustomIdentityProviderMappingOutput) IdentityProviderAlias() pulumi.Stri return o.ApplyT(func(v *CustomIdentityProviderMapping) pulumi.StringOutput { return v.IdentityProviderAlias }).(pulumi.StringOutput) } -// The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. +// The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. func (o CustomIdentityProviderMappingOutput) IdentityProviderMapper() pulumi.StringOutput { return o.ApplyT(func(v *CustomIdentityProviderMapping) pulumi.StringOutput { return v.IdentityProviderMapper }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/customUserFederation.go b/sdk/go/keycloak/customUserFederation.go index 88278ab8..d0ee1061 100644 --- a/sdk/go/keycloak/customUserFederation.go +++ b/sdk/go/keycloak/customUserFederation.go @@ -12,13 +12,17 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # CustomUserFederation +// // Allows for creating and managing custom user federation providers within Keycloak. // -// A custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). +// A custom user federation provider is an implementation of Keycloak's +// [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). // An example of this implementation can be found here. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -32,21 +36,16 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("test"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("test"), // }) // if err != nil { // return err // } // _, err = keycloak.NewCustomUserFederation(ctx, "customUserFederation", &keycloak.CustomUserFederationArgs{ -// RealmId: realm.ID(), -// ProviderId: pulumi.String("custom"), // Enabled: pulumi.Bool(true), -// Config: pulumi.Map{ -// "dummyString": pulumi.Any("foobar"), -// "dummyBool": pulumi.Any(true), -// "multivalue": pulumi.Any("value1##value2"), -// }, +// ProviderId: pulumi.String("custom"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -56,40 +55,45 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. +// The following arguments are supported: // -// The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: +// - `realmId` - (Required) The realm that this provider will provide user federation for. +// - `name` - (Required) Display name of the provider when displayed in the console. +// - `providerId` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. +// - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. +// - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. +// - `cachePolicy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:index/customUserFederation:CustomUserFederation custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 -// ``` +// Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. +// The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: type CustomUserFederation struct { pulumi.CustomResourceState - // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. CachePolicy pulumi.StringPtrOutput `pulumi:"cachePolicy"` - // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + // sync. ChangedSyncPeriod pulumi.IntPtrOutput `pulumi:"changedSyncPeriod"` - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - Config pulumi.MapOutput `pulumi:"config"` - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + Config pulumi.MapOutput `pulumi:"config"` + // When false, this provider will not be used when performing queries for users. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` // How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrOutput `pulumi:"fullSyncPeriod"` // Display name of the provider when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` - // Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. + // The parent_id of the generated component. will use realm_id if not specified. ParentId pulumi.StringOutput `pulumi:"parentId"` - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority pulumi.IntPtrOutput `pulumi:"priority"` - // The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + // The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + // interface ProviderId pulumi.StringOutput `pulumi:"providerId"` - // The realm that this provider will provide user federation for. + // The realm (name) this provider will provide user federation for. RealmId pulumi.StringOutput `pulumi:"realmId"` } @@ -129,48 +133,48 @@ func GetCustomUserFederation(ctx *pulumi.Context, // Input properties used for looking up and filtering CustomUserFederation resources. type customUserFederationState struct { - // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. CachePolicy *string `pulumi:"cachePolicy"` - // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - ChangedSyncPeriod *int `pulumi:"changedSyncPeriod"` - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - Config map[string]interface{} `pulumi:"config"` - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + // sync. + ChangedSyncPeriod *int `pulumi:"changedSyncPeriod"` + Config map[string]interface{} `pulumi:"config"` + // When false, this provider will not be used when performing queries for users. Enabled *bool `pulumi:"enabled"` // How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod *int `pulumi:"fullSyncPeriod"` // Display name of the provider when displayed in the console. Name *string `pulumi:"name"` - // Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. + // The parent_id of the generated component. will use realm_id if not specified. ParentId *string `pulumi:"parentId"` - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority *int `pulumi:"priority"` - // The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + // The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + // interface ProviderId *string `pulumi:"providerId"` - // The realm that this provider will provide user federation for. + // The realm (name) this provider will provide user federation for. RealmId *string `pulumi:"realmId"` } type CustomUserFederationState struct { - // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. CachePolicy pulumi.StringPtrInput - // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + // sync. ChangedSyncPeriod pulumi.IntPtrInput - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - Config pulumi.MapInput - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + Config pulumi.MapInput + // When false, this provider will not be used when performing queries for users. Enabled pulumi.BoolPtrInput // How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrInput // Display name of the provider when displayed in the console. Name pulumi.StringPtrInput - // Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. + // The parent_id of the generated component. will use realm_id if not specified. ParentId pulumi.StringPtrInput - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority pulumi.IntPtrInput - // The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + // The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + // interface ProviderId pulumi.StringPtrInput - // The realm that this provider will provide user federation for. + // The realm (name) this provider will provide user federation for. RealmId pulumi.StringPtrInput } @@ -179,49 +183,49 @@ func (CustomUserFederationState) ElementType() reflect.Type { } type customUserFederationArgs struct { - // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. CachePolicy *string `pulumi:"cachePolicy"` - // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - ChangedSyncPeriod *int `pulumi:"changedSyncPeriod"` - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - Config map[string]interface{} `pulumi:"config"` - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + // sync. + ChangedSyncPeriod *int `pulumi:"changedSyncPeriod"` + Config map[string]interface{} `pulumi:"config"` + // When false, this provider will not be used when performing queries for users. Enabled *bool `pulumi:"enabled"` // How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod *int `pulumi:"fullSyncPeriod"` // Display name of the provider when displayed in the console. Name *string `pulumi:"name"` - // Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. + // The parent_id of the generated component. will use realm_id if not specified. ParentId *string `pulumi:"parentId"` - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority *int `pulumi:"priority"` - // The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + // The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + // interface ProviderId string `pulumi:"providerId"` - // The realm that this provider will provide user federation for. + // The realm (name) this provider will provide user federation for. RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a CustomUserFederation resource. type CustomUserFederationArgs struct { - // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. CachePolicy pulumi.StringPtrInput - // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + // sync. ChangedSyncPeriod pulumi.IntPtrInput - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - Config pulumi.MapInput - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + Config pulumi.MapInput + // When false, this provider will not be used when performing queries for users. Enabled pulumi.BoolPtrInput // How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrInput // Display name of the provider when displayed in the console. Name pulumi.StringPtrInput - // Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. + // The parent_id of the generated component. will use realm_id if not specified. ParentId pulumi.StringPtrInput - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority pulumi.IntPtrInput - // The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + // The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + // interface ProviderId pulumi.StringInput - // The realm that this provider will provide user federation for. + // The realm (name) this provider will provide user federation for. RealmId pulumi.StringInput } @@ -312,22 +316,21 @@ func (o CustomUserFederationOutput) ToCustomUserFederationOutputWithContext(ctx return o } -// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. func (o CustomUserFederationOutput) CachePolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.StringPtrOutput { return v.CachePolicy }).(pulumi.StringPtrOutput) } -// How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. +// How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users +// sync. func (o CustomUserFederationOutput) ChangedSyncPeriod() pulumi.IntPtrOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.IntPtrOutput { return v.ChangedSyncPeriod }).(pulumi.IntPtrOutput) } -// The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. func (o CustomUserFederationOutput) Config() pulumi.MapOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.MapOutput { return v.Config }).(pulumi.MapOutput) } -// When `false`, this provider will not be used when performing queries for users. Defaults to `true`. +// When false, this provider will not be used when performing queries for users. func (o CustomUserFederationOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } @@ -342,22 +345,23 @@ func (o CustomUserFederationOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. +// The parent_id of the generated component. will use realm_id if not specified. func (o CustomUserFederationOutput) ParentId() pulumi.StringOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.StringOutput { return v.ParentId }).(pulumi.StringOutput) } -// Priority of this provider when looking up users. Lower values are first. Defaults to `0`. +// Priority of this provider when looking up users. Lower values are first. func (o CustomUserFederationOutput) Priority() pulumi.IntPtrOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.IntPtrOutput { return v.Priority }).(pulumi.IntPtrOutput) } -// The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. +// The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory +// interface func (o CustomUserFederationOutput) ProviderId() pulumi.StringOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.StringOutput { return v.ProviderId }).(pulumi.StringOutput) } -// The realm that this provider will provide user federation for. +// The realm (name) this provider will provide user federation for. func (o CustomUserFederationOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/defaultGroups.go b/sdk/go/keycloak/defaultGroups.go index 99efb413..68120a8e 100644 --- a/sdk/go/keycloak/defaultGroups.go +++ b/sdk/go/keycloak/defaultGroups.go @@ -12,12 +12,16 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # DefaultGroups +// // Allows for managing a realm's default groups. // -// > You should not use `DefaultGroups` with a group whose members are managed by `GroupMemberships`. +// Note that you should not use `DefaultGroups` with a group with memberships managed +// by `GroupMemberships`. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -31,8 +35,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -44,10 +48,10 @@ import ( // return err // } // _, err = keycloak.NewDefaultGroups(ctx, "default", &keycloak.DefaultGroupsArgs{ -// RealmId: realm.ID(), // GroupIds: pulumi.StringArray{ // group.ID(), // }, +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -57,25 +61,25 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Default groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm this group exists in. +// - `groupIds` - (Required) A set of group ids that should be default groups on the realm referenced by `realmId`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:index/defaultGroups:DefaultGroups default my-realm -// ``` +// Groups can be imported using the format `{{realm_id}}` where `realmId` is the realm the group exists in. +// +// Example: type DefaultGroups struct { pulumi.CustomResourceState - // A set of group ids that should be default groups on the realm referenced by `realmId`. GroupIds pulumi.StringArrayOutput `pulumi:"groupIds"` - // The realm this group exists in. - RealmId pulumi.StringOutput `pulumi:"realmId"` + RealmId pulumi.StringOutput `pulumi:"realmId"` } // NewDefaultGroups registers a new resource with the given unique name, arguments, and options. @@ -114,17 +118,13 @@ func GetDefaultGroups(ctx *pulumi.Context, // Input properties used for looking up and filtering DefaultGroups resources. type defaultGroupsState struct { - // A set of group ids that should be default groups on the realm referenced by `realmId`. GroupIds []string `pulumi:"groupIds"` - // The realm this group exists in. - RealmId *string `pulumi:"realmId"` + RealmId *string `pulumi:"realmId"` } type DefaultGroupsState struct { - // A set of group ids that should be default groups on the realm referenced by `realmId`. GroupIds pulumi.StringArrayInput - // The realm this group exists in. - RealmId pulumi.StringPtrInput + RealmId pulumi.StringPtrInput } func (DefaultGroupsState) ElementType() reflect.Type { @@ -132,18 +132,14 @@ func (DefaultGroupsState) ElementType() reflect.Type { } type defaultGroupsArgs struct { - // A set of group ids that should be default groups on the realm referenced by `realmId`. GroupIds []string `pulumi:"groupIds"` - // The realm this group exists in. - RealmId string `pulumi:"realmId"` + RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a DefaultGroups resource. type DefaultGroupsArgs struct { - // A set of group ids that should be default groups on the realm referenced by `realmId`. GroupIds pulumi.StringArrayInput - // The realm this group exists in. - RealmId pulumi.StringInput + RealmId pulumi.StringInput } func (DefaultGroupsArgs) ElementType() reflect.Type { @@ -233,12 +229,10 @@ func (o DefaultGroupsOutput) ToDefaultGroupsOutputWithContext(ctx context.Contex return o } -// A set of group ids that should be default groups on the realm referenced by `realmId`. func (o DefaultGroupsOutput) GroupIds() pulumi.StringArrayOutput { return o.ApplyT(func(v *DefaultGroups) pulumi.StringArrayOutput { return v.GroupIds }).(pulumi.StringArrayOutput) } -// The realm this group exists in. func (o DefaultGroupsOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *DefaultGroups) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/defaultRoles.go b/sdk/go/keycloak/defaultRoles.go index c33a3557..32cd7ffc 100644 --- a/sdk/go/keycloak/defaultRoles.go +++ b/sdk/go/keycloak/defaultRoles.go @@ -17,8 +17,10 @@ import ( // Note: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak. // // ## Example Usage +// // ### Realm Role) // +// // ```go // package main // @@ -52,18 +54,19 @@ import ( // } // // ``` +// // // ## Import // // Default roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite // -// role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing +// role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing // -// the default roles. +// the default roles. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d diff --git a/sdk/go/keycloak/genericClientProtocolMapper.go b/sdk/go/keycloak/genericClientProtocolMapper.go index 41b3dd9a..e06abf2c 100644 --- a/sdk/go/keycloak/genericClientProtocolMapper.go +++ b/sdk/go/keycloak/genericClientProtocolMapper.go @@ -12,9 +12,9 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// !> **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `GenericProtocolMapper` instead. +// ## # GenericClientProtocolMapper // -// Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. +// Allows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak. // // There are two uses cases for using this resource: // * If you implemented a custom protocol mapper, this resource can be used to configure it @@ -23,8 +23,9 @@ import ( // Due to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. // Therefore, if possible, a specific mapper should be used. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -39,30 +40,30 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ -// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// RealmId: realm.ID(), // }) // if err != nil { // return err // } // _, err = keycloak.NewGenericClientProtocolMapper(ctx, "samlHardcodeAttributeMapper", &keycloak.GenericClientProtocolMapperArgs{ -// RealmId: realm.ID(), -// ClientId: samlClient.ID(), -// Protocol: pulumi.String("saml"), -// ProtocolMapper: pulumi.String("saml-hardcode-attribute-mapper"), +// ClientId: samlClient.ID(), // Config: pulumi.Map{ // "attribute.name": pulumi.Any("name"), // "attribute.nameformat": pulumi.Any("Basic"), // "attribute.value": pulumi.Any("value"), // "friendly.name": pulumi.Any("display name"), // }, +// Protocol: pulumi.String("saml"), +// ProtocolMapper: pulumi.String("saml-hardcode-attribute-mapper"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -72,34 +73,40 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required) The client this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client. +// - `protocolMapper` - (Required) The name of the protocol mapper. The protocol mapper must be +// compatible with the specified client. +// - `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// +// Example: type GenericClientProtocolMapper struct { pulumi.CustomResourceState - // The client this protocol mapper is attached to. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - Config pulumi.MapOutput `pulumi:"config"` - // The display name of this protocol mapper in the GUI. + Config pulumi.MapOutput `pulumi:"config"` + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + // The protocol of the client (openid-connect / saml). Protocol pulumi.StringOutput `pulumi:"protocol"` - // The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + // The type of the protocol mapper. ProtocolMapper pulumi.StringOutput `pulumi:"protocolMapper"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringOutput `pulumi:"realmId"` } @@ -145,36 +152,34 @@ func GetGenericClientProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering GenericClientProtocolMapper resources. type genericClientProtocolMapperState struct { - // The client this protocol mapper is attached to. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` // The mapper's associated client scope. Cannot be used at the same time as client_id. - ClientScopeId *string `pulumi:"clientScopeId"` - // A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - Config map[string]interface{} `pulumi:"config"` - // The display name of this protocol mapper in the GUI. + ClientScopeId *string `pulumi:"clientScopeId"` + Config map[string]interface{} `pulumi:"config"` + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + // The protocol of the client (openid-connect / saml). Protocol *string `pulumi:"protocol"` - // The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + // The type of the protocol mapper. ProtocolMapper *string `pulumi:"protocolMapper"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId *string `pulumi:"realmId"` } type GenericClientProtocolMapperState struct { - // The client this protocol mapper is attached to. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - Config pulumi.MapInput - // The display name of this protocol mapper in the GUI. + Config pulumi.MapInput + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + // The protocol of the client (openid-connect / saml). Protocol pulumi.StringPtrInput - // The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + // The type of the protocol mapper. ProtocolMapper pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringPtrInput } @@ -183,37 +188,35 @@ func (GenericClientProtocolMapperState) ElementType() reflect.Type { } type genericClientProtocolMapperArgs struct { - // The client this protocol mapper is attached to. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` // The mapper's associated client scope. Cannot be used at the same time as client_id. - ClientScopeId *string `pulumi:"clientScopeId"` - // A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - Config map[string]interface{} `pulumi:"config"` - // The display name of this protocol mapper in the GUI. + ClientScopeId *string `pulumi:"clientScopeId"` + Config map[string]interface{} `pulumi:"config"` + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + // The protocol of the client (openid-connect / saml). Protocol string `pulumi:"protocol"` - // The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + // The type of the protocol mapper. ProtocolMapper string `pulumi:"protocolMapper"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a GenericClientProtocolMapper resource. type GenericClientProtocolMapperArgs struct { - // The client this protocol mapper is attached to. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - Config pulumi.MapInput - // The display name of this protocol mapper in the GUI. + Config pulumi.MapInput + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + // The protocol of the client (openid-connect / saml). Protocol pulumi.StringInput - // The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + // The type of the protocol mapper. ProtocolMapper pulumi.StringInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringInput } @@ -304,7 +307,7 @@ func (o GenericClientProtocolMapperOutput) ToGenericClientProtocolMapperOutputWi return o } -// The client this protocol mapper is attached to. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o GenericClientProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *GenericClientProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } @@ -314,27 +317,26 @@ func (o GenericClientProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutpu return o.ApplyT(func(v *GenericClientProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. func (o GenericClientProtocolMapperOutput) Config() pulumi.MapOutput { return o.ApplyT(func(v *GenericClientProtocolMapper) pulumi.MapOutput { return v.Config }).(pulumi.MapOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o GenericClientProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *GenericClientProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The type of client (either `openid-connect` or `saml`). The type must match the type of the client. +// The protocol of the client (openid-connect / saml). func (o GenericClientProtocolMapperOutput) Protocol() pulumi.StringOutput { return o.ApplyT(func(v *GenericClientProtocolMapper) pulumi.StringOutput { return v.Protocol }).(pulumi.StringOutput) } -// The name of the protocol mapper. The protocol mapper must be compatible with the specified client. +// The type of the protocol mapper. func (o GenericClientProtocolMapperOutput) ProtocolMapper() pulumi.StringOutput { return o.ApplyT(func(v *GenericClientProtocolMapper) pulumi.StringOutput { return v.ProtocolMapper }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o GenericClientProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *GenericClientProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/genericClientRoleMapper.go b/sdk/go/keycloak/genericClientRoleMapper.go index ebc2d769..9da848f7 100644 --- a/sdk/go/keycloak/genericClientRoleMapper.go +++ b/sdk/go/keycloak/genericClientRoleMapper.go @@ -21,8 +21,10 @@ import ( // inside an access token for a client. // // ## Example Usage +// // ### Realm Role To Client) // +// // ```go // package main // @@ -72,8 +74,11 @@ import ( // } // // ``` +// +// // ### Client Role To Client) // +// // ```go // package main // @@ -142,8 +147,11 @@ import ( // } // // ``` +// +// // ### Realm Role To Client Scope) // +// // ```go // package main // @@ -190,8 +198,11 @@ import ( // } // // ``` +// +// // ### Client Role To Client Scope) // +// // ```go // package main // @@ -248,18 +259,19 @@ import ( // } // // ``` +// // // ## Import // // Generic client role mappers can be imported using one of the following two formats: // -// - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` +// - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` // -// - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` +// - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/go/keycloak/genericProtocolMapper.go b/sdk/go/keycloak/genericProtocolMapper.go index 7c7af5fd..06d00e20 100644 --- a/sdk/go/keycloak/genericProtocolMapper.go +++ b/sdk/go/keycloak/genericProtocolMapper.go @@ -23,6 +23,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -70,14 +71,15 @@ import ( // } // // ``` +// // // ## Import // // Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/go/keycloak/genericRoleMapper.go b/sdk/go/keycloak/genericRoleMapper.go index a5192e1c..e8b2afb1 100644 --- a/sdk/go/keycloak/genericRoleMapper.go +++ b/sdk/go/keycloak/genericRoleMapper.go @@ -19,8 +19,10 @@ import ( // inside an access token for a client. // // ## Example Usage +// // ### Realm Role To Client) // +// // ```go // package main // @@ -70,8 +72,11 @@ import ( // } // // ``` +// +// // ### Client Role To Client) // +// // ```go // package main // @@ -140,8 +145,11 @@ import ( // } // // ``` +// +// // ### Realm Role To Client Scope) // +// // ```go // package main // @@ -188,8 +196,11 @@ import ( // } // // ``` +// +// // ### Client Role To Client Scope) // +// // ```go // package main // @@ -246,18 +257,19 @@ import ( // } // // ``` +// // // ## Import // // Generic client role mappers can be imported using one of the following two formats: // -// - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` +// - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` // -// - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` +// - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/go/keycloak/getAuthenticationExecution.go b/sdk/go/keycloak/getAuthenticationExecution.go index 3fdeb7ae..8d16f1b4 100644 --- a/sdk/go/keycloak/getAuthenticationExecution.go +++ b/sdk/go/keycloak/getAuthenticationExecution.go @@ -15,6 +15,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -44,6 +45,7 @@ import ( // } // // ``` +// func GetAuthenticationExecution(ctx *pulumi.Context, args *GetAuthenticationExecutionArgs, opts ...pulumi.InvokeOption) (*GetAuthenticationExecutionResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetAuthenticationExecutionResult diff --git a/sdk/go/keycloak/getAuthenticationFlow.go b/sdk/go/keycloak/getAuthenticationFlow.go index ec9954b6..cc15ab4a 100644 --- a/sdk/go/keycloak/getAuthenticationFlow.go +++ b/sdk/go/keycloak/getAuthenticationFlow.go @@ -15,6 +15,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -43,6 +44,7 @@ import ( // } // // ``` +// func GetAuthenticationFlow(ctx *pulumi.Context, args *GetAuthenticationFlowArgs, opts ...pulumi.InvokeOption) (*GetAuthenticationFlowResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetAuthenticationFlowResult diff --git a/sdk/go/keycloak/getClientDescriptionConverter.go b/sdk/go/keycloak/getClientDescriptionConverter.go index 7f4ae771..f840bf7c 100644 --- a/sdk/go/keycloak/getClientDescriptionConverter.go +++ b/sdk/go/keycloak/getClientDescriptionConverter.go @@ -16,6 +16,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -83,6 +84,7 @@ import ( // } // // ``` +// func GetClientDescriptionConverter(ctx *pulumi.Context, args *GetClientDescriptionConverterArgs, opts ...pulumi.InvokeOption) (*GetClientDescriptionConverterResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetClientDescriptionConverterResult diff --git a/sdk/go/keycloak/getGroup.go b/sdk/go/keycloak/getGroup.go index c5ac47a1..009395b1 100644 --- a/sdk/go/keycloak/getGroup.go +++ b/sdk/go/keycloak/getGroup.go @@ -11,57 +11,10 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # Group data source +// // This data source can be used to fetch properties of a Keycloak group for // usage with other resources, such as `GroupRoles`. -// -// ## Example Usage -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// offlineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{ -// RealmId: realm.ID(), -// Name: pulumi.String("offline_access"), -// }, nil) -// group := keycloak.LookupGroupOutput(ctx, keycloak.GetGroupOutputArgs{ -// RealmId: realm.ID(), -// Name: pulumi.String("group"), -// }, nil) -// _, err = keycloak.NewGroupRoles(ctx, "groupRoles", &keycloak.GroupRolesArgs{ -// RealmId: realm.ID(), -// GroupId: group.ApplyT(func(group keycloak.GetGroupResult) (*string, error) { -// return &group.Id, nil -// }).(pulumi.StringPtrOutput), -// RoleIds: pulumi.StringArray{ -// offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) { -// return &offlineAccess.Id, nil -// }).(pulumi.StringPtrOutput), -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` func LookupGroup(ctx *pulumi.Context, args *LookupGroupArgs, opts ...pulumi.InvokeOption) (*LookupGroupResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupGroupResult @@ -74,9 +27,7 @@ func LookupGroup(ctx *pulumi.Context, args *LookupGroupArgs, opts ...pulumi.Invo // A collection of arguments for invoking getGroup. type LookupGroupArgs struct { - // The name of the group. If there are multiple groups match `name`, the first result will be returned. - Name string `pulumi:"name"` - // The realm this group exists within. + Name string `pulumi:"name"` RealmId string `pulumi:"realmId"` } @@ -106,9 +57,7 @@ func LookupGroupOutput(ctx *pulumi.Context, args LookupGroupOutputArgs, opts ... // A collection of arguments for invoking getGroup. type LookupGroupOutputArgs struct { - // The name of the group. If there are multiple groups match `name`, the first result will be returned. - Name pulumi.StringInput `pulumi:"name"` - // The realm this group exists within. + Name pulumi.StringInput `pulumi:"name"` RealmId pulumi.StringInput `pulumi:"realmId"` } diff --git a/sdk/go/keycloak/getRealm.go b/sdk/go/keycloak/getRealm.go index f2410961..2680c87d 100644 --- a/sdk/go/keycloak/getRealm.go +++ b/sdk/go/keycloak/getRealm.go @@ -11,11 +11,14 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # Realm data source +// // This data source can be used to fetch properties of a Keycloak realm for // usage with other resources. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -28,14 +31,14 @@ import ( // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.LookupRealm(ctx, &keycloak.LookupRealmArgs{ +// _, err := keycloak.LookupRealm(ctx, &keycloak.LookupRealmArgs{ // Realm: "my-realm", // }, nil) // if err != nil { // return err // } // _, err = keycloak.NewRole(ctx, "group", &keycloak.RoleArgs{ -// RealmId: *pulumi.String(realm.Id), +// RealmId: pulumi.Any(data.Keycloak_realm.Id), // }) // if err != nil { // return err @@ -45,6 +48,17 @@ import ( // } // // ``` +// +// +// ### Argument Reference +// +// The following arguments are supported: +// +// - `realm` - (Required) The realm name. +// +// ### Attributes Reference +// +// See the docs for the `Realm` resource for details on the exported attributes. func LookupRealm(ctx *pulumi.Context, args *LookupRealmArgs, opts ...pulumi.InvokeOption) (*LookupRealmResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupRealmResult @@ -57,18 +71,17 @@ func LookupRealm(ctx *pulumi.Context, args *LookupRealmArgs, opts ...pulumi.Invo // A collection of arguments for invoking getRealm. type LookupRealmArgs struct { - Attributes map[string]interface{} `pulumi:"attributes"` - DefaultDefaultClientScopes []string `pulumi:"defaultDefaultClientScopes"` - DefaultOptionalClientScopes []string `pulumi:"defaultOptionalClientScopes"` - DisplayNameHtml *string `pulumi:"displayNameHtml"` - Internationalizations []GetRealmInternationalization `pulumi:"internationalizations"` - OtpPolicy *GetRealmOtpPolicy `pulumi:"otpPolicy"` - // The realm name. - Realm string `pulumi:"realm"` - SecurityDefenses []GetRealmSecurityDefense `pulumi:"securityDefenses"` - SmtpServers []GetRealmSmtpServer `pulumi:"smtpServers"` - WebAuthnPasswordlessPolicy *GetRealmWebAuthnPasswordlessPolicy `pulumi:"webAuthnPasswordlessPolicy"` - WebAuthnPolicy *GetRealmWebAuthnPolicy `pulumi:"webAuthnPolicy"` + Attributes map[string]interface{} `pulumi:"attributes"` + DefaultDefaultClientScopes []string `pulumi:"defaultDefaultClientScopes"` + DefaultOptionalClientScopes []string `pulumi:"defaultOptionalClientScopes"` + DisplayNameHtml *string `pulumi:"displayNameHtml"` + Internationalizations []GetRealmInternationalization `pulumi:"internationalizations"` + OtpPolicy *GetRealmOtpPolicy `pulumi:"otpPolicy"` + Realm string `pulumi:"realm"` + SecurityDefenses []GetRealmSecurityDefense `pulumi:"securityDefenses"` + SmtpServers []GetRealmSmtpServer `pulumi:"smtpServers"` + WebAuthnPasswordlessPolicy *GetRealmWebAuthnPasswordlessPolicy `pulumi:"webAuthnPasswordlessPolicy"` + WebAuthnPolicy *GetRealmWebAuthnPolicy `pulumi:"webAuthnPolicy"` } // A collection of values returned by getRealm. @@ -148,18 +161,17 @@ func LookupRealmOutput(ctx *pulumi.Context, args LookupRealmOutputArgs, opts ... // A collection of arguments for invoking getRealm. type LookupRealmOutputArgs struct { - Attributes pulumi.MapInput `pulumi:"attributes"` - DefaultDefaultClientScopes pulumi.StringArrayInput `pulumi:"defaultDefaultClientScopes"` - DefaultOptionalClientScopes pulumi.StringArrayInput `pulumi:"defaultOptionalClientScopes"` - DisplayNameHtml pulumi.StringPtrInput `pulumi:"displayNameHtml"` - Internationalizations GetRealmInternationalizationArrayInput `pulumi:"internationalizations"` - OtpPolicy GetRealmOtpPolicyPtrInput `pulumi:"otpPolicy"` - // The realm name. - Realm pulumi.StringInput `pulumi:"realm"` - SecurityDefenses GetRealmSecurityDefenseArrayInput `pulumi:"securityDefenses"` - SmtpServers GetRealmSmtpServerArrayInput `pulumi:"smtpServers"` - WebAuthnPasswordlessPolicy GetRealmWebAuthnPasswordlessPolicyPtrInput `pulumi:"webAuthnPasswordlessPolicy"` - WebAuthnPolicy GetRealmWebAuthnPolicyPtrInput `pulumi:"webAuthnPolicy"` + Attributes pulumi.MapInput `pulumi:"attributes"` + DefaultDefaultClientScopes pulumi.StringArrayInput `pulumi:"defaultDefaultClientScopes"` + DefaultOptionalClientScopes pulumi.StringArrayInput `pulumi:"defaultOptionalClientScopes"` + DisplayNameHtml pulumi.StringPtrInput `pulumi:"displayNameHtml"` + Internationalizations GetRealmInternationalizationArrayInput `pulumi:"internationalizations"` + OtpPolicy GetRealmOtpPolicyPtrInput `pulumi:"otpPolicy"` + Realm pulumi.StringInput `pulumi:"realm"` + SecurityDefenses GetRealmSecurityDefenseArrayInput `pulumi:"securityDefenses"` + SmtpServers GetRealmSmtpServerArrayInput `pulumi:"smtpServers"` + WebAuthnPasswordlessPolicy GetRealmWebAuthnPasswordlessPolicyPtrInput `pulumi:"webAuthnPasswordlessPolicy"` + WebAuthnPolicy GetRealmWebAuthnPolicyPtrInput `pulumi:"webAuthnPolicy"` } func (LookupRealmOutputArgs) ElementType() reflect.Type { diff --git a/sdk/go/keycloak/getRealmKeys.go b/sdk/go/keycloak/getRealmKeys.go index 103d89dd..153a420a 100644 --- a/sdk/go/keycloak/getRealmKeys.go +++ b/sdk/go/keycloak/getRealmKeys.go @@ -11,13 +11,15 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # getRealmKeys data source +// // Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. // // Remarks: // // - A key must meet all filter criteria -// - This data source may return more than one value. -// - If no key matches the filter criteria, then an error will be returned. +// - This datasource may return more than one value. +// - If no key matches the filter criteria, then an error is returned. func GetRealmKeys(ctx *pulumi.Context, args *GetRealmKeysArgs, opts ...pulumi.InvokeOption) (*GetRealmKeysResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetRealmKeysResult @@ -30,24 +32,19 @@ func GetRealmKeys(ctx *pulumi.Context, args *GetRealmKeysArgs, opts ...pulumi.In // A collection of arguments for invoking getRealmKeys. type GetRealmKeysArgs struct { - // When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. Algorithms []string `pulumi:"algorithms"` - // The realm from which the keys will be retrieved. - RealmId string `pulumi:"realmId"` - // When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - Statuses []string `pulumi:"statuses"` + RealmId string `pulumi:"realmId"` + Statuses []string `pulumi:"statuses"` } // A collection of values returned by getRealmKeys. type GetRealmKeysResult struct { Algorithms []string `pulumi:"algorithms"` // The provider-assigned unique ID for this managed resource. - Id string `pulumi:"id"` - // (Computed) A list of keys that match the filter criteria. Each key has the following attributes: - Keys []GetRealmKeysKey `pulumi:"keys"` - RealmId string `pulumi:"realmId"` - // Key status (string) - Statuses []string `pulumi:"statuses"` + Id string `pulumi:"id"` + Keys []GetRealmKeysKey `pulumi:"keys"` + RealmId string `pulumi:"realmId"` + Statuses []string `pulumi:"statuses"` } func GetRealmKeysOutput(ctx *pulumi.Context, args GetRealmKeysOutputArgs, opts ...pulumi.InvokeOption) GetRealmKeysResultOutput { @@ -65,12 +62,9 @@ func GetRealmKeysOutput(ctx *pulumi.Context, args GetRealmKeysOutputArgs, opts . // A collection of arguments for invoking getRealmKeys. type GetRealmKeysOutputArgs struct { - // When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. Algorithms pulumi.StringArrayInput `pulumi:"algorithms"` - // The realm from which the keys will be retrieved. - RealmId pulumi.StringInput `pulumi:"realmId"` - // When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - Statuses pulumi.StringArrayInput `pulumi:"statuses"` + RealmId pulumi.StringInput `pulumi:"realmId"` + Statuses pulumi.StringArrayInput `pulumi:"statuses"` } func (GetRealmKeysOutputArgs) ElementType() reflect.Type { @@ -101,7 +95,6 @@ func (o GetRealmKeysResultOutput) Id() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysResult) string { return v.Id }).(pulumi.StringOutput) } -// (Computed) A list of keys that match the filter criteria. Each key has the following attributes: func (o GetRealmKeysResultOutput) Keys() GetRealmKeysKeyArrayOutput { return o.ApplyT(func(v GetRealmKeysResult) []GetRealmKeysKey { return v.Keys }).(GetRealmKeysKeyArrayOutput) } @@ -110,7 +103,6 @@ func (o GetRealmKeysResultOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysResult) string { return v.RealmId }).(pulumi.StringOutput) } -// Key status (string) func (o GetRealmKeysResultOutput) Statuses() pulumi.StringArrayOutput { return o.ApplyT(func(v GetRealmKeysResult) []string { return v.Statuses }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/keycloak/getRole.go b/sdk/go/keycloak/getRole.go index af113730..57c85695 100644 --- a/sdk/go/keycloak/getRole.go +++ b/sdk/go/keycloak/getRole.go @@ -11,57 +11,10 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # Role data source +// // This data source can be used to fetch properties of a Keycloak role for // usage with other resources, such as `GroupRoles`. -// -// ## Example Usage -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// offlineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{ -// RealmId: realm.ID(), -// Name: pulumi.String("offline_access"), -// }, nil) -// group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{ -// RealmId: realm.ID(), -// }) -// if err != nil { -// return err -// } -// _, err = keycloak.NewGroupRoles(ctx, "groupRoles", &keycloak.GroupRolesArgs{ -// RealmId: realm.ID(), -// GroupId: group.ID(), -// RoleIds: pulumi.StringArray{ -// offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) { -// return &offlineAccess.Id, nil -// }).(pulumi.StringPtrOutput), -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` func LookupRole(ctx *pulumi.Context, args *LookupRoleArgs, opts ...pulumi.InvokeOption) (*LookupRoleResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupRoleResult @@ -74,12 +27,9 @@ func LookupRole(ctx *pulumi.Context, args *LookupRoleArgs, opts ...pulumi.Invoke // A collection of arguments for invoking getRole. type LookupRoleArgs struct { - // When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloakClient` resource should be used here. ClientId *string `pulumi:"clientId"` - // The name of the role. - Name string `pulumi:"name"` - // The realm this role exists within. - RealmId string `pulumi:"realmId"` + Name string `pulumi:"name"` + RealmId string `pulumi:"realmId"` } // A collection of values returned by getRole. @@ -87,8 +37,7 @@ type LookupRoleResult struct { Attributes map[string]interface{} `pulumi:"attributes"` ClientId *string `pulumi:"clientId"` CompositeRoles []string `pulumi:"compositeRoles"` - // (Computed) The description of the role. - Description string `pulumi:"description"` + Description string `pulumi:"description"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Name string `pulumi:"name"` @@ -110,12 +59,9 @@ func LookupRoleOutput(ctx *pulumi.Context, args LookupRoleOutputArgs, opts ...pu // A collection of arguments for invoking getRole. type LookupRoleOutputArgs struct { - // When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloakClient` resource should be used here. ClientId pulumi.StringPtrInput `pulumi:"clientId"` - // The name of the role. - Name pulumi.StringInput `pulumi:"name"` - // The realm this role exists within. - RealmId pulumi.StringInput `pulumi:"realmId"` + Name pulumi.StringInput `pulumi:"name"` + RealmId pulumi.StringInput `pulumi:"realmId"` } func (LookupRoleOutputArgs) ElementType() reflect.Type { @@ -149,7 +95,6 @@ func (o LookupRoleResultOutput) CompositeRoles() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupRoleResult) []string { return v.CompositeRoles }).(pulumi.StringArrayOutput) } -// (Computed) The description of the role. func (o LookupRoleResultOutput) Description() pulumi.StringOutput { return o.ApplyT(func(v LookupRoleResult) string { return v.Description }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/getUser.go b/sdk/go/keycloak/getUser.go index dd1c434d..773c1fc8 100644 --- a/sdk/go/keycloak/getUser.go +++ b/sdk/go/keycloak/getUser.go @@ -15,6 +15,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -46,6 +47,7 @@ import ( // } // // ``` +// func LookupUser(ctx *pulumi.Context, args *LookupUserArgs, opts ...pulumi.InvokeOption) (*LookupUserResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupUserResult diff --git a/sdk/go/keycloak/getUserRealmRoles.go b/sdk/go/keycloak/getUserRealmRoles.go index 6f1d5495..9d671371 100644 --- a/sdk/go/keycloak/getUserRealmRoles.go +++ b/sdk/go/keycloak/getUserRealmRoles.go @@ -15,6 +15,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -53,6 +54,7 @@ import ( // } // // ``` +// func GetUserRealmRoles(ctx *pulumi.Context, args *GetUserRealmRolesArgs, opts ...pulumi.InvokeOption) (*GetUserRealmRolesResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetUserRealmRolesResult diff --git a/sdk/go/keycloak/group.go b/sdk/go/keycloak/group.go index acf512fe..300bb141 100644 --- a/sdk/go/keycloak/group.go +++ b/sdk/go/keycloak/group.go @@ -12,18 +12,22 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # Group +// // Allows for creating and managing Groups within Keycloak. // -// Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and -// group membership can be mapped to a claim. +// Groups provide a logical wrapping for users within Keycloak. Users within a +// group can share attributes and roles, and group membership can be mapped +// to a claim. // // Attributes can also be defined on Groups. // -// Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource **should not** -// be used to manage groups that were created this way. +// Groups can also be federated from external data sources, such as LDAP or Active Directory. +// This resource **should not** be used to manage groups that were created this way. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -37,8 +41,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -50,19 +54,19 @@ import ( // return err // } // _, err = keycloak.NewGroup(ctx, "childGroup", &keycloak.GroupArgs{ -// RealmId: realm.ID(), // ParentId: parentGroup.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err // } // _, err = keycloak.NewGroup(ctx, "childGroupWithOptionalAttributes", &keycloak.GroupArgs{ -// RealmId: realm.ID(), -// ParentId: parentGroup.ID(), // Attributes: pulumi.Map{ -// "foo": pulumi.Any("bar"), -// "multivalue": pulumi.Any("value1##value2"), +// "key1": pulumi.Any("value1"), +// "key2": pulumi.Any("value2"), // }, +// ParentId: parentGroup.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -72,33 +76,37 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak +// The following arguments are supported: // -// assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. +// - `realmId` - (Required) The realm this group exists in. +// - `parentId` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level. +// - `name` - (Required) The name of the group. +// - `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group. // -// Example: +// ### Attributes Reference // -// bash +// In addition to the arguments listed above, the following computed attributes are exported: // -// ```sh -// $ pulumi import keycloak:index/group:Group child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd -// ``` +// - `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. +// +// ### Import +// +// Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `groupId` is the unique ID that Keycloak +// assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. +// +// Example: type Group struct { pulumi.CustomResourceState - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes pulumi.MapOutput `pulumi:"attributes"` - // The name of the group. - Name pulumi.StringOutput `pulumi:"name"` - // The ID of this group's parent. If omitted, this group will be defined at the root level. - ParentId pulumi.StringPtrOutput `pulumi:"parentId"` - // (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - Path pulumi.StringOutput `pulumi:"path"` - // The realm this group exists in. - RealmId pulumi.StringOutput `pulumi:"realmId"` + Attributes pulumi.MapOutput `pulumi:"attributes"` + Name pulumi.StringOutput `pulumi:"name"` + ParentId pulumi.StringPtrOutput `pulumi:"parentId"` + Path pulumi.StringOutput `pulumi:"path"` + RealmId pulumi.StringOutput `pulumi:"realmId"` } // NewGroup registers a new resource with the given unique name, arguments, and options. @@ -134,29 +142,19 @@ func GetGroup(ctx *pulumi.Context, // Input properties used for looking up and filtering Group resources. type groupState struct { - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars Attributes map[string]interface{} `pulumi:"attributes"` - // The name of the group. - Name *string `pulumi:"name"` - // The ID of this group's parent. If omitted, this group will be defined at the root level. - ParentId *string `pulumi:"parentId"` - // (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - Path *string `pulumi:"path"` - // The realm this group exists in. - RealmId *string `pulumi:"realmId"` + Name *string `pulumi:"name"` + ParentId *string `pulumi:"parentId"` + Path *string `pulumi:"path"` + RealmId *string `pulumi:"realmId"` } type GroupState struct { - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars Attributes pulumi.MapInput - // The name of the group. - Name pulumi.StringPtrInput - // The ID of this group's parent. If omitted, this group will be defined at the root level. - ParentId pulumi.StringPtrInput - // (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - Path pulumi.StringPtrInput - // The realm this group exists in. - RealmId pulumi.StringPtrInput + Name pulumi.StringPtrInput + ParentId pulumi.StringPtrInput + Path pulumi.StringPtrInput + RealmId pulumi.StringPtrInput } func (GroupState) ElementType() reflect.Type { @@ -164,26 +162,18 @@ func (GroupState) ElementType() reflect.Type { } type groupArgs struct { - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars Attributes map[string]interface{} `pulumi:"attributes"` - // The name of the group. - Name *string `pulumi:"name"` - // The ID of this group's parent. If omitted, this group will be defined at the root level. - ParentId *string `pulumi:"parentId"` - // The realm this group exists in. - RealmId string `pulumi:"realmId"` + Name *string `pulumi:"name"` + ParentId *string `pulumi:"parentId"` + RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a Group resource. type GroupArgs struct { - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars Attributes pulumi.MapInput - // The name of the group. - Name pulumi.StringPtrInput - // The ID of this group's parent. If omitted, this group will be defined at the root level. - ParentId pulumi.StringPtrInput - // The realm this group exists in. - RealmId pulumi.StringInput + Name pulumi.StringPtrInput + ParentId pulumi.StringPtrInput + RealmId pulumi.StringInput } func (GroupArgs) ElementType() reflect.Type { @@ -273,27 +263,22 @@ func (o GroupOutput) ToGroupOutputWithContext(ctx context.Context) GroupOutput { return o } -// A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars func (o GroupOutput) Attributes() pulumi.MapOutput { return o.ApplyT(func(v *Group) pulumi.MapOutput { return v.Attributes }).(pulumi.MapOutput) } -// The name of the group. func (o GroupOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *Group) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The ID of this group's parent. If omitted, this group will be defined at the root level. func (o GroupOutput) ParentId() pulumi.StringPtrOutput { return o.ApplyT(func(v *Group) pulumi.StringPtrOutput { return v.ParentId }).(pulumi.StringPtrOutput) } -// (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. func (o GroupOutput) Path() pulumi.StringOutput { return o.ApplyT(func(v *Group) pulumi.StringOutput { return v.Path }).(pulumi.StringOutput) } -// The realm this group exists in. func (o GroupOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *Group) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/groupMemberships.go b/sdk/go/keycloak/groupMemberships.go index 8bcf7f4f..e6afb21a 100644 --- a/sdk/go/keycloak/groupMemberships.go +++ b/sdk/go/keycloak/groupMemberships.go @@ -12,24 +12,25 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for managing a Keycloak group's members. -// -// Note that this resource attempts to be an **authoritative** source over group members. When this resource takes control -// over a group's members, users that are manually added to the group will be removed, and users that are manually removed -// from the group will be added upon the next run of `pulumi up`. +// ## # GroupMemberships // -// Also note that you should not use `GroupMemberships` with a group has been assigned as a default group via -// `DefaultGroups`. +// Allows for managing a Keycloak group's members. // -// This resource **should not** be used to control membership of a group that has its members federated from an external -// source via group mapping. +// Note that this resource attempts to be an **authoritative** source over group members. +// When this resource takes control over a group's members, users that are manually added +// to the group will be removed, and users that are manually removed from the group will +// be added upon the next run of `pulumi up`. Eventually, a non-authoritative resource +// for group membership will be added to this provider. // -// To non-exclusively manage the group's of a user, see the [`UserGroups` resource][1] +// Also note that you should not use `GroupMemberships` with a group has been assigned +// as a default group via `DefaultGroups`. // -// This resource paginates its data loading on refresh by 50 items. +// This resource **should not** be used to control membership of a group that has its members +// federated from an external source via group mapping. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -43,8 +44,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -63,11 +64,11 @@ import ( // return err // } // _, err = keycloak.NewGroupMemberships(ctx, "groupMembers", &keycloak.GroupMembershipsArgs{ -// RealmId: realm.ID(), // GroupId: group.ID(), // Members: pulumi.StringArray{ // user.Username, // }, +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -77,23 +78,26 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// This resource does not support import. Instead of importing, feel free to create this resource +// The following arguments are supported: // -// as if it did not already exist on the server. +// - `realmId` - (Required) The realm this group exists in. +// - `groupId` - (Required) The ID of the group this resource should manage memberships for. +// - `members` - (Required) An array of usernames that belong to this group. // -// [1]: providers/mrparkers/keycloak/latest/docs/resources/group_memberships +// ### Import +// +// This resource does not support import. Instead of importing, feel free to create this resource +// as if it did not already exist on the server. type GroupMemberships struct { pulumi.CustomResourceState - // The ID of the group this resource should manage memberships for. - GroupId pulumi.StringPtrOutput `pulumi:"groupId"` - // A list of usernames that belong to this group. + GroupId pulumi.StringPtrOutput `pulumi:"groupId"` Members pulumi.StringArrayOutput `pulumi:"members"` - // The realm this group exists in. - RealmId pulumi.StringOutput `pulumi:"realmId"` + RealmId pulumi.StringOutput `pulumi:"realmId"` } // NewGroupMemberships registers a new resource with the given unique name, arguments, and options. @@ -132,20 +136,14 @@ func GetGroupMemberships(ctx *pulumi.Context, // Input properties used for looking up and filtering GroupMemberships resources. type groupMembershipsState struct { - // The ID of the group this resource should manage memberships for. - GroupId *string `pulumi:"groupId"` - // A list of usernames that belong to this group. + GroupId *string `pulumi:"groupId"` Members []string `pulumi:"members"` - // The realm this group exists in. - RealmId *string `pulumi:"realmId"` + RealmId *string `pulumi:"realmId"` } type GroupMembershipsState struct { - // The ID of the group this resource should manage memberships for. GroupId pulumi.StringPtrInput - // A list of usernames that belong to this group. Members pulumi.StringArrayInput - // The realm this group exists in. RealmId pulumi.StringPtrInput } @@ -154,21 +152,15 @@ func (GroupMembershipsState) ElementType() reflect.Type { } type groupMembershipsArgs struct { - // The ID of the group this resource should manage memberships for. - GroupId *string `pulumi:"groupId"` - // A list of usernames that belong to this group. + GroupId *string `pulumi:"groupId"` Members []string `pulumi:"members"` - // The realm this group exists in. - RealmId string `pulumi:"realmId"` + RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a GroupMemberships resource. type GroupMembershipsArgs struct { - // The ID of the group this resource should manage memberships for. GroupId pulumi.StringPtrInput - // A list of usernames that belong to this group. Members pulumi.StringArrayInput - // The realm this group exists in. RealmId pulumi.StringInput } @@ -259,17 +251,14 @@ func (o GroupMembershipsOutput) ToGroupMembershipsOutputWithContext(ctx context. return o } -// The ID of the group this resource should manage memberships for. func (o GroupMembershipsOutput) GroupId() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMemberships) pulumi.StringPtrOutput { return v.GroupId }).(pulumi.StringPtrOutput) } -// A list of usernames that belong to this group. func (o GroupMembershipsOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *GroupMemberships) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } -// The realm this group exists in. func (o GroupMembershipsOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *GroupMemberships) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/groupRoles.go b/sdk/go/keycloak/groupRoles.go index c9cfa416..f0197936 100644 --- a/sdk/go/keycloak/groupRoles.go +++ b/sdk/go/keycloak/groupRoles.go @@ -12,18 +12,23 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # GroupRoles +// // Allows you to manage roles assigned to a Keycloak group. // -// If `exhaustive` is true, this resource attempts to be an **authoritative** source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the -// group will be added upon the next run of `pulumi up`. -// If `exhaustive` is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple `GroupRoles` for the same `groupId`. +// Note that this resource attempts to be an **authoritative** source over +// group roles. When this resource takes control over a group's roles, +// roles that are manually added to the group will be removed, and roles +// that are manually removed from the group will be added upon the next run +// of `pulumi up`. // -// Note that when assigning composite roles to a group, you may see a non-empty plan following a `pulumi up` if you -// assign a role and a composite that includes that role to the same group. +// Note that when assigning composite roles to a group, you may see a +// non-empty plan following a `pulumi up` if you assign a role and a +// composite that includes that role to the same group. // -// ## Example Usage -// ### Exhaustive Roles) +// ### Example Usage // +// // ```go // package main // @@ -38,32 +43,32 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), // Description: pulumi.String("My Realm Role"), +// RealmId: realm.ID(), // }) // if err != nil { // return err // } // _, err = openid.NewClient(ctx, "client", &openid.ClientArgs{ -// RealmId: realm.ID(), +// AccessType: pulumi.String("BEARER-ONLY"), // ClientId: pulumi.String("client"), // Enabled: pulumi.Bool(true), -// AccessType: pulumi.String("BEARER-ONLY"), +// RealmId: realm.ID(), // }) // if err != nil { // return err // } // clientRole, err := keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), // ClientId: pulumi.Any(keycloak_client.Client.Id), // Description: pulumi.String("My Client Role"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -75,89 +80,10 @@ import ( // return err // } // _, err = keycloak.NewGroupRoles(ctx, "groupRoles", &keycloak.GroupRolesArgs{ -// RealmId: realm.ID(), // GroupId: group.ID(), -// RoleIds: pulumi.StringArray{ -// realmRole.ID(), -// clientRole.ID(), -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` -// ### Non Exhaustive Roles) -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), -// Description: pulumi.String("My Realm Role"), -// }) -// if err != nil { -// return err -// } -// _, err = openid.NewClient(ctx, "client", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), -// AccessType: pulumi.String("BEARER-ONLY"), -// }) -// if err != nil { -// return err -// } -// clientRole, err := keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.Any(keycloak_client.Client.Id), -// Description: pulumi.String("My Client Role"), -// }) -// if err != nil { -// return err -// } -// group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{ // RealmId: realm.ID(), -// }) -// if err != nil { -// return err -// } -// _, err = keycloak.NewGroupRoles(ctx, "groupRoleAssociation1", &keycloak.GroupRolesArgs{ -// RealmId: realm.ID(), -// GroupId: group.ID(), -// Exhaustive: pulumi.Bool(false), // RoleIds: pulumi.StringArray{ // realmRole.ID(), -// }, -// }) -// if err != nil { -// return err -// } -// _, err = keycloak.NewGroupRoles(ctx, "groupRoleAssociation2", &keycloak.GroupRolesArgs{ -// RealmId: realm.ID(), -// GroupId: group.ID(), -// Exhaustive: pulumi.Bool(false), -// RoleIds: pulumi.StringArray{ // clientRole.ID(), // }, // }) @@ -169,33 +95,32 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// This resource can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak +// The following arguments are supported: // -// assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically +// - `realmId` - (Required) The realm this group exists in. +// - `groupId` - (Required) The ID of the group this resource should +// manage roles for. +// - `roleIds` - (Required) A list of role IDs to map to the group // -// a GUID. +// ### Import // -// Example: +// This resource can be imported using the format +// `{{realm_id}}/{{group_id}}`, where `groupId` is the unique ID that +// Keycloak assigns to the group upon creation. This value can be found in +// the URI when editing this group in the GUI, and is typically a GUID. // -// bash -// -// ```sh -// $ pulumi import keycloak:index/groupRoles:GroupRoles group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94 -// ``` +// Example: type GroupRoles struct { pulumi.CustomResourceState - // Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - Exhaustive pulumi.BoolPtrOutput `pulumi:"exhaustive"` - // The ID of the group this resource should manage roles for. - GroupId pulumi.StringOutput `pulumi:"groupId"` - // The realm this group exists in. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // A list of role IDs to map to the group. - RoleIds pulumi.StringArrayOutput `pulumi:"roleIds"` + Exhaustive pulumi.BoolPtrOutput `pulumi:"exhaustive"` + GroupId pulumi.StringOutput `pulumi:"groupId"` + RealmId pulumi.StringOutput `pulumi:"realmId"` + RoleIds pulumi.StringArrayOutput `pulumi:"roleIds"` } // NewGroupRoles registers a new resource with the given unique name, arguments, and options. @@ -237,25 +162,17 @@ func GetGroupRoles(ctx *pulumi.Context, // Input properties used for looking up and filtering GroupRoles resources. type groupRolesState struct { - // Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - Exhaustive *bool `pulumi:"exhaustive"` - // The ID of the group this resource should manage roles for. - GroupId *string `pulumi:"groupId"` - // The realm this group exists in. - RealmId *string `pulumi:"realmId"` - // A list of role IDs to map to the group. - RoleIds []string `pulumi:"roleIds"` + Exhaustive *bool `pulumi:"exhaustive"` + GroupId *string `pulumi:"groupId"` + RealmId *string `pulumi:"realmId"` + RoleIds []string `pulumi:"roleIds"` } type GroupRolesState struct { - // Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. Exhaustive pulumi.BoolPtrInput - // The ID of the group this resource should manage roles for. - GroupId pulumi.StringPtrInput - // The realm this group exists in. - RealmId pulumi.StringPtrInput - // A list of role IDs to map to the group. - RoleIds pulumi.StringArrayInput + GroupId pulumi.StringPtrInput + RealmId pulumi.StringPtrInput + RoleIds pulumi.StringArrayInput } func (GroupRolesState) ElementType() reflect.Type { @@ -263,26 +180,18 @@ func (GroupRolesState) ElementType() reflect.Type { } type groupRolesArgs struct { - // Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - Exhaustive *bool `pulumi:"exhaustive"` - // The ID of the group this resource should manage roles for. - GroupId string `pulumi:"groupId"` - // The realm this group exists in. - RealmId string `pulumi:"realmId"` - // A list of role IDs to map to the group. - RoleIds []string `pulumi:"roleIds"` + Exhaustive *bool `pulumi:"exhaustive"` + GroupId string `pulumi:"groupId"` + RealmId string `pulumi:"realmId"` + RoleIds []string `pulumi:"roleIds"` } // The set of arguments for constructing a GroupRoles resource. type GroupRolesArgs struct { - // Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. Exhaustive pulumi.BoolPtrInput - // The ID of the group this resource should manage roles for. - GroupId pulumi.StringInput - // The realm this group exists in. - RealmId pulumi.StringInput - // A list of role IDs to map to the group. - RoleIds pulumi.StringArrayInput + GroupId pulumi.StringInput + RealmId pulumi.StringInput + RoleIds pulumi.StringArrayInput } func (GroupRolesArgs) ElementType() reflect.Type { @@ -372,22 +281,18 @@ func (o GroupRolesOutput) ToGroupRolesOutputWithContext(ctx context.Context) Gro return o } -// Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. func (o GroupRolesOutput) Exhaustive() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GroupRoles) pulumi.BoolPtrOutput { return v.Exhaustive }).(pulumi.BoolPtrOutput) } -// The ID of the group this resource should manage roles for. func (o GroupRolesOutput) GroupId() pulumi.StringOutput { return o.ApplyT(func(v *GroupRoles) pulumi.StringOutput { return v.GroupId }).(pulumi.StringOutput) } -// The realm this group exists in. func (o GroupRolesOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *GroupRoles) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// A list of role IDs to map to the group. func (o GroupRolesOutput) RoleIds() pulumi.StringArrayOutput { return o.ApplyT(func(v *GroupRoles) pulumi.StringArrayOutput { return v.RoleIds }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/keycloak/hardcodedAttributeIdentityProviderMapper.go b/sdk/go/keycloak/hardcodedAttributeIdentityProviderMapper.go index 014c03d5..f41b881c 100644 --- a/sdk/go/keycloak/hardcodedAttributeIdentityProviderMapper.go +++ b/sdk/go/keycloak/hardcodedAttributeIdentityProviderMapper.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -67,6 +68,7 @@ import ( // } // // ``` +// type HardcodedAttributeIdentityProviderMapper struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/hardcodedRoleIdentityMapper.go b/sdk/go/keycloak/hardcodedRoleIdentityMapper.go index f33065e0..5a40ccd3 100644 --- a/sdk/go/keycloak/hardcodedRoleIdentityMapper.go +++ b/sdk/go/keycloak/hardcodedRoleIdentityMapper.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -72,6 +73,7 @@ import ( // } // // ``` +// type HardcodedRoleIdentityMapper struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go b/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go index e6bb220d..a9b9f7f4 100644 --- a/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go +++ b/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go @@ -14,6 +14,7 @@ import ( // ## Example Usage // +// // ```go // package main // @@ -78,16 +79,17 @@ import ( // } // // ``` +// // // ## Import // // This resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that // -// you assign to the identity provider upon creation. +// you assign to the identity provider upon creation. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp diff --git a/sdk/go/keycloak/ldap/customMapper.go b/sdk/go/keycloak/ldap/customMapper.go index 918b9582..16da1394 100644 --- a/sdk/go/keycloak/ldap/customMapper.go +++ b/sdk/go/keycloak/ldap/customMapper.go @@ -22,6 +22,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -77,16 +78,17 @@ import ( // } // // ``` +// // // ## Import // // LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/go/keycloak/ldap/fullNameMapper.go b/sdk/go/keycloak/ldap/fullNameMapper.go index 3ebc814b..46fb63f3 100644 --- a/sdk/go/keycloak/ldap/fullNameMapper.go +++ b/sdk/go/keycloak/ldap/fullNameMapper.go @@ -12,13 +12,17 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing full name mappers for Keycloak users federated via LDAP. +// ## # ldap.FullNameMapper // -// The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a -// Keycloak user. +// Allows for creating and managing full name mappers for Keycloak users federated +// via LDAP. // -// ## Example Usage +// The LDAP full name mapper can map a user's full name from an LDAP attribute +// to the first and last name attributes of a Keycloak user. // +// ### Example Usage +// +// // ```go // package main // @@ -33,33 +37,33 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("test"), // }) // if err != nil { // return err // } // ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// RealmId: realm.ID(), -// UsernameLdapAttribute: pulumi.String("cn"), -// RdnLdapAttribute: pulumi.String("cn"), -// UuidLdapAttribute: pulumi.String("entryDN"), +// BindCredential: pulumi.String("admin"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// ConnectionUrl: pulumi.String("ldap://openldap"), +// RdnLdapAttribute: pulumi.String("cn"), +// RealmId: realm.ID(), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("simpleSecurityObject"), // pulumi.String("organizationalRole"), // }, -// ConnectionUrl: pulumi.String("ldap://openldap"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// BindCredential: pulumi.String("admin"), +// UsernameLdapAttribute: pulumi.String("cn"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// UuidLdapAttribute: pulumi.String("entryDN"), // }) // if err != nil { // return err // } // _, err = ldap.NewFullNameMapper(ctx, "ldapFullNameMapper", &ldap.FullNameMapperArgs{ -// RealmId: realm.ID(), -// LdapUserFederationId: ldapUserFederation.ID(), // LdapFullNameAttribute: pulumi.String("cn"), +// LdapUserFederationId: ldapUserFederation.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -69,34 +73,35 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. +// The following arguments are supported: // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// - `realmId` - (Required) The realm that this LDAP mapper will exist in. +// - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. +// - `name` - (Required) Display name of this mapper when displayed in the console. +// - `ldapFullNameAttribute` - (Required) The name of the LDAP attribute containing the user's full name. +// - `readOnly` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. +// - `writeOnly` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. // -// Example: +// ### Import // -// bash -// -// ```sh -// $ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 -// ``` +// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. +// The ID of the LDAP user federation provider and the mapper can be found within +// the Keycloak GUI, and they are typically GUIDs: type FullNameMapper struct { pulumi.CustomResourceState - // The name of the LDAP attribute containing the user's full name. LdapFullNameAttribute pulumi.StringOutput `pulumi:"ldapFullNameAttribute"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. - Name pulumi.StringOutput `pulumi:"name"` - // When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. + // Display name of the mapper when displayed in the console. + Name pulumi.StringOutput `pulumi:"name"` ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` - // The realm that this LDAP mapper will exist in. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. + // The realm in which the ldap user federation provider exists. + RealmId pulumi.StringOutput `pulumi:"realmId"` WriteOnly pulumi.BoolPtrOutput `pulumi:"writeOnly"` } @@ -139,32 +144,26 @@ func GetFullNameMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering FullNameMapper resources. type fullNameMapperState struct { - // The name of the LDAP attribute containing the user's full name. LdapFullNameAttribute *string `pulumi:"ldapFullNameAttribute"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId *string `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. - Name *string `pulumi:"name"` - // When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - ReadOnly *bool `pulumi:"readOnly"` - // The realm that this LDAP mapper will exist in. - RealmId *string `pulumi:"realmId"` - // When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - WriteOnly *bool `pulumi:"writeOnly"` + // Display name of the mapper when displayed in the console. + Name *string `pulumi:"name"` + ReadOnly *bool `pulumi:"readOnly"` + // The realm in which the ldap user federation provider exists. + RealmId *string `pulumi:"realmId"` + WriteOnly *bool `pulumi:"writeOnly"` } type FullNameMapperState struct { - // The name of the LDAP attribute containing the user's full name. LdapFullNameAttribute pulumi.StringPtrInput - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput - // Display name of this mapper when displayed in the console. - Name pulumi.StringPtrInput - // When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. + // Display name of the mapper when displayed in the console. + Name pulumi.StringPtrInput ReadOnly pulumi.BoolPtrInput - // The realm that this LDAP mapper will exist in. - RealmId pulumi.StringPtrInput - // When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. + // The realm in which the ldap user federation provider exists. + RealmId pulumi.StringPtrInput WriteOnly pulumi.BoolPtrInput } @@ -173,33 +172,27 @@ func (FullNameMapperState) ElementType() reflect.Type { } type fullNameMapperArgs struct { - // The name of the LDAP attribute containing the user's full name. LdapFullNameAttribute string `pulumi:"ldapFullNameAttribute"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId string `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. - Name *string `pulumi:"name"` - // When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - ReadOnly *bool `pulumi:"readOnly"` - // The realm that this LDAP mapper will exist in. - RealmId string `pulumi:"realmId"` - // When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - WriteOnly *bool `pulumi:"writeOnly"` + // Display name of the mapper when displayed in the console. + Name *string `pulumi:"name"` + ReadOnly *bool `pulumi:"readOnly"` + // The realm in which the ldap user federation provider exists. + RealmId string `pulumi:"realmId"` + WriteOnly *bool `pulumi:"writeOnly"` } // The set of arguments for constructing a FullNameMapper resource. type FullNameMapperArgs struct { - // The name of the LDAP attribute containing the user's full name. LdapFullNameAttribute pulumi.StringInput - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput - // Display name of this mapper when displayed in the console. - Name pulumi.StringPtrInput - // When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. + // Display name of the mapper when displayed in the console. + Name pulumi.StringPtrInput ReadOnly pulumi.BoolPtrInput - // The realm that this LDAP mapper will exist in. - RealmId pulumi.StringInput - // When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. + // The realm in which the ldap user federation provider exists. + RealmId pulumi.StringInput WriteOnly pulumi.BoolPtrInput } @@ -290,32 +283,29 @@ func (o FullNameMapperOutput) ToFullNameMapperOutputWithContext(ctx context.Cont return o } -// The name of the LDAP attribute containing the user's full name. func (o FullNameMapperOutput) LdapFullNameAttribute() pulumi.StringOutput { return o.ApplyT(func(v *FullNameMapper) pulumi.StringOutput { return v.LdapFullNameAttribute }).(pulumi.StringOutput) } -// The ID of the LDAP user federation provider to attach this mapper to. +// The ldap user federation provider to attach this mapper to. func (o FullNameMapperOutput) LdapUserFederationId() pulumi.StringOutput { return o.ApplyT(func(v *FullNameMapper) pulumi.StringOutput { return v.LdapUserFederationId }).(pulumi.StringOutput) } -// Display name of this mapper when displayed in the console. +// Display name of the mapper when displayed in the console. func (o FullNameMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *FullNameMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. func (o FullNameMapperOutput) ReadOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FullNameMapper) pulumi.BoolPtrOutput { return v.ReadOnly }).(pulumi.BoolPtrOutput) } -// The realm that this LDAP mapper will exist in. +// The realm in which the ldap user federation provider exists. func (o FullNameMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *FullNameMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. func (o FullNameMapperOutput) WriteOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FullNameMapper) pulumi.BoolPtrOutput { return v.WriteOnly }).(pulumi.BoolPtrOutput) } diff --git a/sdk/go/keycloak/ldap/groupMapper.go b/sdk/go/keycloak/ldap/groupMapper.go index 0ec47dae..d7c308a3 100644 --- a/sdk/go/keycloak/ldap/groupMapper.go +++ b/sdk/go/keycloak/ldap/groupMapper.go @@ -12,13 +12,18 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing group mappers for Keycloak users federated via LDAP. +// ## # ldap.GroupMapper // -// The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also -// create the groups within Keycloak if they do not already exist. +// Allows for creating and managing group mappers for Keycloak users federated +// via LDAP. // -// ## Example Usage +// The LDAP group mapper can be used to map an LDAP user's groups from some DN +// to Keycloak groups. This group mapper will also create the groups within Keycloak +// if they do not already exist. // +// ### Example Usage +// +// // ```go // package main // @@ -33,41 +38,41 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("test"), // }) // if err != nil { // return err // } // ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// RealmId: realm.ID(), -// UsernameLdapAttribute: pulumi.String("cn"), -// RdnLdapAttribute: pulumi.String("cn"), -// UuidLdapAttribute: pulumi.String("entryDN"), +// BindCredential: pulumi.String("admin"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// ConnectionUrl: pulumi.String("ldap://openldap"), +// RdnLdapAttribute: pulumi.String("cn"), +// RealmId: realm.ID(), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("simpleSecurityObject"), // pulumi.String("organizationalRole"), // }, -// ConnectionUrl: pulumi.String("ldap://openldap"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// BindCredential: pulumi.String("admin"), +// UsernameLdapAttribute: pulumi.String("cn"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// UuidLdapAttribute: pulumi.String("entryDN"), // }) // if err != nil { // return err // } // _, err = ldap.NewGroupMapper(ctx, "ldapGroupMapper", &ldap.GroupMapperArgs{ -// RealmId: realm.ID(), -// LdapUserFederationId: ldapUserFederation.ID(), -// LdapGroupsDn: pulumi.String("dc=example,dc=org"), // GroupNameLdapAttribute: pulumi.String("cn"), // GroupObjectClasses: pulumi.StringArray{ // pulumi.String("groupOfNames"), // }, +// LdapGroupsDn: pulumi.String("dc=example,dc=org"), +// LdapUserFederationId: ldapUserFederation.ID(), +// MemberofLdapAttribute: pulumi.String("memberOf"), // MembershipAttributeType: pulumi.String("DN"), // MembershipLdapAttribute: pulumi.String("member"), // MembershipUserLdapAttribute: pulumi.String("cn"), -// MemberofLdapAttribute: pulumi.String("memberOf"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -77,58 +82,58 @@ import ( // } // // ``` +// // -// ## Import -// -// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. +// ### Argument Reference // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm that this LDAP mapper will exist in. +// - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. +// - `name` - (Required) Display name of this mapper when displayed in the console. +// - `ldapGroupsDn` - (Required) The LDAP DN where groups can be found. +// - `groupNameLdapAttribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. +// - `groupObjectClasses` - (Required) Array of strings representing the object classes for the group. Must contain at least one. +// - `preserveGroupInheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. +// - `ignoreMissingGroups` - (Optional) When `true`, missing groups in the hierarchy will be ignored. +// - `membershipLdapAttribute` - (Required) The name of the LDAP attribute that is used for membership mappings. +// - `membershipAttributeType` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. +// - `membershipUserLdapAttribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. +// - `groupsLdapFilter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. +// - `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`. +// - `userRolesRetrieveStrategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. +// - `memberofLdapAttribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. +// - `mappedGroupAttributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. +// - `dropNonExistingGroupsDuringSync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 -// ``` +// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. +// The ID of the LDAP user federation provider and the mapper can be found within +// the Keycloak GUI, and they are typically GUIDs: type GroupMapper struct { pulumi.CustomResourceState - // When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - DropNonExistingGroupsDuringSync pulumi.BoolPtrOutput `pulumi:"dropNonExistingGroupsDuringSync"` - // The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - GroupNameLdapAttribute pulumi.StringOutput `pulumi:"groupNameLdapAttribute"` - // List of strings representing the object classes for the group. Must contain at least one. - GroupObjectClasses pulumi.StringArrayOutput `pulumi:"groupObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - GroupsLdapFilter pulumi.StringPtrOutput `pulumi:"groupsLdapFilter"` - // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - GroupsPath pulumi.StringOutput `pulumi:"groupsPath"` - // When `true`, missing groups in the hierarchy will be ignored. - IgnoreMissingGroups pulumi.BoolPtrOutput `pulumi:"ignoreMissingGroups"` - // The LDAP DN where groups can be found. - LdapGroupsDn pulumi.StringOutput `pulumi:"ldapGroupsDn"` - // The ID of the LDAP user federation provider to attach this mapper to. - LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` - // Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - MappedGroupAttributes pulumi.StringArrayOutput `pulumi:"mappedGroupAttributes"` - // Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - MemberofLdapAttribute pulumi.StringPtrOutput `pulumi:"memberofLdapAttribute"` - // Can be one of `DN` or `UID`. Defaults to `DN`. - MembershipAttributeType pulumi.StringPtrOutput `pulumi:"membershipAttributeType"` - // The name of the LDAP attribute that is used for membership mappings. - MembershipLdapAttribute pulumi.StringOutput `pulumi:"membershipLdapAttribute"` - // The name of the LDAP attribute on a user that is used for membership mappings. - MembershipUserLdapAttribute pulumi.StringOutput `pulumi:"membershipUserLdapAttribute"` - // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - Mode pulumi.StringPtrOutput `pulumi:"mode"` - // Display name of this mapper when displayed in the console. - Name pulumi.StringOutput `pulumi:"name"` - // When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. + DropNonExistingGroupsDuringSync pulumi.BoolPtrOutput `pulumi:"dropNonExistingGroupsDuringSync"` + GroupNameLdapAttribute pulumi.StringOutput `pulumi:"groupNameLdapAttribute"` + GroupObjectClasses pulumi.StringArrayOutput `pulumi:"groupObjectClasses"` + GroupsLdapFilter pulumi.StringPtrOutput `pulumi:"groupsLdapFilter"` + GroupsPath pulumi.StringOutput `pulumi:"groupsPath"` + IgnoreMissingGroups pulumi.BoolPtrOutput `pulumi:"ignoreMissingGroups"` + LdapGroupsDn pulumi.StringOutput `pulumi:"ldapGroupsDn"` + // The ldap user federation provider to attach this mapper to. + LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` + MappedGroupAttributes pulumi.StringArrayOutput `pulumi:"mappedGroupAttributes"` + MemberofLdapAttribute pulumi.StringPtrOutput `pulumi:"memberofLdapAttribute"` + MembershipAttributeType pulumi.StringPtrOutput `pulumi:"membershipAttributeType"` + MembershipLdapAttribute pulumi.StringOutput `pulumi:"membershipLdapAttribute"` + MembershipUserLdapAttribute pulumi.StringOutput `pulumi:"membershipUserLdapAttribute"` + Mode pulumi.StringPtrOutput `pulumi:"mode"` + // Display name of the mapper when displayed in the console. + Name pulumi.StringOutput `pulumi:"name"` PreserveGroupInheritance pulumi.BoolPtrOutput `pulumi:"preserveGroupInheritance"` - // The realm that this LDAP mapper will exist in. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + // The realm in which the ldap user federation provider exists. + RealmId pulumi.StringOutput `pulumi:"realmId"` UserRolesRetrieveStrategy pulumi.StringPtrOutput `pulumi:"userRolesRetrieveStrategy"` } @@ -183,80 +188,50 @@ func GetGroupMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering GroupMapper resources. type groupMapperState struct { - // When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - DropNonExistingGroupsDuringSync *bool `pulumi:"dropNonExistingGroupsDuringSync"` - // The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - GroupNameLdapAttribute *string `pulumi:"groupNameLdapAttribute"` - // List of strings representing the object classes for the group. Must contain at least one. - GroupObjectClasses []string `pulumi:"groupObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - GroupsLdapFilter *string `pulumi:"groupsLdapFilter"` - // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - GroupsPath *string `pulumi:"groupsPath"` - // When `true`, missing groups in the hierarchy will be ignored. - IgnoreMissingGroups *bool `pulumi:"ignoreMissingGroups"` - // The LDAP DN where groups can be found. - LdapGroupsDn *string `pulumi:"ldapGroupsDn"` - // The ID of the LDAP user federation provider to attach this mapper to. - LdapUserFederationId *string `pulumi:"ldapUserFederationId"` - // Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - MappedGroupAttributes []string `pulumi:"mappedGroupAttributes"` - // Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - MemberofLdapAttribute *string `pulumi:"memberofLdapAttribute"` - // Can be one of `DN` or `UID`. Defaults to `DN`. - MembershipAttributeType *string `pulumi:"membershipAttributeType"` - // The name of the LDAP attribute that is used for membership mappings. - MembershipLdapAttribute *string `pulumi:"membershipLdapAttribute"` - // The name of the LDAP attribute on a user that is used for membership mappings. - MembershipUserLdapAttribute *string `pulumi:"membershipUserLdapAttribute"` - // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - Mode *string `pulumi:"mode"` - // Display name of this mapper when displayed in the console. - Name *string `pulumi:"name"` - // When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - PreserveGroupInheritance *bool `pulumi:"preserveGroupInheritance"` - // The realm that this LDAP mapper will exist in. - RealmId *string `pulumi:"realmId"` - // Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + DropNonExistingGroupsDuringSync *bool `pulumi:"dropNonExistingGroupsDuringSync"` + GroupNameLdapAttribute *string `pulumi:"groupNameLdapAttribute"` + GroupObjectClasses []string `pulumi:"groupObjectClasses"` + GroupsLdapFilter *string `pulumi:"groupsLdapFilter"` + GroupsPath *string `pulumi:"groupsPath"` + IgnoreMissingGroups *bool `pulumi:"ignoreMissingGroups"` + LdapGroupsDn *string `pulumi:"ldapGroupsDn"` + // The ldap user federation provider to attach this mapper to. + LdapUserFederationId *string `pulumi:"ldapUserFederationId"` + MappedGroupAttributes []string `pulumi:"mappedGroupAttributes"` + MemberofLdapAttribute *string `pulumi:"memberofLdapAttribute"` + MembershipAttributeType *string `pulumi:"membershipAttributeType"` + MembershipLdapAttribute *string `pulumi:"membershipLdapAttribute"` + MembershipUserLdapAttribute *string `pulumi:"membershipUserLdapAttribute"` + Mode *string `pulumi:"mode"` + // Display name of the mapper when displayed in the console. + Name *string `pulumi:"name"` + PreserveGroupInheritance *bool `pulumi:"preserveGroupInheritance"` + // The realm in which the ldap user federation provider exists. + RealmId *string `pulumi:"realmId"` UserRolesRetrieveStrategy *string `pulumi:"userRolesRetrieveStrategy"` } type GroupMapperState struct { - // When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. DropNonExistingGroupsDuringSync pulumi.BoolPtrInput - // The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - GroupNameLdapAttribute pulumi.StringPtrInput - // List of strings representing the object classes for the group. Must contain at least one. - GroupObjectClasses pulumi.StringArrayInput - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - GroupsLdapFilter pulumi.StringPtrInput - // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - GroupsPath pulumi.StringPtrInput - // When `true`, missing groups in the hierarchy will be ignored. - IgnoreMissingGroups pulumi.BoolPtrInput - // The LDAP DN where groups can be found. - LdapGroupsDn pulumi.StringPtrInput - // The ID of the LDAP user federation provider to attach this mapper to. - LdapUserFederationId pulumi.StringPtrInput - // Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - MappedGroupAttributes pulumi.StringArrayInput - // Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - MemberofLdapAttribute pulumi.StringPtrInput - // Can be one of `DN` or `UID`. Defaults to `DN`. - MembershipAttributeType pulumi.StringPtrInput - // The name of the LDAP attribute that is used for membership mappings. - MembershipLdapAttribute pulumi.StringPtrInput - // The name of the LDAP attribute on a user that is used for membership mappings. + GroupNameLdapAttribute pulumi.StringPtrInput + GroupObjectClasses pulumi.StringArrayInput + GroupsLdapFilter pulumi.StringPtrInput + GroupsPath pulumi.StringPtrInput + IgnoreMissingGroups pulumi.BoolPtrInput + LdapGroupsDn pulumi.StringPtrInput + // The ldap user federation provider to attach this mapper to. + LdapUserFederationId pulumi.StringPtrInput + MappedGroupAttributes pulumi.StringArrayInput + MemberofLdapAttribute pulumi.StringPtrInput + MembershipAttributeType pulumi.StringPtrInput + MembershipLdapAttribute pulumi.StringPtrInput MembershipUserLdapAttribute pulumi.StringPtrInput - // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - Mode pulumi.StringPtrInput - // Display name of this mapper when displayed in the console. - Name pulumi.StringPtrInput - // When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. + Mode pulumi.StringPtrInput + // Display name of the mapper when displayed in the console. + Name pulumi.StringPtrInput PreserveGroupInheritance pulumi.BoolPtrInput - // The realm that this LDAP mapper will exist in. - RealmId pulumi.StringPtrInput - // Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + // The realm in which the ldap user federation provider exists. + RealmId pulumi.StringPtrInput UserRolesRetrieveStrategy pulumi.StringPtrInput } @@ -265,81 +240,51 @@ func (GroupMapperState) ElementType() reflect.Type { } type groupMapperArgs struct { - // When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - DropNonExistingGroupsDuringSync *bool `pulumi:"dropNonExistingGroupsDuringSync"` - // The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - GroupNameLdapAttribute string `pulumi:"groupNameLdapAttribute"` - // List of strings representing the object classes for the group. Must contain at least one. - GroupObjectClasses []string `pulumi:"groupObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - GroupsLdapFilter *string `pulumi:"groupsLdapFilter"` - // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - GroupsPath *string `pulumi:"groupsPath"` - // When `true`, missing groups in the hierarchy will be ignored. - IgnoreMissingGroups *bool `pulumi:"ignoreMissingGroups"` - // The LDAP DN where groups can be found. - LdapGroupsDn string `pulumi:"ldapGroupsDn"` - // The ID of the LDAP user federation provider to attach this mapper to. - LdapUserFederationId string `pulumi:"ldapUserFederationId"` - // Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - MappedGroupAttributes []string `pulumi:"mappedGroupAttributes"` - // Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - MemberofLdapAttribute *string `pulumi:"memberofLdapAttribute"` - // Can be one of `DN` or `UID`. Defaults to `DN`. - MembershipAttributeType *string `pulumi:"membershipAttributeType"` - // The name of the LDAP attribute that is used for membership mappings. - MembershipLdapAttribute string `pulumi:"membershipLdapAttribute"` - // The name of the LDAP attribute on a user that is used for membership mappings. - MembershipUserLdapAttribute string `pulumi:"membershipUserLdapAttribute"` - // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - Mode *string `pulumi:"mode"` - // Display name of this mapper when displayed in the console. - Name *string `pulumi:"name"` - // When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - PreserveGroupInheritance *bool `pulumi:"preserveGroupInheritance"` - // The realm that this LDAP mapper will exist in. - RealmId string `pulumi:"realmId"` - // Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + DropNonExistingGroupsDuringSync *bool `pulumi:"dropNonExistingGroupsDuringSync"` + GroupNameLdapAttribute string `pulumi:"groupNameLdapAttribute"` + GroupObjectClasses []string `pulumi:"groupObjectClasses"` + GroupsLdapFilter *string `pulumi:"groupsLdapFilter"` + GroupsPath *string `pulumi:"groupsPath"` + IgnoreMissingGroups *bool `pulumi:"ignoreMissingGroups"` + LdapGroupsDn string `pulumi:"ldapGroupsDn"` + // The ldap user federation provider to attach this mapper to. + LdapUserFederationId string `pulumi:"ldapUserFederationId"` + MappedGroupAttributes []string `pulumi:"mappedGroupAttributes"` + MemberofLdapAttribute *string `pulumi:"memberofLdapAttribute"` + MembershipAttributeType *string `pulumi:"membershipAttributeType"` + MembershipLdapAttribute string `pulumi:"membershipLdapAttribute"` + MembershipUserLdapAttribute string `pulumi:"membershipUserLdapAttribute"` + Mode *string `pulumi:"mode"` + // Display name of the mapper when displayed in the console. + Name *string `pulumi:"name"` + PreserveGroupInheritance *bool `pulumi:"preserveGroupInheritance"` + // The realm in which the ldap user federation provider exists. + RealmId string `pulumi:"realmId"` UserRolesRetrieveStrategy *string `pulumi:"userRolesRetrieveStrategy"` } // The set of arguments for constructing a GroupMapper resource. type GroupMapperArgs struct { - // When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. DropNonExistingGroupsDuringSync pulumi.BoolPtrInput - // The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - GroupNameLdapAttribute pulumi.StringInput - // List of strings representing the object classes for the group. Must contain at least one. - GroupObjectClasses pulumi.StringArrayInput - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - GroupsLdapFilter pulumi.StringPtrInput - // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - GroupsPath pulumi.StringPtrInput - // When `true`, missing groups in the hierarchy will be ignored. - IgnoreMissingGroups pulumi.BoolPtrInput - // The LDAP DN where groups can be found. - LdapGroupsDn pulumi.StringInput - // The ID of the LDAP user federation provider to attach this mapper to. - LdapUserFederationId pulumi.StringInput - // Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - MappedGroupAttributes pulumi.StringArrayInput - // Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - MemberofLdapAttribute pulumi.StringPtrInput - // Can be one of `DN` or `UID`. Defaults to `DN`. - MembershipAttributeType pulumi.StringPtrInput - // The name of the LDAP attribute that is used for membership mappings. - MembershipLdapAttribute pulumi.StringInput - // The name of the LDAP attribute on a user that is used for membership mappings. + GroupNameLdapAttribute pulumi.StringInput + GroupObjectClasses pulumi.StringArrayInput + GroupsLdapFilter pulumi.StringPtrInput + GroupsPath pulumi.StringPtrInput + IgnoreMissingGroups pulumi.BoolPtrInput + LdapGroupsDn pulumi.StringInput + // The ldap user federation provider to attach this mapper to. + LdapUserFederationId pulumi.StringInput + MappedGroupAttributes pulumi.StringArrayInput + MemberofLdapAttribute pulumi.StringPtrInput + MembershipAttributeType pulumi.StringPtrInput + MembershipLdapAttribute pulumi.StringInput MembershipUserLdapAttribute pulumi.StringInput - // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - Mode pulumi.StringPtrInput - // Display name of this mapper when displayed in the console. - Name pulumi.StringPtrInput - // When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. + Mode pulumi.StringPtrInput + // Display name of the mapper when displayed in the console. + Name pulumi.StringPtrInput PreserveGroupInheritance pulumi.BoolPtrInput - // The realm that this LDAP mapper will exist in. - RealmId pulumi.StringInput - // Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + // The realm in which the ldap user federation provider exists. + RealmId pulumi.StringInput UserRolesRetrieveStrategy pulumi.StringPtrInput } @@ -430,92 +375,77 @@ func (o GroupMapperOutput) ToGroupMapperOutputWithContext(ctx context.Context) G return o } -// When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. func (o GroupMapperOutput) DropNonExistingGroupsDuringSync() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.BoolPtrOutput { return v.DropNonExistingGroupsDuringSync }).(pulumi.BoolPtrOutput) } -// The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. func (o GroupMapperOutput) GroupNameLdapAttribute() pulumi.StringOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringOutput { return v.GroupNameLdapAttribute }).(pulumi.StringOutput) } -// List of strings representing the object classes for the group. Must contain at least one. func (o GroupMapperOutput) GroupObjectClasses() pulumi.StringArrayOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringArrayOutput { return v.GroupObjectClasses }).(pulumi.StringArrayOutput) } -// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. func (o GroupMapperOutput) GroupsLdapFilter() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringPtrOutput { return v.GroupsLdapFilter }).(pulumi.StringPtrOutput) } -// Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. func (o GroupMapperOutput) GroupsPath() pulumi.StringOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringOutput { return v.GroupsPath }).(pulumi.StringOutput) } -// When `true`, missing groups in the hierarchy will be ignored. func (o GroupMapperOutput) IgnoreMissingGroups() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.BoolPtrOutput { return v.IgnoreMissingGroups }).(pulumi.BoolPtrOutput) } -// The LDAP DN where groups can be found. func (o GroupMapperOutput) LdapGroupsDn() pulumi.StringOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringOutput { return v.LdapGroupsDn }).(pulumi.StringOutput) } -// The ID of the LDAP user federation provider to attach this mapper to. +// The ldap user federation provider to attach this mapper to. func (o GroupMapperOutput) LdapUserFederationId() pulumi.StringOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringOutput { return v.LdapUserFederationId }).(pulumi.StringOutput) } -// Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. func (o GroupMapperOutput) MappedGroupAttributes() pulumi.StringArrayOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringArrayOutput { return v.MappedGroupAttributes }).(pulumi.StringArrayOutput) } -// Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. func (o GroupMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringPtrOutput { return v.MemberofLdapAttribute }).(pulumi.StringPtrOutput) } -// Can be one of `DN` or `UID`. Defaults to `DN`. func (o GroupMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringPtrOutput { return v.MembershipAttributeType }).(pulumi.StringPtrOutput) } -// The name of the LDAP attribute that is used for membership mappings. func (o GroupMapperOutput) MembershipLdapAttribute() pulumi.StringOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringOutput { return v.MembershipLdapAttribute }).(pulumi.StringOutput) } -// The name of the LDAP attribute on a user that is used for membership mappings. func (o GroupMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringOutput { return v.MembershipUserLdapAttribute }).(pulumi.StringOutput) } -// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. func (o GroupMapperOutput) Mode() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringPtrOutput { return v.Mode }).(pulumi.StringPtrOutput) } -// Display name of this mapper when displayed in the console. +// Display name of the mapper when displayed in the console. func (o GroupMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. func (o GroupMapperOutput) PreserveGroupInheritance() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.BoolPtrOutput { return v.PreserveGroupInheritance }).(pulumi.BoolPtrOutput) } -// The realm that this LDAP mapper will exist in. +// The realm in which the ldap user federation provider exists. func (o GroupMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. func (o GroupMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringPtrOutput { return v.UserRolesRetrieveStrategy }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/keycloak/ldap/hardcodedAttributeMapper.go b/sdk/go/keycloak/ldap/hardcodedAttributeMapper.go index 02ea904b..b44161d3 100644 --- a/sdk/go/keycloak/ldap/hardcodedAttributeMapper.go +++ b/sdk/go/keycloak/ldap/hardcodedAttributeMapper.go @@ -20,6 +20,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -72,16 +73,17 @@ import ( // } // // ``` +// // // ## Import // // LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/go/keycloak/ldap/hardcodedGroupMapper.go b/sdk/go/keycloak/ldap/hardcodedGroupMapper.go index d0467db7..d670a74b 100644 --- a/sdk/go/keycloak/ldap/hardcodedGroupMapper.go +++ b/sdk/go/keycloak/ldap/hardcodedGroupMapper.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -74,16 +75,17 @@ import ( // } // // ``` +// // // ## Import // // LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/go/keycloak/ldap/hardcodedRoleMapper.go b/sdk/go/keycloak/ldap/hardcodedRoleMapper.go index d8b08d8e..3c328733 100644 --- a/sdk/go/keycloak/ldap/hardcodedRoleMapper.go +++ b/sdk/go/keycloak/ldap/hardcodedRoleMapper.go @@ -12,13 +12,13 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP. +// ## # ldap.HardcodedRoleMapper // -// The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. +// This mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. // -// ## Example Usage -// ### Realm Role) +// ### Example Usage // +// // ```go // package main // @@ -33,7 +33,7 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), +// Realm: pulumi.String("test"), // Enabled: pulumi.Bool(true), // }) // if err != nil { @@ -56,17 +56,10 @@ import ( // if err != nil { // return err // } -// realmAdminRole, err := keycloak.NewRole(ctx, "realmAdminRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), -// Description: pulumi.String("My Realm Role"), -// }) -// if err != nil { -// return err -// } // _, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{ // RealmId: realm.ID(), // LdapUserFederationId: ldapUserFederation.ID(), -// Role: realmAdminRole.Name, +// Role: pulumi.String("admin"), // }) // if err != nil { // return err @@ -76,102 +69,32 @@ import ( // } // // ``` -// ### Client Role) -// -// ```go -// package main -// -// import ( -// -// "fmt" -// -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap" -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // -// ) +// ### Argument Reference // -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// RealmId: realm.ID(), -// UsernameLdapAttribute: pulumi.String("cn"), -// RdnLdapAttribute: pulumi.String("cn"), -// UuidLdapAttribute: pulumi.String("entryDN"), -// UserObjectClasses: pulumi.StringArray{ -// pulumi.String("simpleSecurityObject"), -// pulumi.String("organizationalRole"), -// }, -// ConnectionUrl: pulumi.String("ldap://openldap"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// BindCredential: pulumi.String("admin"), -// }) -// if err != nil { -// return err -// } -// realmManagement := openid.LookupClientOutput(ctx, openid.GetClientOutputArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("realm-management"), -// }, nil) -// createClient := pulumi.All(realm.ID(), realmManagement).ApplyT(func(_args []interface{}) (keycloak.GetRoleResult, error) { -// id := _args[0].(string) -// realmManagement := _args[1].(openid.GetClientResult) -// return keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{ -// RealmId: id, -// ClientId: realmManagement.Id, -// Name: "create-client", -// }, nil), nil -// }).(keycloak.GetRoleResultOutput) -// _, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{ -// RealmId: realm.ID(), -// LdapUserFederationId: ldapUserFederation.ID(), -// Role: pulumi.All(realmManagement, createClient).ApplyT(func(_args []interface{}) (string, error) { -// realmManagement := _args[0].(openid.GetClientResult) -// createClient := _args[1].(keycloak.GetRoleResult) -// return fmt.Sprintf("%v.%v", realmManagement.ClientId, createClient.Name), nil -// }).(pulumi.StringOutput), -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } +// The following arguments are supported: // -// ``` +// - `realmId` - (Required) The realm that this LDAP mapper will exist in. +// - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. +// - `name` - (Required) Display name of this mapper when displayed in the console. +// - `role` - (Required) The role which should be assigned to the users. // -// ## Import +// ### Import // // LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. -// -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. -// -// Example: -// -// bash -// -// ```sh -// $ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 -// ``` +// The ID of the LDAP user federation provider and the mapper can be found within +// the Keycloak GUI, and they are typically GUIDs: type HardcodedRoleMapper struct { pulumi.CustomResourceState - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringOutput `pulumi:"realmId"` - // The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + // Role to grant to user. Role pulumi.StringOutput `pulumi:"role"` } @@ -214,24 +137,24 @@ func GetHardcodedRoleMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering HardcodedRoleMapper resources. type hardcodedRoleMapperState struct { - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId *string `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name *string `pulumi:"name"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId *string `pulumi:"realmId"` - // The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + // Role to grant to user. Role *string `pulumi:"role"` } type HardcodedRoleMapperState struct { - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringPtrInput - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringPtrInput - // The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + // Role to grant to user. Role pulumi.StringPtrInput } @@ -240,25 +163,25 @@ func (HardcodedRoleMapperState) ElementType() reflect.Type { } type hardcodedRoleMapperArgs struct { - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId string `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name *string `pulumi:"name"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId string `pulumi:"realmId"` - // The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + // Role to grant to user. Role string `pulumi:"role"` } // The set of arguments for constructing a HardcodedRoleMapper resource. type HardcodedRoleMapperArgs struct { - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringPtrInput - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringInput - // The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + // Role to grant to user. Role pulumi.StringInput } @@ -349,22 +272,22 @@ func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutputWithContext(ctx co return o } -// The ID of the LDAP user federation provider to attach this mapper to. +// The ldap user federation provider to attach this mapper to. func (o HardcodedRoleMapperOutput) LdapUserFederationId() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedRoleMapper) pulumi.StringOutput { return v.LdapUserFederationId }).(pulumi.StringOutput) } -// Display name of this mapper when displayed in the console. +// Display name of the mapper when displayed in the console. func (o HardcodedRoleMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedRoleMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm that this LDAP mapper will exist in. +// The realm in which the ldap user federation provider exists. func (o HardcodedRoleMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedRoleMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. +// Role to grant to user. func (o HardcodedRoleMapperOutput) Role() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedRoleMapper) pulumi.StringOutput { return v.Role }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/ldap/msadLdsUserAccountControlMapper.go b/sdk/go/keycloak/ldap/msadLdsUserAccountControlMapper.go index e83e9851..e8ea16df 100644 --- a/sdk/go/keycloak/ldap/msadLdsUserAccountControlMapper.go +++ b/sdk/go/keycloak/ldap/msadLdsUserAccountControlMapper.go @@ -22,6 +22,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -72,16 +73,17 @@ import ( // } // // ``` +// // // ## Import // // LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/go/keycloak/ldap/msadUserAccountControlMapper.go b/sdk/go/keycloak/ldap/msadUserAccountControlMapper.go index 831d8846..7ec9f59c 100644 --- a/sdk/go/keycloak/ldap/msadUserAccountControlMapper.go +++ b/sdk/go/keycloak/ldap/msadUserAccountControlMapper.go @@ -12,6 +12,8 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # ldap.MsadUserAccountControlMapper +// // Allows for creating and managing MSAD user account control mappers for Keycloak // users federated via LDAP. // @@ -20,8 +22,9 @@ import ( // AD user state to Keycloak in order to enforce settings like expired passwords // or disabled accounts. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -36,33 +39,33 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("test"), // }) // if err != nil { // return err // } // ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// RealmId: realm.ID(), -// UsernameLdapAttribute: pulumi.String("cn"), -// RdnLdapAttribute: pulumi.String("cn"), -// UuidLdapAttribute: pulumi.String("objectGUID"), +// BindCredential: pulumi.String("admin"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// ConnectionUrl: pulumi.String("ldap://my-ad-server"), +// RdnLdapAttribute: pulumi.String("cn"), +// RealmId: realm.ID(), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("person"), // pulumi.String("organizationalPerson"), // pulumi.String("user"), // }, -// ConnectionUrl: pulumi.String("ldap://my-ad-server"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// BindCredential: pulumi.String("admin"), +// UsernameLdapAttribute: pulumi.String("cn"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// UuidLdapAttribute: pulumi.String("objectGUID"), // }) // if err != nil { // return err // } // _, err = ldap.NewMsadUserAccountControlMapper(ctx, "msadUserAccountControlMapper", &ldap.MsadUserAccountControlMapperArgs{ -// RealmId: realm.ID(), // LdapUserFederationId: ldapUserFederation.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -72,30 +75,31 @@ import ( // } // // ``` +// // -// ## Import -// -// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. +// ### Argument Reference // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm that this LDAP mapper will exist in. +// - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. +// - `name` - (Required) Display name of this mapper when displayed in the console. +// - `ldapPasswordPolicyHintsEnabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 -// ``` +// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. +// The ID of the LDAP user federation provider and the mapper can be found within +// the Keycloak GUI, and they are typically GUIDs: type MsadUserAccountControlMapper struct { pulumi.CustomResourceState - // When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. LdapPasswordPolicyHintsEnabled pulumi.BoolPtrOutput `pulumi:"ldapPasswordPolicyHintsEnabled"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringOutput `pulumi:"realmId"` } @@ -135,24 +139,22 @@ func GetMsadUserAccountControlMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering MsadUserAccountControlMapper resources. type msadUserAccountControlMapperState struct { - // When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. LdapPasswordPolicyHintsEnabled *bool `pulumi:"ldapPasswordPolicyHintsEnabled"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId *string `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name *string `pulumi:"name"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId *string `pulumi:"realmId"` } type MsadUserAccountControlMapperState struct { - // When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. LdapPasswordPolicyHintsEnabled pulumi.BoolPtrInput - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringPtrInput - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringPtrInput } @@ -161,25 +163,23 @@ func (MsadUserAccountControlMapperState) ElementType() reflect.Type { } type msadUserAccountControlMapperArgs struct { - // When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. LdapPasswordPolicyHintsEnabled *bool `pulumi:"ldapPasswordPolicyHintsEnabled"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId string `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name *string `pulumi:"name"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a MsadUserAccountControlMapper resource. type MsadUserAccountControlMapperArgs struct { - // When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. LdapPasswordPolicyHintsEnabled pulumi.BoolPtrInput - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringPtrInput - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringInput } @@ -270,22 +270,21 @@ func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutput return o } -// When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. func (o MsadUserAccountControlMapperOutput) LdapPasswordPolicyHintsEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *MsadUserAccountControlMapper) pulumi.BoolPtrOutput { return v.LdapPasswordPolicyHintsEnabled }).(pulumi.BoolPtrOutput) } -// The ID of the LDAP user federation provider to attach this mapper to. +// The ldap user federation provider to attach this mapper to. func (o MsadUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput { return o.ApplyT(func(v *MsadUserAccountControlMapper) pulumi.StringOutput { return v.LdapUserFederationId }).(pulumi.StringOutput) } -// Display name of this mapper when displayed in the console. +// Display name of the mapper when displayed in the console. func (o MsadUserAccountControlMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *MsadUserAccountControlMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm that this LDAP mapper will exist in. +// The realm in which the ldap user federation provider exists. func (o MsadUserAccountControlMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *MsadUserAccountControlMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/ldap/pulumiTypes.go b/sdk/go/keycloak/ldap/pulumiTypes.go index cfada68a..3161c5dc 100644 --- a/sdk/go/keycloak/ldap/pulumiTypes.go +++ b/sdk/go/keycloak/ldap/pulumiTypes.go @@ -14,7 +14,7 @@ import ( var _ = internal.GetEnvOrDefault type UserFederationCache struct { - // Day of the week the entry will become invalid on + // Day of the week the entry will become invalid on. EvictionDay *int `pulumi:"evictionDay"` // Hour of day the entry will become invalid on. EvictionHour *int `pulumi:"evictionHour"` @@ -22,8 +22,7 @@ type UserFederationCache struct { EvictionMinute *int `pulumi:"evictionMinute"` // Max lifespan of cache entry (duration string). MaxLifespan *string `pulumi:"maxLifespan"` - // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - Policy *string `pulumi:"policy"` + Policy *string `pulumi:"policy"` } // UserFederationCacheInput is an input type that accepts UserFederationCacheArgs and UserFederationCacheOutput values. @@ -38,7 +37,7 @@ type UserFederationCacheInput interface { } type UserFederationCacheArgs struct { - // Day of the week the entry will become invalid on + // Day of the week the entry will become invalid on. EvictionDay pulumi.IntPtrInput `pulumi:"evictionDay"` // Hour of day the entry will become invalid on. EvictionHour pulumi.IntPtrInput `pulumi:"evictionHour"` @@ -46,8 +45,7 @@ type UserFederationCacheArgs struct { EvictionMinute pulumi.IntPtrInput `pulumi:"evictionMinute"` // Max lifespan of cache entry (duration string). MaxLifespan pulumi.StringPtrInput `pulumi:"maxLifespan"` - // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - Policy pulumi.StringPtrInput `pulumi:"policy"` + Policy pulumi.StringPtrInput `pulumi:"policy"` } func (UserFederationCacheArgs) ElementType() reflect.Type { @@ -127,7 +125,7 @@ func (o UserFederationCacheOutput) ToUserFederationCachePtrOutputWithContext(ctx }).(UserFederationCachePtrOutput) } -// Day of the week the entry will become invalid on +// Day of the week the entry will become invalid on. func (o UserFederationCacheOutput) EvictionDay() pulumi.IntPtrOutput { return o.ApplyT(func(v UserFederationCache) *int { return v.EvictionDay }).(pulumi.IntPtrOutput) } @@ -147,7 +145,6 @@ func (o UserFederationCacheOutput) MaxLifespan() pulumi.StringPtrOutput { return o.ApplyT(func(v UserFederationCache) *string { return v.MaxLifespan }).(pulumi.StringPtrOutput) } -// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. func (o UserFederationCacheOutput) Policy() pulumi.StringPtrOutput { return o.ApplyT(func(v UserFederationCache) *string { return v.Policy }).(pulumi.StringPtrOutput) } @@ -176,7 +173,7 @@ func (o UserFederationCachePtrOutput) Elem() UserFederationCacheOutput { }).(UserFederationCacheOutput) } -// Day of the week the entry will become invalid on +// Day of the week the entry will become invalid on. func (o UserFederationCachePtrOutput) EvictionDay() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserFederationCache) *int { if v == nil { @@ -216,7 +213,6 @@ func (o UserFederationCachePtrOutput) MaxLifespan() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. func (o UserFederationCachePtrOutput) Policy() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederationCache) *string { if v == nil { @@ -227,7 +223,7 @@ func (o UserFederationCachePtrOutput) Policy() pulumi.StringPtrOutput { } type UserFederationKerberos struct { - // The name of the kerberos realm, e.g. FOO.LOCAL. + // The name of the kerberos realm, e.g. FOO.LOCAL KerberosRealm string `pulumi:"kerberosRealm"` // Path to the kerberos keytab file on the server with credentials of the service principal. KeyTab string `pulumi:"keyTab"` @@ -249,7 +245,7 @@ type UserFederationKerberosInput interface { } type UserFederationKerberosArgs struct { - // The name of the kerberos realm, e.g. FOO.LOCAL. + // The name of the kerberos realm, e.g. FOO.LOCAL KerberosRealm pulumi.StringInput `pulumi:"kerberosRealm"` // Path to the kerberos keytab file on the server with credentials of the service principal. KeyTab pulumi.StringInput `pulumi:"keyTab"` @@ -336,7 +332,7 @@ func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutputWithConte }).(UserFederationKerberosPtrOutput) } -// The name of the kerberos realm, e.g. FOO.LOCAL. +// The name of the kerberos realm, e.g. FOO.LOCAL func (o UserFederationKerberosOutput) KerberosRealm() pulumi.StringOutput { return o.ApplyT(func(v UserFederationKerberos) string { return v.KerberosRealm }).(pulumi.StringOutput) } @@ -380,7 +376,7 @@ func (o UserFederationKerberosPtrOutput) Elem() UserFederationKerberosOutput { }).(UserFederationKerberosOutput) } -// The name of the kerberos realm, e.g. FOO.LOCAL. +// The name of the kerberos realm, e.g. FOO.LOCAL func (o UserFederationKerberosPtrOutput) KerberosRealm() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederationKerberos) *string { if v == nil { diff --git a/sdk/go/keycloak/ldap/roleMapper.go b/sdk/go/keycloak/ldap/roleMapper.go index f7f9fb0e..443c5252 100644 --- a/sdk/go/keycloak/ldap/roleMapper.go +++ b/sdk/go/keycloak/ldap/roleMapper.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -77,16 +78,17 @@ import ( // } // // ``` +// // // ## Import // // LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/go/keycloak/ldap/userAttributeMapper.go b/sdk/go/keycloak/ldap/userAttributeMapper.go index 36206d66..94875048 100644 --- a/sdk/go/keycloak/ldap/userAttributeMapper.go +++ b/sdk/go/keycloak/ldap/userAttributeMapper.go @@ -12,14 +12,17 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # ldap.UserAttributeMapper +// // Allows for creating and managing user attribute mappers for Keycloak users // federated via LDAP. // // The LDAP user attribute mapper can be used to map a single LDAP attribute // to an attribute on the Keycloak user model. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -34,34 +37,34 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("test"), // }) // if err != nil { // return err // } // ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// RealmId: realm.ID(), -// UsernameLdapAttribute: pulumi.String("cn"), -// RdnLdapAttribute: pulumi.String("cn"), -// UuidLdapAttribute: pulumi.String("entryDN"), +// BindCredential: pulumi.String("admin"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// ConnectionUrl: pulumi.String("ldap://openldap"), +// RdnLdapAttribute: pulumi.String("cn"), +// RealmId: realm.ID(), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("simpleSecurityObject"), // pulumi.String("organizationalRole"), // }, -// ConnectionUrl: pulumi.String("ldap://openldap"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// BindCredential: pulumi.String("admin"), +// UsernameLdapAttribute: pulumi.String("cn"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// UuidLdapAttribute: pulumi.String("entryDN"), // }) // if err != nil { // return err // } // _, err = ldap.NewUserAttributeMapper(ctx, "ldapUserAttributeMapper", &ldap.UserAttributeMapperArgs{ -// RealmId: realm.ID(), +// LdapAttribute: pulumi.String("bar"), // LdapUserFederationId: ldapUserFederation.ID(), +// RealmId: realm.ID(), // UserModelAttribute: pulumi.String("foo"), -// LdapAttribute: pulumi.String("bar"), // }) // if err != nil { // return err @@ -71,42 +74,48 @@ import ( // } // // ``` +// // -// ## Import -// -// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. +// ### Argument Reference // -// The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm that this LDAP mapper will exist in. +// - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. +// - `name` - (Required) Display name of this mapper when displayed in the console. +// - `userModelAttribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into. +// - `ldapAttribute` - (Required) Name of the mapped attribute on the LDAP object. +// - `readOnly` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. +// - `alwaysReadValueFromLdap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. +// - `isMandatoryInLdap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 -// ``` +// LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. +// The ID of the LDAP user federation provider and the mapper can be found within +// the Keycloak GUI, and they are typically GUIDs: type UserAttributeMapper struct { pulumi.CustomResourceState - // When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + // When true, the value fetched from LDAP will override the value stored in Keycloak. AlwaysReadValueFromLdap pulumi.BoolPtrOutput `pulumi:"alwaysReadValueFromLdap"` - // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. + // Default value to set in LDAP if is_mandatory_in_ldap and the value is empty AttributeDefaultValue pulumi.StringPtrOutput `pulumi:"attributeDefaultValue"` - // Should be true for binary LDAP attributes. + // Should be true for binary LDAP attributes IsBinaryAttribute pulumi.BoolPtrOutput `pulumi:"isBinaryAttribute"` - // When `true`, this attribute must exist in LDAP. Defaults to `false`. + // When true, this attribute must exist in LDAP. IsMandatoryInLdap pulumi.BoolPtrOutput `pulumi:"isMandatoryInLdap"` - // Name of the mapped attribute on the LDAP object. + // Name of the mapped attribute on LDAP object. LdapAttribute pulumi.StringOutput `pulumi:"ldapAttribute"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` - // When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + // When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringOutput `pulumi:"realmId"` - // Name of the user property or attribute you want to map the LDAP attribute into. + // Name of the UserModel property or attribute you want to map the LDAP attribute into. UserModelAttribute pulumi.StringOutput `pulumi:"userModelAttribute"` } @@ -152,48 +161,48 @@ func GetUserAttributeMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering UserAttributeMapper resources. type userAttributeMapperState struct { - // When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + // When true, the value fetched from LDAP will override the value stored in Keycloak. AlwaysReadValueFromLdap *bool `pulumi:"alwaysReadValueFromLdap"` - // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. + // Default value to set in LDAP if is_mandatory_in_ldap and the value is empty AttributeDefaultValue *string `pulumi:"attributeDefaultValue"` - // Should be true for binary LDAP attributes. + // Should be true for binary LDAP attributes IsBinaryAttribute *bool `pulumi:"isBinaryAttribute"` - // When `true`, this attribute must exist in LDAP. Defaults to `false`. + // When true, this attribute must exist in LDAP. IsMandatoryInLdap *bool `pulumi:"isMandatoryInLdap"` - // Name of the mapped attribute on the LDAP object. + // Name of the mapped attribute on LDAP object. LdapAttribute *string `pulumi:"ldapAttribute"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId *string `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name *string `pulumi:"name"` - // When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + // When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. ReadOnly *bool `pulumi:"readOnly"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId *string `pulumi:"realmId"` - // Name of the user property or attribute you want to map the LDAP attribute into. + // Name of the UserModel property or attribute you want to map the LDAP attribute into. UserModelAttribute *string `pulumi:"userModelAttribute"` } type UserAttributeMapperState struct { - // When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + // When true, the value fetched from LDAP will override the value stored in Keycloak. AlwaysReadValueFromLdap pulumi.BoolPtrInput - // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. + // Default value to set in LDAP if is_mandatory_in_ldap and the value is empty AttributeDefaultValue pulumi.StringPtrInput - // Should be true for binary LDAP attributes. + // Should be true for binary LDAP attributes IsBinaryAttribute pulumi.BoolPtrInput - // When `true`, this attribute must exist in LDAP. Defaults to `false`. + // When true, this attribute must exist in LDAP. IsMandatoryInLdap pulumi.BoolPtrInput - // Name of the mapped attribute on the LDAP object. + // Name of the mapped attribute on LDAP object. LdapAttribute pulumi.StringPtrInput - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringPtrInput - // When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + // When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. ReadOnly pulumi.BoolPtrInput - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringPtrInput - // Name of the user property or attribute you want to map the LDAP attribute into. + // Name of the UserModel property or attribute you want to map the LDAP attribute into. UserModelAttribute pulumi.StringPtrInput } @@ -202,49 +211,49 @@ func (UserAttributeMapperState) ElementType() reflect.Type { } type userAttributeMapperArgs struct { - // When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + // When true, the value fetched from LDAP will override the value stored in Keycloak. AlwaysReadValueFromLdap *bool `pulumi:"alwaysReadValueFromLdap"` - // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. + // Default value to set in LDAP if is_mandatory_in_ldap and the value is empty AttributeDefaultValue *string `pulumi:"attributeDefaultValue"` - // Should be true for binary LDAP attributes. + // Should be true for binary LDAP attributes IsBinaryAttribute *bool `pulumi:"isBinaryAttribute"` - // When `true`, this attribute must exist in LDAP. Defaults to `false`. + // When true, this attribute must exist in LDAP. IsMandatoryInLdap *bool `pulumi:"isMandatoryInLdap"` - // Name of the mapped attribute on the LDAP object. + // Name of the mapped attribute on LDAP object. LdapAttribute string `pulumi:"ldapAttribute"` - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId string `pulumi:"ldapUserFederationId"` - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name *string `pulumi:"name"` - // When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + // When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. ReadOnly *bool `pulumi:"readOnly"` - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId string `pulumi:"realmId"` - // Name of the user property or attribute you want to map the LDAP attribute into. + // Name of the UserModel property or attribute you want to map the LDAP attribute into. UserModelAttribute string `pulumi:"userModelAttribute"` } // The set of arguments for constructing a UserAttributeMapper resource. type UserAttributeMapperArgs struct { - // When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + // When true, the value fetched from LDAP will override the value stored in Keycloak. AlwaysReadValueFromLdap pulumi.BoolPtrInput - // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. + // Default value to set in LDAP if is_mandatory_in_ldap and the value is empty AttributeDefaultValue pulumi.StringPtrInput - // Should be true for binary LDAP attributes. + // Should be true for binary LDAP attributes IsBinaryAttribute pulumi.BoolPtrInput - // When `true`, this attribute must exist in LDAP. Defaults to `false`. + // When true, this attribute must exist in LDAP. IsMandatoryInLdap pulumi.BoolPtrInput - // Name of the mapped attribute on the LDAP object. + // Name of the mapped attribute on LDAP object. LdapAttribute pulumi.StringInput - // The ID of the LDAP user federation provider to attach this mapper to. + // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput - // Display name of this mapper when displayed in the console. + // Display name of the mapper when displayed in the console. Name pulumi.StringPtrInput - // When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + // When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. ReadOnly pulumi.BoolPtrInput - // The realm that this LDAP mapper will exist in. + // The realm in which the ldap user federation provider exists. RealmId pulumi.StringInput - // Name of the user property or attribute you want to map the LDAP attribute into. + // Name of the UserModel property or attribute you want to map the LDAP attribute into. UserModelAttribute pulumi.StringInput } @@ -335,52 +344,52 @@ func (o UserAttributeMapperOutput) ToUserAttributeMapperOutputWithContext(ctx co return o } -// When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. +// When true, the value fetched from LDAP will override the value stored in Keycloak. func (o UserAttributeMapperOutput) AlwaysReadValueFromLdap() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.BoolPtrOutput { return v.AlwaysReadValueFromLdap }).(pulumi.BoolPtrOutput) } -// Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. +// Default value to set in LDAP if is_mandatory_in_ldap and the value is empty func (o UserAttributeMapperOutput) AttributeDefaultValue() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.StringPtrOutput { return v.AttributeDefaultValue }).(pulumi.StringPtrOutput) } -// Should be true for binary LDAP attributes. +// Should be true for binary LDAP attributes func (o UserAttributeMapperOutput) IsBinaryAttribute() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.BoolPtrOutput { return v.IsBinaryAttribute }).(pulumi.BoolPtrOutput) } -// When `true`, this attribute must exist in LDAP. Defaults to `false`. +// When true, this attribute must exist in LDAP. func (o UserAttributeMapperOutput) IsMandatoryInLdap() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.BoolPtrOutput { return v.IsMandatoryInLdap }).(pulumi.BoolPtrOutput) } -// Name of the mapped attribute on the LDAP object. +// Name of the mapped attribute on LDAP object. func (o UserAttributeMapperOutput) LdapAttribute() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.StringOutput { return v.LdapAttribute }).(pulumi.StringOutput) } -// The ID of the LDAP user federation provider to attach this mapper to. +// The ldap user federation provider to attach this mapper to. func (o UserAttributeMapperOutput) LdapUserFederationId() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.StringOutput { return v.LdapUserFederationId }).(pulumi.StringOutput) } -// Display name of this mapper when displayed in the console. +// Display name of the mapper when displayed in the console. func (o UserAttributeMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. +// When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. func (o UserAttributeMapperOutput) ReadOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.BoolPtrOutput { return v.ReadOnly }).(pulumi.BoolPtrOutput) } -// The realm that this LDAP mapper will exist in. +// The realm in which the ldap user federation provider exists. func (o UserAttributeMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// Name of the user property or attribute you want to map the LDAP attribute into. +// Name of the UserModel property or attribute you want to map the LDAP attribute into. func (o UserAttributeMapperOutput) UserModelAttribute() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.StringOutput { return v.UserModelAttribute }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/ldap/userFederation.go b/sdk/go/keycloak/ldap/userFederation.go index e783c338..278cd170 100644 --- a/sdk/go/keycloak/ldap/userFederation.go +++ b/sdk/go/keycloak/ldap/userFederation.go @@ -12,6 +12,8 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # ldap.UserFederation +// // Allows for creating and managing LDAP user federation providers within Keycloak. // // Keycloak can use an LDAP user federation provider to federate users to Keycloak @@ -19,8 +21,9 @@ import ( // will exist within the realm and will be able to log in to clients. Federated // users can have their attributes defined using mappers. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -35,33 +38,28 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("test"), // }) // if err != nil { // return err // } // _, err = ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// RealmId: realm.ID(), -// Enabled: pulumi.Bool(true), -// UsernameLdapAttribute: pulumi.String("cn"), -// RdnLdapAttribute: pulumi.String("cn"), -// UuidLdapAttribute: pulumi.String("entryDN"), -// UserObjectClasses: pulumi.StringArray{ -// pulumi.String("simpleSecurityObject"), -// pulumi.String("organizationalRole"), -// }, -// ConnectionUrl: pulumi.String("ldap://openldap"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), // BindCredential: pulumi.String("admin"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), // ConnectionTimeout: pulumi.String("5s"), +// ConnectionUrl: pulumi.String("ldap://openldap"), +// Enabled: pulumi.Bool(true), +// RdnLdapAttribute: pulumi.String("cn"), // ReadTimeout: pulumi.String("10s"), -// Kerberos: &ldap.UserFederationKerberosArgs{ -// KerberosRealm: pulumi.String("FOO.LOCAL"), -// ServerPrincipal: pulumi.String("HTTP/host.foo.com@FOO.LOCAL"), -// KeyTab: pulumi.String("/etc/host.keytab"), +// RealmId: realm.ID(), +// UserObjectClasses: pulumi.StringArray{ +// pulumi.String("simpleSecurityObject"), +// pulumi.String("organizationalRole"), // }, +// UsernameLdapAttribute: pulumi.String("cn"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// UuidLdapAttribute: pulumi.String("entryDN"), // }) // if err != nil { // return err @@ -71,74 +69,108 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. +// The following arguments are supported: // -// The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: +// - `realmId` - (Required) The realm that this provider will provide user federation for. +// - `name` - (Required) Display name of the provider when displayed in the console. +// - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. +// - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. +// - `importEnabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. +// - `editMode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. +// - `syncRegistrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`. +// - `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`. +// - `usernameLdapAttribute` - (Required) Name of the LDAP attribute to use as the Keycloak username. +// - `rdnLdapAttribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name. +// - `uuidLdapAttribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. +// - `userObjectClasses` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. +// - `connectionUrl` - (Required) Connection URL to the LDAP server. +// - `usersDn` - (Required) Full DN of LDAP tree where your users are. +// - `bindDn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. +// - `bindCredential` - (Optional) Password of LDAP admin. This attribute must be set if `bindDn` is set. +// - `customUserSearchFilter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. +// - `searchScope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`: +// - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`. +// - `SUBTREE`: Search entire LDAP subtree. // -// bash +// - `validatePasswordPolicy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it. +// - `useTruststoreSpi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: +// - `ALWAYS` - Always use the truststore SPI for LDAP connections. +// - `NEVER` - Never use the truststore SPI for LDAP connections. +// - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol. // -// ```sh -// $ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 -// ``` +// - `connectionTimeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). +// - `readTimeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). +// - `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. +// - `batchSizeForSync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`. +// - `fullSyncPeriod` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. +// - `changedSyncPeriod` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. +// - `cachePolicy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. +// +// ### Import +// +// LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. +// The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: type UserFederation struct { pulumi.CustomResourceState - // The number of users to sync within a single transaction. Defaults to `1000`. + // The number of users to sync within a single transaction. BatchSizeForSync pulumi.IntPtrOutput `pulumi:"batchSizeForSync"` - // Password of LDAP admin. This attribute must be set if `bindDn` is set. + // Password of LDAP admin. BindCredential pulumi.StringPtrOutput `pulumi:"bindCredential"` - // DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + // DN of LDAP admin, which will be used by Keycloak to access LDAP server. BindDn pulumi.StringPtrOutput `pulumi:"bindDn"` - // A block containing the cache settings. + // Settings regarding cache policy for this realm. Cache UserFederationCachePtrOutput `pulumi:"cache"` - // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + // sync. ChangedSyncPeriod pulumi.IntPtrOutput `pulumi:"changedSyncPeriod"` - // LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP connection timeout (duration string) ConnectionTimeout pulumi.StringPtrOutput `pulumi:"connectionTimeout"` // Connection URL to the LDAP server. ConnectionUrl pulumi.StringOutput `pulumi:"connectionUrl"` - // Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + // Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. CustomUserSearchFilter pulumi.StringPtrOutput `pulumi:"customUserSearchFilter"` - // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + // user federation provider. DeleteDefaultMappers pulumi.BoolPtrOutput `pulumi:"deleteDefaultMappers"` - // Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + // READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. EditMode pulumi.StringPtrOutput `pulumi:"editMode"` - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + // When false, this provider will not be used when performing queries for users. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` // How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrOutput `pulumi:"fullSyncPeriod"` - // When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + // When true, LDAP users will be imported into the Keycloak database. ImportEnabled pulumi.BoolPtrOutput `pulumi:"importEnabled"` - // A block containing the kerberos settings. + // Settings regarding kerberos authentication for this realm. Kerberos UserFederationKerberosPtrOutput `pulumi:"kerberos"` // Display name of the provider when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` - // When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + // When true, Keycloak assumes the LDAP server supports pagination. Pagination pulumi.BoolPtrOutput `pulumi:"pagination"` - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority pulumi.IntPtrOutput `pulumi:"priority"` // Name of the LDAP attribute to use as the relative distinguished name. RdnLdapAttribute pulumi.StringOutput `pulumi:"rdnLdapAttribute"` - // LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP read timeout (duration string) ReadTimeout pulumi.StringPtrOutput `pulumi:"readTimeout"` - // The realm that this provider will provide user federation for. + // The realm this provider will provide user federation for. RealmId pulumi.StringOutput `pulumi:"realmId"` - // Can be one of `ONE_LEVEL` or `SUBTREE`: + // ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. SearchScope pulumi.StringPtrOutput `pulumi:"searchScope"` - // When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + // When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. StartTls pulumi.BoolPtrOutput `pulumi:"startTls"` - // When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + // When true, newly created users will be synced back to LDAP. SyncRegistrations pulumi.BoolPtrOutput `pulumi:"syncRegistrations"` // If enabled, email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"` // When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). - UsePasswordModifyExtendedOp pulumi.BoolPtrOutput `pulumi:"usePasswordModifyExtendedOp"` - // Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - UseTruststoreSpi pulumi.StringPtrOutput `pulumi:"useTruststoreSpi"` - // Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + UsePasswordModifyExtendedOp pulumi.BoolPtrOutput `pulumi:"usePasswordModifyExtendedOp"` + UseTruststoreSpi pulumi.StringPtrOutput `pulumi:"useTruststoreSpi"` + // All values of LDAP objectClass attribute for users in LDAP. UserObjectClasses pulumi.StringArrayOutput `pulumi:"userObjectClasses"` // Name of the LDAP attribute to use as the Keycloak username. UsernameLdapAttribute pulumi.StringOutput `pulumi:"usernameLdapAttribute"` @@ -146,9 +178,9 @@ type UserFederation struct { UsersDn pulumi.StringOutput `pulumi:"usersDn"` // Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. UuidLdapAttribute pulumi.StringOutput `pulumi:"uuidLdapAttribute"` - // When `true`, Keycloak will validate passwords using the realm policy before updating it. + // When true, Keycloak will validate passwords using the realm policy before updating it. ValidatePasswordPolicy pulumi.BoolPtrOutput `pulumi:"validatePasswordPolicy"` - // Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + // LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. Vendor pulumi.StringPtrOutput `pulumi:"vendor"` } @@ -210,59 +242,60 @@ func GetUserFederation(ctx *pulumi.Context, // Input properties used for looking up and filtering UserFederation resources. type userFederationState struct { - // The number of users to sync within a single transaction. Defaults to `1000`. + // The number of users to sync within a single transaction. BatchSizeForSync *int `pulumi:"batchSizeForSync"` - // Password of LDAP admin. This attribute must be set if `bindDn` is set. + // Password of LDAP admin. BindCredential *string `pulumi:"bindCredential"` - // DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + // DN of LDAP admin, which will be used by Keycloak to access LDAP server. BindDn *string `pulumi:"bindDn"` - // A block containing the cache settings. + // Settings regarding cache policy for this realm. Cache *UserFederationCache `pulumi:"cache"` - // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + // sync. ChangedSyncPeriod *int `pulumi:"changedSyncPeriod"` - // LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP connection timeout (duration string) ConnectionTimeout *string `pulumi:"connectionTimeout"` // Connection URL to the LDAP server. ConnectionUrl *string `pulumi:"connectionUrl"` - // Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + // Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. CustomUserSearchFilter *string `pulumi:"customUserSearchFilter"` - // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + // user federation provider. DeleteDefaultMappers *bool `pulumi:"deleteDefaultMappers"` - // Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + // READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. EditMode *string `pulumi:"editMode"` - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + // When false, this provider will not be used when performing queries for users. Enabled *bool `pulumi:"enabled"` // How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod *int `pulumi:"fullSyncPeriod"` - // When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + // When true, LDAP users will be imported into the Keycloak database. ImportEnabled *bool `pulumi:"importEnabled"` - // A block containing the kerberos settings. + // Settings regarding kerberos authentication for this realm. Kerberos *UserFederationKerberos `pulumi:"kerberos"` // Display name of the provider when displayed in the console. Name *string `pulumi:"name"` - // When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + // When true, Keycloak assumes the LDAP server supports pagination. Pagination *bool `pulumi:"pagination"` - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority *int `pulumi:"priority"` // Name of the LDAP attribute to use as the relative distinguished name. RdnLdapAttribute *string `pulumi:"rdnLdapAttribute"` - // LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP read timeout (duration string) ReadTimeout *string `pulumi:"readTimeout"` - // The realm that this provider will provide user federation for. + // The realm this provider will provide user federation for. RealmId *string `pulumi:"realmId"` - // Can be one of `ONE_LEVEL` or `SUBTREE`: + // ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. SearchScope *string `pulumi:"searchScope"` - // When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + // When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. StartTls *bool `pulumi:"startTls"` - // When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + // When true, newly created users will be synced back to LDAP. SyncRegistrations *bool `pulumi:"syncRegistrations"` // If enabled, email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail *bool `pulumi:"trustEmail"` // When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). - UsePasswordModifyExtendedOp *bool `pulumi:"usePasswordModifyExtendedOp"` - // Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - UseTruststoreSpi *string `pulumi:"useTruststoreSpi"` - // Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + UsePasswordModifyExtendedOp *bool `pulumi:"usePasswordModifyExtendedOp"` + UseTruststoreSpi *string `pulumi:"useTruststoreSpi"` + // All values of LDAP objectClass attribute for users in LDAP. UserObjectClasses []string `pulumi:"userObjectClasses"` // Name of the LDAP attribute to use as the Keycloak username. UsernameLdapAttribute *string `pulumi:"usernameLdapAttribute"` @@ -270,66 +303,67 @@ type userFederationState struct { UsersDn *string `pulumi:"usersDn"` // Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. UuidLdapAttribute *string `pulumi:"uuidLdapAttribute"` - // When `true`, Keycloak will validate passwords using the realm policy before updating it. + // When true, Keycloak will validate passwords using the realm policy before updating it. ValidatePasswordPolicy *bool `pulumi:"validatePasswordPolicy"` - // Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + // LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. Vendor *string `pulumi:"vendor"` } type UserFederationState struct { - // The number of users to sync within a single transaction. Defaults to `1000`. + // The number of users to sync within a single transaction. BatchSizeForSync pulumi.IntPtrInput - // Password of LDAP admin. This attribute must be set if `bindDn` is set. + // Password of LDAP admin. BindCredential pulumi.StringPtrInput - // DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + // DN of LDAP admin, which will be used by Keycloak to access LDAP server. BindDn pulumi.StringPtrInput - // A block containing the cache settings. + // Settings regarding cache policy for this realm. Cache UserFederationCachePtrInput - // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + // sync. ChangedSyncPeriod pulumi.IntPtrInput - // LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP connection timeout (duration string) ConnectionTimeout pulumi.StringPtrInput // Connection URL to the LDAP server. ConnectionUrl pulumi.StringPtrInput - // Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + // Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. CustomUserSearchFilter pulumi.StringPtrInput - // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + // user federation provider. DeleteDefaultMappers pulumi.BoolPtrInput - // Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + // READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. EditMode pulumi.StringPtrInput - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + // When false, this provider will not be used when performing queries for users. Enabled pulumi.BoolPtrInput // How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrInput - // When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + // When true, LDAP users will be imported into the Keycloak database. ImportEnabled pulumi.BoolPtrInput - // A block containing the kerberos settings. + // Settings regarding kerberos authentication for this realm. Kerberos UserFederationKerberosPtrInput // Display name of the provider when displayed in the console. Name pulumi.StringPtrInput - // When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + // When true, Keycloak assumes the LDAP server supports pagination. Pagination pulumi.BoolPtrInput - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority pulumi.IntPtrInput // Name of the LDAP attribute to use as the relative distinguished name. RdnLdapAttribute pulumi.StringPtrInput - // LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP read timeout (duration string) ReadTimeout pulumi.StringPtrInput - // The realm that this provider will provide user federation for. + // The realm this provider will provide user federation for. RealmId pulumi.StringPtrInput - // Can be one of `ONE_LEVEL` or `SUBTREE`: + // ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. SearchScope pulumi.StringPtrInput - // When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + // When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. StartTls pulumi.BoolPtrInput - // When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + // When true, newly created users will be synced back to LDAP. SyncRegistrations pulumi.BoolPtrInput // If enabled, email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrInput // When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). UsePasswordModifyExtendedOp pulumi.BoolPtrInput - // Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - UseTruststoreSpi pulumi.StringPtrInput - // Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + UseTruststoreSpi pulumi.StringPtrInput + // All values of LDAP objectClass attribute for users in LDAP. UserObjectClasses pulumi.StringArrayInput // Name of the LDAP attribute to use as the Keycloak username. UsernameLdapAttribute pulumi.StringPtrInput @@ -337,9 +371,9 @@ type UserFederationState struct { UsersDn pulumi.StringPtrInput // Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. UuidLdapAttribute pulumi.StringPtrInput - // When `true`, Keycloak will validate passwords using the realm policy before updating it. + // When true, Keycloak will validate passwords using the realm policy before updating it. ValidatePasswordPolicy pulumi.BoolPtrInput - // Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + // LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. Vendor pulumi.StringPtrInput } @@ -348,59 +382,60 @@ func (UserFederationState) ElementType() reflect.Type { } type userFederationArgs struct { - // The number of users to sync within a single transaction. Defaults to `1000`. + // The number of users to sync within a single transaction. BatchSizeForSync *int `pulumi:"batchSizeForSync"` - // Password of LDAP admin. This attribute must be set if `bindDn` is set. + // Password of LDAP admin. BindCredential *string `pulumi:"bindCredential"` - // DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + // DN of LDAP admin, which will be used by Keycloak to access LDAP server. BindDn *string `pulumi:"bindDn"` - // A block containing the cache settings. + // Settings regarding cache policy for this realm. Cache *UserFederationCache `pulumi:"cache"` - // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + // sync. ChangedSyncPeriod *int `pulumi:"changedSyncPeriod"` - // LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP connection timeout (duration string) ConnectionTimeout *string `pulumi:"connectionTimeout"` // Connection URL to the LDAP server. ConnectionUrl string `pulumi:"connectionUrl"` - // Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + // Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. CustomUserSearchFilter *string `pulumi:"customUserSearchFilter"` - // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + // user federation provider. DeleteDefaultMappers *bool `pulumi:"deleteDefaultMappers"` - // Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + // READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. EditMode *string `pulumi:"editMode"` - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + // When false, this provider will not be used when performing queries for users. Enabled *bool `pulumi:"enabled"` // How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod *int `pulumi:"fullSyncPeriod"` - // When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + // When true, LDAP users will be imported into the Keycloak database. ImportEnabled *bool `pulumi:"importEnabled"` - // A block containing the kerberos settings. + // Settings regarding kerberos authentication for this realm. Kerberos *UserFederationKerberos `pulumi:"kerberos"` // Display name of the provider when displayed in the console. Name *string `pulumi:"name"` - // When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + // When true, Keycloak assumes the LDAP server supports pagination. Pagination *bool `pulumi:"pagination"` - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority *int `pulumi:"priority"` // Name of the LDAP attribute to use as the relative distinguished name. RdnLdapAttribute string `pulumi:"rdnLdapAttribute"` - // LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP read timeout (duration string) ReadTimeout *string `pulumi:"readTimeout"` - // The realm that this provider will provide user federation for. + // The realm this provider will provide user federation for. RealmId string `pulumi:"realmId"` - // Can be one of `ONE_LEVEL` or `SUBTREE`: + // ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. SearchScope *string `pulumi:"searchScope"` - // When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + // When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. StartTls *bool `pulumi:"startTls"` - // When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + // When true, newly created users will be synced back to LDAP. SyncRegistrations *bool `pulumi:"syncRegistrations"` // If enabled, email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail *bool `pulumi:"trustEmail"` // When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). - UsePasswordModifyExtendedOp *bool `pulumi:"usePasswordModifyExtendedOp"` - // Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - UseTruststoreSpi *string `pulumi:"useTruststoreSpi"` - // Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + UsePasswordModifyExtendedOp *bool `pulumi:"usePasswordModifyExtendedOp"` + UseTruststoreSpi *string `pulumi:"useTruststoreSpi"` + // All values of LDAP objectClass attribute for users in LDAP. UserObjectClasses []string `pulumi:"userObjectClasses"` // Name of the LDAP attribute to use as the Keycloak username. UsernameLdapAttribute string `pulumi:"usernameLdapAttribute"` @@ -408,67 +443,68 @@ type userFederationArgs struct { UsersDn string `pulumi:"usersDn"` // Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. UuidLdapAttribute string `pulumi:"uuidLdapAttribute"` - // When `true`, Keycloak will validate passwords using the realm policy before updating it. + // When true, Keycloak will validate passwords using the realm policy before updating it. ValidatePasswordPolicy *bool `pulumi:"validatePasswordPolicy"` - // Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + // LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. Vendor *string `pulumi:"vendor"` } // The set of arguments for constructing a UserFederation resource. type UserFederationArgs struct { - // The number of users to sync within a single transaction. Defaults to `1000`. + // The number of users to sync within a single transaction. BatchSizeForSync pulumi.IntPtrInput - // Password of LDAP admin. This attribute must be set if `bindDn` is set. + // Password of LDAP admin. BindCredential pulumi.StringPtrInput - // DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + // DN of LDAP admin, which will be used by Keycloak to access LDAP server. BindDn pulumi.StringPtrInput - // A block containing the cache settings. + // Settings regarding cache policy for this realm. Cache UserFederationCachePtrInput - // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + // sync. ChangedSyncPeriod pulumi.IntPtrInput - // LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP connection timeout (duration string) ConnectionTimeout pulumi.StringPtrInput // Connection URL to the LDAP server. ConnectionUrl pulumi.StringInput - // Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + // Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. CustomUserSearchFilter pulumi.StringPtrInput - // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + // When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + // user federation provider. DeleteDefaultMappers pulumi.BoolPtrInput - // Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + // READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. EditMode pulumi.StringPtrInput - // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + // When false, this provider will not be used when performing queries for users. Enabled pulumi.BoolPtrInput // How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrInput - // When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + // When true, LDAP users will be imported into the Keycloak database. ImportEnabled pulumi.BoolPtrInput - // A block containing the kerberos settings. + // Settings regarding kerberos authentication for this realm. Kerberos UserFederationKerberosPtrInput // Display name of the provider when displayed in the console. Name pulumi.StringPtrInput - // When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + // When true, Keycloak assumes the LDAP server supports pagination. Pagination pulumi.BoolPtrInput - // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + // Priority of this provider when looking up users. Lower values are first. Priority pulumi.IntPtrInput // Name of the LDAP attribute to use as the relative distinguished name. RdnLdapAttribute pulumi.StringInput - // LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + // LDAP read timeout (duration string) ReadTimeout pulumi.StringPtrInput - // The realm that this provider will provide user federation for. + // The realm this provider will provide user federation for. RealmId pulumi.StringInput - // Can be one of `ONE_LEVEL` or `SUBTREE`: + // ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. SearchScope pulumi.StringPtrInput - // When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + // When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. StartTls pulumi.BoolPtrInput - // When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + // When true, newly created users will be synced back to LDAP. SyncRegistrations pulumi.BoolPtrInput // If enabled, email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrInput // When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). UsePasswordModifyExtendedOp pulumi.BoolPtrInput - // Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - UseTruststoreSpi pulumi.StringPtrInput - // Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + UseTruststoreSpi pulumi.StringPtrInput + // All values of LDAP objectClass attribute for users in LDAP. UserObjectClasses pulumi.StringArrayInput // Name of the LDAP attribute to use as the Keycloak username. UsernameLdapAttribute pulumi.StringInput @@ -476,9 +512,9 @@ type UserFederationArgs struct { UsersDn pulumi.StringInput // Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. UuidLdapAttribute pulumi.StringInput - // When `true`, Keycloak will validate passwords using the realm policy before updating it. + // When true, Keycloak will validate passwords using the realm policy before updating it. ValidatePasswordPolicy pulumi.BoolPtrInput - // Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + // LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. Vendor pulumi.StringPtrInput } @@ -569,32 +605,33 @@ func (o UserFederationOutput) ToUserFederationOutputWithContext(ctx context.Cont return o } -// The number of users to sync within a single transaction. Defaults to `1000`. +// The number of users to sync within a single transaction. func (o UserFederationOutput) BatchSizeForSync() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.IntPtrOutput { return v.BatchSizeForSync }).(pulumi.IntPtrOutput) } -// Password of LDAP admin. This attribute must be set if `bindDn` is set. +// Password of LDAP admin. func (o UserFederationOutput) BindCredential() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.BindCredential }).(pulumi.StringPtrOutput) } -// DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. +// DN of LDAP admin, which will be used by Keycloak to access LDAP server. func (o UserFederationOutput) BindDn() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.BindDn }).(pulumi.StringPtrOutput) } -// A block containing the cache settings. +// Settings regarding cache policy for this realm. func (o UserFederationOutput) Cache() UserFederationCachePtrOutput { return o.ApplyT(func(v *UserFederation) UserFederationCachePtrOutput { return v.Cache }).(UserFederationCachePtrOutput) } -// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. +// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users +// sync. func (o UserFederationOutput) ChangedSyncPeriod() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.IntPtrOutput { return v.ChangedSyncPeriod }).(pulumi.IntPtrOutput) } -// LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). +// LDAP connection timeout (duration string) func (o UserFederationOutput) ConnectionTimeout() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.ConnectionTimeout }).(pulumi.StringPtrOutput) } @@ -604,22 +641,23 @@ func (o UserFederationOutput) ConnectionUrl() pulumi.StringOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringOutput { return v.ConnectionUrl }).(pulumi.StringOutput) } -// Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. +// Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. func (o UserFederationOutput) CustomUserSearchFilter() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.CustomUserSearchFilter }).(pulumi.StringPtrOutput) } -// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. +// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP +// user federation provider. func (o UserFederationOutput) DeleteDefaultMappers() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.BoolPtrOutput { return v.DeleteDefaultMappers }).(pulumi.BoolPtrOutput) } -// Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. +// READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. func (o UserFederationOutput) EditMode() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.EditMode }).(pulumi.StringPtrOutput) } -// When `false`, this provider will not be used when performing queries for users. Defaults to `true`. +// When false, this provider will not be used when performing queries for users. func (o UserFederationOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } @@ -629,12 +667,12 @@ func (o UserFederationOutput) FullSyncPeriod() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.IntPtrOutput { return v.FullSyncPeriod }).(pulumi.IntPtrOutput) } -// When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. +// When true, LDAP users will be imported into the Keycloak database. func (o UserFederationOutput) ImportEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.BoolPtrOutput { return v.ImportEnabled }).(pulumi.BoolPtrOutput) } -// A block containing the kerberos settings. +// Settings regarding kerberos authentication for this realm. func (o UserFederationOutput) Kerberos() UserFederationKerberosPtrOutput { return o.ApplyT(func(v *UserFederation) UserFederationKerberosPtrOutput { return v.Kerberos }).(UserFederationKerberosPtrOutput) } @@ -644,12 +682,12 @@ func (o UserFederationOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. +// When true, Keycloak assumes the LDAP server supports pagination. func (o UserFederationOutput) Pagination() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.BoolPtrOutput { return v.Pagination }).(pulumi.BoolPtrOutput) } -// Priority of this provider when looking up users. Lower values are first. Defaults to `0`. +// Priority of this provider when looking up users. Lower values are first. func (o UserFederationOutput) Priority() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.IntPtrOutput { return v.Priority }).(pulumi.IntPtrOutput) } @@ -659,27 +697,27 @@ func (o UserFederationOutput) RdnLdapAttribute() pulumi.StringOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringOutput { return v.RdnLdapAttribute }).(pulumi.StringOutput) } -// LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). +// LDAP read timeout (duration string) func (o UserFederationOutput) ReadTimeout() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.ReadTimeout }).(pulumi.StringPtrOutput) } -// The realm that this provider will provide user federation for. +// The realm this provider will provide user federation for. func (o UserFederationOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// Can be one of `ONE_LEVEL` or `SUBTREE`: +// ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. func (o UserFederationOutput) SearchScope() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.SearchScope }).(pulumi.StringPtrOutput) } -// When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. +// When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. func (o UserFederationOutput) StartTls() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.BoolPtrOutput { return v.StartTls }).(pulumi.BoolPtrOutput) } -// When `true`, newly created users will be synced back to LDAP. Defaults to `false`. +// When true, newly created users will be synced back to LDAP. func (o UserFederationOutput) SyncRegistrations() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.BoolPtrOutput { return v.SyncRegistrations }).(pulumi.BoolPtrOutput) } @@ -694,12 +732,11 @@ func (o UserFederationOutput) UsePasswordModifyExtendedOp() pulumi.BoolPtrOutput return o.ApplyT(func(v *UserFederation) pulumi.BoolPtrOutput { return v.UsePasswordModifyExtendedOp }).(pulumi.BoolPtrOutput) } -// Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: func (o UserFederationOutput) UseTruststoreSpi() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.UseTruststoreSpi }).(pulumi.StringPtrOutput) } -// Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. +// All values of LDAP objectClass attribute for users in LDAP. func (o UserFederationOutput) UserObjectClasses() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringArrayOutput { return v.UserObjectClasses }).(pulumi.StringArrayOutput) } @@ -719,12 +756,12 @@ func (o UserFederationOutput) UuidLdapAttribute() pulumi.StringOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringOutput { return v.UuidLdapAttribute }).(pulumi.StringOutput) } -// When `true`, Keycloak will validate passwords using the realm policy before updating it. +// When true, Keycloak will validate passwords using the realm policy before updating it. func (o UserFederationOutput) ValidatePasswordPolicy() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.BoolPtrOutput { return v.ValidatePasswordPolicy }).(pulumi.BoolPtrOutput) } -// Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. +// LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. func (o UserFederationOutput) Vendor() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserFederation) pulumi.StringPtrOutput { return v.Vendor }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/keycloak/oidc/googleIdentityProvider.go b/sdk/go/keycloak/oidc/googleIdentityProvider.go index c004faf8..7aa82676 100644 --- a/sdk/go/keycloak/oidc/googleIdentityProvider.go +++ b/sdk/go/keycloak/oidc/googleIdentityProvider.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -57,14 +58,15 @@ import ( // } // // ``` +// // // ## Import // // Google Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp diff --git a/sdk/go/keycloak/oidc/identityProvider.go b/sdk/go/keycloak/oidc/identityProvider.go index 29708079..938de47f 100644 --- a/sdk/go/keycloak/oidc/identityProvider.go +++ b/sdk/go/keycloak/oidc/identityProvider.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -57,14 +58,15 @@ import ( // } // // ``` +// // // ## Import // // Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp diff --git a/sdk/go/keycloak/openid/audienceProtocolMapper.go b/sdk/go/keycloak/openid/audienceProtocolMapper.go index b762257c..e72d9612 100644 --- a/sdk/go/keycloak/openid/audienceProtocolMapper.go +++ b/sdk/go/keycloak/openid/audienceProtocolMapper.go @@ -12,14 +12,18 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing audience protocol mappers within Keycloak. +// ## # openid.AudienceProtocolMapper // -// Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom -// string, or it can be mapped to the ID of a pre-existing client. +// Allows for creating and managing audience protocol mappers within +// Keycloak. This mapper was added in Keycloak v4.6.0.Final. // -// ## Example Usage -// ### Client) +// Audience protocol mappers allow you add audiences to the `aud` claim +// within issued tokens. The audience can be a custom string, or it can be +// mapped to the ID of a pre-existing client. // +// ### Example Usage (Client) +// +// // ```go // package main // @@ -34,17 +38,17 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// Enabled: pulumi.Bool(true), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -53,9 +57,9 @@ import ( // return err // } // _, err = openid.NewAudienceProtocolMapper(ctx, "audienceMapper", &openid.AudienceProtocolMapperArgs{ -// RealmId: realm.ID(), // ClientId: openidClient.ID(), // IncludedCustomAudience: pulumi.String("foo"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -65,8 +69,11 @@ import ( // } // // ``` -// ### Client Scope) +// +// +// ### Example Usage (Client Scope) // +// // ```go // package main // @@ -81,8 +88,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -94,9 +101,9 @@ import ( // return err // } // _, err = openid.NewAudienceProtocolMapper(ctx, "audienceMapper", &openid.AudienceProtocolMapperArgs{ -// RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), // IncludedCustomAudience: pulumi.String("foo"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -106,44 +113,46 @@ import ( // } // // ``` +// // -// ## Import -// -// Protocol mappers can be imported using one of the following formats: -// -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// ### Argument Reference // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `includedClientAudience` - (Required if `includedCustomAudience` is not specified) A client ID to include within the token's `aud` claim. +// - `includedCustomAudience` - (Required if `includedClientAudience` is not specified) A custom audience to include within the token's `aud` claim. +// - `addToIdToken` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. +// - `addToAccessToken` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type AudienceProtocolMapper struct { pulumi.CustomResourceState - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the access token. AddToAccessToken pulumi.BoolPtrOutput `pulumi:"addToAccessToken"` - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the id token. AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedClientAudience pulumi.StringPtrOutput `pulumi:"includedClientAudience"` - // A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedCustomAudience pulumi.StringPtrOutput `pulumi:"includedCustomAudience"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringOutput `pulumi:"realmId"` } @@ -180,40 +189,40 @@ func GetAudienceProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering AudienceProtocolMapper resources. type audienceProtocolMapperState struct { - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedClientAudience *string `pulumi:"includedClientAudience"` - // A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedCustomAudience *string `pulumi:"includedCustomAudience"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId *string `pulumi:"realmId"` } type AudienceProtocolMapperState struct { - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the id token. AddToIdToken pulumi.BoolPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedClientAudience pulumi.StringPtrInput - // A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedCustomAudience pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringPtrInput } @@ -222,41 +231,41 @@ func (AudienceProtocolMapperState) ElementType() reflect.Type { } type audienceProtocolMapperArgs struct { - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedClientAudience *string `pulumi:"includedClientAudience"` - // A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedCustomAudience *string `pulumi:"includedCustomAudience"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a AudienceProtocolMapper resource. type AudienceProtocolMapperArgs struct { - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + // Indicates if this claim should be added to the id token. AddToIdToken pulumi.BoolPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedClientAudience pulumi.StringPtrInput - // A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + // A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience IncludedCustomAudience pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringInput } @@ -347,42 +356,42 @@ func (o AudienceProtocolMapperOutput) ToAudienceProtocolMapperOutputWithContext( return o } -// Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. +// Indicates if this claim should be added to the access token. func (o AudienceProtocolMapperOutput) AddToAccessToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *AudienceProtocolMapper) pulumi.BoolPtrOutput { return v.AddToAccessToken }).(pulumi.BoolPtrOutput) } -// Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. +// Indicates if this claim should be added to the id token. func (o AudienceProtocolMapperOutput) AddToIdToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *AudienceProtocolMapper) pulumi.BoolPtrOutput { return v.AddToIdToken }).(pulumi.BoolPtrOutput) } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o AudienceProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *AudienceProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client scope. Cannot be used at the same time as client_id. func (o AudienceProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *AudienceProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. +// A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience func (o AudienceProtocolMapperOutput) IncludedClientAudience() pulumi.StringPtrOutput { return o.ApplyT(func(v *AudienceProtocolMapper) pulumi.StringPtrOutput { return v.IncludedClientAudience }).(pulumi.StringPtrOutput) } -// A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. +// A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience func (o AudienceProtocolMapperOutput) IncludedCustomAudience() pulumi.StringPtrOutput { return o.ApplyT(func(v *AudienceProtocolMapper) pulumi.StringPtrOutput { return v.IncludedCustomAudience }).(pulumi.StringPtrOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o AudienceProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *AudienceProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o AudienceProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *AudienceProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/audienceResolveProtocolMapper.go b/sdk/go/keycloak/openid/audienceResolveProtocolMapper.go index df9145b9..f5745dea 100644 --- a/sdk/go/keycloak/openid/audienceResolveProtocolMapper.go +++ b/sdk/go/keycloak/openid/audienceResolveProtocolMapper.go @@ -19,8 +19,10 @@ import ( // [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. // // ## Example Usage +// // ### Client) // +// // ```go // package main // @@ -65,8 +67,11 @@ import ( // } // // ``` +// +// // ### Client Scope) // +// // ```go // package main // @@ -105,18 +110,19 @@ import ( // } // // ``` +// // // ## Import // // Protocol mappers can be imported using one of the following formats: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/go/keycloak/openid/audienceResolveProtocolMappter.go b/sdk/go/keycloak/openid/audienceResolveProtocolMappter.go index b7656b7d..9ae43d98 100644 --- a/sdk/go/keycloak/openid/audienceResolveProtocolMappter.go +++ b/sdk/go/keycloak/openid/audienceResolveProtocolMappter.go @@ -19,8 +19,10 @@ import ( // [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. // // ## Example Usage +// // ### Client) // +// // ```go // package main // @@ -65,8 +67,11 @@ import ( // } // // ``` +// +// // ### Client Scope) // +// // ```go // package main // @@ -105,18 +110,19 @@ import ( // } // // ``` +// // // ## Import // // Protocol mappers can be imported using one of the following formats: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/go/keycloak/openid/client.go b/sdk/go/keycloak/openid/client.go index ec3b8734..d3d42c45 100644 --- a/sdk/go/keycloak/openid/client.go +++ b/sdk/go/keycloak/openid/client.go @@ -12,14 +12,17 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # openid.Client +// // Allows for creating and managing Keycloak clients that use the OpenID Connect protocol. // // Clients are entities that can use Keycloak for user authentication. Typically, // clients are applications that redirect users to Keycloak for authentication // in order to take advantage of Keycloak's user sessions for SSO. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -34,25 +37,20 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // _, err = openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ClientId: pulumi.String("test-client"), // Enabled: pulumi.Bool(true), -// AccessType: pulumi.String("CONFIDENTIAL"), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, -// LoginTheme: pulumi.String("keycloak"), -// ExtraConfig: pulumi.Map{ -// "key1": pulumi.Any("value1"), -// "key2": pulumi.Any("value2"), -// }, // }) // if err != nil { // return err @@ -62,120 +60,99 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak +// The following arguments are supported: // -// assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. +// - `realmId` - (Required) The realm this client is attached to. +// - `clientId` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. +// - `name` - (Optional) The display name of this client in the GUI. +// - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. +// - `description` - (Optional) The description of this client in the GUI. +// - `accessType` - (Required) Specifies the type of client, which can be one of the following: +// - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating. +// This client should be used for applications using the Authorization Code or Client Credentials grant flows. +// - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect +// URIs for security. This client should be used for applications using the Implicit grant flow. +// - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests. +// - `clientSecret` - (Optional) The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and +// should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute. +// - `standardFlowEnabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. +// - `implicitFlowEnabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. +// - `directAccessGrantsEnabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. +// - `serviceAccountsEnabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. +// - `validRedirectUris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple +// wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` +// is set to `true`. +// - `webOrigins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins. +// - `adminUrl` - (Optional) URL to the admin interface of the client. +// - `baseUrl` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client. +// - `pkceCodeChallengeMethod` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value “. +// - `fullScopeAllowed` - (Optional) - Allow to include all roles mappings in the access token. // -// Example: +// ### Attributes Reference // -// bash +// In addition to the arguments listed above, the following computed attributes are exported: // -// ```sh -// $ pulumi import keycloak:openid/client:Client openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 -// ``` +// - `serviceAccountUserId` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. +// +// ### Import +// +// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `clientKeycloakId` is the unique ID that Keycloak +// assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. +// +// Example: type Client struct { pulumi.CustomResourceState - // The amount of time in seconds before an access token expires. This will override the default for the realm. - AccessTokenLifespan pulumi.StringOutput `pulumi:"accessTokenLifespan"` - // Specifies the type of client, which can be one of the following: - AccessType pulumi.StringOutput `pulumi:"accessType"` - // URL to the admin interface of the client. - AdminUrl pulumi.StringOutput `pulumi:"adminUrl"` - // Override realm authentication flow bindings - AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrOutput `pulumi:"authenticationFlowBindingOverrides"` - // When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: - Authorization ClientAuthorizationPtrOutput `pulumi:"authorization"` - // Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - BackchannelLogoutRevokeOfflineSessions pulumi.BoolPtrOutput `pulumi:"backchannelLogoutRevokeOfflineSessions"` - // When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - BackchannelLogoutSessionRequired pulumi.BoolPtrOutput `pulumi:"backchannelLogoutSessionRequired"` - // The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - BackchannelLogoutUrl pulumi.StringPtrOutput `pulumi:"backchannelLogoutUrl"` - // Default URL to use when the auth server needs to redirect or link back to the client. - BaseUrl pulumi.StringOutput `pulumi:"baseUrl"` - // Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - // - `client-secret` (Default) Use client id and client secret to authenticate client. - // - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - // - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` - // - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - ClientAuthenticatorType pulumi.StringPtrOutput `pulumi:"clientAuthenticatorType"` - // The Client ID for this client, referenced in the URI during authentication and in issued tokens. - ClientId pulumi.StringOutput `pulumi:"clientId"` - // Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - ClientOfflineSessionIdleTimeout pulumi.StringOutput `pulumi:"clientOfflineSessionIdleTimeout"` - // Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - ClientOfflineSessionMaxLifespan pulumi.StringOutput `pulumi:"clientOfflineSessionMaxLifespan"` - // The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - ClientSecret pulumi.StringOutput `pulumi:"clientSecret"` - // Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - ClientSessionIdleTimeout pulumi.StringOutput `pulumi:"clientSessionIdleTimeout"` - // Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - ClientSessionMaxLifespan pulumi.StringOutput `pulumi:"clientSessionMaxLifespan"` - // When `true`, users have to consent to client access. Defaults to `false`. - ConsentRequired pulumi.BoolOutput `pulumi:"consentRequired"` - // The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. - ConsentScreenText pulumi.StringOutput `pulumi:"consentScreenText"` - // The description of this client in the GUI. - Description pulumi.StringOutput `pulumi:"description"` - // When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - DirectAccessGrantsEnabled pulumi.BoolOutput `pulumi:"directAccessGrantsEnabled"` - // When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. - DisplayOnConsentScreen pulumi.BoolOutput `pulumi:"displayOnConsentScreen"` - // When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` - // When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. - ExcludeSessionStateFromAuthResponse pulumi.BoolOutput `pulumi:"excludeSessionStateFromAuthResponse"` - ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` - // When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. - FrontchannelLogoutEnabled pulumi.BoolOutput `pulumi:"frontchannelLogoutEnabled"` - // The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. - FrontchannelLogoutUrl pulumi.StringPtrOutput `pulumi:"frontchannelLogoutUrl"` - // Allow to include all roles mappings in the access token. - FullScopeAllowed pulumi.BoolPtrOutput `pulumi:"fullScopeAllowed"` - // When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - ImplicitFlowEnabled pulumi.BoolOutput `pulumi:"implicitFlowEnabled"` - // When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - Import pulumi.BoolPtrOutput `pulumi:"import"` - // The client login theme. This will override the default theme for the realm. - LoginTheme pulumi.StringPtrOutput `pulumi:"loginTheme"` - // The display name of this client in the GUI. - Name pulumi.StringOutput `pulumi:"name"` - // Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - Oauth2DeviceAuthorizationGrantEnabled pulumi.BoolPtrOutput `pulumi:"oauth2DeviceAuthorizationGrantEnabled"` - // The maximum amount of time a client has to finish the device code flow before it expires. - Oauth2DeviceCodeLifespan pulumi.StringPtrOutput `pulumi:"oauth2DeviceCodeLifespan"` - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval pulumi.StringPtrOutput `pulumi:"oauth2DevicePollingInterval"` - // The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - PkceCodeChallengeMethod pulumi.StringPtrOutput `pulumi:"pkceCodeChallengeMethod"` - // The realm this client is attached to. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - ResourceServerId pulumi.StringOutput `pulumi:"resourceServerId"` - // When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. - RootUrl pulumi.StringOutput `pulumi:"rootUrl"` - // (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - ServiceAccountUserId pulumi.StringOutput `pulumi:"serviceAccountUserId"` - // When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - ServiceAccountsEnabled pulumi.BoolOutput `pulumi:"serviceAccountsEnabled"` - // When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - StandardFlowEnabled pulumi.BoolOutput `pulumi:"standardFlowEnabled"` - // If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. - UseRefreshTokens pulumi.BoolPtrOutput `pulumi:"useRefreshTokens"` - // If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - UseRefreshTokensClientCredentials pulumi.BoolPtrOutput `pulumi:"useRefreshTokensClientCredentials"` - // A list of valid URIs a browser is permitted to redirect to after a successful logout. - ValidPostLogoutRedirectUris pulumi.StringArrayOutput `pulumi:"validPostLogoutRedirectUris"` - // A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` - // is set to `true`. - ValidRedirectUris pulumi.StringArrayOutput `pulumi:"validRedirectUris"` - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - WebOrigins pulumi.StringArrayOutput `pulumi:"webOrigins"` + AccessTokenLifespan pulumi.StringOutput `pulumi:"accessTokenLifespan"` + AccessType pulumi.StringOutput `pulumi:"accessType"` + AdminUrl pulumi.StringOutput `pulumi:"adminUrl"` + AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrOutput `pulumi:"authenticationFlowBindingOverrides"` + Authorization ClientAuthorizationPtrOutput `pulumi:"authorization"` + BackchannelLogoutRevokeOfflineSessions pulumi.BoolPtrOutput `pulumi:"backchannelLogoutRevokeOfflineSessions"` + BackchannelLogoutSessionRequired pulumi.BoolPtrOutput `pulumi:"backchannelLogoutSessionRequired"` + BackchannelLogoutUrl pulumi.StringPtrOutput `pulumi:"backchannelLogoutUrl"` + BaseUrl pulumi.StringOutput `pulumi:"baseUrl"` + ClientAuthenticatorType pulumi.StringPtrOutput `pulumi:"clientAuthenticatorType"` + ClientId pulumi.StringOutput `pulumi:"clientId"` + ClientOfflineSessionIdleTimeout pulumi.StringOutput `pulumi:"clientOfflineSessionIdleTimeout"` + ClientOfflineSessionMaxLifespan pulumi.StringOutput `pulumi:"clientOfflineSessionMaxLifespan"` + ClientSecret pulumi.StringOutput `pulumi:"clientSecret"` + ClientSessionIdleTimeout pulumi.StringOutput `pulumi:"clientSessionIdleTimeout"` + ClientSessionMaxLifespan pulumi.StringOutput `pulumi:"clientSessionMaxLifespan"` + ConsentRequired pulumi.BoolOutput `pulumi:"consentRequired"` + ConsentScreenText pulumi.StringOutput `pulumi:"consentScreenText"` + Description pulumi.StringOutput `pulumi:"description"` + DirectAccessGrantsEnabled pulumi.BoolOutput `pulumi:"directAccessGrantsEnabled"` + DisplayOnConsentScreen pulumi.BoolOutput `pulumi:"displayOnConsentScreen"` + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + ExcludeSessionStateFromAuthResponse pulumi.BoolOutput `pulumi:"excludeSessionStateFromAuthResponse"` + ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` + FrontchannelLogoutEnabled pulumi.BoolOutput `pulumi:"frontchannelLogoutEnabled"` + FrontchannelLogoutUrl pulumi.StringPtrOutput `pulumi:"frontchannelLogoutUrl"` + FullScopeAllowed pulumi.BoolPtrOutput `pulumi:"fullScopeAllowed"` + ImplicitFlowEnabled pulumi.BoolOutput `pulumi:"implicitFlowEnabled"` + Import pulumi.BoolPtrOutput `pulumi:"import"` + LoginTheme pulumi.StringPtrOutput `pulumi:"loginTheme"` + Name pulumi.StringOutput `pulumi:"name"` + Oauth2DeviceAuthorizationGrantEnabled pulumi.BoolPtrOutput `pulumi:"oauth2DeviceAuthorizationGrantEnabled"` + Oauth2DeviceCodeLifespan pulumi.StringPtrOutput `pulumi:"oauth2DeviceCodeLifespan"` + Oauth2DevicePollingInterval pulumi.StringPtrOutput `pulumi:"oauth2DevicePollingInterval"` + PkceCodeChallengeMethod pulumi.StringPtrOutput `pulumi:"pkceCodeChallengeMethod"` + RealmId pulumi.StringOutput `pulumi:"realmId"` + ResourceServerId pulumi.StringOutput `pulumi:"resourceServerId"` + RootUrl pulumi.StringOutput `pulumi:"rootUrl"` + ServiceAccountUserId pulumi.StringOutput `pulumi:"serviceAccountUserId"` + ServiceAccountsEnabled pulumi.BoolOutput `pulumi:"serviceAccountsEnabled"` + StandardFlowEnabled pulumi.BoolOutput `pulumi:"standardFlowEnabled"` + UseRefreshTokens pulumi.BoolPtrOutput `pulumi:"useRefreshTokens"` + UseRefreshTokensClientCredentials pulumi.BoolPtrOutput `pulumi:"useRefreshTokensClientCredentials"` + ValidPostLogoutRedirectUris pulumi.StringArrayOutput `pulumi:"validPostLogoutRedirectUris"` + ValidRedirectUris pulumi.StringArrayOutput `pulumi:"validRedirectUris"` + WebOrigins pulumi.StringArrayOutput `pulumi:"webOrigins"` } // NewClient registers a new resource with the given unique name, arguments, and options. @@ -224,203 +201,101 @@ func GetClient(ctx *pulumi.Context, // Input properties used for looking up and filtering Client resources. type clientState struct { - // The amount of time in seconds before an access token expires. This will override the default for the realm. - AccessTokenLifespan *string `pulumi:"accessTokenLifespan"` - // Specifies the type of client, which can be one of the following: - AccessType *string `pulumi:"accessType"` - // URL to the admin interface of the client. - AdminUrl *string `pulumi:"adminUrl"` - // Override realm authentication flow bindings - AuthenticationFlowBindingOverrides *ClientAuthenticationFlowBindingOverrides `pulumi:"authenticationFlowBindingOverrides"` - // When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: - Authorization *ClientAuthorization `pulumi:"authorization"` - // Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - BackchannelLogoutRevokeOfflineSessions *bool `pulumi:"backchannelLogoutRevokeOfflineSessions"` - // When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - BackchannelLogoutSessionRequired *bool `pulumi:"backchannelLogoutSessionRequired"` - // The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - BackchannelLogoutUrl *string `pulumi:"backchannelLogoutUrl"` - // Default URL to use when the auth server needs to redirect or link back to the client. - BaseUrl *string `pulumi:"baseUrl"` - // Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - // - `client-secret` (Default) Use client id and client secret to authenticate client. - // - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - // - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` - // - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - ClientAuthenticatorType *string `pulumi:"clientAuthenticatorType"` - // The Client ID for this client, referenced in the URI during authentication and in issued tokens. - ClientId *string `pulumi:"clientId"` - // Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - ClientOfflineSessionIdleTimeout *string `pulumi:"clientOfflineSessionIdleTimeout"` - // Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - ClientOfflineSessionMaxLifespan *string `pulumi:"clientOfflineSessionMaxLifespan"` - // The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - ClientSecret *string `pulumi:"clientSecret"` - // Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - ClientSessionIdleTimeout *string `pulumi:"clientSessionIdleTimeout"` - // Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - ClientSessionMaxLifespan *string `pulumi:"clientSessionMaxLifespan"` - // When `true`, users have to consent to client access. Defaults to `false`. - ConsentRequired *bool `pulumi:"consentRequired"` - // The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. - ConsentScreenText *string `pulumi:"consentScreenText"` - // The description of this client in the GUI. - Description *string `pulumi:"description"` - // When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - DirectAccessGrantsEnabled *bool `pulumi:"directAccessGrantsEnabled"` - // When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. - DisplayOnConsentScreen *bool `pulumi:"displayOnConsentScreen"` - // When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled *bool `pulumi:"enabled"` - // When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. - ExcludeSessionStateFromAuthResponse *bool `pulumi:"excludeSessionStateFromAuthResponse"` - ExtraConfig map[string]interface{} `pulumi:"extraConfig"` - // When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. - FrontchannelLogoutEnabled *bool `pulumi:"frontchannelLogoutEnabled"` - // The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. - FrontchannelLogoutUrl *string `pulumi:"frontchannelLogoutUrl"` - // Allow to include all roles mappings in the access token. - FullScopeAllowed *bool `pulumi:"fullScopeAllowed"` - // When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - ImplicitFlowEnabled *bool `pulumi:"implicitFlowEnabled"` - // When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - Import *bool `pulumi:"import"` - // The client login theme. This will override the default theme for the realm. - LoginTheme *string `pulumi:"loginTheme"` - // The display name of this client in the GUI. - Name *string `pulumi:"name"` - // Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - Oauth2DeviceAuthorizationGrantEnabled *bool `pulumi:"oauth2DeviceAuthorizationGrantEnabled"` - // The maximum amount of time a client has to finish the device code flow before it expires. - Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval *string `pulumi:"oauth2DevicePollingInterval"` - // The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - PkceCodeChallengeMethod *string `pulumi:"pkceCodeChallengeMethod"` - // The realm this client is attached to. - RealmId *string `pulumi:"realmId"` - // (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - ResourceServerId *string `pulumi:"resourceServerId"` - // When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. - RootUrl *string `pulumi:"rootUrl"` - // (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - ServiceAccountUserId *string `pulumi:"serviceAccountUserId"` - // When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - ServiceAccountsEnabled *bool `pulumi:"serviceAccountsEnabled"` - // When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - StandardFlowEnabled *bool `pulumi:"standardFlowEnabled"` - // If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. - UseRefreshTokens *bool `pulumi:"useRefreshTokens"` - // If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - UseRefreshTokensClientCredentials *bool `pulumi:"useRefreshTokensClientCredentials"` - // A list of valid URIs a browser is permitted to redirect to after a successful logout. - ValidPostLogoutRedirectUris []string `pulumi:"validPostLogoutRedirectUris"` - // A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` - // is set to `true`. - ValidRedirectUris []string `pulumi:"validRedirectUris"` - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - WebOrigins []string `pulumi:"webOrigins"` + AccessTokenLifespan *string `pulumi:"accessTokenLifespan"` + AccessType *string `pulumi:"accessType"` + AdminUrl *string `pulumi:"adminUrl"` + AuthenticationFlowBindingOverrides *ClientAuthenticationFlowBindingOverrides `pulumi:"authenticationFlowBindingOverrides"` + Authorization *ClientAuthorization `pulumi:"authorization"` + BackchannelLogoutRevokeOfflineSessions *bool `pulumi:"backchannelLogoutRevokeOfflineSessions"` + BackchannelLogoutSessionRequired *bool `pulumi:"backchannelLogoutSessionRequired"` + BackchannelLogoutUrl *string `pulumi:"backchannelLogoutUrl"` + BaseUrl *string `pulumi:"baseUrl"` + ClientAuthenticatorType *string `pulumi:"clientAuthenticatorType"` + ClientId *string `pulumi:"clientId"` + ClientOfflineSessionIdleTimeout *string `pulumi:"clientOfflineSessionIdleTimeout"` + ClientOfflineSessionMaxLifespan *string `pulumi:"clientOfflineSessionMaxLifespan"` + ClientSecret *string `pulumi:"clientSecret"` + ClientSessionIdleTimeout *string `pulumi:"clientSessionIdleTimeout"` + ClientSessionMaxLifespan *string `pulumi:"clientSessionMaxLifespan"` + ConsentRequired *bool `pulumi:"consentRequired"` + ConsentScreenText *string `pulumi:"consentScreenText"` + Description *string `pulumi:"description"` + DirectAccessGrantsEnabled *bool `pulumi:"directAccessGrantsEnabled"` + DisplayOnConsentScreen *bool `pulumi:"displayOnConsentScreen"` + Enabled *bool `pulumi:"enabled"` + ExcludeSessionStateFromAuthResponse *bool `pulumi:"excludeSessionStateFromAuthResponse"` + ExtraConfig map[string]interface{} `pulumi:"extraConfig"` + FrontchannelLogoutEnabled *bool `pulumi:"frontchannelLogoutEnabled"` + FrontchannelLogoutUrl *string `pulumi:"frontchannelLogoutUrl"` + FullScopeAllowed *bool `pulumi:"fullScopeAllowed"` + ImplicitFlowEnabled *bool `pulumi:"implicitFlowEnabled"` + Import *bool `pulumi:"import"` + LoginTheme *string `pulumi:"loginTheme"` + Name *string `pulumi:"name"` + Oauth2DeviceAuthorizationGrantEnabled *bool `pulumi:"oauth2DeviceAuthorizationGrantEnabled"` + Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` + Oauth2DevicePollingInterval *string `pulumi:"oauth2DevicePollingInterval"` + PkceCodeChallengeMethod *string `pulumi:"pkceCodeChallengeMethod"` + RealmId *string `pulumi:"realmId"` + ResourceServerId *string `pulumi:"resourceServerId"` + RootUrl *string `pulumi:"rootUrl"` + ServiceAccountUserId *string `pulumi:"serviceAccountUserId"` + ServiceAccountsEnabled *bool `pulumi:"serviceAccountsEnabled"` + StandardFlowEnabled *bool `pulumi:"standardFlowEnabled"` + UseRefreshTokens *bool `pulumi:"useRefreshTokens"` + UseRefreshTokensClientCredentials *bool `pulumi:"useRefreshTokensClientCredentials"` + ValidPostLogoutRedirectUris []string `pulumi:"validPostLogoutRedirectUris"` + ValidRedirectUris []string `pulumi:"validRedirectUris"` + WebOrigins []string `pulumi:"webOrigins"` } type ClientState struct { - // The amount of time in seconds before an access token expires. This will override the default for the realm. - AccessTokenLifespan pulumi.StringPtrInput - // Specifies the type of client, which can be one of the following: - AccessType pulumi.StringPtrInput - // URL to the admin interface of the client. - AdminUrl pulumi.StringPtrInput - // Override realm authentication flow bindings - AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput - // When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: - Authorization ClientAuthorizationPtrInput - // Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. + AccessTokenLifespan pulumi.StringPtrInput + AccessType pulumi.StringPtrInput + AdminUrl pulumi.StringPtrInput + AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput + Authorization ClientAuthorizationPtrInput BackchannelLogoutRevokeOfflineSessions pulumi.BoolPtrInput - // When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - BackchannelLogoutSessionRequired pulumi.BoolPtrInput - // The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - BackchannelLogoutUrl pulumi.StringPtrInput - // Default URL to use when the auth server needs to redirect or link back to the client. - BaseUrl pulumi.StringPtrInput - // Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - // - `client-secret` (Default) Use client id and client secret to authenticate client. - // - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - // - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` - // - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - ClientAuthenticatorType pulumi.StringPtrInput - // The Client ID for this client, referenced in the URI during authentication and in issued tokens. - ClientId pulumi.StringPtrInput - // Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - ClientOfflineSessionIdleTimeout pulumi.StringPtrInput - // Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - ClientOfflineSessionMaxLifespan pulumi.StringPtrInput - // The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - ClientSecret pulumi.StringPtrInput - // Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - ClientSessionIdleTimeout pulumi.StringPtrInput - // Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - ClientSessionMaxLifespan pulumi.StringPtrInput - // When `true`, users have to consent to client access. Defaults to `false`. - ConsentRequired pulumi.BoolPtrInput - // The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. - ConsentScreenText pulumi.StringPtrInput - // The description of this client in the GUI. - Description pulumi.StringPtrInput - // When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - DirectAccessGrantsEnabled pulumi.BoolPtrInput - // When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. - DisplayOnConsentScreen pulumi.BoolPtrInput - // When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled pulumi.BoolPtrInput - // When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. - ExcludeSessionStateFromAuthResponse pulumi.BoolPtrInput - ExtraConfig pulumi.MapInput - // When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. - FrontchannelLogoutEnabled pulumi.BoolPtrInput - // The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. - FrontchannelLogoutUrl pulumi.StringPtrInput - // Allow to include all roles mappings in the access token. - FullScopeAllowed pulumi.BoolPtrInput - // When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - ImplicitFlowEnabled pulumi.BoolPtrInput - // When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - Import pulumi.BoolPtrInput - // The client login theme. This will override the default theme for the realm. - LoginTheme pulumi.StringPtrInput - // The display name of this client in the GUI. - Name pulumi.StringPtrInput - // Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - Oauth2DeviceAuthorizationGrantEnabled pulumi.BoolPtrInput - // The maximum amount of time a client has to finish the device code flow before it expires. - Oauth2DeviceCodeLifespan pulumi.StringPtrInput - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval pulumi.StringPtrInput - // The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - PkceCodeChallengeMethod pulumi.StringPtrInput - // The realm this client is attached to. - RealmId pulumi.StringPtrInput - // (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - ResourceServerId pulumi.StringPtrInput - // When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. - RootUrl pulumi.StringPtrInput - // (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - ServiceAccountUserId pulumi.StringPtrInput - // When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - ServiceAccountsEnabled pulumi.BoolPtrInput - // When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - StandardFlowEnabled pulumi.BoolPtrInput - // If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. - UseRefreshTokens pulumi.BoolPtrInput - // If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - UseRefreshTokensClientCredentials pulumi.BoolPtrInput - // A list of valid URIs a browser is permitted to redirect to after a successful logout. - ValidPostLogoutRedirectUris pulumi.StringArrayInput - // A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` - // is set to `true`. - ValidRedirectUris pulumi.StringArrayInput - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - WebOrigins pulumi.StringArrayInput + BackchannelLogoutSessionRequired pulumi.BoolPtrInput + BackchannelLogoutUrl pulumi.StringPtrInput + BaseUrl pulumi.StringPtrInput + ClientAuthenticatorType pulumi.StringPtrInput + ClientId pulumi.StringPtrInput + ClientOfflineSessionIdleTimeout pulumi.StringPtrInput + ClientOfflineSessionMaxLifespan pulumi.StringPtrInput + ClientSecret pulumi.StringPtrInput + ClientSessionIdleTimeout pulumi.StringPtrInput + ClientSessionMaxLifespan pulumi.StringPtrInput + ConsentRequired pulumi.BoolPtrInput + ConsentScreenText pulumi.StringPtrInput + Description pulumi.StringPtrInput + DirectAccessGrantsEnabled pulumi.BoolPtrInput + DisplayOnConsentScreen pulumi.BoolPtrInput + Enabled pulumi.BoolPtrInput + ExcludeSessionStateFromAuthResponse pulumi.BoolPtrInput + ExtraConfig pulumi.MapInput + FrontchannelLogoutEnabled pulumi.BoolPtrInput + FrontchannelLogoutUrl pulumi.StringPtrInput + FullScopeAllowed pulumi.BoolPtrInput + ImplicitFlowEnabled pulumi.BoolPtrInput + Import pulumi.BoolPtrInput + LoginTheme pulumi.StringPtrInput + Name pulumi.StringPtrInput + Oauth2DeviceAuthorizationGrantEnabled pulumi.BoolPtrInput + Oauth2DeviceCodeLifespan pulumi.StringPtrInput + Oauth2DevicePollingInterval pulumi.StringPtrInput + PkceCodeChallengeMethod pulumi.StringPtrInput + RealmId pulumi.StringPtrInput + ResourceServerId pulumi.StringPtrInput + RootUrl pulumi.StringPtrInput + ServiceAccountUserId pulumi.StringPtrInput + ServiceAccountsEnabled pulumi.BoolPtrInput + StandardFlowEnabled pulumi.BoolPtrInput + UseRefreshTokens pulumi.BoolPtrInput + UseRefreshTokensClientCredentials pulumi.BoolPtrInput + ValidPostLogoutRedirectUris pulumi.StringArrayInput + ValidRedirectUris pulumi.StringArrayInput + WebOrigins pulumi.StringArrayInput } func (ClientState) ElementType() reflect.Type { @@ -428,196 +303,98 @@ func (ClientState) ElementType() reflect.Type { } type clientArgs struct { - // The amount of time in seconds before an access token expires. This will override the default for the realm. - AccessTokenLifespan *string `pulumi:"accessTokenLifespan"` - // Specifies the type of client, which can be one of the following: - AccessType string `pulumi:"accessType"` - // URL to the admin interface of the client. - AdminUrl *string `pulumi:"adminUrl"` - // Override realm authentication flow bindings - AuthenticationFlowBindingOverrides *ClientAuthenticationFlowBindingOverrides `pulumi:"authenticationFlowBindingOverrides"` - // When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: - Authorization *ClientAuthorization `pulumi:"authorization"` - // Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - BackchannelLogoutRevokeOfflineSessions *bool `pulumi:"backchannelLogoutRevokeOfflineSessions"` - // When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - BackchannelLogoutSessionRequired *bool `pulumi:"backchannelLogoutSessionRequired"` - // The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - BackchannelLogoutUrl *string `pulumi:"backchannelLogoutUrl"` - // Default URL to use when the auth server needs to redirect or link back to the client. - BaseUrl *string `pulumi:"baseUrl"` - // Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - // - `client-secret` (Default) Use client id and client secret to authenticate client. - // - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - // - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` - // - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - ClientAuthenticatorType *string `pulumi:"clientAuthenticatorType"` - // The Client ID for this client, referenced in the URI during authentication and in issued tokens. - ClientId string `pulumi:"clientId"` - // Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - ClientOfflineSessionIdleTimeout *string `pulumi:"clientOfflineSessionIdleTimeout"` - // Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - ClientOfflineSessionMaxLifespan *string `pulumi:"clientOfflineSessionMaxLifespan"` - // The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - ClientSecret *string `pulumi:"clientSecret"` - // Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - ClientSessionIdleTimeout *string `pulumi:"clientSessionIdleTimeout"` - // Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - ClientSessionMaxLifespan *string `pulumi:"clientSessionMaxLifespan"` - // When `true`, users have to consent to client access. Defaults to `false`. - ConsentRequired *bool `pulumi:"consentRequired"` - // The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. - ConsentScreenText *string `pulumi:"consentScreenText"` - // The description of this client in the GUI. - Description *string `pulumi:"description"` - // When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - DirectAccessGrantsEnabled *bool `pulumi:"directAccessGrantsEnabled"` - // When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. - DisplayOnConsentScreen *bool `pulumi:"displayOnConsentScreen"` - // When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled *bool `pulumi:"enabled"` - // When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. - ExcludeSessionStateFromAuthResponse *bool `pulumi:"excludeSessionStateFromAuthResponse"` - ExtraConfig map[string]interface{} `pulumi:"extraConfig"` - // When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. - FrontchannelLogoutEnabled *bool `pulumi:"frontchannelLogoutEnabled"` - // The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. - FrontchannelLogoutUrl *string `pulumi:"frontchannelLogoutUrl"` - // Allow to include all roles mappings in the access token. - FullScopeAllowed *bool `pulumi:"fullScopeAllowed"` - // When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - ImplicitFlowEnabled *bool `pulumi:"implicitFlowEnabled"` - // When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - Import *bool `pulumi:"import"` - // The client login theme. This will override the default theme for the realm. - LoginTheme *string `pulumi:"loginTheme"` - // The display name of this client in the GUI. - Name *string `pulumi:"name"` - // Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - Oauth2DeviceAuthorizationGrantEnabled *bool `pulumi:"oauth2DeviceAuthorizationGrantEnabled"` - // The maximum amount of time a client has to finish the device code flow before it expires. - Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval *string `pulumi:"oauth2DevicePollingInterval"` - // The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - PkceCodeChallengeMethod *string `pulumi:"pkceCodeChallengeMethod"` - // The realm this client is attached to. - RealmId string `pulumi:"realmId"` - // When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. - RootUrl *string `pulumi:"rootUrl"` - // When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - ServiceAccountsEnabled *bool `pulumi:"serviceAccountsEnabled"` - // When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - StandardFlowEnabled *bool `pulumi:"standardFlowEnabled"` - // If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. - UseRefreshTokens *bool `pulumi:"useRefreshTokens"` - // If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - UseRefreshTokensClientCredentials *bool `pulumi:"useRefreshTokensClientCredentials"` - // A list of valid URIs a browser is permitted to redirect to after a successful logout. - ValidPostLogoutRedirectUris []string `pulumi:"validPostLogoutRedirectUris"` - // A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` - // is set to `true`. - ValidRedirectUris []string `pulumi:"validRedirectUris"` - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - WebOrigins []string `pulumi:"webOrigins"` + AccessTokenLifespan *string `pulumi:"accessTokenLifespan"` + AccessType string `pulumi:"accessType"` + AdminUrl *string `pulumi:"adminUrl"` + AuthenticationFlowBindingOverrides *ClientAuthenticationFlowBindingOverrides `pulumi:"authenticationFlowBindingOverrides"` + Authorization *ClientAuthorization `pulumi:"authorization"` + BackchannelLogoutRevokeOfflineSessions *bool `pulumi:"backchannelLogoutRevokeOfflineSessions"` + BackchannelLogoutSessionRequired *bool `pulumi:"backchannelLogoutSessionRequired"` + BackchannelLogoutUrl *string `pulumi:"backchannelLogoutUrl"` + BaseUrl *string `pulumi:"baseUrl"` + ClientAuthenticatorType *string `pulumi:"clientAuthenticatorType"` + ClientId string `pulumi:"clientId"` + ClientOfflineSessionIdleTimeout *string `pulumi:"clientOfflineSessionIdleTimeout"` + ClientOfflineSessionMaxLifespan *string `pulumi:"clientOfflineSessionMaxLifespan"` + ClientSecret *string `pulumi:"clientSecret"` + ClientSessionIdleTimeout *string `pulumi:"clientSessionIdleTimeout"` + ClientSessionMaxLifespan *string `pulumi:"clientSessionMaxLifespan"` + ConsentRequired *bool `pulumi:"consentRequired"` + ConsentScreenText *string `pulumi:"consentScreenText"` + Description *string `pulumi:"description"` + DirectAccessGrantsEnabled *bool `pulumi:"directAccessGrantsEnabled"` + DisplayOnConsentScreen *bool `pulumi:"displayOnConsentScreen"` + Enabled *bool `pulumi:"enabled"` + ExcludeSessionStateFromAuthResponse *bool `pulumi:"excludeSessionStateFromAuthResponse"` + ExtraConfig map[string]interface{} `pulumi:"extraConfig"` + FrontchannelLogoutEnabled *bool `pulumi:"frontchannelLogoutEnabled"` + FrontchannelLogoutUrl *string `pulumi:"frontchannelLogoutUrl"` + FullScopeAllowed *bool `pulumi:"fullScopeAllowed"` + ImplicitFlowEnabled *bool `pulumi:"implicitFlowEnabled"` + Import *bool `pulumi:"import"` + LoginTheme *string `pulumi:"loginTheme"` + Name *string `pulumi:"name"` + Oauth2DeviceAuthorizationGrantEnabled *bool `pulumi:"oauth2DeviceAuthorizationGrantEnabled"` + Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` + Oauth2DevicePollingInterval *string `pulumi:"oauth2DevicePollingInterval"` + PkceCodeChallengeMethod *string `pulumi:"pkceCodeChallengeMethod"` + RealmId string `pulumi:"realmId"` + RootUrl *string `pulumi:"rootUrl"` + ServiceAccountsEnabled *bool `pulumi:"serviceAccountsEnabled"` + StandardFlowEnabled *bool `pulumi:"standardFlowEnabled"` + UseRefreshTokens *bool `pulumi:"useRefreshTokens"` + UseRefreshTokensClientCredentials *bool `pulumi:"useRefreshTokensClientCredentials"` + ValidPostLogoutRedirectUris []string `pulumi:"validPostLogoutRedirectUris"` + ValidRedirectUris []string `pulumi:"validRedirectUris"` + WebOrigins []string `pulumi:"webOrigins"` } // The set of arguments for constructing a Client resource. type ClientArgs struct { - // The amount of time in seconds before an access token expires. This will override the default for the realm. - AccessTokenLifespan pulumi.StringPtrInput - // Specifies the type of client, which can be one of the following: - AccessType pulumi.StringInput - // URL to the admin interface of the client. - AdminUrl pulumi.StringPtrInput - // Override realm authentication flow bindings - AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput - // When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: - Authorization ClientAuthorizationPtrInput - // Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. + AccessTokenLifespan pulumi.StringPtrInput + AccessType pulumi.StringInput + AdminUrl pulumi.StringPtrInput + AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput + Authorization ClientAuthorizationPtrInput BackchannelLogoutRevokeOfflineSessions pulumi.BoolPtrInput - // When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - BackchannelLogoutSessionRequired pulumi.BoolPtrInput - // The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - BackchannelLogoutUrl pulumi.StringPtrInput - // Default URL to use when the auth server needs to redirect or link back to the client. - BaseUrl pulumi.StringPtrInput - // Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - // - `client-secret` (Default) Use client id and client secret to authenticate client. - // - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - // - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` - // - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - ClientAuthenticatorType pulumi.StringPtrInput - // The Client ID for this client, referenced in the URI during authentication and in issued tokens. - ClientId pulumi.StringInput - // Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - ClientOfflineSessionIdleTimeout pulumi.StringPtrInput - // Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - ClientOfflineSessionMaxLifespan pulumi.StringPtrInput - // The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - ClientSecret pulumi.StringPtrInput - // Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - ClientSessionIdleTimeout pulumi.StringPtrInput - // Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - ClientSessionMaxLifespan pulumi.StringPtrInput - // When `true`, users have to consent to client access. Defaults to `false`. - ConsentRequired pulumi.BoolPtrInput - // The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. - ConsentScreenText pulumi.StringPtrInput - // The description of this client in the GUI. - Description pulumi.StringPtrInput - // When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - DirectAccessGrantsEnabled pulumi.BoolPtrInput - // When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. - DisplayOnConsentScreen pulumi.BoolPtrInput - // When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled pulumi.BoolPtrInput - // When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. - ExcludeSessionStateFromAuthResponse pulumi.BoolPtrInput - ExtraConfig pulumi.MapInput - // When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. - FrontchannelLogoutEnabled pulumi.BoolPtrInput - // The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. - FrontchannelLogoutUrl pulumi.StringPtrInput - // Allow to include all roles mappings in the access token. - FullScopeAllowed pulumi.BoolPtrInput - // When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - ImplicitFlowEnabled pulumi.BoolPtrInput - // When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - Import pulumi.BoolPtrInput - // The client login theme. This will override the default theme for the realm. - LoginTheme pulumi.StringPtrInput - // The display name of this client in the GUI. - Name pulumi.StringPtrInput - // Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - Oauth2DeviceAuthorizationGrantEnabled pulumi.BoolPtrInput - // The maximum amount of time a client has to finish the device code flow before it expires. - Oauth2DeviceCodeLifespan pulumi.StringPtrInput - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval pulumi.StringPtrInput - // The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - PkceCodeChallengeMethod pulumi.StringPtrInput - // The realm this client is attached to. - RealmId pulumi.StringInput - // When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. - RootUrl pulumi.StringPtrInput - // When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - ServiceAccountsEnabled pulumi.BoolPtrInput - // When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - StandardFlowEnabled pulumi.BoolPtrInput - // If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. - UseRefreshTokens pulumi.BoolPtrInput - // If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - UseRefreshTokensClientCredentials pulumi.BoolPtrInput - // A list of valid URIs a browser is permitted to redirect to after a successful logout. - ValidPostLogoutRedirectUris pulumi.StringArrayInput - // A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` - // is set to `true`. - ValidRedirectUris pulumi.StringArrayInput - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - WebOrigins pulumi.StringArrayInput + BackchannelLogoutSessionRequired pulumi.BoolPtrInput + BackchannelLogoutUrl pulumi.StringPtrInput + BaseUrl pulumi.StringPtrInput + ClientAuthenticatorType pulumi.StringPtrInput + ClientId pulumi.StringInput + ClientOfflineSessionIdleTimeout pulumi.StringPtrInput + ClientOfflineSessionMaxLifespan pulumi.StringPtrInput + ClientSecret pulumi.StringPtrInput + ClientSessionIdleTimeout pulumi.StringPtrInput + ClientSessionMaxLifespan pulumi.StringPtrInput + ConsentRequired pulumi.BoolPtrInput + ConsentScreenText pulumi.StringPtrInput + Description pulumi.StringPtrInput + DirectAccessGrantsEnabled pulumi.BoolPtrInput + DisplayOnConsentScreen pulumi.BoolPtrInput + Enabled pulumi.BoolPtrInput + ExcludeSessionStateFromAuthResponse pulumi.BoolPtrInput + ExtraConfig pulumi.MapInput + FrontchannelLogoutEnabled pulumi.BoolPtrInput + FrontchannelLogoutUrl pulumi.StringPtrInput + FullScopeAllowed pulumi.BoolPtrInput + ImplicitFlowEnabled pulumi.BoolPtrInput + Import pulumi.BoolPtrInput + LoginTheme pulumi.StringPtrInput + Name pulumi.StringPtrInput + Oauth2DeviceAuthorizationGrantEnabled pulumi.BoolPtrInput + Oauth2DeviceCodeLifespan pulumi.StringPtrInput + Oauth2DevicePollingInterval pulumi.StringPtrInput + PkceCodeChallengeMethod pulumi.StringPtrInput + RealmId pulumi.StringInput + RootUrl pulumi.StringPtrInput + ServiceAccountsEnabled pulumi.BoolPtrInput + StandardFlowEnabled pulumi.BoolPtrInput + UseRefreshTokens pulumi.BoolPtrInput + UseRefreshTokensClientCredentials pulumi.BoolPtrInput + ValidPostLogoutRedirectUris pulumi.StringArrayInput + ValidRedirectUris pulumi.StringArrayInput + WebOrigins pulumi.StringArrayInput } func (ClientArgs) ElementType() reflect.Type { @@ -707,123 +484,96 @@ func (o ClientOutput) ToClientOutputWithContext(ctx context.Context) ClientOutpu return o } -// The amount of time in seconds before an access token expires. This will override the default for the realm. func (o ClientOutput) AccessTokenLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.AccessTokenLifespan }).(pulumi.StringOutput) } -// Specifies the type of client, which can be one of the following: func (o ClientOutput) AccessType() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.AccessType }).(pulumi.StringOutput) } -// URL to the admin interface of the client. func (o ClientOutput) AdminUrl() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.AdminUrl }).(pulumi.StringOutput) } -// Override realm authentication flow bindings func (o ClientOutput) AuthenticationFlowBindingOverrides() ClientAuthenticationFlowBindingOverridesPtrOutput { return o.ApplyT(func(v *Client) ClientAuthenticationFlowBindingOverridesPtrOutput { return v.AuthenticationFlowBindingOverrides }).(ClientAuthenticationFlowBindingOverridesPtrOutput) } -// When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: func (o ClientOutput) Authorization() ClientAuthorizationPtrOutput { return o.ApplyT(func(v *Client) ClientAuthorizationPtrOutput { return v.Authorization }).(ClientAuthorizationPtrOutput) } -// Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. func (o ClientOutput) BackchannelLogoutRevokeOfflineSessions() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.BackchannelLogoutRevokeOfflineSessions }).(pulumi.BoolPtrOutput) } -// When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. func (o ClientOutput) BackchannelLogoutSessionRequired() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.BackchannelLogoutSessionRequired }).(pulumi.BoolPtrOutput) } -// The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. func (o ClientOutput) BackchannelLogoutUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.BackchannelLogoutUrl }).(pulumi.StringPtrOutput) } -// Default URL to use when the auth server needs to redirect or link back to the client. func (o ClientOutput) BaseUrl() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.BaseUrl }).(pulumi.StringOutput) } -// Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: -// - `client-secret` (Default) Use client id and client secret to authenticate client. -// - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` -// - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` -// - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` func (o ClientOutput) ClientAuthenticatorType() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.ClientAuthenticatorType }).(pulumi.StringPtrOutput) } -// The Client ID for this client, referenced in the URI during authentication and in issued tokens. func (o ClientOutput) ClientId() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ClientId }).(pulumi.StringOutput) } -// Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. func (o ClientOutput) ClientOfflineSessionIdleTimeout() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ClientOfflineSessionIdleTimeout }).(pulumi.StringOutput) } -// Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. func (o ClientOutput) ClientOfflineSessionMaxLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ClientOfflineSessionMaxLifespan }).(pulumi.StringOutput) } -// The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. func (o ClientOutput) ClientSecret() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ClientSecret }).(pulumi.StringOutput) } -// Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. func (o ClientOutput) ClientSessionIdleTimeout() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ClientSessionIdleTimeout }).(pulumi.StringOutput) } -// Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. func (o ClientOutput) ClientSessionMaxLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ClientSessionMaxLifespan }).(pulumi.StringOutput) } -// When `true`, users have to consent to client access. Defaults to `false`. func (o ClientOutput) ConsentRequired() pulumi.BoolOutput { return o.ApplyT(func(v *Client) pulumi.BoolOutput { return v.ConsentRequired }).(pulumi.BoolOutput) } -// The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. func (o ClientOutput) ConsentScreenText() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ConsentScreenText }).(pulumi.StringOutput) } -// The description of this client in the GUI. func (o ClientOutput) Description() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.Description }).(pulumi.StringOutput) } -// When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. func (o ClientOutput) DirectAccessGrantsEnabled() pulumi.BoolOutput { return o.ApplyT(func(v *Client) pulumi.BoolOutput { return v.DirectAccessGrantsEnabled }).(pulumi.BoolOutput) } -// When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. func (o ClientOutput) DisplayOnConsentScreen() pulumi.BoolOutput { return o.ApplyT(func(v *Client) pulumi.BoolOutput { return v.DisplayOnConsentScreen }).(pulumi.BoolOutput) } -// When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. func (o ClientOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } -// When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. func (o ClientOutput) ExcludeSessionStateFromAuthResponse() pulumi.BoolOutput { return o.ApplyT(func(v *Client) pulumi.BoolOutput { return v.ExcludeSessionStateFromAuthResponse }).(pulumi.BoolOutput) } @@ -832,114 +582,90 @@ func (o ClientOutput) ExtraConfig() pulumi.MapOutput { return o.ApplyT(func(v *Client) pulumi.MapOutput { return v.ExtraConfig }).(pulumi.MapOutput) } -// When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. func (o ClientOutput) FrontchannelLogoutEnabled() pulumi.BoolOutput { return o.ApplyT(func(v *Client) pulumi.BoolOutput { return v.FrontchannelLogoutEnabled }).(pulumi.BoolOutput) } -// The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. func (o ClientOutput) FrontchannelLogoutUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.FrontchannelLogoutUrl }).(pulumi.StringPtrOutput) } -// Allow to include all roles mappings in the access token. func (o ClientOutput) FullScopeAllowed() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.FullScopeAllowed }).(pulumi.BoolPtrOutput) } -// When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. func (o ClientOutput) ImplicitFlowEnabled() pulumi.BoolOutput { return o.ApplyT(func(v *Client) pulumi.BoolOutput { return v.ImplicitFlowEnabled }).(pulumi.BoolOutput) } -// When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. func (o ClientOutput) Import() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.Import }).(pulumi.BoolPtrOutput) } -// The client login theme. This will override the default theme for the realm. func (o ClientOutput) LoginTheme() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.LoginTheme }).(pulumi.StringPtrOutput) } -// The display name of this client in the GUI. func (o ClientOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. func (o ClientOutput) Oauth2DeviceAuthorizationGrantEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.Oauth2DeviceAuthorizationGrantEnabled }).(pulumi.BoolPtrOutput) } -// The maximum amount of time a client has to finish the device code flow before it expires. func (o ClientOutput) Oauth2DeviceCodeLifespan() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.Oauth2DeviceCodeLifespan }).(pulumi.StringPtrOutput) } -// The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. func (o ClientOutput) Oauth2DevicePollingInterval() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.Oauth2DevicePollingInterval }).(pulumi.StringPtrOutput) } -// The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value “. func (o ClientOutput) PkceCodeChallengeMethod() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.PkceCodeChallengeMethod }).(pulumi.StringPtrOutput) } -// The realm this client is attached to. func (o ClientOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). func (o ClientOutput) ResourceServerId() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ResourceServerId }).(pulumi.StringOutput) } -// When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. func (o ClientOutput) RootUrl() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.RootUrl }).(pulumi.StringOutput) } -// (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. func (o ClientOutput) ServiceAccountUserId() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ServiceAccountUserId }).(pulumi.StringOutput) } -// When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. func (o ClientOutput) ServiceAccountsEnabled() pulumi.BoolOutput { return o.ApplyT(func(v *Client) pulumi.BoolOutput { return v.ServiceAccountsEnabled }).(pulumi.BoolOutput) } -// When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. func (o ClientOutput) StandardFlowEnabled() pulumi.BoolOutput { return o.ApplyT(func(v *Client) pulumi.BoolOutput { return v.StandardFlowEnabled }).(pulumi.BoolOutput) } -// If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. func (o ClientOutput) UseRefreshTokens() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.UseRefreshTokens }).(pulumi.BoolPtrOutput) } -// If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. func (o ClientOutput) UseRefreshTokensClientCredentials() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.UseRefreshTokensClientCredentials }).(pulumi.BoolPtrOutput) } -// A list of valid URIs a browser is permitted to redirect to after a successful logout. func (o ClientOutput) ValidPostLogoutRedirectUris() pulumi.StringArrayOutput { return o.ApplyT(func(v *Client) pulumi.StringArrayOutput { return v.ValidPostLogoutRedirectUris }).(pulumi.StringArrayOutput) } -// A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple -// wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` -// is set to `true`. func (o ClientOutput) ValidRedirectUris() pulumi.StringArrayOutput { return o.ApplyT(func(v *Client) pulumi.StringArrayOutput { return v.ValidRedirectUris }).(pulumi.StringArrayOutput) } -// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." func (o ClientOutput) WebOrigins() pulumi.StringArrayOutput { return o.ApplyT(func(v *Client) pulumi.StringArrayOutput { return v.WebOrigins }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/keycloak/openid/clientAuthorizationPermission.go b/sdk/go/keycloak/openid/clientAuthorizationPermission.go index b214654b..5495100a 100644 --- a/sdk/go/keycloak/openid/clientAuthorizationPermission.go +++ b/sdk/go/keycloak/openid/clientAuthorizationPermission.go @@ -18,9 +18,9 @@ import ( // // Client authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9 diff --git a/sdk/go/keycloak/openid/clientDefaultScopes.go b/sdk/go/keycloak/openid/clientDefaultScopes.go index 9f65731e..120bc90f 100644 --- a/sdk/go/keycloak/openid/clientDefaultScopes.go +++ b/sdk/go/keycloak/openid/clientDefaultScopes.go @@ -14,6 +14,7 @@ import ( // ## Example Usage // +// // ```go // package main // @@ -28,16 +29,16 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("test-client"), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -49,7 +50,6 @@ import ( // return err // } // _, err = openid.NewClientDefaultScopes(ctx, "clientDefaultScopes", &openid.ClientDefaultScopesArgs{ -// RealmId: realm.ID(), // ClientId: client.ID(), // DefaultScopes: pulumi.StringArray{ // pulumi.String("profile"), @@ -58,6 +58,7 @@ import ( // pulumi.String("web-origins"), // clientScope.Name, // }, +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -67,21 +68,26 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// This resource does not support import. Instead of importing, feel free to create this resource +// The following arguments are supported: +// +// - `realmId` - (Required) The realm this client and scopes exists in. +// - `clientId` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. +// - `defaultScopes` - (Required) An array of client scope names to attach to this client. // -// as if it did not already exist on the server. +// ### Import +// +// This resource does not support import. Instead of importing, feel free to create this resource +// as if it did not already exist on the server. type ClientDefaultScopes struct { pulumi.CustomResourceState - // The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId pulumi.StringOutput `pulumi:"clientId"` - // An array of client scope names to attach to this client. + ClientId pulumi.StringOutput `pulumi:"clientId"` DefaultScopes pulumi.StringArrayOutput `pulumi:"defaultScopes"` - // The realm this client and scopes exists in. - RealmId pulumi.StringOutput `pulumi:"realmId"` + RealmId pulumi.StringOutput `pulumi:"realmId"` } // NewClientDefaultScopes registers a new resource with the given unique name, arguments, and options. @@ -123,21 +129,15 @@ func GetClientDefaultScopes(ctx *pulumi.Context, // Input properties used for looking up and filtering ClientDefaultScopes resources. type clientDefaultScopesState struct { - // The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId *string `pulumi:"clientId"` - // An array of client scope names to attach to this client. + ClientId *string `pulumi:"clientId"` DefaultScopes []string `pulumi:"defaultScopes"` - // The realm this client and scopes exists in. - RealmId *string `pulumi:"realmId"` + RealmId *string `pulumi:"realmId"` } type ClientDefaultScopesState struct { - // The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId pulumi.StringPtrInput - // An array of client scope names to attach to this client. + ClientId pulumi.StringPtrInput DefaultScopes pulumi.StringArrayInput - // The realm this client and scopes exists in. - RealmId pulumi.StringPtrInput + RealmId pulumi.StringPtrInput } func (ClientDefaultScopesState) ElementType() reflect.Type { @@ -145,22 +145,16 @@ func (ClientDefaultScopesState) ElementType() reflect.Type { } type clientDefaultScopesArgs struct { - // The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId string `pulumi:"clientId"` - // An array of client scope names to attach to this client. + ClientId string `pulumi:"clientId"` DefaultScopes []string `pulumi:"defaultScopes"` - // The realm this client and scopes exists in. - RealmId string `pulumi:"realmId"` + RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a ClientDefaultScopes resource. type ClientDefaultScopesArgs struct { - // The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId pulumi.StringInput - // An array of client scope names to attach to this client. + ClientId pulumi.StringInput DefaultScopes pulumi.StringArrayInput - // The realm this client and scopes exists in. - RealmId pulumi.StringInput + RealmId pulumi.StringInput } func (ClientDefaultScopesArgs) ElementType() reflect.Type { @@ -250,17 +244,14 @@ func (o ClientDefaultScopesOutput) ToClientDefaultScopesOutputWithContext(ctx co return o } -// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. func (o ClientDefaultScopesOutput) ClientId() pulumi.StringOutput { return o.ApplyT(func(v *ClientDefaultScopes) pulumi.StringOutput { return v.ClientId }).(pulumi.StringOutput) } -// An array of client scope names to attach to this client. func (o ClientDefaultScopesOutput) DefaultScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v *ClientDefaultScopes) pulumi.StringArrayOutput { return v.DefaultScopes }).(pulumi.StringArrayOutput) } -// The realm this client and scopes exists in. func (o ClientDefaultScopesOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *ClientDefaultScopes) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/clientOptionalScopes.go b/sdk/go/keycloak/openid/clientOptionalScopes.go index dd37dda1..a98b3232 100644 --- a/sdk/go/keycloak/openid/clientOptionalScopes.go +++ b/sdk/go/keycloak/openid/clientOptionalScopes.go @@ -14,6 +14,7 @@ import ( // ## Example Usage // +// // ```go // package main // @@ -28,16 +29,16 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("test-client"), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -49,15 +50,14 @@ import ( // return err // } // _, err = openid.NewClientOptionalScopes(ctx, "clientOptionalScopes", &openid.ClientOptionalScopesArgs{ -// RealmId: realm.ID(), // ClientId: client.ID(), // OptionalScopes: pulumi.StringArray{ // pulumi.String("address"), // pulumi.String("phone"), // pulumi.String("offline_access"), -// pulumi.String("microprofile-jwt"), // clientScope.Name, // }, +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -67,21 +67,26 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// This resource does not support import. Instead of importing, feel free to create this resource +// The following arguments are supported: +// +// - `realmId` - (Required) The realm this client and scopes exists in. +// - `clientId` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. +// - `optionalScopes` - (Required) An array of client scope names to attach to this client as optional scopes. // -// as if it did not already exist on the server. +// ### Import +// +// This resource does not support import. Instead of importing, feel free to create this resource +// as if it did not already exist on the server. type ClientOptionalScopes struct { pulumi.CustomResourceState - // The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId pulumi.StringOutput `pulumi:"clientId"` - // An array of client scope names to attach to this client as optional scopes. + ClientId pulumi.StringOutput `pulumi:"clientId"` OptionalScopes pulumi.StringArrayOutput `pulumi:"optionalScopes"` - // The realm this client and scopes exists in. - RealmId pulumi.StringOutput `pulumi:"realmId"` + RealmId pulumi.StringOutput `pulumi:"realmId"` } // NewClientOptionalScopes registers a new resource with the given unique name, arguments, and options. @@ -123,21 +128,15 @@ func GetClientOptionalScopes(ctx *pulumi.Context, // Input properties used for looking up and filtering ClientOptionalScopes resources. type clientOptionalScopesState struct { - // The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId *string `pulumi:"clientId"` - // An array of client scope names to attach to this client as optional scopes. + ClientId *string `pulumi:"clientId"` OptionalScopes []string `pulumi:"optionalScopes"` - // The realm this client and scopes exists in. - RealmId *string `pulumi:"realmId"` + RealmId *string `pulumi:"realmId"` } type ClientOptionalScopesState struct { - // The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId pulumi.StringPtrInput - // An array of client scope names to attach to this client as optional scopes. + ClientId pulumi.StringPtrInput OptionalScopes pulumi.StringArrayInput - // The realm this client and scopes exists in. - RealmId pulumi.StringPtrInput + RealmId pulumi.StringPtrInput } func (ClientOptionalScopesState) ElementType() reflect.Type { @@ -145,22 +144,16 @@ func (ClientOptionalScopesState) ElementType() reflect.Type { } type clientOptionalScopesArgs struct { - // The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId string `pulumi:"clientId"` - // An array of client scope names to attach to this client as optional scopes. + ClientId string `pulumi:"clientId"` OptionalScopes []string `pulumi:"optionalScopes"` - // The realm this client and scopes exists in. - RealmId string `pulumi:"realmId"` + RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a ClientOptionalScopes resource. type ClientOptionalScopesArgs struct { - // The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - ClientId pulumi.StringInput - // An array of client scope names to attach to this client as optional scopes. + ClientId pulumi.StringInput OptionalScopes pulumi.StringArrayInput - // The realm this client and scopes exists in. - RealmId pulumi.StringInput + RealmId pulumi.StringInput } func (ClientOptionalScopesArgs) ElementType() reflect.Type { @@ -250,17 +243,14 @@ func (o ClientOptionalScopesOutput) ToClientOptionalScopesOutputWithContext(ctx return o } -// The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. func (o ClientOptionalScopesOutput) ClientId() pulumi.StringOutput { return o.ApplyT(func(v *ClientOptionalScopes) pulumi.StringOutput { return v.ClientId }).(pulumi.StringOutput) } -// An array of client scope names to attach to this client as optional scopes. func (o ClientOptionalScopesOutput) OptionalScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v *ClientOptionalScopes) pulumi.StringArrayOutput { return v.OptionalScopes }).(pulumi.StringArrayOutput) } -// The realm this client and scopes exists in. func (o ClientOptionalScopesOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *ClientOptionalScopes) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/clientPolicy.go b/sdk/go/keycloak/openid/clientPolicy.go index 0fd15529..95ff124b 100644 --- a/sdk/go/keycloak/openid/clientPolicy.go +++ b/sdk/go/keycloak/openid/clientPolicy.go @@ -18,6 +18,7 @@ import ( // // In this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id. // +// // ```go // package main // @@ -78,6 +79,7 @@ import ( // } // // ``` +// type ClientPolicy struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/openid/clientScope.go b/sdk/go/keycloak/openid/clientScope.go index c6c8ebb7..c71d8d0b 100644 --- a/sdk/go/keycloak/openid/clientScope.go +++ b/sdk/go/keycloak/openid/clientScope.go @@ -12,13 +12,18 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol. +// ## # openid.ClientScope // -// Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also -// be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 `scope` parameter. +// Allows for creating and managing Keycloak client scopes that can be attached to +// clients that use the OpenID Connect protocol. // -// ## Example Usage +// Client Scopes can be used to share common protocol and role mappings between multiple +// clients within a realm. They can also be used by clients to conditionally request +// claims or roles for a user based on the OAuth 2.0 `scope` parameter. // +// ### Example Usage +// +// // ```go // package main // @@ -33,17 +38,15 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // _, err = openid.NewClientScope(ctx, "openidClientScope", &openid.ClientScopeArgs{ -// RealmId: realm.ID(), -// Description: pulumi.String("When requested, this scope will map a user's group memberships to a claim"), -// IncludeInTokenScope: pulumi.Bool(true), -// GuiOrder: pulumi.Int(1), +// Description: pulumi.String("When requested, this scope will map a user's group memberships to a claim"), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -53,35 +56,34 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak +// The following arguments are supported: // -// assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. +// - `realmId` - (Required) The realm this client scope belongs to. +// - `name` - (Required) The display name of this client scope in the GUI. +// - `description` - (Optional) The description of this client scope in the GUI. +// - `consentScreenText` - (Optional) When set, a consent screen will be displayed to users +// authenticating to clients with this scope attached. The consent screen will display the string +// value of this attribute. // -// Example: +// ### Import // -// bash +// Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `clientScopeId` is the unique ID that Keycloak +// assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. // -// ```sh -// $ pulumi import keycloak:openid/clientScope:ClientScope openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52 -// ``` +// Example: type ClientScope struct { pulumi.CustomResourceState - // When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - ConsentScreenText pulumi.StringPtrOutput `pulumi:"consentScreenText"` - // The description of this client scope in the GUI. - Description pulumi.StringPtrOutput `pulumi:"description"` - // Specify order of the client scope in GUI (such as in Consent page) as integer. - GuiOrder pulumi.IntPtrOutput `pulumi:"guiOrder"` - // When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - IncludeInTokenScope pulumi.BoolPtrOutput `pulumi:"includeInTokenScope"` - // The display name of this client scope in the GUI. - Name pulumi.StringOutput `pulumi:"name"` - // The realm this client scope belongs to. - RealmId pulumi.StringOutput `pulumi:"realmId"` + ConsentScreenText pulumi.StringPtrOutput `pulumi:"consentScreenText"` + Description pulumi.StringPtrOutput `pulumi:"description"` + GuiOrder pulumi.IntPtrOutput `pulumi:"guiOrder"` + IncludeInTokenScope pulumi.BoolPtrOutput `pulumi:"includeInTokenScope"` + Name pulumi.StringOutput `pulumi:"name"` + RealmId pulumi.StringOutput `pulumi:"realmId"` } // NewClientScope registers a new resource with the given unique name, arguments, and options. @@ -117,33 +119,21 @@ func GetClientScope(ctx *pulumi.Context, // Input properties used for looking up and filtering ClientScope resources. type clientScopeState struct { - // When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - ConsentScreenText *string `pulumi:"consentScreenText"` - // The description of this client scope in the GUI. - Description *string `pulumi:"description"` - // Specify order of the client scope in GUI (such as in Consent page) as integer. - GuiOrder *int `pulumi:"guiOrder"` - // When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - IncludeInTokenScope *bool `pulumi:"includeInTokenScope"` - // The display name of this client scope in the GUI. - Name *string `pulumi:"name"` - // The realm this client scope belongs to. - RealmId *string `pulumi:"realmId"` + ConsentScreenText *string `pulumi:"consentScreenText"` + Description *string `pulumi:"description"` + GuiOrder *int `pulumi:"guiOrder"` + IncludeInTokenScope *bool `pulumi:"includeInTokenScope"` + Name *string `pulumi:"name"` + RealmId *string `pulumi:"realmId"` } type ClientScopeState struct { - // When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - ConsentScreenText pulumi.StringPtrInput - // The description of this client scope in the GUI. - Description pulumi.StringPtrInput - // Specify order of the client scope in GUI (such as in Consent page) as integer. - GuiOrder pulumi.IntPtrInput - // When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. + ConsentScreenText pulumi.StringPtrInput + Description pulumi.StringPtrInput + GuiOrder pulumi.IntPtrInput IncludeInTokenScope pulumi.BoolPtrInput - // The display name of this client scope in the GUI. - Name pulumi.StringPtrInput - // The realm this client scope belongs to. - RealmId pulumi.StringPtrInput + Name pulumi.StringPtrInput + RealmId pulumi.StringPtrInput } func (ClientScopeState) ElementType() reflect.Type { @@ -151,34 +141,22 @@ func (ClientScopeState) ElementType() reflect.Type { } type clientScopeArgs struct { - // When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - ConsentScreenText *string `pulumi:"consentScreenText"` - // The description of this client scope in the GUI. - Description *string `pulumi:"description"` - // Specify order of the client scope in GUI (such as in Consent page) as integer. - GuiOrder *int `pulumi:"guiOrder"` - // When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - IncludeInTokenScope *bool `pulumi:"includeInTokenScope"` - // The display name of this client scope in the GUI. - Name *string `pulumi:"name"` - // The realm this client scope belongs to. - RealmId string `pulumi:"realmId"` + ConsentScreenText *string `pulumi:"consentScreenText"` + Description *string `pulumi:"description"` + GuiOrder *int `pulumi:"guiOrder"` + IncludeInTokenScope *bool `pulumi:"includeInTokenScope"` + Name *string `pulumi:"name"` + RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a ClientScope resource. type ClientScopeArgs struct { - // When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - ConsentScreenText pulumi.StringPtrInput - // The description of this client scope in the GUI. - Description pulumi.StringPtrInput - // Specify order of the client scope in GUI (such as in Consent page) as integer. - GuiOrder pulumi.IntPtrInput - // When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. + ConsentScreenText pulumi.StringPtrInput + Description pulumi.StringPtrInput + GuiOrder pulumi.IntPtrInput IncludeInTokenScope pulumi.BoolPtrInput - // The display name of this client scope in the GUI. - Name pulumi.StringPtrInput - // The realm this client scope belongs to. - RealmId pulumi.StringInput + Name pulumi.StringPtrInput + RealmId pulumi.StringInput } func (ClientScopeArgs) ElementType() reflect.Type { @@ -268,32 +246,26 @@ func (o ClientScopeOutput) ToClientScopeOutputWithContext(ctx context.Context) C return o } -// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. func (o ClientScopeOutput) ConsentScreenText() pulumi.StringPtrOutput { return o.ApplyT(func(v *ClientScope) pulumi.StringPtrOutput { return v.ConsentScreenText }).(pulumi.StringPtrOutput) } -// The description of this client scope in the GUI. func (o ClientScopeOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *ClientScope) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } -// Specify order of the client scope in GUI (such as in Consent page) as integer. func (o ClientScopeOutput) GuiOrder() pulumi.IntPtrOutput { return o.ApplyT(func(v *ClientScope) pulumi.IntPtrOutput { return v.GuiOrder }).(pulumi.IntPtrOutput) } -// When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. func (o ClientScopeOutput) IncludeInTokenScope() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ClientScope) pulumi.BoolPtrOutput { return v.IncludeInTokenScope }).(pulumi.BoolPtrOutput) } -// The display name of this client scope in the GUI. func (o ClientScopeOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *ClientScope) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this client scope belongs to. func (o ClientScopeOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *ClientScope) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/clientServiceAccountRealmRole.go b/sdk/go/keycloak/openid/clientServiceAccountRealmRole.go index 92e762f3..1512098c 100644 --- a/sdk/go/keycloak/openid/clientServiceAccountRealmRole.go +++ b/sdk/go/keycloak/openid/clientServiceAccountRealmRole.go @@ -20,6 +20,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -66,14 +67,15 @@ import ( // } // // ``` +// // // ## Import // // This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/go/keycloak/openid/clientServiceAccountRole.go b/sdk/go/keycloak/openid/clientServiceAccountRole.go index 2d2ab23e..73ae4c42 100644 --- a/sdk/go/keycloak/openid/clientServiceAccountRole.go +++ b/sdk/go/keycloak/openid/clientServiceAccountRole.go @@ -20,6 +20,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -77,14 +78,15 @@ import ( // } // // ``` +// // // ## Import // // This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/go/keycloak/openid/fullNameProtocolMapper.go b/sdk/go/keycloak/openid/fullNameProtocolMapper.go index b45504de..68d61669 100644 --- a/sdk/go/keycloak/openid/fullNameProtocolMapper.go +++ b/sdk/go/keycloak/openid/fullNameProtocolMapper.go @@ -12,16 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing full name protocol mappers within Keycloak. +// ## # openid.FullNameProtocolMapper // -// Full name protocol mappers allow you to map a user's first and last name to the OpenID Connect `name` claim in a token. +// Allows for creating and managing full name protocol mappers within +// Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// Full name protocol mappers allow you to map a user's first and last name +// to the OpenID Connect `name` claim in a token. Protocol mappers can be defined +// for a single client, or they can be defined for a client scope which can +// be shared between multiple different clients. // -// ## Example Usage -// ### Client) +// ### Example Usage (Client) // +// // ```go // package main // @@ -36,17 +39,17 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// Enabled: pulumi.Bool(true), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -55,8 +58,8 @@ import ( // return err // } // _, err = openid.NewFullNameProtocolMapper(ctx, "fullNameMapper", &openid.FullNameProtocolMapperArgs{ -// RealmId: realm.ID(), // ClientId: openidClient.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -66,8 +69,11 @@ import ( // } // // ``` -// ### Client Scope) +// // +// ### Example Usage (Client Scope) +// +// // ```go // package main // @@ -82,8 +88,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -95,8 +101,8 @@ import ( // return err // } // _, err = openid.NewFullNameProtocolMapper(ctx, "fullNameMapper", &openid.FullNameProtocolMapperArgs{ -// RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -106,42 +112,40 @@ import ( // } // // ``` +// // -// ## Import -// -// Protocol mappers can be imported using one of the following formats: +// ### Argument Reference // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// The following arguments are supported: // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `addToIdToken` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. +// - `addToAccessToken` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. +// - `addToUserinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. // -// Example: +// ### Import // -// bash -// -// ```sh -// $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type FullNameProtocolMapper struct { pulumi.CustomResourceState - // Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. AddToAccessToken pulumi.BoolPtrOutput `pulumi:"addToAccessToken"` - // Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` - // Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo pulumi.BoolPtrOutput `pulumi:"addToUserinfo"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` + AddToUserinfo pulumi.BoolPtrOutput `pulumi:"addToUserinfo"` + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringOutput `pulumi:"realmId"` } @@ -178,36 +182,30 @@ func GetFullNameProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering FullNameProtocolMapper resources. type fullNameProtocolMapperState struct { - // Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToIdToken *bool `pulumi:"addToIdToken"` + AddToUserinfo *bool `pulumi:"addToUserinfo"` + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId *string `pulumi:"realmId"` } type FullNameProtocolMapperState struct { - // Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - AddToIdToken pulumi.BoolPtrInput - // Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo pulumi.BoolPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToIdToken pulumi.BoolPtrInput + AddToUserinfo pulumi.BoolPtrInput + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringPtrInput } @@ -216,37 +214,31 @@ func (FullNameProtocolMapperState) ElementType() reflect.Type { } type fullNameProtocolMapperArgs struct { - // Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToIdToken *bool `pulumi:"addToIdToken"` + AddToUserinfo *bool `pulumi:"addToUserinfo"` + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a FullNameProtocolMapper resource. type FullNameProtocolMapperArgs struct { - // Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - AddToIdToken pulumi.BoolPtrInput - // Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo pulumi.BoolPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToIdToken pulumi.BoolPtrInput + AddToUserinfo pulumi.BoolPtrInput + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringInput } @@ -337,37 +329,34 @@ func (o FullNameProtocolMapperOutput) ToFullNameProtocolMapperOutputWithContext( return o } -// Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. func (o FullNameProtocolMapperOutput) AddToAccessToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FullNameProtocolMapper) pulumi.BoolPtrOutput { return v.AddToAccessToken }).(pulumi.BoolPtrOutput) } -// Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. func (o FullNameProtocolMapperOutput) AddToIdToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FullNameProtocolMapper) pulumi.BoolPtrOutput { return v.AddToIdToken }).(pulumi.BoolPtrOutput) } -// Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. func (o FullNameProtocolMapperOutput) AddToUserinfo() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FullNameProtocolMapper) pulumi.BoolPtrOutput { return v.AddToUserinfo }).(pulumi.BoolPtrOutput) } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o FullNameProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *FullNameProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client scope. Cannot be used at the same time as client_id. func (o FullNameProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *FullNameProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o FullNameProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *FullNameProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o FullNameProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *FullNameProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/getClient.go b/sdk/go/keycloak/openid/getClient.go index 9bbe3e31..9c15e546 100644 --- a/sdk/go/keycloak/openid/getClient.go +++ b/sdk/go/keycloak/openid/getClient.go @@ -11,10 +11,13 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # openid.Client data source +// // This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -48,6 +51,18 @@ import ( // } // // ``` +// +// +// ### Argument Reference +// +// The following arguments are supported: +// +// - `realmId` - (Required) The realm id. +// - `clientId` - (Required) The client id. +// +// ### Attributes Reference +// +// See the docs for the `openid.Client` resource for details on the exported attributes. func LookupClient(ctx *pulumi.Context, args *LookupClientArgs, opts ...pulumi.InvokeOption) (*LookupClientResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupClientResult @@ -60,7 +75,6 @@ func LookupClient(ctx *pulumi.Context, args *LookupClientArgs, opts ...pulumi.In // A collection of arguments for invoking getClient. type LookupClientArgs struct { - // The client id (not its unique ID). ClientId string `pulumi:"clientId"` ConsentScreenText *string `pulumi:"consentScreenText"` DisplayOnConsentScreen *bool `pulumi:"displayOnConsentScreen"` @@ -68,8 +82,7 @@ type LookupClientArgs struct { Oauth2DeviceAuthorizationGrantEnabled *bool `pulumi:"oauth2DeviceAuthorizationGrantEnabled"` Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` Oauth2DevicePollingInterval *string `pulumi:"oauth2DevicePollingInterval"` - // The realm id. - RealmId string `pulumi:"realmId"` + RealmId string `pulumi:"realmId"` } // A collection of values returned by getClient. @@ -138,7 +151,6 @@ func LookupClientOutput(ctx *pulumi.Context, args LookupClientOutputArgs, opts . // A collection of arguments for invoking getClient. type LookupClientOutputArgs struct { - // The client id (not its unique ID). ClientId pulumi.StringInput `pulumi:"clientId"` ConsentScreenText pulumi.StringPtrInput `pulumi:"consentScreenText"` DisplayOnConsentScreen pulumi.BoolPtrInput `pulumi:"displayOnConsentScreen"` @@ -146,8 +158,7 @@ type LookupClientOutputArgs struct { Oauth2DeviceAuthorizationGrantEnabled pulumi.BoolPtrInput `pulumi:"oauth2DeviceAuthorizationGrantEnabled"` Oauth2DeviceCodeLifespan pulumi.StringPtrInput `pulumi:"oauth2DeviceCodeLifespan"` Oauth2DevicePollingInterval pulumi.StringPtrInput `pulumi:"oauth2DevicePollingInterval"` - // The realm id. - RealmId pulumi.StringInput `pulumi:"realmId"` + RealmId pulumi.StringInput `pulumi:"realmId"` } func (LookupClientOutputArgs) ElementType() reflect.Type { diff --git a/sdk/go/keycloak/openid/getClientAuthorizationPolicy.go b/sdk/go/keycloak/openid/getClientAuthorizationPolicy.go index 7b1928c0..7e73f383 100644 --- a/sdk/go/keycloak/openid/getClientAuthorizationPolicy.go +++ b/sdk/go/keycloak/openid/getClientAuthorizationPolicy.go @@ -19,6 +19,7 @@ import ( // permission for this client called "Default Permission". We'll use the `openid.getClientAuthorizationPolicy` data // source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. // +// // ```go // package main // @@ -89,6 +90,7 @@ import ( // } // // ``` +// func GetClientAuthorizationPolicy(ctx *pulumi.Context, args *GetClientAuthorizationPolicyArgs, opts ...pulumi.InvokeOption) (*GetClientAuthorizationPolicyResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetClientAuthorizationPolicyResult diff --git a/sdk/go/keycloak/openid/getClientScope.go b/sdk/go/keycloak/openid/getClientScope.go index f01e9de8..ea6be8a1 100644 --- a/sdk/go/keycloak/openid/getClientScope.go +++ b/sdk/go/keycloak/openid/getClientScope.go @@ -15,6 +15,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -48,6 +49,7 @@ import ( // } // // ``` +// func LookupClientScope(ctx *pulumi.Context, args *LookupClientScopeArgs, opts ...pulumi.InvokeOption) (*LookupClientScopeResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupClientScopeResult diff --git a/sdk/go/keycloak/openid/getClientServiceAccountUser.go b/sdk/go/keycloak/openid/getClientServiceAccountUser.go index d7b3e259..5823d164 100644 --- a/sdk/go/keycloak/openid/getClientServiceAccountUser.go +++ b/sdk/go/keycloak/openid/getClientServiceAccountUser.go @@ -20,6 +20,7 @@ import ( // that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this // user, using the `UserRoles` resource. // +// // ```go // package main // @@ -76,6 +77,7 @@ import ( // } // // ``` +// func GetClientServiceAccountUser(ctx *pulumi.Context, args *GetClientServiceAccountUserArgs, opts ...pulumi.InvokeOption) (*GetClientServiceAccountUserResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetClientServiceAccountUserResult diff --git a/sdk/go/keycloak/openid/groupMembershipProtocolMapper.go b/sdk/go/keycloak/openid/groupMembershipProtocolMapper.go index 5160e093..e1666c56 100644 --- a/sdk/go/keycloak/openid/groupMembershipProtocolMapper.go +++ b/sdk/go/keycloak/openid/groupMembershipProtocolMapper.go @@ -12,16 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing group membership protocol mappers within Keycloak. +// ## # openid.GroupMembershipProtocolMapper // -// Group membership protocol mappers allow you to map a user's group memberships to a claim in a token. +// Allows for creating and managing group membership protocol mappers within +// Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// Group membership protocol mappers allow you to map a user's group memberships +// to a claim in a token. Protocol mappers can be defined for a single client, +// or they can be defined for a client scope which can be shared between multiple +// different clients. // -// ## Example Usage -// ### Client) +// ### Example Usage (Client) // +// // ```go // package main // @@ -36,17 +39,17 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// Enabled: pulumi.Bool(true), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -55,9 +58,9 @@ import ( // return err // } // _, err = openid.NewGroupMembershipProtocolMapper(ctx, "groupMembershipMapper", &openid.GroupMembershipProtocolMapperArgs{ -// RealmId: realm.ID(), -// ClientId: openidClient.ID(), // ClaimName: pulumi.String("groups"), +// ClientId: openidClient.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -67,8 +70,11 @@ import ( // } // // ``` -// ### Client Scope) +// +// +// ### Example Usage (Client Scope) // +// // ```go // package main // @@ -83,8 +89,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -96,9 +102,9 @@ import ( // return err // } // _, err = openid.NewGroupMembershipProtocolMapper(ctx, "groupMembershipMapper", &openid.GroupMembershipProtocolMapperArgs{ -// RealmId: realm.ID(), -// ClientScopeId: clientScope.ID(), // ClaimName: pulumi.String("groups"), +// ClientScopeId: clientScope.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -108,46 +114,44 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Protocol mappers can be imported using one of the following formats: +// The following arguments are supported: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `claimName` - (Required) The name of the claim to insert into a token. +// - `fullPath` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`. +// - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. +// - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. +// - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// ### Import // -// Example: -// -// bash -// -// ```sh -// $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type GroupMembershipProtocolMapper struct { pulumi.CustomResourceState - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. AddToAccessToken pulumi.BoolPtrOutput `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. - AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo pulumi.BoolPtrOutput `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName pulumi.StringOutput `pulumi:"claimName"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` + AddToUserinfo pulumi.BoolPtrOutput `pulumi:"addToUserinfo"` + ClaimName pulumi.StringOutput `pulumi:"claimName"` + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - FullPath pulumi.BoolPtrOutput `pulumi:"fullPath"` - // The display name of this protocol mapper in the GUI. + FullPath pulumi.BoolPtrOutput `pulumi:"fullPath"` + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringOutput `pulumi:"realmId"` } @@ -187,44 +191,34 @@ func GetGroupMembershipProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering GroupMembershipProtocolMapper resources. type groupMembershipProtocolMapperState struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. - AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. - AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName *string `pulumi:"claimName"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToAccessToken *bool `pulumi:"addToAccessToken"` + AddToIdToken *bool `pulumi:"addToIdToken"` + AddToUserinfo *bool `pulumi:"addToUserinfo"` + ClaimName *string `pulumi:"claimName"` + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - FullPath *bool `pulumi:"fullPath"` - // The display name of this protocol mapper in the GUI. + FullPath *bool `pulumi:"fullPath"` + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId *string `pulumi:"realmId"` } type GroupMembershipProtocolMapperState struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. - AddToIdToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToIdToken pulumi.BoolPtrInput + AddToUserinfo pulumi.BoolPtrInput + ClaimName pulumi.StringPtrInput + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - FullPath pulumi.BoolPtrInput - // The display name of this protocol mapper in the GUI. + FullPath pulumi.BoolPtrInput + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringPtrInput } @@ -233,45 +227,35 @@ func (GroupMembershipProtocolMapperState) ElementType() reflect.Type { } type groupMembershipProtocolMapperArgs struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. - AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. - AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName string `pulumi:"claimName"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToAccessToken *bool `pulumi:"addToAccessToken"` + AddToIdToken *bool `pulumi:"addToIdToken"` + AddToUserinfo *bool `pulumi:"addToUserinfo"` + ClaimName string `pulumi:"claimName"` + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - FullPath *bool `pulumi:"fullPath"` - // The display name of this protocol mapper in the GUI. + FullPath *bool `pulumi:"fullPath"` + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a GroupMembershipProtocolMapper resource. type GroupMembershipProtocolMapperArgs struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. - AddToIdToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + AddToIdToken pulumi.BoolPtrInput + AddToUserinfo pulumi.BoolPtrInput + ClaimName pulumi.StringInput + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - FullPath pulumi.BoolPtrInput - // The display name of this protocol mapper in the GUI. + FullPath pulumi.BoolPtrInput + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringInput } @@ -362,47 +346,42 @@ func (o GroupMembershipProtocolMapperOutput) ToGroupMembershipProtocolMapperOutp return o } -// Indicates if the property should be added as a claim to the access token. Defaults to `true`. func (o GroupMembershipProtocolMapperOutput) AddToAccessToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.BoolPtrOutput { return v.AddToAccessToken }).(pulumi.BoolPtrOutput) } -// Indicates if the property should be added as a claim to the id token. Defaults to `true`. func (o GroupMembershipProtocolMapperOutput) AddToIdToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.BoolPtrOutput { return v.AddToIdToken }).(pulumi.BoolPtrOutput) } -// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. func (o GroupMembershipProtocolMapperOutput) AddToUserinfo() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.BoolPtrOutput { return v.AddToUserinfo }).(pulumi.BoolPtrOutput) } -// The name of the claim to insert into a token. func (o GroupMembershipProtocolMapperOutput) ClaimName() pulumi.StringOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.StringOutput { return v.ClaimName }).(pulumi.StringOutput) } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o GroupMembershipProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client scope. Cannot be used at the same time as client_id. func (o GroupMembershipProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// Indicates whether the full path of the group including its parents will be used. Defaults to `true`. func (o GroupMembershipProtocolMapperOutput) FullPath() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.BoolPtrOutput { return v.FullPath }).(pulumi.BoolPtrOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o GroupMembershipProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o GroupMembershipProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *GroupMembershipProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/hardcodedClaimProtocolMapper.go b/sdk/go/keycloak/openid/hardcodedClaimProtocolMapper.go index ddf4477b..152d5d3f 100644 --- a/sdk/go/keycloak/openid/hardcodedClaimProtocolMapper.go +++ b/sdk/go/keycloak/openid/hardcodedClaimProtocolMapper.go @@ -12,16 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing hardcoded claim protocol mappers within Keycloak. +// ## # openid.HardcodedClaimProtocolMapper // -// Hardcoded claim protocol mappers allow you to define a claim with a hardcoded value. +// Allows for creating and managing hardcoded claim protocol mappers within +// Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// Hardcoded claim protocol mappers allow you to define a claim with a hardcoded +// value. Protocol mappers can be defined for a single client, or they can +// be defined for a client scope which can be shared between multiple different +// clients. // -// ## Example Usage -// ### Client) +// ### Example Usage (Client) // +// // ```go // package main // @@ -36,17 +39,17 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// Enabled: pulumi.Bool(true), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -55,10 +58,10 @@ import ( // return err // } // _, err = openid.NewHardcodedClaimProtocolMapper(ctx, "hardcodedClaimMapper", &openid.HardcodedClaimProtocolMapperArgs{ -// RealmId: realm.ID(), -// ClientId: openidClient.ID(), // ClaimName: pulumi.String("foo"), // ClaimValue: pulumi.String("bar"), +// ClientId: openidClient.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -68,8 +71,11 @@ import ( // } // // ``` -// ### Client Scope) +// +// +// ### Example Usage (Client Scope) // +// // ```go // package main // @@ -84,8 +90,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -97,10 +103,10 @@ import ( // return err // } // _, err = openid.NewHardcodedClaimProtocolMapper(ctx, "hardcodedClaimMapper", &openid.HardcodedClaimProtocolMapperArgs{ -// RealmId: realm.ID(), -// ClientScopeId: clientScope.ID(), // ClaimName: pulumi.String("foo"), // ClaimValue: pulumi.String("bar"), +// ClientScopeId: clientScope.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -110,48 +116,50 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Protocol mappers can be imported using one of the following formats: +// The following arguments are supported: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `claimName` - (Required) The name of the claim to insert into a token. +// - `claimValue` - (Required) The hardcoded value of the claim. +// - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. +// - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. +// - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. +// - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// ### Import // -// Example: -// -// bash -// -// ```sh -// $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type HardcodedClaimProtocolMapper struct { pulumi.CustomResourceState - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrOutput `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrOutput `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName pulumi.StringOutput `pulumi:"claimName"` - // The hardcoded value of the claim. - ClaimValue pulumi.StringOutput `pulumi:"claimValue"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringOutput `pulumi:"claimName"` + ClaimValue pulumi.StringOutput `pulumi:"claimValue"` + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrOutput `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringOutput `pulumi:"realmId"` } @@ -194,48 +202,44 @@ func GetHardcodedClaimProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering HardcodedClaimProtocolMapper resources. type hardcodedClaimProtocolMapperState struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName *string `pulumi:"claimName"` - // The hardcoded value of the claim. - ClaimValue *string `pulumi:"claimValue"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + // Indicates if the attribute should appear in the userinfo response body. + AddToUserinfo *bool `pulumi:"addToUserinfo"` + ClaimName *string `pulumi:"claimName"` + ClaimValue *string `pulumi:"claimValue"` + // Claim type used when serializing tokens. ClaimValueType *string `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId *string `pulumi:"realmId"` } type HardcodedClaimProtocolMapperState struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringPtrInput - // The hardcoded value of the claim. - ClaimValue pulumi.StringPtrInput - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringPtrInput + ClaimValue pulumi.StringPtrInput + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringPtrInput } @@ -244,49 +248,45 @@ func (HardcodedClaimProtocolMapperState) ElementType() reflect.Type { } type hardcodedClaimProtocolMapperArgs struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName string `pulumi:"claimName"` - // The hardcoded value of the claim. - ClaimValue string `pulumi:"claimValue"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + // Indicates if the attribute should appear in the userinfo response body. + AddToUserinfo *bool `pulumi:"addToUserinfo"` + ClaimName string `pulumi:"claimName"` + ClaimValue string `pulumi:"claimValue"` + // Claim type used when serializing tokens. ClaimValueType *string `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a HardcodedClaimProtocolMapper resource. type HardcodedClaimProtocolMapperArgs struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringInput - // The hardcoded value of the claim. - ClaimValue pulumi.StringInput - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringInput + ClaimValue pulumi.StringInput + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringInput } @@ -377,52 +377,50 @@ func (o HardcodedClaimProtocolMapperOutput) ToHardcodedClaimProtocolMapperOutput return o } -// Indicates if the property should be added as a claim to the access token. Defaults to `true`. +// Indicates if the attribute should be a claim in the access token. func (o HardcodedClaimProtocolMapperOutput) AddToAccessToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.BoolPtrOutput { return v.AddToAccessToken }).(pulumi.BoolPtrOutput) } -// Indicates if the property should be added as a claim to the id token. Defaults to `true`. +// Indicates if the attribute should be a claim in the id token. func (o HardcodedClaimProtocolMapperOutput) AddToIdToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.BoolPtrOutput { return v.AddToIdToken }).(pulumi.BoolPtrOutput) } -// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. +// Indicates if the attribute should appear in the userinfo response body. func (o HardcodedClaimProtocolMapperOutput) AddToUserinfo() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.BoolPtrOutput { return v.AddToUserinfo }).(pulumi.BoolPtrOutput) } -// The name of the claim to insert into a token. func (o HardcodedClaimProtocolMapperOutput) ClaimName() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.StringOutput { return v.ClaimName }).(pulumi.StringOutput) } -// The hardcoded value of the claim. func (o HardcodedClaimProtocolMapperOutput) ClaimValue() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.StringOutput { return v.ClaimValue }).(pulumi.StringOutput) } -// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. +// Claim type used when serializing tokens. func (o HardcodedClaimProtocolMapperOutput) ClaimValueType() pulumi.StringPtrOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.StringPtrOutput { return v.ClaimValueType }).(pulumi.StringPtrOutput) } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o HardcodedClaimProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client scope. Cannot be used at the same time as client_id. func (o HardcodedClaimProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o HardcodedClaimProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o HardcodedClaimProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedClaimProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/hardcodedRoleProtocolMapper.go b/sdk/go/keycloak/openid/hardcodedRoleProtocolMapper.go index 6b0d200f..c4887523 100644 --- a/sdk/go/keycloak/openid/hardcodedRoleProtocolMapper.go +++ b/sdk/go/keycloak/openid/hardcodedRoleProtocolMapper.go @@ -12,16 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing hardcoded role protocol mappers within Keycloak. +// ## # openid.HardcodedRoleProtocolMapper // -// Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. +// Allows for creating and managing hardcoded role protocol mappers within +// Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// Hardcoded role protocol mappers allow you to specify a single role to +// always map to an access token for a client. Protocol mappers can be +// defined for a single client, or they can be defined for a client scope +// which can be shared between multiple different clients. // -// ## Example Usage -// ### Client) +// ### Example Usage (Client) // +// // ```go // package main // @@ -36,8 +39,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -49,10 +52,10 @@ import ( // return err // } // openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// Enabled: pulumi.Bool(true), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -61,8 +64,8 @@ import ( // return err // } // _, err = openid.NewHardcodedRoleProtocolMapper(ctx, "hardcodedRoleMapper", &openid.HardcodedRoleProtocolMapperArgs{ -// RealmId: realm.ID(), // ClientId: openidClient.ID(), +// RealmId: realm.ID(), // RoleId: role.ID(), // }) // if err != nil { @@ -73,8 +76,11 @@ import ( // } // // ``` -// ### Client Scope) +// // +// ### Example Usage (Client Scope) +// +// // ```go // package main // @@ -89,8 +95,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -108,8 +114,8 @@ import ( // return err // } // _, err = openid.NewHardcodedRoleProtocolMapper(ctx, "hardcodedRoleMapper", &openid.HardcodedRoleProtocolMapperArgs{ -// RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), +// RealmId: realm.ID(), // RoleId: role.ID(), // }) // if err != nil { @@ -120,39 +126,38 @@ import ( // } // // ``` +// // -// ## Import -// -// Protocol mappers can be imported using one of the following formats: +// ### Argument Reference // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// The following arguments are supported: // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the +// GUI. +// - `roleId` - (Required) The ID of the role to map to an access token. // -// Example: +// ### Import // -// bash -// -// ```sh -// $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type HardcodedRoleProtocolMapper struct { pulumi.CustomResourceState - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringOutput `pulumi:"realmId"` - // The ID of the role to map to an access token. - RoleId pulumi.StringOutput `pulumi:"roleId"` + RoleId pulumi.StringOutput `pulumi:"roleId"` } // NewHardcodedRoleProtocolMapper registers a new resource with the given unique name, arguments, and options. @@ -191,29 +196,27 @@ func GetHardcodedRoleProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering HardcodedRoleProtocolMapper resources. type hardcodedRoleProtocolMapperState struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId *string `pulumi:"realmId"` - // The ID of the role to map to an access token. - RoleId *string `pulumi:"roleId"` + RoleId *string `pulumi:"roleId"` } type HardcodedRoleProtocolMapperState struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringPtrInput - // The ID of the role to map to an access token. - RoleId pulumi.StringPtrInput + RoleId pulumi.StringPtrInput } func (HardcodedRoleProtocolMapperState) ElementType() reflect.Type { @@ -221,30 +224,28 @@ func (HardcodedRoleProtocolMapperState) ElementType() reflect.Type { } type hardcodedRoleProtocolMapperArgs struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId string `pulumi:"realmId"` - // The ID of the role to map to an access token. - RoleId string `pulumi:"roleId"` + RoleId string `pulumi:"roleId"` } // The set of arguments for constructing a HardcodedRoleProtocolMapper resource. type HardcodedRoleProtocolMapperArgs struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringInput - // The ID of the role to map to an access token. - RoleId pulumi.StringInput + RoleId pulumi.StringInput } func (HardcodedRoleProtocolMapperArgs) ElementType() reflect.Type { @@ -334,27 +335,26 @@ func (o HardcodedRoleProtocolMapperOutput) ToHardcodedRoleProtocolMapperOutputWi return o } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o HardcodedRoleProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *HardcodedRoleProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client scope. Cannot be used at the same time as client_id. func (o HardcodedRoleProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *HardcodedRoleProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o HardcodedRoleProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedRoleProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o HardcodedRoleProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedRoleProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// The ID of the role to map to an access token. func (o HardcodedRoleProtocolMapperOutput) RoleId() pulumi.StringOutput { return o.ApplyT(func(v *HardcodedRoleProtocolMapper) pulumi.StringOutput { return v.RoleId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/pulumiTypes.go b/sdk/go/keycloak/openid/pulumiTypes.go index 9aff0cb2..87d7aea0 100644 --- a/sdk/go/keycloak/openid/pulumiTypes.go +++ b/sdk/go/keycloak/openid/pulumiTypes.go @@ -14,9 +14,7 @@ import ( var _ = internal.GetEnvOrDefault type ClientAuthenticationFlowBindingOverrides struct { - // Browser flow id, (flow needs to exist) - BrowserId *string `pulumi:"browserId"` - // Direct grant flow id (flow needs to exist) + BrowserId *string `pulumi:"browserId"` DirectGrantId *string `pulumi:"directGrantId"` } @@ -32,9 +30,7 @@ type ClientAuthenticationFlowBindingOverridesInput interface { } type ClientAuthenticationFlowBindingOverridesArgs struct { - // Browser flow id, (flow needs to exist) - BrowserId pulumi.StringPtrInput `pulumi:"browserId"` - // Direct grant flow id (flow needs to exist) + BrowserId pulumi.StringPtrInput `pulumi:"browserId"` DirectGrantId pulumi.StringPtrInput `pulumi:"directGrantId"` } @@ -115,12 +111,10 @@ func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFl }).(ClientAuthenticationFlowBindingOverridesPtrOutput) } -// Browser flow id, (flow needs to exist) func (o ClientAuthenticationFlowBindingOverridesOutput) BrowserId() pulumi.StringPtrOutput { return o.ApplyT(func(v ClientAuthenticationFlowBindingOverrides) *string { return v.BrowserId }).(pulumi.StringPtrOutput) } -// Direct grant flow id (flow needs to exist) func (o ClientAuthenticationFlowBindingOverridesOutput) DirectGrantId() pulumi.StringPtrOutput { return o.ApplyT(func(v ClientAuthenticationFlowBindingOverrides) *string { return v.DirectGrantId }).(pulumi.StringPtrOutput) } @@ -149,7 +143,6 @@ func (o ClientAuthenticationFlowBindingOverridesPtrOutput) Elem() ClientAuthenti }).(ClientAuthenticationFlowBindingOverridesOutput) } -// Browser flow id, (flow needs to exist) func (o ClientAuthenticationFlowBindingOverridesPtrOutput) BrowserId() pulumi.StringPtrOutput { return o.ApplyT(func(v *ClientAuthenticationFlowBindingOverrides) *string { if v == nil { @@ -159,7 +152,6 @@ func (o ClientAuthenticationFlowBindingOverridesPtrOutput) BrowserId() pulumi.St }).(pulumi.StringPtrOutput) } -// Direct grant flow id (flow needs to exist) func (o ClientAuthenticationFlowBindingOverridesPtrOutput) DirectGrantId() pulumi.StringPtrOutput { return o.ApplyT(func(v *ClientAuthenticationFlowBindingOverrides) *string { if v == nil { @@ -170,14 +162,10 @@ func (o ClientAuthenticationFlowBindingOverridesPtrOutput) DirectGrantId() pulum } type ClientAuthorization struct { - // When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - AllowRemoteResourceManagement *bool `pulumi:"allowRemoteResourceManagement"` - // Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - DecisionStrategy *string `pulumi:"decisionStrategy"` - // When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - KeepDefaults *bool `pulumi:"keepDefaults"` - // Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - PolicyEnforcementMode string `pulumi:"policyEnforcementMode"` + AllowRemoteResourceManagement *bool `pulumi:"allowRemoteResourceManagement"` + DecisionStrategy *string `pulumi:"decisionStrategy"` + KeepDefaults *bool `pulumi:"keepDefaults"` + PolicyEnforcementMode string `pulumi:"policyEnforcementMode"` } // ClientAuthorizationInput is an input type that accepts ClientAuthorizationArgs and ClientAuthorizationOutput values. @@ -192,14 +180,10 @@ type ClientAuthorizationInput interface { } type ClientAuthorizationArgs struct { - // When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - AllowRemoteResourceManagement pulumi.BoolPtrInput `pulumi:"allowRemoteResourceManagement"` - // Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - DecisionStrategy pulumi.StringPtrInput `pulumi:"decisionStrategy"` - // When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - KeepDefaults pulumi.BoolPtrInput `pulumi:"keepDefaults"` - // Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - PolicyEnforcementMode pulumi.StringInput `pulumi:"policyEnforcementMode"` + AllowRemoteResourceManagement pulumi.BoolPtrInput `pulumi:"allowRemoteResourceManagement"` + DecisionStrategy pulumi.StringPtrInput `pulumi:"decisionStrategy"` + KeepDefaults pulumi.BoolPtrInput `pulumi:"keepDefaults"` + PolicyEnforcementMode pulumi.StringInput `pulumi:"policyEnforcementMode"` } func (ClientAuthorizationArgs) ElementType() reflect.Type { @@ -279,22 +263,18 @@ func (o ClientAuthorizationOutput) ToClientAuthorizationPtrOutputWithContext(ctx }).(ClientAuthorizationPtrOutput) } -// When `true`, resources can be managed remotely by the resource server. Defaults to `false`. func (o ClientAuthorizationOutput) AllowRemoteResourceManagement() pulumi.BoolPtrOutput { return o.ApplyT(func(v ClientAuthorization) *bool { return v.AllowRemoteResourceManagement }).(pulumi.BoolPtrOutput) } -// Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. func (o ClientAuthorizationOutput) DecisionStrategy() pulumi.StringPtrOutput { return o.ApplyT(func(v ClientAuthorization) *string { return v.DecisionStrategy }).(pulumi.StringPtrOutput) } -// When `true`, defaults set by Keycloak will be respected. Defaults to `false`. func (o ClientAuthorizationOutput) KeepDefaults() pulumi.BoolPtrOutput { return o.ApplyT(func(v ClientAuthorization) *bool { return v.KeepDefaults }).(pulumi.BoolPtrOutput) } -// Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. func (o ClientAuthorizationOutput) PolicyEnforcementMode() pulumi.StringOutput { return o.ApplyT(func(v ClientAuthorization) string { return v.PolicyEnforcementMode }).(pulumi.StringOutput) } @@ -323,7 +303,6 @@ func (o ClientAuthorizationPtrOutput) Elem() ClientAuthorizationOutput { }).(ClientAuthorizationOutput) } -// When `true`, resources can be managed remotely by the resource server. Defaults to `false`. func (o ClientAuthorizationPtrOutput) AllowRemoteResourceManagement() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ClientAuthorization) *bool { if v == nil { @@ -333,7 +312,6 @@ func (o ClientAuthorizationPtrOutput) AllowRemoteResourceManagement() pulumi.Boo }).(pulumi.BoolPtrOutput) } -// Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. func (o ClientAuthorizationPtrOutput) DecisionStrategy() pulumi.StringPtrOutput { return o.ApplyT(func(v *ClientAuthorization) *string { if v == nil { @@ -343,7 +321,6 @@ func (o ClientAuthorizationPtrOutput) DecisionStrategy() pulumi.StringPtrOutput }).(pulumi.StringPtrOutput) } -// When `true`, defaults set by Keycloak will be respected. Defaults to `false`. func (o ClientAuthorizationPtrOutput) KeepDefaults() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ClientAuthorization) *bool { if v == nil { @@ -353,7 +330,6 @@ func (o ClientAuthorizationPtrOutput) KeepDefaults() pulumi.BoolPtrOutput { }).(pulumi.BoolPtrOutput) } -// Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. func (o ClientAuthorizationPtrOutput) PolicyEnforcementMode() pulumi.StringPtrOutput { return o.ApplyT(func(v *ClientAuthorization) *string { if v == nil { diff --git a/sdk/go/keycloak/openid/scriptProtocolMapper.go b/sdk/go/keycloak/openid/scriptProtocolMapper.go index 05d3a7ce..5dcb75c1 100644 --- a/sdk/go/keycloak/openid/scriptProtocolMapper.go +++ b/sdk/go/keycloak/openid/scriptProtocolMapper.go @@ -22,8 +22,10 @@ import ( // > Support for this protocol mapper was removed in Keycloak 18. // // ## Example Usage +// // ### Client) // +// // ```go // package main // @@ -70,8 +72,11 @@ import ( // } // // ``` +// +// // ### Client Scope) // +// // ```go // package main // @@ -112,18 +117,19 @@ import ( // } // // ``` +// // // ## Import // // Protocol mappers can be imported using one of the following formats: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/go/keycloak/openid/userAttributeProtocolMapper.go b/sdk/go/keycloak/openid/userAttributeProtocolMapper.go index 1cf582c5..060dd550 100644 --- a/sdk/go/keycloak/openid/userAttributeProtocolMapper.go +++ b/sdk/go/keycloak/openid/userAttributeProtocolMapper.go @@ -12,16 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing user attribute protocol mappers within Keycloak. +// ## # openid.UserAttributeProtocolMapper // -// User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. +// Allows for creating and managing user attribute protocol mappers within +// Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// User attribute protocol mappers allow you to map custom attributes defined +// for a user within Keycloak to a claim in a token. Protocol mappers can be +// defined for a single client, or they can be defined for a client scope which +// can be shared between multiple different clients. // -// ## Example Usage -// ### Client) +// ### Example Usage (Client) // +// // ```go // package main // @@ -36,17 +39,17 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// Enabled: pulumi.Bool(true), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -55,10 +58,10 @@ import ( // return err // } // _, err = openid.NewUserAttributeProtocolMapper(ctx, "userAttributeMapper", &openid.UserAttributeProtocolMapperArgs{ -// RealmId: realm.ID(), +// ClaimName: pulumi.String("bar"), // ClientId: openidClient.ID(), +// RealmId: realm.ID(), // UserAttribute: pulumi.String("foo"), -// ClaimName: pulumi.String("bar"), // }) // if err != nil { // return err @@ -68,8 +71,11 @@ import ( // } // // ``` -// ### Client Scope) +// +// +// ### Example Usage (Client Scope) // +// // ```go // package main // @@ -84,8 +90,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -97,10 +103,10 @@ import ( // return err // } // _, err = openid.NewUserAttributeProtocolMapper(ctx, "userAttributeMapper", &openid.UserAttributeProtocolMapperArgs{ -// RealmId: realm.ID(), +// ClaimName: pulumi.String("bar"), // ClientScopeId: clientScope.ID(), +// RealmId: realm.ID(), // UserAttribute: pulumi.String("foo"), -// ClaimName: pulumi.String("bar"), // }) // if err != nil { // return err @@ -110,52 +116,55 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Protocol mappers can be imported using one of the following formats: +// The following arguments are supported: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `userAttribute` - (Required) The custom user attribute to map a claim for. +// - `claimName` - (Required) The name of the claim to insert into a token. +// - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. +// - `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`. +// - `addToIdToken` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. +// - `addToAccessToken` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. +// - `addToUserinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// ### Import // -// Example: -// -// bash -// -// ```sh -// $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type UserAttributeProtocolMapper struct { pulumi.CustomResourceState - // Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrOutput `pulumi:"addToAccessToken"` - // Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` - // Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrOutput `pulumi:"addToUserinfo"` - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + // Indicates if attribute values should be aggregated within the group attributes AggregateAttributes pulumi.BoolPtrOutput `pulumi:"aggregateAttributes"` - // The name of the claim to insert into a token. - ClaimName pulumi.StringOutput `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringOutput `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrOutput `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued pulumi.BoolPtrOutput `pulumi:"multivalued"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // The custom user attribute to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId pulumi.StringOutput `pulumi:"realmId"` UserAttribute pulumi.StringOutput `pulumi:"userAttribute"` } @@ -198,56 +207,52 @@ func GetUserAttributeProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering UserAttributeProtocolMapper resources. type userAttributeProtocolMapperState struct { - // Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo *bool `pulumi:"addToUserinfo"` - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - AggregateAttributes *bool `pulumi:"aggregateAttributes"` - // The name of the claim to insert into a token. - ClaimName *string `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + // Indicates if attribute values should be aggregated within the group attributes + AggregateAttributes *bool `pulumi:"aggregateAttributes"` + ClaimName *string `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType *string `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued *bool `pulumi:"multivalued"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId *string `pulumi:"realmId"` - // The custom user attribute to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId *string `pulumi:"realmId"` UserAttribute *string `pulumi:"userAttribute"` } type UserAttributeProtocolMapperState struct { - // Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrInput - // Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrInput - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + // Indicates if attribute values should be aggregated within the group attributes AggregateAttributes pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringPtrInput - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringPtrInput + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued pulumi.BoolPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. - RealmId pulumi.StringPtrInput - // The custom user attribute to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId pulumi.StringPtrInput UserAttribute pulumi.StringPtrInput } @@ -256,57 +261,53 @@ func (UserAttributeProtocolMapperState) ElementType() reflect.Type { } type userAttributeProtocolMapperArgs struct { - // Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo *bool `pulumi:"addToUserinfo"` - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - AggregateAttributes *bool `pulumi:"aggregateAttributes"` - // The name of the claim to insert into a token. - ClaimName string `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + // Indicates if attribute values should be aggregated within the group attributes + AggregateAttributes *bool `pulumi:"aggregateAttributes"` + ClaimName string `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType *string `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued *bool `pulumi:"multivalued"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId string `pulumi:"realmId"` - // The custom user attribute to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId string `pulumi:"realmId"` UserAttribute string `pulumi:"userAttribute"` } // The set of arguments for constructing a UserAttributeProtocolMapper resource. type UserAttributeProtocolMapperArgs struct { - // Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrInput - // Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrInput - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + // Indicates if attribute values should be aggregated within the group attributes AggregateAttributes pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringInput - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringInput + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued pulumi.BoolPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. - RealmId pulumi.StringInput - // The custom user attribute to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId pulumi.StringInput UserAttribute pulumi.StringInput } @@ -397,62 +398,60 @@ func (o UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutputWi return o } -// Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. +// Indicates if the attribute should be a claim in the access token. func (o UserAttributeProtocolMapperOutput) AddToAccessToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.BoolPtrOutput { return v.AddToAccessToken }).(pulumi.BoolPtrOutput) } -// Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. +// Indicates if the attribute should be a claim in the id token. func (o UserAttributeProtocolMapperOutput) AddToIdToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.BoolPtrOutput { return v.AddToIdToken }).(pulumi.BoolPtrOutput) } -// Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. +// Indicates if the attribute should appear in the userinfo response body. func (o UserAttributeProtocolMapperOutput) AddToUserinfo() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.BoolPtrOutput { return v.AddToUserinfo }).(pulumi.BoolPtrOutput) } -// Indicates whether this attribute is a single value or an array of values. Defaults to `false`. +// Indicates if attribute values should be aggregated within the group attributes func (o UserAttributeProtocolMapperOutput) AggregateAttributes() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.BoolPtrOutput { return v.AggregateAttributes }).(pulumi.BoolPtrOutput) } -// The name of the claim to insert into a token. func (o UserAttributeProtocolMapperOutput) ClaimName() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.ClaimName }).(pulumi.StringOutput) } -// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. +// Claim type used when serializing tokens. func (o UserAttributeProtocolMapperOutput) ClaimValueType() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringPtrOutput { return v.ClaimValueType }).(pulumi.StringPtrOutput) } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o UserAttributeProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client scope. Cannot be used at the same time as client_id. func (o UserAttributeProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// Indicates whether this attribute is a single value or an array of values. Defaults to `false`. +// Indicates whether this attribute is a single value or an array of values. func (o UserAttributeProtocolMapperOutput) Multivalued() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.BoolPtrOutput { return v.Multivalued }).(pulumi.BoolPtrOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o UserAttributeProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o UserAttributeProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// The custom user attribute to map a claim for. func (o UserAttributeProtocolMapperOutput) UserAttribute() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.UserAttribute }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/userClientRoleProtocolMapper.go b/sdk/go/keycloak/openid/userClientRoleProtocolMapper.go index 98a73bb0..d7e8592b 100644 --- a/sdk/go/keycloak/openid/userClientRoleProtocolMapper.go +++ b/sdk/go/keycloak/openid/userClientRoleProtocolMapper.go @@ -20,8 +20,10 @@ import ( // multiple different clients. // // ## Example Usage +// // ### Client) // +// // ```go // package main // @@ -67,8 +69,11 @@ import ( // } // // ``` +// +// // ### Client Scope) // +// // ```go // package main // @@ -108,18 +113,19 @@ import ( // } // // ``` +// // // ## Import // // Protocol mappers can be imported using one of the following formats: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/go/keycloak/openid/userPropertyProtocolMapper.go b/sdk/go/keycloak/openid/userPropertyProtocolMapper.go index 8504f427..8758e800 100644 --- a/sdk/go/keycloak/openid/userPropertyProtocolMapper.go +++ b/sdk/go/keycloak/openid/userPropertyProtocolMapper.go @@ -12,17 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing user property protocol mappers within Keycloak. +// ## # openid.UserPropertyProtocolMapper // -// User property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in -// a token. +// Allows for creating and managing user property protocol mappers within +// Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// User property protocol mappers allow you to map built in properties defined +// on the Keycloak user interface to a claim in a token. Protocol mappers can be +// defined for a single client, or they can be defined for a client scope which +// can be shared between multiple different clients. // -// ## Example Usage -// ### Client) +// ### Example Usage (Client) // +// // ```go // package main // @@ -37,17 +39,17 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// Enabled: pulumi.Bool(true), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -56,10 +58,10 @@ import ( // return err // } // _, err = openid.NewUserPropertyProtocolMapper(ctx, "userPropertyMapper", &openid.UserPropertyProtocolMapperArgs{ -// RealmId: realm.ID(), +// ClaimName: pulumi.String("email"), // ClientId: openidClient.ID(), +// RealmId: realm.ID(), // UserProperty: pulumi.String("email"), -// ClaimName: pulumi.String("email"), // }) // if err != nil { // return err @@ -69,8 +71,11 @@ import ( // } // // ``` -// ### Client Scope) +// +// +// ### Example Usage (Client Scope) // +// // ```go // package main // @@ -85,8 +90,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -98,10 +103,10 @@ import ( // return err // } // _, err = openid.NewUserPropertyProtocolMapper(ctx, "userPropertyMapper", &openid.UserPropertyProtocolMapperArgs{ -// RealmId: realm.ID(), +// ClaimName: pulumi.String("email"), // ClientScopeId: clientScope.ID(), +// RealmId: realm.ID(), // UserProperty: pulumi.String("email"), -// ClaimName: pulumi.String("email"), // }) // if err != nil { // return err @@ -111,48 +116,50 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Protocol mappers can be imported using one of the following formats: +// The following arguments are supported: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `userProperty` - (Required) The built in user property (such as email) to map a claim for. +// - `claimName` - (Required) The name of the claim to insert into a token. +// - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. +// - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. +// - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. +// - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// ### Import // -// Example: -// -// bash -// -// ```sh -// $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type UserPropertyProtocolMapper struct { pulumi.CustomResourceState - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the property should be a claim in the access token. AddToAccessToken pulumi.BoolPtrOutput `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the property should be a claim in the id token. AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the property should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrOutput `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName pulumi.StringOutput `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringOutput `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrOutput `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // The built in user property (such as email) to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId pulumi.StringOutput `pulumi:"realmId"` UserProperty pulumi.StringOutput `pulumi:"userProperty"` } @@ -195,48 +202,44 @@ func GetUserPropertyProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering UserPropertyProtocolMapper resources. type userPropertyProtocolMapperState struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the property should be a claim in the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the property should be a claim in the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName *string `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + // Indicates if the property should appear in the userinfo response body. + AddToUserinfo *bool `pulumi:"addToUserinfo"` + ClaimName *string `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType *string `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId *string `pulumi:"realmId"` - // The built in user property (such as email) to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId *string `pulumi:"realmId"` UserProperty *string `pulumi:"userProperty"` } type UserPropertyProtocolMapperState struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the property should be a claim in the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the property should be a claim in the id token. AddToIdToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the property should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringPtrInput - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringPtrInput + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. - RealmId pulumi.StringPtrInput - // The built in user property (such as email) to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId pulumi.StringPtrInput UserProperty pulumi.StringPtrInput } @@ -245,49 +248,45 @@ func (UserPropertyProtocolMapperState) ElementType() reflect.Type { } type userPropertyProtocolMapperArgs struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the property should be a claim in the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the property should be a claim in the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName string `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + // Indicates if the property should appear in the userinfo response body. + AddToUserinfo *bool `pulumi:"addToUserinfo"` + ClaimName string `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType *string `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId string `pulumi:"realmId"` - // The built in user property (such as email) to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId string `pulumi:"realmId"` UserProperty string `pulumi:"userProperty"` } // The set of arguments for constructing a UserPropertyProtocolMapper resource. type UserPropertyProtocolMapperArgs struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the property should be a claim in the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the property should be a claim in the id token. AddToIdToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the property should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringInput - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringInput + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. - RealmId pulumi.StringInput - // The built in user property (such as email) to map a claim for. + // The realm id where the associated client or client scope exists. + RealmId pulumi.StringInput UserProperty pulumi.StringInput } @@ -378,52 +377,50 @@ func (o UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutputWith return o } -// Indicates if the property should be added as a claim to the access token. Defaults to `true`. +// Indicates if the property should be a claim in the access token. func (o UserPropertyProtocolMapperOutput) AddToAccessToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.BoolPtrOutput { return v.AddToAccessToken }).(pulumi.BoolPtrOutput) } -// Indicates if the property should be added as a claim to the id token. Defaults to `true`. +// Indicates if the property should be a claim in the id token. func (o UserPropertyProtocolMapperOutput) AddToIdToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.BoolPtrOutput { return v.AddToIdToken }).(pulumi.BoolPtrOutput) } -// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. +// Indicates if the property should appear in the userinfo response body. func (o UserPropertyProtocolMapperOutput) AddToUserinfo() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.BoolPtrOutput { return v.AddToUserinfo }).(pulumi.BoolPtrOutput) } -// The name of the claim to insert into a token. func (o UserPropertyProtocolMapperOutput) ClaimName() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.ClaimName }).(pulumi.StringOutput) } -// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. +// Claim type used when serializing tokens. func (o UserPropertyProtocolMapperOutput) ClaimValueType() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringPtrOutput { return v.ClaimValueType }).(pulumi.StringPtrOutput) } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o UserPropertyProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// The mapper's associated client scope. Cannot be used at the same time as client_id. func (o UserPropertyProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o UserPropertyProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o UserPropertyProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// The built in user property (such as email) to map a claim for. func (o UserPropertyProtocolMapperOutput) UserProperty() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.UserProperty }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/userRealmRoleProtocolMapper.go b/sdk/go/keycloak/openid/userRealmRoleProtocolMapper.go index 697760d2..43f23d66 100644 --- a/sdk/go/keycloak/openid/userRealmRoleProtocolMapper.go +++ b/sdk/go/keycloak/openid/userRealmRoleProtocolMapper.go @@ -12,16 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing user realm role protocol mappers within Keycloak. +// ## # openid.UserRealmRoleProtocolMapper // -// User realm role protocol mappers allow you to define a claim containing the list of the realm roles. +// Allows for creating and managing user realm role protocol mappers within +// Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// User realm role protocol mappers allow you to define a claim containing the list of the realm roles. +// Protocol mappers can be defined for a single client, or they can +// be defined for a client scope which can be shared between multiple different +// clients. // -// ## Example Usage -// ### Client) +// ### Example Usage (Client) // +// // ```go // package main // @@ -36,17 +39,17 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("client"), -// Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), +// ClientId: pulumi.String("test-client"), +// Enabled: pulumi.Bool(true), +// RealmId: realm.ID(), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -55,9 +58,9 @@ import ( // return err // } // _, err = openid.NewUserRealmRoleProtocolMapper(ctx, "userRealmRoleMapper", &openid.UserRealmRoleProtocolMapperArgs{ -// RealmId: realm.ID(), -// ClientId: openidClient.ID(), // ClaimName: pulumi.String("foo"), +// ClientId: openidClient.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -67,8 +70,11 @@ import ( // } // // ``` -// ### Client Scope) +// +// +// ### Example Usage (Client Scope) // +// // ```go // package main // @@ -83,8 +89,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err @@ -96,9 +102,9 @@ import ( // return err // } // _, err = openid.NewUserRealmRoleProtocolMapper(ctx, "userRealmRoleMapper", &openid.UserRealmRoleProtocolMapperArgs{ -// RealmId: realm.ID(), -// ClientScopeId: clientScope.ID(), // ClaimName: pulumi.String("foo"), +// ClientScopeId: clientScope.ID(), +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -108,50 +114,54 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Protocol mappers can be imported using one of the following formats: -// -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` -// -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `claimName` - (Required) The name of the claim to insert into a token. +// - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. +// - `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`. +// - `realmRolePrefix` - (Optional) A prefix for each Realm Role. +// - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. +// - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. +// - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type UserRealmRoleProtocolMapper struct { pulumi.CustomResourceState - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrOutput `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrOutput `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrOutput `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName pulumi.StringOutput `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringOutput `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrOutput `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued pulumi.BoolPtrOutput `pulumi:"multivalued"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringOutput `pulumi:"realmId"` - // A prefix for each Realm Role. + // Prefix that will be added to each realm role. RealmRolePrefix pulumi.StringPtrOutput `pulumi:"realmRolePrefix"` } @@ -191,52 +201,50 @@ func GetUserRealmRoleProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering UserRealmRoleProtocolMapper resources. type userRealmRoleProtocolMapperState struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName *string `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + // Indicates if the attribute should appear in the userinfo response body. + AddToUserinfo *bool `pulumi:"addToUserinfo"` + ClaimName *string `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType *string `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued *bool `pulumi:"multivalued"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId *string `pulumi:"realmId"` - // A prefix for each Realm Role. + // Prefix that will be added to each realm role. RealmRolePrefix *string `pulumi:"realmRolePrefix"` } type UserRealmRoleProtocolMapperState struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringPtrInput - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringPtrInput + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued pulumi.BoolPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringPtrInput - // A prefix for each Realm Role. + // Prefix that will be added to each realm role. RealmRolePrefix pulumi.StringPtrInput } @@ -245,53 +253,51 @@ func (UserRealmRoleProtocolMapperState) ElementType() reflect.Type { } type userRealmRoleProtocolMapperArgs struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken *bool `pulumi:"addToAccessToken"` - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken *bool `pulumi:"addToIdToken"` - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - AddToUserinfo *bool `pulumi:"addToUserinfo"` - // The name of the claim to insert into a token. - ClaimName string `pulumi:"claimName"` - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + // Indicates if the attribute should appear in the userinfo response body. + AddToUserinfo *bool `pulumi:"addToUserinfo"` + ClaimName string `pulumi:"claimName"` + // Claim type used when serializing tokens. ClaimValueType *string `pulumi:"claimValueType"` - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId *string `pulumi:"clientScopeId"` - // Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued *bool `pulumi:"multivalued"` - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId string `pulumi:"realmId"` - // A prefix for each Realm Role. + // Prefix that will be added to each realm role. RealmRolePrefix *string `pulumi:"realmRolePrefix"` } // The set of arguments for constructing a UserRealmRoleProtocolMapper resource. type UserRealmRoleProtocolMapperArgs struct { - // Indicates if the property should be added as a claim to the access token. Defaults to `true`. + // Indicates if the attribute should be a claim in the access token. AddToAccessToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the id token. Defaults to `true`. + // Indicates if the attribute should be a claim in the id token. AddToIdToken pulumi.BoolPtrInput - // Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + // Indicates if the attribute should appear in the userinfo response body. AddToUserinfo pulumi.BoolPtrInput - // The name of the claim to insert into a token. - ClaimName pulumi.StringInput - // The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + ClaimName pulumi.StringInput + // Claim type used when serializing tokens. ClaimValueType pulumi.StringPtrInput - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client. Cannot be used at the same time as client_scope_id. ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + // The mapper's associated client scope. Cannot be used at the same time as client_id. ClientScopeId pulumi.StringPtrInput - // Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + // Indicates whether this attribute is a single value or an array of values. Multivalued pulumi.BoolPtrInput - // The display name of this protocol mapper in the GUI. + // A human-friendly name that will appear in the Keycloak console. Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. + // The realm id where the associated client or client scope exists. RealmId pulumi.StringInput - // A prefix for each Realm Role. + // Prefix that will be added to each realm role. RealmRolePrefix pulumi.StringPtrInput } @@ -382,57 +388,56 @@ func (o UserRealmRoleProtocolMapperOutput) ToUserRealmRoleProtocolMapperOutputWi return o } -// Indicates if the property should be added as a claim to the access token. Defaults to `true`. +// Indicates if the attribute should be a claim in the access token. func (o UserRealmRoleProtocolMapperOutput) AddToAccessToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.BoolPtrOutput { return v.AddToAccessToken }).(pulumi.BoolPtrOutput) } -// Indicates if the property should be added as a claim to the id token. Defaults to `true`. +// Indicates if the attribute should be a claim in the id token. func (o UserRealmRoleProtocolMapperOutput) AddToIdToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.BoolPtrOutput { return v.AddToIdToken }).(pulumi.BoolPtrOutput) } -// Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. +// Indicates if the attribute should appear in the userinfo response body. func (o UserRealmRoleProtocolMapperOutput) AddToUserinfo() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.BoolPtrOutput { return v.AddToUserinfo }).(pulumi.BoolPtrOutput) } -// The name of the claim to insert into a token. func (o UserRealmRoleProtocolMapperOutput) ClaimName() pulumi.StringOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.StringOutput { return v.ClaimName }).(pulumi.StringOutput) } -// The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. +// Claim type used when serializing tokens. func (o UserRealmRoleProtocolMapperOutput) ClaimValueType() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.StringPtrOutput { return v.ClaimValueType }).(pulumi.StringPtrOutput) } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client. Cannot be used at the same time as client_scope_id. func (o UserRealmRoleProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. +// The mapper's associated client scope. Cannot be used at the same time as client_id. func (o UserRealmRoleProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. +// Indicates whether this attribute is a single value or an array of values. func (o UserRealmRoleProtocolMapperOutput) Multivalued() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.BoolPtrOutput { return v.Multivalued }).(pulumi.BoolPtrOutput) } -// The display name of this protocol mapper in the GUI. +// A human-friendly name that will appear in the Keycloak console. func (o UserRealmRoleProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. +// The realm id where the associated client or client scope exists. func (o UserRealmRoleProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// A prefix for each Realm Role. +// Prefix that will be added to each realm role. func (o UserRealmRoleProtocolMapperOutput) RealmRolePrefix() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserRealmRoleProtocolMapper) pulumi.StringPtrOutput { return v.RealmRolePrefix }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go b/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go index 24bdca55..8d974550 100644 --- a/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go +++ b/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go @@ -20,8 +20,10 @@ import ( // multiple different clients. // // ## Example Usage +// // ### Client) // +// // ```go // package main // @@ -69,8 +71,11 @@ import ( // } // // ``` +// +// // ### Client Scope) // +// // ```go // package main // @@ -112,18 +117,19 @@ import ( // } // // ``` +// // // ## Import // // Protocol mappers can be imported using one of the following formats: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/go/keycloak/pulumiTypes.go b/sdk/go/keycloak/pulumiTypes.go index 2162cbbf..5a2dee24 100644 --- a/sdk/go/keycloak/pulumiTypes.go +++ b/sdk/go/keycloak/pulumiTypes.go @@ -829,9 +829,7 @@ func (o GroupPermissionsViewScopePtrOutput) Policies() pulumi.StringArrayOutput } type RealmInternationalization struct { - // The locale to use by default. This locale code must be present within the `supportedLocales` list. - DefaultLocale string `pulumi:"defaultLocale"` - // A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. + DefaultLocale string `pulumi:"defaultLocale"` SupportedLocales []string `pulumi:"supportedLocales"` } @@ -847,9 +845,7 @@ type RealmInternationalizationInput interface { } type RealmInternationalizationArgs struct { - // The locale to use by default. This locale code must be present within the `supportedLocales` list. - DefaultLocale pulumi.StringInput `pulumi:"defaultLocale"` - // A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. + DefaultLocale pulumi.StringInput `pulumi:"defaultLocale"` SupportedLocales pulumi.StringArrayInput `pulumi:"supportedLocales"` } @@ -930,12 +926,10 @@ func (o RealmInternationalizationOutput) ToRealmInternationalizationPtrOutputWit }).(RealmInternationalizationPtrOutput) } -// The locale to use by default. This locale code must be present within the `supportedLocales` list. func (o RealmInternationalizationOutput) DefaultLocale() pulumi.StringOutput { return o.ApplyT(func(v RealmInternationalization) string { return v.DefaultLocale }).(pulumi.StringOutput) } -// A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. func (o RealmInternationalizationOutput) SupportedLocales() pulumi.StringArrayOutput { return o.ApplyT(func(v RealmInternationalization) []string { return v.SupportedLocales }).(pulumi.StringArrayOutput) } @@ -964,7 +958,6 @@ func (o RealmInternationalizationPtrOutput) Elem() RealmInternationalizationOutp }).(RealmInternationalizationOutput) } -// The locale to use by default. This locale code must be present within the `supportedLocales` list. func (o RealmInternationalizationPtrOutput) DefaultLocale() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmInternationalization) *string { if v == nil { @@ -974,7 +967,6 @@ func (o RealmInternationalizationPtrOutput) DefaultLocale() pulumi.StringPtrOutp }).(pulumi.StringPtrOutput) } -// A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. func (o RealmInternationalizationPtrOutput) SupportedLocales() pulumi.StringArrayOutput { return o.ApplyT(func(v *RealmInternationalization) []string { if v == nil { @@ -985,17 +977,13 @@ func (o RealmInternationalizationPtrOutput) SupportedLocales() pulumi.StringArra } type RealmOtpPolicy struct { - // What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. - Algorithm *string `pulumi:"algorithm"` - // How many digits the OTP have. Defaults to `6`. - Digits *int `pulumi:"digits"` - // What should the initial counter value be. Defaults to `2`. - InitialCounter *int `pulumi:"initialCounter"` - // How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - LookAheadWindow *int `pulumi:"lookAheadWindow"` - // How many seconds should an OTP token be valid. Defaults to `30`. - Period *int `pulumi:"period"` - // One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + // What hashing algorithm should be used to generate the OTP. + Algorithm *string `pulumi:"algorithm"` + Digits *int `pulumi:"digits"` + InitialCounter *int `pulumi:"initialCounter"` + LookAheadWindow *int `pulumi:"lookAheadWindow"` + Period *int `pulumi:"period"` + // OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password Type *string `pulumi:"type"` } @@ -1011,17 +999,13 @@ type RealmOtpPolicyInput interface { } type RealmOtpPolicyArgs struct { - // What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. - Algorithm pulumi.StringPtrInput `pulumi:"algorithm"` - // How many digits the OTP have. Defaults to `6`. - Digits pulumi.IntPtrInput `pulumi:"digits"` - // What should the initial counter value be. Defaults to `2`. - InitialCounter pulumi.IntPtrInput `pulumi:"initialCounter"` - // How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - LookAheadWindow pulumi.IntPtrInput `pulumi:"lookAheadWindow"` - // How many seconds should an OTP token be valid. Defaults to `30`. - Period pulumi.IntPtrInput `pulumi:"period"` - // One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + // What hashing algorithm should be used to generate the OTP. + Algorithm pulumi.StringPtrInput `pulumi:"algorithm"` + Digits pulumi.IntPtrInput `pulumi:"digits"` + InitialCounter pulumi.IntPtrInput `pulumi:"initialCounter"` + LookAheadWindow pulumi.IntPtrInput `pulumi:"lookAheadWindow"` + Period pulumi.IntPtrInput `pulumi:"period"` + // OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password Type pulumi.StringPtrInput `pulumi:"type"` } @@ -1102,32 +1086,28 @@ func (o RealmOtpPolicyOutput) ToRealmOtpPolicyPtrOutputWithContext(ctx context.C }).(RealmOtpPolicyPtrOutput) } -// What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. +// What hashing algorithm should be used to generate the OTP. func (o RealmOtpPolicyOutput) Algorithm() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmOtpPolicy) *string { return v.Algorithm }).(pulumi.StringPtrOutput) } -// How many digits the OTP have. Defaults to `6`. func (o RealmOtpPolicyOutput) Digits() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmOtpPolicy) *int { return v.Digits }).(pulumi.IntPtrOutput) } -// What should the initial counter value be. Defaults to `2`. func (o RealmOtpPolicyOutput) InitialCounter() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmOtpPolicy) *int { return v.InitialCounter }).(pulumi.IntPtrOutput) } -// How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. func (o RealmOtpPolicyOutput) LookAheadWindow() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmOtpPolicy) *int { return v.LookAheadWindow }).(pulumi.IntPtrOutput) } -// How many seconds should an OTP token be valid. Defaults to `30`. func (o RealmOtpPolicyOutput) Period() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmOtpPolicy) *int { return v.Period }).(pulumi.IntPtrOutput) } -// One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. +// OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password func (o RealmOtpPolicyOutput) Type() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmOtpPolicy) *string { return v.Type }).(pulumi.StringPtrOutput) } @@ -1156,7 +1136,7 @@ func (o RealmOtpPolicyPtrOutput) Elem() RealmOtpPolicyOutput { }).(RealmOtpPolicyOutput) } -// What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. +// What hashing algorithm should be used to generate the OTP. func (o RealmOtpPolicyPtrOutput) Algorithm() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmOtpPolicy) *string { if v == nil { @@ -1166,7 +1146,6 @@ func (o RealmOtpPolicyPtrOutput) Algorithm() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// How many digits the OTP have. Defaults to `6`. func (o RealmOtpPolicyPtrOutput) Digits() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmOtpPolicy) *int { if v == nil { @@ -1176,7 +1155,6 @@ func (o RealmOtpPolicyPtrOutput) Digits() pulumi.IntPtrOutput { }).(pulumi.IntPtrOutput) } -// What should the initial counter value be. Defaults to `2`. func (o RealmOtpPolicyPtrOutput) InitialCounter() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmOtpPolicy) *int { if v == nil { @@ -1186,7 +1164,6 @@ func (o RealmOtpPolicyPtrOutput) InitialCounter() pulumi.IntPtrOutput { }).(pulumi.IntPtrOutput) } -// How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. func (o RealmOtpPolicyPtrOutput) LookAheadWindow() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmOtpPolicy) *int { if v == nil { @@ -1196,7 +1173,6 @@ func (o RealmOtpPolicyPtrOutput) LookAheadWindow() pulumi.IntPtrOutput { }).(pulumi.IntPtrOutput) } -// How many seconds should an OTP token be valid. Defaults to `30`. func (o RealmOtpPolicyPtrOutput) Period() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmOtpPolicy) *int { if v == nil { @@ -1206,7 +1182,7 @@ func (o RealmOtpPolicyPtrOutput) Period() pulumi.IntPtrOutput { }).(pulumi.IntPtrOutput) } -// One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. +// OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password func (o RealmOtpPolicyPtrOutput) Type() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmOtpPolicy) *string { if v == nil { @@ -1365,20 +1341,13 @@ func (o RealmSecurityDefensesPtrOutput) Headers() RealmSecurityDefensesHeadersPt } type RealmSecurityDefensesBruteForceDetection struct { - // When will failure count be reset? - FailureResetTimeSeconds *int `pulumi:"failureResetTimeSeconds"` - MaxFailureWaitSeconds *int `pulumi:"maxFailureWaitSeconds"` - // How many failures before wait is triggered. - MaxLoginFailures *int `pulumi:"maxLoginFailures"` - // How long to wait after a quick login failure. - // - ` maxFailureWaitSeconds ` - (Optional) Max. time a user will be locked out. - MinimumQuickLoginWaitSeconds *int `pulumi:"minimumQuickLoginWaitSeconds"` - // When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - PermanentLockout *bool `pulumi:"permanentLockout"` - // Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - QuickLoginCheckMilliSeconds *int `pulumi:"quickLoginCheckMilliSeconds"` - // This represents the amount of time a user should be locked out when the login failure threshold has been met. - WaitIncrementSeconds *int `pulumi:"waitIncrementSeconds"` + FailureResetTimeSeconds *int `pulumi:"failureResetTimeSeconds"` + MaxFailureWaitSeconds *int `pulumi:"maxFailureWaitSeconds"` + MaxLoginFailures *int `pulumi:"maxLoginFailures"` + MinimumQuickLoginWaitSeconds *int `pulumi:"minimumQuickLoginWaitSeconds"` + PermanentLockout *bool `pulumi:"permanentLockout"` + QuickLoginCheckMilliSeconds *int `pulumi:"quickLoginCheckMilliSeconds"` + WaitIncrementSeconds *int `pulumi:"waitIncrementSeconds"` } // RealmSecurityDefensesBruteForceDetectionInput is an input type that accepts RealmSecurityDefensesBruteForceDetectionArgs and RealmSecurityDefensesBruteForceDetectionOutput values. @@ -1393,20 +1362,13 @@ type RealmSecurityDefensesBruteForceDetectionInput interface { } type RealmSecurityDefensesBruteForceDetectionArgs struct { - // When will failure count be reset? - FailureResetTimeSeconds pulumi.IntPtrInput `pulumi:"failureResetTimeSeconds"` - MaxFailureWaitSeconds pulumi.IntPtrInput `pulumi:"maxFailureWaitSeconds"` - // How many failures before wait is triggered. - MaxLoginFailures pulumi.IntPtrInput `pulumi:"maxLoginFailures"` - // How long to wait after a quick login failure. - // - ` maxFailureWaitSeconds ` - (Optional) Max. time a user will be locked out. - MinimumQuickLoginWaitSeconds pulumi.IntPtrInput `pulumi:"minimumQuickLoginWaitSeconds"` - // When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - PermanentLockout pulumi.BoolPtrInput `pulumi:"permanentLockout"` - // Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - QuickLoginCheckMilliSeconds pulumi.IntPtrInput `pulumi:"quickLoginCheckMilliSeconds"` - // This represents the amount of time a user should be locked out when the login failure threshold has been met. - WaitIncrementSeconds pulumi.IntPtrInput `pulumi:"waitIncrementSeconds"` + FailureResetTimeSeconds pulumi.IntPtrInput `pulumi:"failureResetTimeSeconds"` + MaxFailureWaitSeconds pulumi.IntPtrInput `pulumi:"maxFailureWaitSeconds"` + MaxLoginFailures pulumi.IntPtrInput `pulumi:"maxLoginFailures"` + MinimumQuickLoginWaitSeconds pulumi.IntPtrInput `pulumi:"minimumQuickLoginWaitSeconds"` + PermanentLockout pulumi.BoolPtrInput `pulumi:"permanentLockout"` + QuickLoginCheckMilliSeconds pulumi.IntPtrInput `pulumi:"quickLoginCheckMilliSeconds"` + WaitIncrementSeconds pulumi.IntPtrInput `pulumi:"waitIncrementSeconds"` } func (RealmSecurityDefensesBruteForceDetectionArgs) ElementType() reflect.Type { @@ -1486,7 +1448,6 @@ func (o RealmSecurityDefensesBruteForceDetectionOutput) ToRealmSecurityDefensesB }).(RealmSecurityDefensesBruteForceDetectionPtrOutput) } -// When will failure count be reset? func (o RealmSecurityDefensesBruteForceDetectionOutput) FailureResetTimeSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesBruteForceDetection) *int { return v.FailureResetTimeSeconds }).(pulumi.IntPtrOutput) } @@ -1495,28 +1456,22 @@ func (o RealmSecurityDefensesBruteForceDetectionOutput) MaxFailureWaitSeconds() return o.ApplyT(func(v RealmSecurityDefensesBruteForceDetection) *int { return v.MaxFailureWaitSeconds }).(pulumi.IntPtrOutput) } -// How many failures before wait is triggered. func (o RealmSecurityDefensesBruteForceDetectionOutput) MaxLoginFailures() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesBruteForceDetection) *int { return v.MaxLoginFailures }).(pulumi.IntPtrOutput) } -// How long to wait after a quick login failure. -// - ` maxFailureWaitSeconds ` - (Optional) Max. time a user will be locked out. func (o RealmSecurityDefensesBruteForceDetectionOutput) MinimumQuickLoginWaitSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesBruteForceDetection) *int { return v.MinimumQuickLoginWaitSeconds }).(pulumi.IntPtrOutput) } -// When `true`, this will lock the user permanently when the user exceeds the maximum login failures. func (o RealmSecurityDefensesBruteForceDetectionOutput) PermanentLockout() pulumi.BoolPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesBruteForceDetection) *bool { return v.PermanentLockout }).(pulumi.BoolPtrOutput) } -// Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. func (o RealmSecurityDefensesBruteForceDetectionOutput) QuickLoginCheckMilliSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesBruteForceDetection) *int { return v.QuickLoginCheckMilliSeconds }).(pulumi.IntPtrOutput) } -// This represents the amount of time a user should be locked out when the login failure threshold has been met. func (o RealmSecurityDefensesBruteForceDetectionOutput) WaitIncrementSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesBruteForceDetection) *int { return v.WaitIncrementSeconds }).(pulumi.IntPtrOutput) } @@ -1545,7 +1500,6 @@ func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) Elem() RealmSecurityD }).(RealmSecurityDefensesBruteForceDetectionOutput) } -// When will failure count be reset? func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) FailureResetTimeSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesBruteForceDetection) *int { if v == nil { @@ -1564,7 +1518,6 @@ func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) MaxFailureWaitSeconds }).(pulumi.IntPtrOutput) } -// How many failures before wait is triggered. func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) MaxLoginFailures() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesBruteForceDetection) *int { if v == nil { @@ -1574,8 +1527,6 @@ func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) MaxLoginFailures() pu }).(pulumi.IntPtrOutput) } -// How long to wait after a quick login failure. -// - ` maxFailureWaitSeconds ` - (Optional) Max. time a user will be locked out. func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) MinimumQuickLoginWaitSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesBruteForceDetection) *int { if v == nil { @@ -1585,7 +1536,6 @@ func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) MinimumQuickLoginWait }).(pulumi.IntPtrOutput) } -// When `true`, this will lock the user permanently when the user exceeds the maximum login failures. func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) PermanentLockout() pulumi.BoolPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesBruteForceDetection) *bool { if v == nil { @@ -1595,7 +1545,6 @@ func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) PermanentLockout() pu }).(pulumi.BoolPtrOutput) } -// Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) QuickLoginCheckMilliSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesBruteForceDetection) *int { if v == nil { @@ -1605,7 +1554,6 @@ func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) QuickLoginCheckMilliS }).(pulumi.IntPtrOutput) } -// This represents the amount of time a user should be locked out when the login failure threshold has been met. func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) WaitIncrementSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesBruteForceDetection) *int { if v == nil { @@ -1616,22 +1564,14 @@ func (o RealmSecurityDefensesBruteForceDetectionPtrOutput) WaitIncrementSeconds( } type RealmSecurityDefensesHeaders struct { - // Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - ContentSecurityPolicy *string `pulumi:"contentSecurityPolicy"` - // Used for testing Content Security Policies. + ContentSecurityPolicy *string `pulumi:"contentSecurityPolicy"` ContentSecurityPolicyReportOnly *string `pulumi:"contentSecurityPolicyReportOnly"` - // The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - ReferrerPolicy *string `pulumi:"referrerPolicy"` - // The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - StrictTransportSecurity *string `pulumi:"strictTransportSecurity"` - // Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - XContentTypeOptions *string `pulumi:"xContentTypeOptions"` - // Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - XFrameOptions *string `pulumi:"xFrameOptions"` - // Prevent pages from appearing in search engines. - XRobotsTag *string `pulumi:"xRobotsTag"` - // This header configures the Cross-site scripting (XSS) filter in your browser. - XXssProtection *string `pulumi:"xXssProtection"` + ReferrerPolicy *string `pulumi:"referrerPolicy"` + StrictTransportSecurity *string `pulumi:"strictTransportSecurity"` + XContentTypeOptions *string `pulumi:"xContentTypeOptions"` + XFrameOptions *string `pulumi:"xFrameOptions"` + XRobotsTag *string `pulumi:"xRobotsTag"` + XXssProtection *string `pulumi:"xXssProtection"` } // RealmSecurityDefensesHeadersInput is an input type that accepts RealmSecurityDefensesHeadersArgs and RealmSecurityDefensesHeadersOutput values. @@ -1646,22 +1586,14 @@ type RealmSecurityDefensesHeadersInput interface { } type RealmSecurityDefensesHeadersArgs struct { - // Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - ContentSecurityPolicy pulumi.StringPtrInput `pulumi:"contentSecurityPolicy"` - // Used for testing Content Security Policies. + ContentSecurityPolicy pulumi.StringPtrInput `pulumi:"contentSecurityPolicy"` ContentSecurityPolicyReportOnly pulumi.StringPtrInput `pulumi:"contentSecurityPolicyReportOnly"` - // The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - ReferrerPolicy pulumi.StringPtrInput `pulumi:"referrerPolicy"` - // The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - StrictTransportSecurity pulumi.StringPtrInput `pulumi:"strictTransportSecurity"` - // Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - XContentTypeOptions pulumi.StringPtrInput `pulumi:"xContentTypeOptions"` - // Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - XFrameOptions pulumi.StringPtrInput `pulumi:"xFrameOptions"` - // Prevent pages from appearing in search engines. - XRobotsTag pulumi.StringPtrInput `pulumi:"xRobotsTag"` - // This header configures the Cross-site scripting (XSS) filter in your browser. - XXssProtection pulumi.StringPtrInput `pulumi:"xXssProtection"` + ReferrerPolicy pulumi.StringPtrInput `pulumi:"referrerPolicy"` + StrictTransportSecurity pulumi.StringPtrInput `pulumi:"strictTransportSecurity"` + XContentTypeOptions pulumi.StringPtrInput `pulumi:"xContentTypeOptions"` + XFrameOptions pulumi.StringPtrInput `pulumi:"xFrameOptions"` + XRobotsTag pulumi.StringPtrInput `pulumi:"xRobotsTag"` + XXssProtection pulumi.StringPtrInput `pulumi:"xXssProtection"` } func (RealmSecurityDefensesHeadersArgs) ElementType() reflect.Type { @@ -1741,42 +1673,34 @@ func (o RealmSecurityDefensesHeadersOutput) ToRealmSecurityDefensesHeadersPtrOut }).(RealmSecurityDefensesHeadersPtrOutput) } -// Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. func (o RealmSecurityDefensesHeadersOutput) ContentSecurityPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesHeaders) *string { return v.ContentSecurityPolicy }).(pulumi.StringPtrOutput) } -// Used for testing Content Security Policies. func (o RealmSecurityDefensesHeadersOutput) ContentSecurityPolicyReportOnly() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesHeaders) *string { return v.ContentSecurityPolicyReportOnly }).(pulumi.StringPtrOutput) } -// The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. func (o RealmSecurityDefensesHeadersOutput) ReferrerPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesHeaders) *string { return v.ReferrerPolicy }).(pulumi.StringPtrOutput) } -// The Script-Transport-Security HTTP header tells browsers to always use HTTPS. func (o RealmSecurityDefensesHeadersOutput) StrictTransportSecurity() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesHeaders) *string { return v.StrictTransportSecurity }).(pulumi.StringPtrOutput) } -// Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type func (o RealmSecurityDefensesHeadersOutput) XContentTypeOptions() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesHeaders) *string { return v.XContentTypeOptions }).(pulumi.StringPtrOutput) } -// Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) func (o RealmSecurityDefensesHeadersOutput) XFrameOptions() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesHeaders) *string { return v.XFrameOptions }).(pulumi.StringPtrOutput) } -// Prevent pages from appearing in search engines. func (o RealmSecurityDefensesHeadersOutput) XRobotsTag() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesHeaders) *string { return v.XRobotsTag }).(pulumi.StringPtrOutput) } -// This header configures the Cross-site scripting (XSS) filter in your browser. func (o RealmSecurityDefensesHeadersOutput) XXssProtection() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSecurityDefensesHeaders) *string { return v.XXssProtection }).(pulumi.StringPtrOutput) } @@ -1805,7 +1729,6 @@ func (o RealmSecurityDefensesHeadersPtrOutput) Elem() RealmSecurityDefensesHeade }).(RealmSecurityDefensesHeadersOutput) } -// Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. func (o RealmSecurityDefensesHeadersPtrOutput) ContentSecurityPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesHeaders) *string { if v == nil { @@ -1815,7 +1738,6 @@ func (o RealmSecurityDefensesHeadersPtrOutput) ContentSecurityPolicy() pulumi.St }).(pulumi.StringPtrOutput) } -// Used for testing Content Security Policies. func (o RealmSecurityDefensesHeadersPtrOutput) ContentSecurityPolicyReportOnly() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesHeaders) *string { if v == nil { @@ -1825,7 +1747,6 @@ func (o RealmSecurityDefensesHeadersPtrOutput) ContentSecurityPolicyReportOnly() }).(pulumi.StringPtrOutput) } -// The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. func (o RealmSecurityDefensesHeadersPtrOutput) ReferrerPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesHeaders) *string { if v == nil { @@ -1835,7 +1756,6 @@ func (o RealmSecurityDefensesHeadersPtrOutput) ReferrerPolicy() pulumi.StringPtr }).(pulumi.StringPtrOutput) } -// The Script-Transport-Security HTTP header tells browsers to always use HTTPS. func (o RealmSecurityDefensesHeadersPtrOutput) StrictTransportSecurity() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesHeaders) *string { if v == nil { @@ -1845,7 +1765,6 @@ func (o RealmSecurityDefensesHeadersPtrOutput) StrictTransportSecurity() pulumi. }).(pulumi.StringPtrOutput) } -// Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type func (o RealmSecurityDefensesHeadersPtrOutput) XContentTypeOptions() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesHeaders) *string { if v == nil { @@ -1855,7 +1774,6 @@ func (o RealmSecurityDefensesHeadersPtrOutput) XContentTypeOptions() pulumi.Stri }).(pulumi.StringPtrOutput) } -// Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) func (o RealmSecurityDefensesHeadersPtrOutput) XFrameOptions() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesHeaders) *string { if v == nil { @@ -1865,7 +1783,6 @@ func (o RealmSecurityDefensesHeadersPtrOutput) XFrameOptions() pulumi.StringPtrO }).(pulumi.StringPtrOutput) } -// Prevent pages from appearing in search engines. func (o RealmSecurityDefensesHeadersPtrOutput) XRobotsTag() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesHeaders) *string { if v == nil { @@ -1875,7 +1792,6 @@ func (o RealmSecurityDefensesHeadersPtrOutput) XRobotsTag() pulumi.StringPtrOutp }).(pulumi.StringPtrOutput) } -// This header configures the Cross-site scripting (XSS) filter in your browser. func (o RealmSecurityDefensesHeadersPtrOutput) XXssProtection() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSecurityDefensesHeaders) *string { if v == nil { @@ -1886,26 +1802,16 @@ func (o RealmSecurityDefensesHeadersPtrOutput) XXssProtection() pulumi.StringPtr } type RealmSmtpServer struct { - // Enables authentication to the SMTP server. This block supports the following arguments: - Auth *RealmSmtpServerAuth `pulumi:"auth"` - // The email address uses for bounces. - EnvelopeFrom *string `pulumi:"envelopeFrom"` - // The email address for the sender. - From string `pulumi:"from"` - // The display name of the sender email address. - FromDisplayName *string `pulumi:"fromDisplayName"` - // The host of the SMTP server. - Host string `pulumi:"host"` - // The port of the SMTP server (defaults to 25). - Port *string `pulumi:"port"` - // The "reply to" email address. - ReplyTo *string `pulumi:"replyTo"` - // The display name of the "reply to" email address. - ReplyToDisplayName *string `pulumi:"replyToDisplayName"` - // When `true`, enables SSL. Defaults to `false`. - Ssl *bool `pulumi:"ssl"` - // When `true`, enables StartTLS. Defaults to `false`. - Starttls *bool `pulumi:"starttls"` + Auth *RealmSmtpServerAuth `pulumi:"auth"` + EnvelopeFrom *string `pulumi:"envelopeFrom"` + From string `pulumi:"from"` + FromDisplayName *string `pulumi:"fromDisplayName"` + Host string `pulumi:"host"` + Port *string `pulumi:"port"` + ReplyTo *string `pulumi:"replyTo"` + ReplyToDisplayName *string `pulumi:"replyToDisplayName"` + Ssl *bool `pulumi:"ssl"` + Starttls *bool `pulumi:"starttls"` } // RealmSmtpServerInput is an input type that accepts RealmSmtpServerArgs and RealmSmtpServerOutput values. @@ -1920,26 +1826,16 @@ type RealmSmtpServerInput interface { } type RealmSmtpServerArgs struct { - // Enables authentication to the SMTP server. This block supports the following arguments: - Auth RealmSmtpServerAuthPtrInput `pulumi:"auth"` - // The email address uses for bounces. - EnvelopeFrom pulumi.StringPtrInput `pulumi:"envelopeFrom"` - // The email address for the sender. - From pulumi.StringInput `pulumi:"from"` - // The display name of the sender email address. - FromDisplayName pulumi.StringPtrInput `pulumi:"fromDisplayName"` - // The host of the SMTP server. - Host pulumi.StringInput `pulumi:"host"` - // The port of the SMTP server (defaults to 25). - Port pulumi.StringPtrInput `pulumi:"port"` - // The "reply to" email address. - ReplyTo pulumi.StringPtrInput `pulumi:"replyTo"` - // The display name of the "reply to" email address. - ReplyToDisplayName pulumi.StringPtrInput `pulumi:"replyToDisplayName"` - // When `true`, enables SSL. Defaults to `false`. - Ssl pulumi.BoolPtrInput `pulumi:"ssl"` - // When `true`, enables StartTLS. Defaults to `false`. - Starttls pulumi.BoolPtrInput `pulumi:"starttls"` + Auth RealmSmtpServerAuthPtrInput `pulumi:"auth"` + EnvelopeFrom pulumi.StringPtrInput `pulumi:"envelopeFrom"` + From pulumi.StringInput `pulumi:"from"` + FromDisplayName pulumi.StringPtrInput `pulumi:"fromDisplayName"` + Host pulumi.StringInput `pulumi:"host"` + Port pulumi.StringPtrInput `pulumi:"port"` + ReplyTo pulumi.StringPtrInput `pulumi:"replyTo"` + ReplyToDisplayName pulumi.StringPtrInput `pulumi:"replyToDisplayName"` + Ssl pulumi.BoolPtrInput `pulumi:"ssl"` + Starttls pulumi.BoolPtrInput `pulumi:"starttls"` } func (RealmSmtpServerArgs) ElementType() reflect.Type { @@ -2019,52 +1915,42 @@ func (o RealmSmtpServerOutput) ToRealmSmtpServerPtrOutputWithContext(ctx context }).(RealmSmtpServerPtrOutput) } -// Enables authentication to the SMTP server. This block supports the following arguments: func (o RealmSmtpServerOutput) Auth() RealmSmtpServerAuthPtrOutput { return o.ApplyT(func(v RealmSmtpServer) *RealmSmtpServerAuth { return v.Auth }).(RealmSmtpServerAuthPtrOutput) } -// The email address uses for bounces. func (o RealmSmtpServerOutput) EnvelopeFrom() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSmtpServer) *string { return v.EnvelopeFrom }).(pulumi.StringPtrOutput) } -// The email address for the sender. func (o RealmSmtpServerOutput) From() pulumi.StringOutput { return o.ApplyT(func(v RealmSmtpServer) string { return v.From }).(pulumi.StringOutput) } -// The display name of the sender email address. func (o RealmSmtpServerOutput) FromDisplayName() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSmtpServer) *string { return v.FromDisplayName }).(pulumi.StringPtrOutput) } -// The host of the SMTP server. func (o RealmSmtpServerOutput) Host() pulumi.StringOutput { return o.ApplyT(func(v RealmSmtpServer) string { return v.Host }).(pulumi.StringOutput) } -// The port of the SMTP server (defaults to 25). func (o RealmSmtpServerOutput) Port() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSmtpServer) *string { return v.Port }).(pulumi.StringPtrOutput) } -// The "reply to" email address. func (o RealmSmtpServerOutput) ReplyTo() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSmtpServer) *string { return v.ReplyTo }).(pulumi.StringPtrOutput) } -// The display name of the "reply to" email address. func (o RealmSmtpServerOutput) ReplyToDisplayName() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmSmtpServer) *string { return v.ReplyToDisplayName }).(pulumi.StringPtrOutput) } -// When `true`, enables SSL. Defaults to `false`. func (o RealmSmtpServerOutput) Ssl() pulumi.BoolPtrOutput { return o.ApplyT(func(v RealmSmtpServer) *bool { return v.Ssl }).(pulumi.BoolPtrOutput) } -// When `true`, enables StartTLS. Defaults to `false`. func (o RealmSmtpServerOutput) Starttls() pulumi.BoolPtrOutput { return o.ApplyT(func(v RealmSmtpServer) *bool { return v.Starttls }).(pulumi.BoolPtrOutput) } @@ -2093,7 +1979,6 @@ func (o RealmSmtpServerPtrOutput) Elem() RealmSmtpServerOutput { }).(RealmSmtpServerOutput) } -// Enables authentication to the SMTP server. This block supports the following arguments: func (o RealmSmtpServerPtrOutput) Auth() RealmSmtpServerAuthPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *RealmSmtpServerAuth { if v == nil { @@ -2103,7 +1988,6 @@ func (o RealmSmtpServerPtrOutput) Auth() RealmSmtpServerAuthPtrOutput { }).(RealmSmtpServerAuthPtrOutput) } -// The email address uses for bounces. func (o RealmSmtpServerPtrOutput) EnvelopeFrom() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *string { if v == nil { @@ -2113,7 +1997,6 @@ func (o RealmSmtpServerPtrOutput) EnvelopeFrom() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// The email address for the sender. func (o RealmSmtpServerPtrOutput) From() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *string { if v == nil { @@ -2123,7 +2006,6 @@ func (o RealmSmtpServerPtrOutput) From() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// The display name of the sender email address. func (o RealmSmtpServerPtrOutput) FromDisplayName() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *string { if v == nil { @@ -2133,7 +2015,6 @@ func (o RealmSmtpServerPtrOutput) FromDisplayName() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// The host of the SMTP server. func (o RealmSmtpServerPtrOutput) Host() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *string { if v == nil { @@ -2143,7 +2024,6 @@ func (o RealmSmtpServerPtrOutput) Host() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// The port of the SMTP server (defaults to 25). func (o RealmSmtpServerPtrOutput) Port() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *string { if v == nil { @@ -2153,7 +2033,6 @@ func (o RealmSmtpServerPtrOutput) Port() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// The "reply to" email address. func (o RealmSmtpServerPtrOutput) ReplyTo() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *string { if v == nil { @@ -2163,7 +2042,6 @@ func (o RealmSmtpServerPtrOutput) ReplyTo() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// The display name of the "reply to" email address. func (o RealmSmtpServerPtrOutput) ReplyToDisplayName() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *string { if v == nil { @@ -2173,7 +2051,6 @@ func (o RealmSmtpServerPtrOutput) ReplyToDisplayName() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// When `true`, enables SSL. Defaults to `false`. func (o RealmSmtpServerPtrOutput) Ssl() pulumi.BoolPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *bool { if v == nil { @@ -2183,7 +2060,6 @@ func (o RealmSmtpServerPtrOutput) Ssl() pulumi.BoolPtrOutput { }).(pulumi.BoolPtrOutput) } -// When `true`, enables StartTLS. Defaults to `false`. func (o RealmSmtpServerPtrOutput) Starttls() pulumi.BoolPtrOutput { return o.ApplyT(func(v *RealmSmtpServer) *bool { if v == nil { @@ -2194,9 +2070,7 @@ func (o RealmSmtpServerPtrOutput) Starttls() pulumi.BoolPtrOutput { } type RealmSmtpServerAuth struct { - // The SMTP server password. Password string `pulumi:"password"` - // The SMTP server username. Username string `pulumi:"username"` } @@ -2212,9 +2086,7 @@ type RealmSmtpServerAuthInput interface { } type RealmSmtpServerAuthArgs struct { - // The SMTP server password. Password pulumi.StringInput `pulumi:"password"` - // The SMTP server username. Username pulumi.StringInput `pulumi:"username"` } @@ -2295,12 +2167,10 @@ func (o RealmSmtpServerAuthOutput) ToRealmSmtpServerAuthPtrOutputWithContext(ctx }).(RealmSmtpServerAuthPtrOutput) } -// The SMTP server password. func (o RealmSmtpServerAuthOutput) Password() pulumi.StringOutput { return o.ApplyT(func(v RealmSmtpServerAuth) string { return v.Password }).(pulumi.StringOutput) } -// The SMTP server username. func (o RealmSmtpServerAuthOutput) Username() pulumi.StringOutput { return o.ApplyT(func(v RealmSmtpServerAuth) string { return v.Username }).(pulumi.StringOutput) } @@ -2329,7 +2199,6 @@ func (o RealmSmtpServerAuthPtrOutput) Elem() RealmSmtpServerAuthOutput { }).(RealmSmtpServerAuthOutput) } -// The SMTP server password. func (o RealmSmtpServerAuthPtrOutput) Password() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServerAuth) *string { if v == nil { @@ -2339,7 +2208,6 @@ func (o RealmSmtpServerAuthPtrOutput) Password() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// The SMTP server username. func (o RealmSmtpServerAuthPtrOutput) Username() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmSmtpServerAuth) *string { if v == nil { @@ -2905,25 +2773,20 @@ func (o RealmUserProfileGroupArrayOutput) Index(i pulumi.IntInput) RealmUserProf } type RealmWebAuthnPasswordlessPolicy struct { - // A set of AAGUIDs for which an authenticator can be registered. AcceptableAaguids []string `pulumi:"acceptableAaguids"` - // The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + // Either none, indirect or direct AttestationConveyancePreference *string `pulumi:"attestationConveyancePreference"` - // The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. - AuthenticatorAttachment *string `pulumi:"authenticatorAttachment"` - // When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - AvoidSameAuthenticatorRegister *bool `pulumi:"avoidSameAuthenticatorRegister"` - // The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - CreateTimeout *int `pulumi:"createTimeout"` - // A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - RelyingPartyEntityName *string `pulumi:"relyingPartyEntityName"` - // The WebAuthn relying party ID. - RelyingPartyId *string `pulumi:"relyingPartyId"` - // Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + // Either platform or cross-platform + AuthenticatorAttachment *string `pulumi:"authenticatorAttachment"` + AvoidSameAuthenticatorRegister *bool `pulumi:"avoidSameAuthenticatorRegister"` + CreateTimeout *int `pulumi:"createTimeout"` + RelyingPartyEntityName *string `pulumi:"relyingPartyEntityName"` + RelyingPartyId *string `pulumi:"relyingPartyId"` + // Either Yes or No RequireResidentKey *string `pulumi:"requireResidentKey"` - // A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + // Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing SignatureAlgorithms []string `pulumi:"signatureAlgorithms"` - // Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + // Either required, preferred or discouraged UserVerificationRequirement *string `pulumi:"userVerificationRequirement"` } @@ -2939,25 +2802,20 @@ type RealmWebAuthnPasswordlessPolicyInput interface { } type RealmWebAuthnPasswordlessPolicyArgs struct { - // A set of AAGUIDs for which an authenticator can be registered. AcceptableAaguids pulumi.StringArrayInput `pulumi:"acceptableAaguids"` - // The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + // Either none, indirect or direct AttestationConveyancePreference pulumi.StringPtrInput `pulumi:"attestationConveyancePreference"` - // The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. - AuthenticatorAttachment pulumi.StringPtrInput `pulumi:"authenticatorAttachment"` - // When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - AvoidSameAuthenticatorRegister pulumi.BoolPtrInput `pulumi:"avoidSameAuthenticatorRegister"` - // The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - CreateTimeout pulumi.IntPtrInput `pulumi:"createTimeout"` - // A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - RelyingPartyEntityName pulumi.StringPtrInput `pulumi:"relyingPartyEntityName"` - // The WebAuthn relying party ID. - RelyingPartyId pulumi.StringPtrInput `pulumi:"relyingPartyId"` - // Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + // Either platform or cross-platform + AuthenticatorAttachment pulumi.StringPtrInput `pulumi:"authenticatorAttachment"` + AvoidSameAuthenticatorRegister pulumi.BoolPtrInput `pulumi:"avoidSameAuthenticatorRegister"` + CreateTimeout pulumi.IntPtrInput `pulumi:"createTimeout"` + RelyingPartyEntityName pulumi.StringPtrInput `pulumi:"relyingPartyEntityName"` + RelyingPartyId pulumi.StringPtrInput `pulumi:"relyingPartyId"` + // Either Yes or No RequireResidentKey pulumi.StringPtrInput `pulumi:"requireResidentKey"` - // A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + // Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing SignatureAlgorithms pulumi.StringArrayInput `pulumi:"signatureAlgorithms"` - // Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + // Either required, preferred or discouraged UserVerificationRequirement pulumi.StringPtrInput `pulumi:"userVerificationRequirement"` } @@ -3038,52 +2896,47 @@ func (o RealmWebAuthnPasswordlessPolicyOutput) ToRealmWebAuthnPasswordlessPolicy }).(RealmWebAuthnPasswordlessPolicyPtrOutput) } -// A set of AAGUIDs for which an authenticator can be registered. func (o RealmWebAuthnPasswordlessPolicyOutput) AcceptableAaguids() pulumi.StringArrayOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) []string { return v.AcceptableAaguids }).(pulumi.StringArrayOutput) } -// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. +// Either none, indirect or direct func (o RealmWebAuthnPasswordlessPolicyOutput) AttestationConveyancePreference() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *string { return v.AttestationConveyancePreference }).(pulumi.StringPtrOutput) } -// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. +// Either platform or cross-platform func (o RealmWebAuthnPasswordlessPolicyOutput) AuthenticatorAttachment() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *string { return v.AuthenticatorAttachment }).(pulumi.StringPtrOutput) } -// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. func (o RealmWebAuthnPasswordlessPolicyOutput) AvoidSameAuthenticatorRegister() pulumi.BoolPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *bool { return v.AvoidSameAuthenticatorRegister }).(pulumi.BoolPtrOutput) } -// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. func (o RealmWebAuthnPasswordlessPolicyOutput) CreateTimeout() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *int { return v.CreateTimeout }).(pulumi.IntPtrOutput) } -// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. func (o RealmWebAuthnPasswordlessPolicyOutput) RelyingPartyEntityName() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *string { return v.RelyingPartyEntityName }).(pulumi.StringPtrOutput) } -// The WebAuthn relying party ID. func (o RealmWebAuthnPasswordlessPolicyOutput) RelyingPartyId() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *string { return v.RelyingPartyId }).(pulumi.StringPtrOutput) } -// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. +// Either Yes or No func (o RealmWebAuthnPasswordlessPolicyOutput) RequireResidentKey() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *string { return v.RequireResidentKey }).(pulumi.StringPtrOutput) } -// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. +// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing func (o RealmWebAuthnPasswordlessPolicyOutput) SignatureAlgorithms() pulumi.StringArrayOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) []string { return v.SignatureAlgorithms }).(pulumi.StringArrayOutput) } -// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. +// Either required, preferred or discouraged func (o RealmWebAuthnPasswordlessPolicyOutput) UserVerificationRequirement() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *string { return v.UserVerificationRequirement }).(pulumi.StringPtrOutput) } @@ -3112,7 +2965,6 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) Elem() RealmWebAuthnPasswordle }).(RealmWebAuthnPasswordlessPolicyOutput) } -// A set of AAGUIDs for which an authenticator can be registered. func (o RealmWebAuthnPasswordlessPolicyPtrOutput) AcceptableAaguids() pulumi.StringArrayOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) []string { if v == nil { @@ -3122,7 +2974,7 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) AcceptableAaguids() pulumi.Str }).(pulumi.StringArrayOutput) } -// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. +// Either none, indirect or direct func (o RealmWebAuthnPasswordlessPolicyPtrOutput) AttestationConveyancePreference() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *string { if v == nil { @@ -3132,7 +2984,7 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) AttestationConveyancePreferenc }).(pulumi.StringPtrOutput) } -// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. +// Either platform or cross-platform func (o RealmWebAuthnPasswordlessPolicyPtrOutput) AuthenticatorAttachment() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *string { if v == nil { @@ -3142,7 +2994,6 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) AuthenticatorAttachment() pulu }).(pulumi.StringPtrOutput) } -// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. func (o RealmWebAuthnPasswordlessPolicyPtrOutput) AvoidSameAuthenticatorRegister() pulumi.BoolPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *bool { if v == nil { @@ -3152,7 +3003,6 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) AvoidSameAuthenticatorRegister }).(pulumi.BoolPtrOutput) } -// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. func (o RealmWebAuthnPasswordlessPolicyPtrOutput) CreateTimeout() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *int { if v == nil { @@ -3162,7 +3012,6 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) CreateTimeout() pulumi.IntPtrO }).(pulumi.IntPtrOutput) } -// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. func (o RealmWebAuthnPasswordlessPolicyPtrOutput) RelyingPartyEntityName() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *string { if v == nil { @@ -3172,7 +3021,6 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) RelyingPartyEntityName() pulum }).(pulumi.StringPtrOutput) } -// The WebAuthn relying party ID. func (o RealmWebAuthnPasswordlessPolicyPtrOutput) RelyingPartyId() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *string { if v == nil { @@ -3182,7 +3030,7 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) RelyingPartyId() pulumi.String }).(pulumi.StringPtrOutput) } -// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. +// Either Yes or No func (o RealmWebAuthnPasswordlessPolicyPtrOutput) RequireResidentKey() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *string { if v == nil { @@ -3192,7 +3040,7 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) RequireResidentKey() pulumi.St }).(pulumi.StringPtrOutput) } -// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. +// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing func (o RealmWebAuthnPasswordlessPolicyPtrOutput) SignatureAlgorithms() pulumi.StringArrayOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) []string { if v == nil { @@ -3202,7 +3050,7 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) SignatureAlgorithms() pulumi.S }).(pulumi.StringArrayOutput) } -// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. +// Either required, preferred or discouraged func (o RealmWebAuthnPasswordlessPolicyPtrOutput) UserVerificationRequirement() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *string { if v == nil { @@ -3213,25 +3061,20 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) UserVerificationRequirement() } type RealmWebAuthnPolicy struct { - // A set of AAGUIDs for which an authenticator can be registered. AcceptableAaguids []string `pulumi:"acceptableAaguids"` - // The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + // Either none, indirect or direct AttestationConveyancePreference *string `pulumi:"attestationConveyancePreference"` - // The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. - AuthenticatorAttachment *string `pulumi:"authenticatorAttachment"` - // When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - AvoidSameAuthenticatorRegister *bool `pulumi:"avoidSameAuthenticatorRegister"` - // The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - CreateTimeout *int `pulumi:"createTimeout"` - // A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - RelyingPartyEntityName *string `pulumi:"relyingPartyEntityName"` - // The WebAuthn relying party ID. - RelyingPartyId *string `pulumi:"relyingPartyId"` - // Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + // Either platform or cross-platform + AuthenticatorAttachment *string `pulumi:"authenticatorAttachment"` + AvoidSameAuthenticatorRegister *bool `pulumi:"avoidSameAuthenticatorRegister"` + CreateTimeout *int `pulumi:"createTimeout"` + RelyingPartyEntityName *string `pulumi:"relyingPartyEntityName"` + RelyingPartyId *string `pulumi:"relyingPartyId"` + // Either Yes or No RequireResidentKey *string `pulumi:"requireResidentKey"` - // A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + // Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing SignatureAlgorithms []string `pulumi:"signatureAlgorithms"` - // Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + // Either required, preferred or discouraged UserVerificationRequirement *string `pulumi:"userVerificationRequirement"` } @@ -3247,25 +3090,20 @@ type RealmWebAuthnPolicyInput interface { } type RealmWebAuthnPolicyArgs struct { - // A set of AAGUIDs for which an authenticator can be registered. AcceptableAaguids pulumi.StringArrayInput `pulumi:"acceptableAaguids"` - // The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + // Either none, indirect or direct AttestationConveyancePreference pulumi.StringPtrInput `pulumi:"attestationConveyancePreference"` - // The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. - AuthenticatorAttachment pulumi.StringPtrInput `pulumi:"authenticatorAttachment"` - // When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - AvoidSameAuthenticatorRegister pulumi.BoolPtrInput `pulumi:"avoidSameAuthenticatorRegister"` - // The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - CreateTimeout pulumi.IntPtrInput `pulumi:"createTimeout"` - // A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - RelyingPartyEntityName pulumi.StringPtrInput `pulumi:"relyingPartyEntityName"` - // The WebAuthn relying party ID. - RelyingPartyId pulumi.StringPtrInput `pulumi:"relyingPartyId"` - // Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + // Either platform or cross-platform + AuthenticatorAttachment pulumi.StringPtrInput `pulumi:"authenticatorAttachment"` + AvoidSameAuthenticatorRegister pulumi.BoolPtrInput `pulumi:"avoidSameAuthenticatorRegister"` + CreateTimeout pulumi.IntPtrInput `pulumi:"createTimeout"` + RelyingPartyEntityName pulumi.StringPtrInput `pulumi:"relyingPartyEntityName"` + RelyingPartyId pulumi.StringPtrInput `pulumi:"relyingPartyId"` + // Either Yes or No RequireResidentKey pulumi.StringPtrInput `pulumi:"requireResidentKey"` - // A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + // Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing SignatureAlgorithms pulumi.StringArrayInput `pulumi:"signatureAlgorithms"` - // Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + // Either required, preferred or discouraged UserVerificationRequirement pulumi.StringPtrInput `pulumi:"userVerificationRequirement"` } @@ -3346,52 +3184,47 @@ func (o RealmWebAuthnPolicyOutput) ToRealmWebAuthnPolicyPtrOutputWithContext(ctx }).(RealmWebAuthnPolicyPtrOutput) } -// A set of AAGUIDs for which an authenticator can be registered. func (o RealmWebAuthnPolicyOutput) AcceptableAaguids() pulumi.StringArrayOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) []string { return v.AcceptableAaguids }).(pulumi.StringArrayOutput) } -// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. +// Either none, indirect or direct func (o RealmWebAuthnPolicyOutput) AttestationConveyancePreference() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *string { return v.AttestationConveyancePreference }).(pulumi.StringPtrOutput) } -// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. +// Either platform or cross-platform func (o RealmWebAuthnPolicyOutput) AuthenticatorAttachment() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *string { return v.AuthenticatorAttachment }).(pulumi.StringPtrOutput) } -// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. func (o RealmWebAuthnPolicyOutput) AvoidSameAuthenticatorRegister() pulumi.BoolPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *bool { return v.AvoidSameAuthenticatorRegister }).(pulumi.BoolPtrOutput) } -// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. func (o RealmWebAuthnPolicyOutput) CreateTimeout() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *int { return v.CreateTimeout }).(pulumi.IntPtrOutput) } -// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. func (o RealmWebAuthnPolicyOutput) RelyingPartyEntityName() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *string { return v.RelyingPartyEntityName }).(pulumi.StringPtrOutput) } -// The WebAuthn relying party ID. func (o RealmWebAuthnPolicyOutput) RelyingPartyId() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *string { return v.RelyingPartyId }).(pulumi.StringPtrOutput) } -// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. +// Either Yes or No func (o RealmWebAuthnPolicyOutput) RequireResidentKey() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *string { return v.RequireResidentKey }).(pulumi.StringPtrOutput) } -// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. +// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing func (o RealmWebAuthnPolicyOutput) SignatureAlgorithms() pulumi.StringArrayOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) []string { return v.SignatureAlgorithms }).(pulumi.StringArrayOutput) } -// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. +// Either required, preferred or discouraged func (o RealmWebAuthnPolicyOutput) UserVerificationRequirement() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *string { return v.UserVerificationRequirement }).(pulumi.StringPtrOutput) } @@ -3420,7 +3253,6 @@ func (o RealmWebAuthnPolicyPtrOutput) Elem() RealmWebAuthnPolicyOutput { }).(RealmWebAuthnPolicyOutput) } -// A set of AAGUIDs for which an authenticator can be registered. func (o RealmWebAuthnPolicyPtrOutput) AcceptableAaguids() pulumi.StringArrayOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) []string { if v == nil { @@ -3430,7 +3262,7 @@ func (o RealmWebAuthnPolicyPtrOutput) AcceptableAaguids() pulumi.StringArrayOutp }).(pulumi.StringArrayOutput) } -// The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. +// Either none, indirect or direct func (o RealmWebAuthnPolicyPtrOutput) AttestationConveyancePreference() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *string { if v == nil { @@ -3440,7 +3272,7 @@ func (o RealmWebAuthnPolicyPtrOutput) AttestationConveyancePreference() pulumi.S }).(pulumi.StringPtrOutput) } -// The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. +// Either platform or cross-platform func (o RealmWebAuthnPolicyPtrOutput) AuthenticatorAttachment() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *string { if v == nil { @@ -3450,7 +3282,6 @@ func (o RealmWebAuthnPolicyPtrOutput) AuthenticatorAttachment() pulumi.StringPtr }).(pulumi.StringPtrOutput) } -// When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. func (o RealmWebAuthnPolicyPtrOutput) AvoidSameAuthenticatorRegister() pulumi.BoolPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *bool { if v == nil { @@ -3460,7 +3291,6 @@ func (o RealmWebAuthnPolicyPtrOutput) AvoidSameAuthenticatorRegister() pulumi.Bo }).(pulumi.BoolPtrOutput) } -// The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. func (o RealmWebAuthnPolicyPtrOutput) CreateTimeout() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *int { if v == nil { @@ -3470,7 +3300,6 @@ func (o RealmWebAuthnPolicyPtrOutput) CreateTimeout() pulumi.IntPtrOutput { }).(pulumi.IntPtrOutput) } -// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. func (o RealmWebAuthnPolicyPtrOutput) RelyingPartyEntityName() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *string { if v == nil { @@ -3480,7 +3309,6 @@ func (o RealmWebAuthnPolicyPtrOutput) RelyingPartyEntityName() pulumi.StringPtrO }).(pulumi.StringPtrOutput) } -// The WebAuthn relying party ID. func (o RealmWebAuthnPolicyPtrOutput) RelyingPartyId() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *string { if v == nil { @@ -3490,7 +3318,7 @@ func (o RealmWebAuthnPolicyPtrOutput) RelyingPartyId() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. +// Either Yes or No func (o RealmWebAuthnPolicyPtrOutput) RequireResidentKey() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *string { if v == nil { @@ -3500,7 +3328,7 @@ func (o RealmWebAuthnPolicyPtrOutput) RequireResidentKey() pulumi.StringPtrOutpu }).(pulumi.StringPtrOutput) } -// A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. +// Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing func (o RealmWebAuthnPolicyPtrOutput) SignatureAlgorithms() pulumi.StringArrayOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) []string { if v == nil { @@ -3510,7 +3338,7 @@ func (o RealmWebAuthnPolicyPtrOutput) SignatureAlgorithms() pulumi.StringArrayOu }).(pulumi.StringArrayOutput) } -// Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. +// Either required, preferred or discouraged func (o RealmWebAuthnPolicyPtrOutput) UserVerificationRequirement() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *string { if v == nil { @@ -3521,12 +3349,9 @@ func (o RealmWebAuthnPolicyPtrOutput) UserVerificationRequirement() pulumi.Strin } type UserFederatedIdentity struct { - // The name of the identity provider IdentityProvider string `pulumi:"identityProvider"` - // The ID of the user defined in the identity provider - UserId string `pulumi:"userId"` - // The user name of the user defined in the identity provider - UserName string `pulumi:"userName"` + UserId string `pulumi:"userId"` + UserName string `pulumi:"userName"` } // UserFederatedIdentityInput is an input type that accepts UserFederatedIdentityArgs and UserFederatedIdentityOutput values. @@ -3541,12 +3366,9 @@ type UserFederatedIdentityInput interface { } type UserFederatedIdentityArgs struct { - // The name of the identity provider IdentityProvider pulumi.StringInput `pulumi:"identityProvider"` - // The ID of the user defined in the identity provider - UserId pulumi.StringInput `pulumi:"userId"` - // The user name of the user defined in the identity provider - UserName pulumi.StringInput `pulumi:"userName"` + UserId pulumi.StringInput `pulumi:"userId"` + UserName pulumi.StringInput `pulumi:"userName"` } func (UserFederatedIdentityArgs) ElementType() reflect.Type { @@ -3600,17 +3422,14 @@ func (o UserFederatedIdentityOutput) ToUserFederatedIdentityOutputWithContext(ct return o } -// The name of the identity provider func (o UserFederatedIdentityOutput) IdentityProvider() pulumi.StringOutput { return o.ApplyT(func(v UserFederatedIdentity) string { return v.IdentityProvider }).(pulumi.StringOutput) } -// The ID of the user defined in the identity provider func (o UserFederatedIdentityOutput) UserId() pulumi.StringOutput { return o.ApplyT(func(v UserFederatedIdentity) string { return v.UserId }).(pulumi.StringOutput) } -// The user name of the user defined in the identity provider func (o UserFederatedIdentityOutput) UserName() pulumi.StringOutput { return o.ApplyT(func(v UserFederatedIdentity) string { return v.UserName }).(pulumi.StringOutput) } @@ -3636,10 +3455,8 @@ func (o UserFederatedIdentityArrayOutput) Index(i pulumi.IntInput) UserFederated } type UserInitialPassword struct { - // If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - Temporary *bool `pulumi:"temporary"` - // The initial password. - Value string `pulumi:"value"` + Temporary *bool `pulumi:"temporary"` + Value string `pulumi:"value"` } // UserInitialPasswordInput is an input type that accepts UserInitialPasswordArgs and UserInitialPasswordOutput values. @@ -3654,10 +3471,8 @@ type UserInitialPasswordInput interface { } type UserInitialPasswordArgs struct { - // If set to `true`, the initial password is set up for renewal on first use. Default to `false`. Temporary pulumi.BoolPtrInput `pulumi:"temporary"` - // The initial password. - Value pulumi.StringInput `pulumi:"value"` + Value pulumi.StringInput `pulumi:"value"` } func (UserInitialPasswordArgs) ElementType() reflect.Type { @@ -3737,12 +3552,10 @@ func (o UserInitialPasswordOutput) ToUserInitialPasswordPtrOutputWithContext(ctx }).(UserInitialPasswordPtrOutput) } -// If set to `true`, the initial password is set up for renewal on first use. Default to `false`. func (o UserInitialPasswordOutput) Temporary() pulumi.BoolPtrOutput { return o.ApplyT(func(v UserInitialPassword) *bool { return v.Temporary }).(pulumi.BoolPtrOutput) } -// The initial password. func (o UserInitialPasswordOutput) Value() pulumi.StringOutput { return o.ApplyT(func(v UserInitialPassword) string { return v.Value }).(pulumi.StringOutput) } @@ -3771,7 +3584,6 @@ func (o UserInitialPasswordPtrOutput) Elem() UserInitialPasswordOutput { }).(UserInitialPasswordOutput) } -// If set to `true`, the initial password is set up for renewal on first use. Default to `false`. func (o UserInitialPasswordPtrOutput) Temporary() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserInitialPassword) *bool { if v == nil { @@ -3781,7 +3593,6 @@ func (o UserInitialPasswordPtrOutput) Temporary() pulumi.BoolPtrOutput { }).(pulumi.BoolPtrOutput) } -// The initial password. func (o UserInitialPasswordPtrOutput) Value() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserInitialPassword) *string { if v == nil { @@ -4988,22 +4799,14 @@ func (o GetRealmInternationalizationArrayOutput) Index(i pulumi.IntInput) GetRea } type GetRealmKeysKey struct { - // Key algorithm (string) - Algorithm string `pulumi:"algorithm"` - // Key certificate (string) - Certificate string `pulumi:"certificate"` - // Key ID (string) - Kid string `pulumi:"kid"` - // Key provider ID (string) - ProviderId string `pulumi:"providerId"` - // Key provider priority (int64) - ProviderPriority int `pulumi:"providerPriority"` - // Key public key (string) - PublicKey string `pulumi:"publicKey"` - // When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - Status string `pulumi:"status"` - // Key type (string) - Type string `pulumi:"type"` + Algorithm string `pulumi:"algorithm"` + Certificate string `pulumi:"certificate"` + Kid string `pulumi:"kid"` + ProviderId string `pulumi:"providerId"` + ProviderPriority int `pulumi:"providerPriority"` + PublicKey string `pulumi:"publicKey"` + Status string `pulumi:"status"` + Type string `pulumi:"type"` } // GetRealmKeysKeyInput is an input type that accepts GetRealmKeysKeyArgs and GetRealmKeysKeyOutput values. @@ -5018,22 +4821,14 @@ type GetRealmKeysKeyInput interface { } type GetRealmKeysKeyArgs struct { - // Key algorithm (string) - Algorithm pulumi.StringInput `pulumi:"algorithm"` - // Key certificate (string) - Certificate pulumi.StringInput `pulumi:"certificate"` - // Key ID (string) - Kid pulumi.StringInput `pulumi:"kid"` - // Key provider ID (string) - ProviderId pulumi.StringInput `pulumi:"providerId"` - // Key provider priority (int64) - ProviderPriority pulumi.IntInput `pulumi:"providerPriority"` - // Key public key (string) - PublicKey pulumi.StringInput `pulumi:"publicKey"` - // When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - Status pulumi.StringInput `pulumi:"status"` - // Key type (string) - Type pulumi.StringInput `pulumi:"type"` + Algorithm pulumi.StringInput `pulumi:"algorithm"` + Certificate pulumi.StringInput `pulumi:"certificate"` + Kid pulumi.StringInput `pulumi:"kid"` + ProviderId pulumi.StringInput `pulumi:"providerId"` + ProviderPriority pulumi.IntInput `pulumi:"providerPriority"` + PublicKey pulumi.StringInput `pulumi:"publicKey"` + Status pulumi.StringInput `pulumi:"status"` + Type pulumi.StringInput `pulumi:"type"` } func (GetRealmKeysKeyArgs) ElementType() reflect.Type { @@ -5087,42 +4882,34 @@ func (o GetRealmKeysKeyOutput) ToGetRealmKeysKeyOutputWithContext(ctx context.Co return o } -// Key algorithm (string) func (o GetRealmKeysKeyOutput) Algorithm() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysKey) string { return v.Algorithm }).(pulumi.StringOutput) } -// Key certificate (string) func (o GetRealmKeysKeyOutput) Certificate() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysKey) string { return v.Certificate }).(pulumi.StringOutput) } -// Key ID (string) func (o GetRealmKeysKeyOutput) Kid() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysKey) string { return v.Kid }).(pulumi.StringOutput) } -// Key provider ID (string) func (o GetRealmKeysKeyOutput) ProviderId() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysKey) string { return v.ProviderId }).(pulumi.StringOutput) } -// Key provider priority (int64) func (o GetRealmKeysKeyOutput) ProviderPriority() pulumi.IntOutput { return o.ApplyT(func(v GetRealmKeysKey) int { return v.ProviderPriority }).(pulumi.IntOutput) } -// Key public key (string) func (o GetRealmKeysKeyOutput) PublicKey() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysKey) string { return v.PublicKey }).(pulumi.StringOutput) } -// When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. func (o GetRealmKeysKeyOutput) Status() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysKey) string { return v.Status }).(pulumi.StringOutput) } -// Key type (string) func (o GetRealmKeysKeyOutput) Type() pulumi.StringOutput { return o.ApplyT(func(v GetRealmKeysKey) string { return v.Type }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/realm.go b/sdk/go/keycloak/realm.go index 64047df0..ce246086 100644 --- a/sdk/go/keycloak/realm.go +++ b/sdk/go/keycloak/realm.go @@ -12,223 +12,75 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing Realms within Keycloak. -// -// A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated -// from multiple sources. -// -// ## Example Usage -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// _, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// AccessCodeLifespan: pulumi.String("1h"), -// Attributes: pulumi.Map{ -// "mycustomAttribute": pulumi.Any("myCustomValue"), -// }, -// DisplayName: pulumi.String("my realm"), -// DisplayNameHtml: pulumi.String("my realm"), -// Enabled: pulumi.Bool(true), -// Internationalization: &keycloak.RealmInternationalizationArgs{ -// DefaultLocale: pulumi.String("en"), -// SupportedLocales: pulumi.StringArray{ -// pulumi.String("en"), -// pulumi.String("de"), -// pulumi.String("es"), -// }, -// }, -// LoginTheme: pulumi.String("base"), -// PasswordPolicy: pulumi.String("upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername"), -// Realm: pulumi.String("my-realm"), -// SecurityDefenses: &keycloak.RealmSecurityDefensesArgs{ -// BruteForceDetection: &keycloak.RealmSecurityDefensesBruteForceDetectionArgs{ -// FailureResetTimeSeconds: pulumi.Int(43200), -// MaxFailureWaitSeconds: pulumi.Int(900), -// MaxLoginFailures: pulumi.Int(30), -// MinimumQuickLoginWaitSeconds: pulumi.Int(60), -// PermanentLockout: pulumi.Bool(false), -// QuickLoginCheckMilliSeconds: pulumi.Int(1000), -// WaitIncrementSeconds: pulumi.Int(60), -// }, -// Headers: &keycloak.RealmSecurityDefensesHeadersArgs{ -// ContentSecurityPolicy: pulumi.String("frame-src 'self'; frame-ancestors 'self'; object-src 'none';"), -// ContentSecurityPolicyReportOnly: pulumi.String(""), -// StrictTransportSecurity: pulumi.String("max-age=31536000; includeSubDomains"), -// XContentTypeOptions: pulumi.String("nosniff"), -// XFrameOptions: pulumi.String("DENY"), -// XRobotsTag: pulumi.String("none"), -// XXssProtection: pulumi.String("1; mode=block"), -// }, -// }, -// SmtpServer: &keycloak.RealmSmtpServerArgs{ -// Auth: &keycloak.RealmSmtpServerAuthArgs{ -// Password: pulumi.String("password"), -// Username: pulumi.String("tom"), -// }, -// From: pulumi.String("example@example.com"), -// Host: pulumi.String("smtp.example.com"), -// }, -// SslRequired: pulumi.String("external"), -// WebAuthnPolicy: &keycloak.RealmWebAuthnPolicyArgs{ -// RelyingPartyEntityName: pulumi.String("Example"), -// RelyingPartyId: pulumi.String("keycloak.example.com"), -// SignatureAlgorithms: pulumi.StringArray{ -// pulumi.String("ES256"), -// pulumi.String("RS256"), -// }, -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` -// ## Default Client Scopes -// -// - `defaultDefaultClientScopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. -// - `defaultOptionalClientScopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. -// -// ## Import -// -// Realms can be imported using their name. -// -// Example: -// -// bash -// -// ```sh -// $ pulumi import keycloak:index/realm:Realm realm my-realm -// ``` type Realm struct { pulumi.CustomResourceState - // The maximum amount of time a client has to finish the authorization code flow. - AccessCodeLifespan pulumi.StringOutput `pulumi:"accessCodeLifespan"` - // The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - AccessCodeLifespanLogin pulumi.StringOutput `pulumi:"accessCodeLifespanLogin"` - // The maximum amount of time a user has to complete login related actions, such as updating a password. - AccessCodeLifespanUserAction pulumi.StringOutput `pulumi:"accessCodeLifespanUserAction"` - // The amount of time an access token can be used before it expires. - AccessTokenLifespan pulumi.StringOutput `pulumi:"accessTokenLifespan"` - // The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - AccessTokenLifespanForImplicitFlow pulumi.StringOutput `pulumi:"accessTokenLifespanForImplicitFlow"` - // Used for account management pages. - AccountTheme pulumi.StringPtrOutput `pulumi:"accountTheme"` - // The maximum time a user has to use an admin-generated permit before it expires. - ActionTokenGeneratedByAdminLifespan pulumi.StringOutput `pulumi:"actionTokenGeneratedByAdminLifespan"` - // The maximum time a user has to use a user-generated permit before it expires. - ActionTokenGeneratedByUserLifespan pulumi.StringOutput `pulumi:"actionTokenGeneratedByUserLifespan"` - // Used for the admin console. - AdminTheme pulumi.StringPtrOutput `pulumi:"adminTheme"` - // A map of custom attributes to add to the realm. - Attributes pulumi.MapOutput `pulumi:"attributes"` - // The desired flow for browser authentication. Defaults to `browser`. + AccessCodeLifespan pulumi.StringOutput `pulumi:"accessCodeLifespan"` + AccessCodeLifespanLogin pulumi.StringOutput `pulumi:"accessCodeLifespanLogin"` + AccessCodeLifespanUserAction pulumi.StringOutput `pulumi:"accessCodeLifespanUserAction"` + AccessTokenLifespan pulumi.StringOutput `pulumi:"accessTokenLifespan"` + AccessTokenLifespanForImplicitFlow pulumi.StringOutput `pulumi:"accessTokenLifespanForImplicitFlow"` + AccountTheme pulumi.StringPtrOutput `pulumi:"accountTheme"` + ActionTokenGeneratedByAdminLifespan pulumi.StringOutput `pulumi:"actionTokenGeneratedByAdminLifespan"` + ActionTokenGeneratedByUserLifespan pulumi.StringOutput `pulumi:"actionTokenGeneratedByUserLifespan"` + AdminTheme pulumi.StringPtrOutput `pulumi:"adminTheme"` + Attributes pulumi.MapOutput `pulumi:"attributes"` + // Which flow should be used for BrowserFlow BrowserFlow pulumi.StringOutput `pulumi:"browserFlow"` - // The desired flow for client authentication. Defaults to `clients`. - ClientAuthenticationFlow pulumi.StringOutput `pulumi:"clientAuthenticationFlow"` - // The amount of time a session can be idle before it expires. Users can override it for individual clients. - ClientSessionIdleTimeout pulumi.StringOutput `pulumi:"clientSessionIdleTimeout"` - // The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. + // Which flow should be used for ClientAuthenticationFlow + ClientAuthenticationFlow pulumi.StringOutput `pulumi:"clientAuthenticationFlow"` + ClientSessionIdleTimeout pulumi.StringOutput `pulumi:"clientSessionIdleTimeout"` ClientSessionMaxLifespan pulumi.StringOutput `pulumi:"clientSessionMaxLifespan"` DefaultDefaultClientScopes pulumi.StringArrayOutput `pulumi:"defaultDefaultClientScopes"` DefaultOptionalClientScopes pulumi.StringArrayOutput `pulumi:"defaultOptionalClientScopes"` - // Default algorithm used to sign tokens for the realm. - DefaultSignatureAlgorithm pulumi.StringPtrOutput `pulumi:"defaultSignatureAlgorithm"` - // The desired flow for direct access authentication. Defaults to `direct grant`. - DirectGrantFlow pulumi.StringOutput `pulumi:"directGrantFlow"` - // The display name for the realm that is shown when logging in to the admin console. - DisplayName pulumi.StringPtrOutput `pulumi:"displayName"` - // The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. + DefaultSignatureAlgorithm pulumi.StringPtrOutput `pulumi:"defaultSignatureAlgorithm"` + // Which flow should be used for DirectGrantFlow + DirectGrantFlow pulumi.StringOutput `pulumi:"directGrantFlow"` + DisplayName pulumi.StringPtrOutput `pulumi:"displayName"` DisplayNameHtml pulumi.StringPtrOutput `pulumi:"displayNameHtml"` - // The desired flow for Docker authentication. Defaults to `docker auth`. - DockerAuthenticationFlow pulumi.StringOutput `pulumi:"dockerAuthenticationFlow"` - // When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. - DuplicateEmailsAllowed pulumi.BoolOutput `pulumi:"duplicateEmailsAllowed"` - // When true, the username field is editable. - EditUsernameAllowed pulumi.BoolOutput `pulumi:"editUsernameAllowed"` - // Used for emails that are sent by Keycloak. - EmailTheme pulumi.StringPtrOutput `pulumi:"emailTheme"` - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. - Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` - // When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - InternalId pulumi.StringOutput `pulumi:"internalId"` - Internationalization RealmInternationalizationPtrOutput `pulumi:"internationalization"` - // Used for the login, forgot password, and registration pages. - LoginTheme pulumi.StringPtrOutput `pulumi:"loginTheme"` - // When true, users may log in with their email address. - LoginWithEmailAllowed pulumi.BoolOutput `pulumi:"loginWithEmailAllowed"` - // The maximum amount of time a client has to finish the device code flow before it expires. - // - // The attributes below should be specified in seconds. - Oauth2DeviceCodeLifespan pulumi.StringOutput `pulumi:"oauth2DeviceCodeLifespan"` - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval pulumi.IntOutput `pulumi:"oauth2DevicePollingInterval"` - // The amount of time an offline session can be idle before it expires. - OfflineSessionIdleTimeout pulumi.StringOutput `pulumi:"offlineSessionIdleTimeout"` - // The maximum amount of time before an offline session expires regardless of activity. - OfflineSessionMaxLifespan pulumi.StringOutput `pulumi:"offlineSessionMaxLifespan"` - // Enable `offlineSessionMaxLifespan`. - OfflineSessionMaxLifespanEnabled pulumi.BoolPtrOutput `pulumi:"offlineSessionMaxLifespanEnabled"` - OtpPolicy RealmOtpPolicyOutput `pulumi:"otpPolicy"` - // The password policy for users within the realm. - // - // The arguments below can be used to configure authentication flow bindings: - PasswordPolicy pulumi.StringPtrOutput `pulumi:"passwordPolicy"` - // The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - Realm pulumi.StringOutput `pulumi:"realm"` - // Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - // - // The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - RefreshTokenMaxReuse pulumi.IntPtrOutput `pulumi:"refreshTokenMaxReuse"` - // When true, user registration will be enabled, and a link for registration will be displayed on the login page. - RegistrationAllowed pulumi.BoolOutput `pulumi:"registrationAllowed"` - // When true, the user's email will be used as their username during registration. - RegistrationEmailAsUsername pulumi.BoolOutput `pulumi:"registrationEmailAsUsername"` - // The desired flow for user registration. Defaults to `registration`. + // Which flow should be used for DockerAuthenticationFlow + DockerAuthenticationFlow pulumi.StringOutput `pulumi:"dockerAuthenticationFlow"` + DuplicateEmailsAllowed pulumi.BoolOutput `pulumi:"duplicateEmailsAllowed"` + EditUsernameAllowed pulumi.BoolOutput `pulumi:"editUsernameAllowed"` + EmailTheme pulumi.StringPtrOutput `pulumi:"emailTheme"` + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + InternalId pulumi.StringOutput `pulumi:"internalId"` + Internationalization RealmInternationalizationPtrOutput `pulumi:"internationalization"` + LoginTheme pulumi.StringPtrOutput `pulumi:"loginTheme"` + LoginWithEmailAllowed pulumi.BoolOutput `pulumi:"loginWithEmailAllowed"` + Oauth2DeviceCodeLifespan pulumi.StringOutput `pulumi:"oauth2DeviceCodeLifespan"` + Oauth2DevicePollingInterval pulumi.IntOutput `pulumi:"oauth2DevicePollingInterval"` + OfflineSessionIdleTimeout pulumi.StringOutput `pulumi:"offlineSessionIdleTimeout"` + OfflineSessionMaxLifespan pulumi.StringOutput `pulumi:"offlineSessionMaxLifespan"` + OfflineSessionMaxLifespanEnabled pulumi.BoolPtrOutput `pulumi:"offlineSessionMaxLifespanEnabled"` + OtpPolicy RealmOtpPolicyOutput `pulumi:"otpPolicy"` + // String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + // can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + // and notUsername(undefined)" + PasswordPolicy pulumi.StringPtrOutput `pulumi:"passwordPolicy"` + Realm pulumi.StringOutput `pulumi:"realm"` + RefreshTokenMaxReuse pulumi.IntPtrOutput `pulumi:"refreshTokenMaxReuse"` + RegistrationAllowed pulumi.BoolOutput `pulumi:"registrationAllowed"` + RegistrationEmailAsUsername pulumi.BoolOutput `pulumi:"registrationEmailAsUsername"` + // Which flow should be used for RegistrationFlow RegistrationFlow pulumi.StringOutput `pulumi:"registrationFlow"` - // When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - RememberMe pulumi.BoolOutput `pulumi:"rememberMe"` - // The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. - ResetCredentialsFlow pulumi.StringOutput `pulumi:"resetCredentialsFlow"` - // When true, a "forgot password" link will be displayed on the login page. - ResetPasswordAllowed pulumi.BoolOutput `pulumi:"resetPasswordAllowed"` - // If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - RevokeRefreshToken pulumi.BoolPtrOutput `pulumi:"revokeRefreshToken"` - SecurityDefenses RealmSecurityDefensesPtrOutput `pulumi:"securityDefenses"` - SmtpServer RealmSmtpServerPtrOutput `pulumi:"smtpServer"` - // Can be one of following values: 'none, 'external' or 'all' - SslRequired pulumi.StringPtrOutput `pulumi:"sslRequired"` - // The amount of time a session can be idle before it expires. - SsoSessionIdleTimeout pulumi.StringOutput `pulumi:"ssoSessionIdleTimeout"` - // Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. - SsoSessionIdleTimeoutRememberMe pulumi.StringOutput `pulumi:"ssoSessionIdleTimeoutRememberMe"` - // The maximum amount of time before a session expires regardless of activity. - SsoSessionMaxLifespan pulumi.StringOutput `pulumi:"ssoSessionMaxLifespan"` - // Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. - SsoSessionMaxLifespanRememberMe pulumi.StringOutput `pulumi:"ssoSessionMaxLifespanRememberMe"` - // When `true`, users are allowed to manage their own resources. Defaults to `false`. - UserManagedAccess pulumi.BoolPtrOutput `pulumi:"userManagedAccess"` - // When true, users are required to verify their email address after registration and after email address changes. - VerifyEmail pulumi.BoolOutput `pulumi:"verifyEmail"` - // Configuration for WebAuthn Passwordless Policy authentication. - // - // Each of these attributes are blocks with the following attributes: - WebAuthnPasswordlessPolicy RealmWebAuthnPasswordlessPolicyOutput `pulumi:"webAuthnPasswordlessPolicy"` - // Configuration for WebAuthn Policy authentication. - WebAuthnPolicy RealmWebAuthnPolicyOutput `pulumi:"webAuthnPolicy"` + RememberMe pulumi.BoolOutput `pulumi:"rememberMe"` + // Which flow should be used for ResetCredentialsFlow + ResetCredentialsFlow pulumi.StringOutput `pulumi:"resetCredentialsFlow"` + ResetPasswordAllowed pulumi.BoolOutput `pulumi:"resetPasswordAllowed"` + RevokeRefreshToken pulumi.BoolPtrOutput `pulumi:"revokeRefreshToken"` + SecurityDefenses RealmSecurityDefensesPtrOutput `pulumi:"securityDefenses"` + SmtpServer RealmSmtpServerPtrOutput `pulumi:"smtpServer"` + // SSL Required: Values can be 'none', 'external' or 'all'. + SslRequired pulumi.StringPtrOutput `pulumi:"sslRequired"` + SsoSessionIdleTimeout pulumi.StringOutput `pulumi:"ssoSessionIdleTimeout"` + SsoSessionIdleTimeoutRememberMe pulumi.StringOutput `pulumi:"ssoSessionIdleTimeoutRememberMe"` + SsoSessionMaxLifespan pulumi.StringOutput `pulumi:"ssoSessionMaxLifespan"` + SsoSessionMaxLifespanRememberMe pulumi.StringOutput `pulumi:"ssoSessionMaxLifespanRememberMe"` + UserManagedAccess pulumi.BoolPtrOutput `pulumi:"userManagedAccess"` + VerifyEmail pulumi.BoolOutput `pulumi:"verifyEmail"` + WebAuthnPasswordlessPolicy RealmWebAuthnPasswordlessPolicyOutput `pulumi:"webAuthnPasswordlessPolicy"` + WebAuthnPolicy RealmWebAuthnPolicyOutput `pulumi:"webAuthnPolicy"` } // NewRealm registers a new resource with the given unique name, arguments, and options. @@ -264,237 +116,141 @@ func GetRealm(ctx *pulumi.Context, // Input properties used for looking up and filtering Realm resources. type realmState struct { - // The maximum amount of time a client has to finish the authorization code flow. - AccessCodeLifespan *string `pulumi:"accessCodeLifespan"` - // The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - AccessCodeLifespanLogin *string `pulumi:"accessCodeLifespanLogin"` - // The maximum amount of time a user has to complete login related actions, such as updating a password. - AccessCodeLifespanUserAction *string `pulumi:"accessCodeLifespanUserAction"` - // The amount of time an access token can be used before it expires. - AccessTokenLifespan *string `pulumi:"accessTokenLifespan"` - // The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - AccessTokenLifespanForImplicitFlow *string `pulumi:"accessTokenLifespanForImplicitFlow"` - // Used for account management pages. - AccountTheme *string `pulumi:"accountTheme"` - // The maximum time a user has to use an admin-generated permit before it expires. - ActionTokenGeneratedByAdminLifespan *string `pulumi:"actionTokenGeneratedByAdminLifespan"` - // The maximum time a user has to use a user-generated permit before it expires. - ActionTokenGeneratedByUserLifespan *string `pulumi:"actionTokenGeneratedByUserLifespan"` - // Used for the admin console. - AdminTheme *string `pulumi:"adminTheme"` - // A map of custom attributes to add to the realm. - Attributes map[string]interface{} `pulumi:"attributes"` - // The desired flow for browser authentication. Defaults to `browser`. + AccessCodeLifespan *string `pulumi:"accessCodeLifespan"` + AccessCodeLifespanLogin *string `pulumi:"accessCodeLifespanLogin"` + AccessCodeLifespanUserAction *string `pulumi:"accessCodeLifespanUserAction"` + AccessTokenLifespan *string `pulumi:"accessTokenLifespan"` + AccessTokenLifespanForImplicitFlow *string `pulumi:"accessTokenLifespanForImplicitFlow"` + AccountTheme *string `pulumi:"accountTheme"` + ActionTokenGeneratedByAdminLifespan *string `pulumi:"actionTokenGeneratedByAdminLifespan"` + ActionTokenGeneratedByUserLifespan *string `pulumi:"actionTokenGeneratedByUserLifespan"` + AdminTheme *string `pulumi:"adminTheme"` + Attributes map[string]interface{} `pulumi:"attributes"` + // Which flow should be used for BrowserFlow BrowserFlow *string `pulumi:"browserFlow"` - // The desired flow for client authentication. Defaults to `clients`. - ClientAuthenticationFlow *string `pulumi:"clientAuthenticationFlow"` - // The amount of time a session can be idle before it expires. Users can override it for individual clients. - ClientSessionIdleTimeout *string `pulumi:"clientSessionIdleTimeout"` - // The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. + // Which flow should be used for ClientAuthenticationFlow + ClientAuthenticationFlow *string `pulumi:"clientAuthenticationFlow"` + ClientSessionIdleTimeout *string `pulumi:"clientSessionIdleTimeout"` ClientSessionMaxLifespan *string `pulumi:"clientSessionMaxLifespan"` DefaultDefaultClientScopes []string `pulumi:"defaultDefaultClientScopes"` DefaultOptionalClientScopes []string `pulumi:"defaultOptionalClientScopes"` - // Default algorithm used to sign tokens for the realm. - DefaultSignatureAlgorithm *string `pulumi:"defaultSignatureAlgorithm"` - // The desired flow for direct access authentication. Defaults to `direct grant`. + DefaultSignatureAlgorithm *string `pulumi:"defaultSignatureAlgorithm"` + // Which flow should be used for DirectGrantFlow DirectGrantFlow *string `pulumi:"directGrantFlow"` - // The display name for the realm that is shown when logging in to the admin console. - DisplayName *string `pulumi:"displayName"` - // The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. + DisplayName *string `pulumi:"displayName"` DisplayNameHtml *string `pulumi:"displayNameHtml"` - // The desired flow for Docker authentication. Defaults to `docker auth`. - DockerAuthenticationFlow *string `pulumi:"dockerAuthenticationFlow"` - // When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. - DuplicateEmailsAllowed *bool `pulumi:"duplicateEmailsAllowed"` - // When true, the username field is editable. - EditUsernameAllowed *bool `pulumi:"editUsernameAllowed"` - // Used for emails that are sent by Keycloak. - EmailTheme *string `pulumi:"emailTheme"` - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. - Enabled *bool `pulumi:"enabled"` - // When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - InternalId *string `pulumi:"internalId"` - Internationalization *RealmInternationalization `pulumi:"internationalization"` - // Used for the login, forgot password, and registration pages. - LoginTheme *string `pulumi:"loginTheme"` - // When true, users may log in with their email address. - LoginWithEmailAllowed *bool `pulumi:"loginWithEmailAllowed"` - // The maximum amount of time a client has to finish the device code flow before it expires. - // - // The attributes below should be specified in seconds. - Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval *int `pulumi:"oauth2DevicePollingInterval"` - // The amount of time an offline session can be idle before it expires. - OfflineSessionIdleTimeout *string `pulumi:"offlineSessionIdleTimeout"` - // The maximum amount of time before an offline session expires regardless of activity. - OfflineSessionMaxLifespan *string `pulumi:"offlineSessionMaxLifespan"` - // Enable `offlineSessionMaxLifespan`. - OfflineSessionMaxLifespanEnabled *bool `pulumi:"offlineSessionMaxLifespanEnabled"` - OtpPolicy *RealmOtpPolicy `pulumi:"otpPolicy"` - // The password policy for users within the realm. - // - // The arguments below can be used to configure authentication flow bindings: - PasswordPolicy *string `pulumi:"passwordPolicy"` - // The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - Realm *string `pulumi:"realm"` - // Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - // - // The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - RefreshTokenMaxReuse *int `pulumi:"refreshTokenMaxReuse"` - // When true, user registration will be enabled, and a link for registration will be displayed on the login page. - RegistrationAllowed *bool `pulumi:"registrationAllowed"` - // When true, the user's email will be used as their username during registration. - RegistrationEmailAsUsername *bool `pulumi:"registrationEmailAsUsername"` - // The desired flow for user registration. Defaults to `registration`. + // Which flow should be used for DockerAuthenticationFlow + DockerAuthenticationFlow *string `pulumi:"dockerAuthenticationFlow"` + DuplicateEmailsAllowed *bool `pulumi:"duplicateEmailsAllowed"` + EditUsernameAllowed *bool `pulumi:"editUsernameAllowed"` + EmailTheme *string `pulumi:"emailTheme"` + Enabled *bool `pulumi:"enabled"` + InternalId *string `pulumi:"internalId"` + Internationalization *RealmInternationalization `pulumi:"internationalization"` + LoginTheme *string `pulumi:"loginTheme"` + LoginWithEmailAllowed *bool `pulumi:"loginWithEmailAllowed"` + Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` + Oauth2DevicePollingInterval *int `pulumi:"oauth2DevicePollingInterval"` + OfflineSessionIdleTimeout *string `pulumi:"offlineSessionIdleTimeout"` + OfflineSessionMaxLifespan *string `pulumi:"offlineSessionMaxLifespan"` + OfflineSessionMaxLifespanEnabled *bool `pulumi:"offlineSessionMaxLifespanEnabled"` + OtpPolicy *RealmOtpPolicy `pulumi:"otpPolicy"` + // String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + // can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + // and notUsername(undefined)" + PasswordPolicy *string `pulumi:"passwordPolicy"` + Realm *string `pulumi:"realm"` + RefreshTokenMaxReuse *int `pulumi:"refreshTokenMaxReuse"` + RegistrationAllowed *bool `pulumi:"registrationAllowed"` + RegistrationEmailAsUsername *bool `pulumi:"registrationEmailAsUsername"` + // Which flow should be used for RegistrationFlow RegistrationFlow *string `pulumi:"registrationFlow"` - // When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - RememberMe *bool `pulumi:"rememberMe"` - // The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. - ResetCredentialsFlow *string `pulumi:"resetCredentialsFlow"` - // When true, a "forgot password" link will be displayed on the login page. - ResetPasswordAllowed *bool `pulumi:"resetPasswordAllowed"` - // If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - RevokeRefreshToken *bool `pulumi:"revokeRefreshToken"` - SecurityDefenses *RealmSecurityDefenses `pulumi:"securityDefenses"` - SmtpServer *RealmSmtpServer `pulumi:"smtpServer"` - // Can be one of following values: 'none, 'external' or 'all' - SslRequired *string `pulumi:"sslRequired"` - // The amount of time a session can be idle before it expires. - SsoSessionIdleTimeout *string `pulumi:"ssoSessionIdleTimeout"` - // Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. - SsoSessionIdleTimeoutRememberMe *string `pulumi:"ssoSessionIdleTimeoutRememberMe"` - // The maximum amount of time before a session expires regardless of activity. - SsoSessionMaxLifespan *string `pulumi:"ssoSessionMaxLifespan"` - // Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. - SsoSessionMaxLifespanRememberMe *string `pulumi:"ssoSessionMaxLifespanRememberMe"` - // When `true`, users are allowed to manage their own resources. Defaults to `false`. - UserManagedAccess *bool `pulumi:"userManagedAccess"` - // When true, users are required to verify their email address after registration and after email address changes. - VerifyEmail *bool `pulumi:"verifyEmail"` - // Configuration for WebAuthn Passwordless Policy authentication. - // - // Each of these attributes are blocks with the following attributes: - WebAuthnPasswordlessPolicy *RealmWebAuthnPasswordlessPolicy `pulumi:"webAuthnPasswordlessPolicy"` - // Configuration for WebAuthn Policy authentication. - WebAuthnPolicy *RealmWebAuthnPolicy `pulumi:"webAuthnPolicy"` + RememberMe *bool `pulumi:"rememberMe"` + // Which flow should be used for ResetCredentialsFlow + ResetCredentialsFlow *string `pulumi:"resetCredentialsFlow"` + ResetPasswordAllowed *bool `pulumi:"resetPasswordAllowed"` + RevokeRefreshToken *bool `pulumi:"revokeRefreshToken"` + SecurityDefenses *RealmSecurityDefenses `pulumi:"securityDefenses"` + SmtpServer *RealmSmtpServer `pulumi:"smtpServer"` + // SSL Required: Values can be 'none', 'external' or 'all'. + SslRequired *string `pulumi:"sslRequired"` + SsoSessionIdleTimeout *string `pulumi:"ssoSessionIdleTimeout"` + SsoSessionIdleTimeoutRememberMe *string `pulumi:"ssoSessionIdleTimeoutRememberMe"` + SsoSessionMaxLifespan *string `pulumi:"ssoSessionMaxLifespan"` + SsoSessionMaxLifespanRememberMe *string `pulumi:"ssoSessionMaxLifespanRememberMe"` + UserManagedAccess *bool `pulumi:"userManagedAccess"` + VerifyEmail *bool `pulumi:"verifyEmail"` + WebAuthnPasswordlessPolicy *RealmWebAuthnPasswordlessPolicy `pulumi:"webAuthnPasswordlessPolicy"` + WebAuthnPolicy *RealmWebAuthnPolicy `pulumi:"webAuthnPolicy"` } type RealmState struct { - // The maximum amount of time a client has to finish the authorization code flow. - AccessCodeLifespan pulumi.StringPtrInput - // The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - AccessCodeLifespanLogin pulumi.StringPtrInput - // The maximum amount of time a user has to complete login related actions, such as updating a password. - AccessCodeLifespanUserAction pulumi.StringPtrInput - // The amount of time an access token can be used before it expires. - AccessTokenLifespan pulumi.StringPtrInput - // The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - AccessTokenLifespanForImplicitFlow pulumi.StringPtrInput - // Used for account management pages. - AccountTheme pulumi.StringPtrInput - // The maximum time a user has to use an admin-generated permit before it expires. + AccessCodeLifespan pulumi.StringPtrInput + AccessCodeLifespanLogin pulumi.StringPtrInput + AccessCodeLifespanUserAction pulumi.StringPtrInput + AccessTokenLifespan pulumi.StringPtrInput + AccessTokenLifespanForImplicitFlow pulumi.StringPtrInput + AccountTheme pulumi.StringPtrInput ActionTokenGeneratedByAdminLifespan pulumi.StringPtrInput - // The maximum time a user has to use a user-generated permit before it expires. - ActionTokenGeneratedByUserLifespan pulumi.StringPtrInput - // Used for the admin console. - AdminTheme pulumi.StringPtrInput - // A map of custom attributes to add to the realm. - Attributes pulumi.MapInput - // The desired flow for browser authentication. Defaults to `browser`. + ActionTokenGeneratedByUserLifespan pulumi.StringPtrInput + AdminTheme pulumi.StringPtrInput + Attributes pulumi.MapInput + // Which flow should be used for BrowserFlow BrowserFlow pulumi.StringPtrInput - // The desired flow for client authentication. Defaults to `clients`. - ClientAuthenticationFlow pulumi.StringPtrInput - // The amount of time a session can be idle before it expires. Users can override it for individual clients. - ClientSessionIdleTimeout pulumi.StringPtrInput - // The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. + // Which flow should be used for ClientAuthenticationFlow + ClientAuthenticationFlow pulumi.StringPtrInput + ClientSessionIdleTimeout pulumi.StringPtrInput ClientSessionMaxLifespan pulumi.StringPtrInput DefaultDefaultClientScopes pulumi.StringArrayInput DefaultOptionalClientScopes pulumi.StringArrayInput - // Default algorithm used to sign tokens for the realm. - DefaultSignatureAlgorithm pulumi.StringPtrInput - // The desired flow for direct access authentication. Defaults to `direct grant`. + DefaultSignatureAlgorithm pulumi.StringPtrInput + // Which flow should be used for DirectGrantFlow DirectGrantFlow pulumi.StringPtrInput - // The display name for the realm that is shown when logging in to the admin console. - DisplayName pulumi.StringPtrInput - // The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. + DisplayName pulumi.StringPtrInput DisplayNameHtml pulumi.StringPtrInput - // The desired flow for Docker authentication. Defaults to `docker auth`. - DockerAuthenticationFlow pulumi.StringPtrInput - // When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. - DuplicateEmailsAllowed pulumi.BoolPtrInput - // When true, the username field is editable. - EditUsernameAllowed pulumi.BoolPtrInput - // Used for emails that are sent by Keycloak. - EmailTheme pulumi.StringPtrInput - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. - Enabled pulumi.BoolPtrInput - // When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - InternalId pulumi.StringPtrInput - Internationalization RealmInternationalizationPtrInput - // Used for the login, forgot password, and registration pages. - LoginTheme pulumi.StringPtrInput - // When true, users may log in with their email address. - LoginWithEmailAllowed pulumi.BoolPtrInput - // The maximum amount of time a client has to finish the device code flow before it expires. - // - // The attributes below should be specified in seconds. - Oauth2DeviceCodeLifespan pulumi.StringPtrInput - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval pulumi.IntPtrInput - // The amount of time an offline session can be idle before it expires. - OfflineSessionIdleTimeout pulumi.StringPtrInput - // The maximum amount of time before an offline session expires regardless of activity. - OfflineSessionMaxLifespan pulumi.StringPtrInput - // Enable `offlineSessionMaxLifespan`. + // Which flow should be used for DockerAuthenticationFlow + DockerAuthenticationFlow pulumi.StringPtrInput + DuplicateEmailsAllowed pulumi.BoolPtrInput + EditUsernameAllowed pulumi.BoolPtrInput + EmailTheme pulumi.StringPtrInput + Enabled pulumi.BoolPtrInput + InternalId pulumi.StringPtrInput + Internationalization RealmInternationalizationPtrInput + LoginTheme pulumi.StringPtrInput + LoginWithEmailAllowed pulumi.BoolPtrInput + Oauth2DeviceCodeLifespan pulumi.StringPtrInput + Oauth2DevicePollingInterval pulumi.IntPtrInput + OfflineSessionIdleTimeout pulumi.StringPtrInput + OfflineSessionMaxLifespan pulumi.StringPtrInput OfflineSessionMaxLifespanEnabled pulumi.BoolPtrInput OtpPolicy RealmOtpPolicyPtrInput - // The password policy for users within the realm. - // - // The arguments below can be used to configure authentication flow bindings: - PasswordPolicy pulumi.StringPtrInput - // The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - Realm pulumi.StringPtrInput - // Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - // - // The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - RefreshTokenMaxReuse pulumi.IntPtrInput - // When true, user registration will be enabled, and a link for registration will be displayed on the login page. - RegistrationAllowed pulumi.BoolPtrInput - // When true, the user's email will be used as their username during registration. + // String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + // can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + // and notUsername(undefined)" + PasswordPolicy pulumi.StringPtrInput + Realm pulumi.StringPtrInput + RefreshTokenMaxReuse pulumi.IntPtrInput + RegistrationAllowed pulumi.BoolPtrInput RegistrationEmailAsUsername pulumi.BoolPtrInput - // The desired flow for user registration. Defaults to `registration`. + // Which flow should be used for RegistrationFlow RegistrationFlow pulumi.StringPtrInput - // When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - RememberMe pulumi.BoolPtrInput - // The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + RememberMe pulumi.BoolPtrInput + // Which flow should be used for ResetCredentialsFlow ResetCredentialsFlow pulumi.StringPtrInput - // When true, a "forgot password" link will be displayed on the login page. ResetPasswordAllowed pulumi.BoolPtrInput - // If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - RevokeRefreshToken pulumi.BoolPtrInput - SecurityDefenses RealmSecurityDefensesPtrInput - SmtpServer RealmSmtpServerPtrInput - // Can be one of following values: 'none, 'external' or 'all' - SslRequired pulumi.StringPtrInput - // The amount of time a session can be idle before it expires. - SsoSessionIdleTimeout pulumi.StringPtrInput - // Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. + RevokeRefreshToken pulumi.BoolPtrInput + SecurityDefenses RealmSecurityDefensesPtrInput + SmtpServer RealmSmtpServerPtrInput + // SSL Required: Values can be 'none', 'external' or 'all'. + SslRequired pulumi.StringPtrInput + SsoSessionIdleTimeout pulumi.StringPtrInput SsoSessionIdleTimeoutRememberMe pulumi.StringPtrInput - // The maximum amount of time before a session expires regardless of activity. - SsoSessionMaxLifespan pulumi.StringPtrInput - // Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. + SsoSessionMaxLifespan pulumi.StringPtrInput SsoSessionMaxLifespanRememberMe pulumi.StringPtrInput - // When `true`, users are allowed to manage their own resources. Defaults to `false`. - UserManagedAccess pulumi.BoolPtrInput - // When true, users are required to verify their email address after registration and after email address changes. - VerifyEmail pulumi.BoolPtrInput - // Configuration for WebAuthn Passwordless Policy authentication. - // - // Each of these attributes are blocks with the following attributes: - WebAuthnPasswordlessPolicy RealmWebAuthnPasswordlessPolicyPtrInput - // Configuration for WebAuthn Policy authentication. - WebAuthnPolicy RealmWebAuthnPolicyPtrInput + UserManagedAccess pulumi.BoolPtrInput + VerifyEmail pulumi.BoolPtrInput + WebAuthnPasswordlessPolicy RealmWebAuthnPasswordlessPolicyPtrInput + WebAuthnPolicy RealmWebAuthnPolicyPtrInput } func (RealmState) ElementType() reflect.Type { @@ -502,238 +258,142 @@ func (RealmState) ElementType() reflect.Type { } type realmArgs struct { - // The maximum amount of time a client has to finish the authorization code flow. - AccessCodeLifespan *string `pulumi:"accessCodeLifespan"` - // The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - AccessCodeLifespanLogin *string `pulumi:"accessCodeLifespanLogin"` - // The maximum amount of time a user has to complete login related actions, such as updating a password. - AccessCodeLifespanUserAction *string `pulumi:"accessCodeLifespanUserAction"` - // The amount of time an access token can be used before it expires. - AccessTokenLifespan *string `pulumi:"accessTokenLifespan"` - // The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - AccessTokenLifespanForImplicitFlow *string `pulumi:"accessTokenLifespanForImplicitFlow"` - // Used for account management pages. - AccountTheme *string `pulumi:"accountTheme"` - // The maximum time a user has to use an admin-generated permit before it expires. - ActionTokenGeneratedByAdminLifespan *string `pulumi:"actionTokenGeneratedByAdminLifespan"` - // The maximum time a user has to use a user-generated permit before it expires. - ActionTokenGeneratedByUserLifespan *string `pulumi:"actionTokenGeneratedByUserLifespan"` - // Used for the admin console. - AdminTheme *string `pulumi:"adminTheme"` - // A map of custom attributes to add to the realm. - Attributes map[string]interface{} `pulumi:"attributes"` - // The desired flow for browser authentication. Defaults to `browser`. + AccessCodeLifespan *string `pulumi:"accessCodeLifespan"` + AccessCodeLifespanLogin *string `pulumi:"accessCodeLifespanLogin"` + AccessCodeLifespanUserAction *string `pulumi:"accessCodeLifespanUserAction"` + AccessTokenLifespan *string `pulumi:"accessTokenLifespan"` + AccessTokenLifespanForImplicitFlow *string `pulumi:"accessTokenLifespanForImplicitFlow"` + AccountTheme *string `pulumi:"accountTheme"` + ActionTokenGeneratedByAdminLifespan *string `pulumi:"actionTokenGeneratedByAdminLifespan"` + ActionTokenGeneratedByUserLifespan *string `pulumi:"actionTokenGeneratedByUserLifespan"` + AdminTheme *string `pulumi:"adminTheme"` + Attributes map[string]interface{} `pulumi:"attributes"` + // Which flow should be used for BrowserFlow BrowserFlow *string `pulumi:"browserFlow"` - // The desired flow for client authentication. Defaults to `clients`. - ClientAuthenticationFlow *string `pulumi:"clientAuthenticationFlow"` - // The amount of time a session can be idle before it expires. Users can override it for individual clients. - ClientSessionIdleTimeout *string `pulumi:"clientSessionIdleTimeout"` - // The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. + // Which flow should be used for ClientAuthenticationFlow + ClientAuthenticationFlow *string `pulumi:"clientAuthenticationFlow"` + ClientSessionIdleTimeout *string `pulumi:"clientSessionIdleTimeout"` ClientSessionMaxLifespan *string `pulumi:"clientSessionMaxLifespan"` DefaultDefaultClientScopes []string `pulumi:"defaultDefaultClientScopes"` DefaultOptionalClientScopes []string `pulumi:"defaultOptionalClientScopes"` - // Default algorithm used to sign tokens for the realm. - DefaultSignatureAlgorithm *string `pulumi:"defaultSignatureAlgorithm"` - // The desired flow for direct access authentication. Defaults to `direct grant`. + DefaultSignatureAlgorithm *string `pulumi:"defaultSignatureAlgorithm"` + // Which flow should be used for DirectGrantFlow DirectGrantFlow *string `pulumi:"directGrantFlow"` - // The display name for the realm that is shown when logging in to the admin console. - DisplayName *string `pulumi:"displayName"` - // The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. + DisplayName *string `pulumi:"displayName"` DisplayNameHtml *string `pulumi:"displayNameHtml"` - // The desired flow for Docker authentication. Defaults to `docker auth`. - DockerAuthenticationFlow *string `pulumi:"dockerAuthenticationFlow"` - // When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. - DuplicateEmailsAllowed *bool `pulumi:"duplicateEmailsAllowed"` - // When true, the username field is editable. - EditUsernameAllowed *bool `pulumi:"editUsernameAllowed"` - // Used for emails that are sent by Keycloak. - EmailTheme *string `pulumi:"emailTheme"` - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. - Enabled *bool `pulumi:"enabled"` - // When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - InternalId *string `pulumi:"internalId"` - Internationalization *RealmInternationalization `pulumi:"internationalization"` - // Used for the login, forgot password, and registration pages. - LoginTheme *string `pulumi:"loginTheme"` - // When true, users may log in with their email address. - LoginWithEmailAllowed *bool `pulumi:"loginWithEmailAllowed"` - // The maximum amount of time a client has to finish the device code flow before it expires. - // - // The attributes below should be specified in seconds. - Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval *int `pulumi:"oauth2DevicePollingInterval"` - // The amount of time an offline session can be idle before it expires. - OfflineSessionIdleTimeout *string `pulumi:"offlineSessionIdleTimeout"` - // The maximum amount of time before an offline session expires regardless of activity. - OfflineSessionMaxLifespan *string `pulumi:"offlineSessionMaxLifespan"` - // Enable `offlineSessionMaxLifespan`. - OfflineSessionMaxLifespanEnabled *bool `pulumi:"offlineSessionMaxLifespanEnabled"` - OtpPolicy *RealmOtpPolicy `pulumi:"otpPolicy"` - // The password policy for users within the realm. - // - // The arguments below can be used to configure authentication flow bindings: - PasswordPolicy *string `pulumi:"passwordPolicy"` - // The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - Realm string `pulumi:"realm"` - // Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - // - // The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - RefreshTokenMaxReuse *int `pulumi:"refreshTokenMaxReuse"` - // When true, user registration will be enabled, and a link for registration will be displayed on the login page. - RegistrationAllowed *bool `pulumi:"registrationAllowed"` - // When true, the user's email will be used as their username during registration. - RegistrationEmailAsUsername *bool `pulumi:"registrationEmailAsUsername"` - // The desired flow for user registration. Defaults to `registration`. + // Which flow should be used for DockerAuthenticationFlow + DockerAuthenticationFlow *string `pulumi:"dockerAuthenticationFlow"` + DuplicateEmailsAllowed *bool `pulumi:"duplicateEmailsAllowed"` + EditUsernameAllowed *bool `pulumi:"editUsernameAllowed"` + EmailTheme *string `pulumi:"emailTheme"` + Enabled *bool `pulumi:"enabled"` + InternalId *string `pulumi:"internalId"` + Internationalization *RealmInternationalization `pulumi:"internationalization"` + LoginTheme *string `pulumi:"loginTheme"` + LoginWithEmailAllowed *bool `pulumi:"loginWithEmailAllowed"` + Oauth2DeviceCodeLifespan *string `pulumi:"oauth2DeviceCodeLifespan"` + Oauth2DevicePollingInterval *int `pulumi:"oauth2DevicePollingInterval"` + OfflineSessionIdleTimeout *string `pulumi:"offlineSessionIdleTimeout"` + OfflineSessionMaxLifespan *string `pulumi:"offlineSessionMaxLifespan"` + OfflineSessionMaxLifespanEnabled *bool `pulumi:"offlineSessionMaxLifespanEnabled"` + OtpPolicy *RealmOtpPolicy `pulumi:"otpPolicy"` + // String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + // can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + // and notUsername(undefined)" + PasswordPolicy *string `pulumi:"passwordPolicy"` + Realm string `pulumi:"realm"` + RefreshTokenMaxReuse *int `pulumi:"refreshTokenMaxReuse"` + RegistrationAllowed *bool `pulumi:"registrationAllowed"` + RegistrationEmailAsUsername *bool `pulumi:"registrationEmailAsUsername"` + // Which flow should be used for RegistrationFlow RegistrationFlow *string `pulumi:"registrationFlow"` - // When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - RememberMe *bool `pulumi:"rememberMe"` - // The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. - ResetCredentialsFlow *string `pulumi:"resetCredentialsFlow"` - // When true, a "forgot password" link will be displayed on the login page. - ResetPasswordAllowed *bool `pulumi:"resetPasswordAllowed"` - // If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - RevokeRefreshToken *bool `pulumi:"revokeRefreshToken"` - SecurityDefenses *RealmSecurityDefenses `pulumi:"securityDefenses"` - SmtpServer *RealmSmtpServer `pulumi:"smtpServer"` - // Can be one of following values: 'none, 'external' or 'all' - SslRequired *string `pulumi:"sslRequired"` - // The amount of time a session can be idle before it expires. - SsoSessionIdleTimeout *string `pulumi:"ssoSessionIdleTimeout"` - // Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. - SsoSessionIdleTimeoutRememberMe *string `pulumi:"ssoSessionIdleTimeoutRememberMe"` - // The maximum amount of time before a session expires regardless of activity. - SsoSessionMaxLifespan *string `pulumi:"ssoSessionMaxLifespan"` - // Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. - SsoSessionMaxLifespanRememberMe *string `pulumi:"ssoSessionMaxLifespanRememberMe"` - // When `true`, users are allowed to manage their own resources. Defaults to `false`. - UserManagedAccess *bool `pulumi:"userManagedAccess"` - // When true, users are required to verify their email address after registration and after email address changes. - VerifyEmail *bool `pulumi:"verifyEmail"` - // Configuration for WebAuthn Passwordless Policy authentication. - // - // Each of these attributes are blocks with the following attributes: - WebAuthnPasswordlessPolicy *RealmWebAuthnPasswordlessPolicy `pulumi:"webAuthnPasswordlessPolicy"` - // Configuration for WebAuthn Policy authentication. - WebAuthnPolicy *RealmWebAuthnPolicy `pulumi:"webAuthnPolicy"` + RememberMe *bool `pulumi:"rememberMe"` + // Which flow should be used for ResetCredentialsFlow + ResetCredentialsFlow *string `pulumi:"resetCredentialsFlow"` + ResetPasswordAllowed *bool `pulumi:"resetPasswordAllowed"` + RevokeRefreshToken *bool `pulumi:"revokeRefreshToken"` + SecurityDefenses *RealmSecurityDefenses `pulumi:"securityDefenses"` + SmtpServer *RealmSmtpServer `pulumi:"smtpServer"` + // SSL Required: Values can be 'none', 'external' or 'all'. + SslRequired *string `pulumi:"sslRequired"` + SsoSessionIdleTimeout *string `pulumi:"ssoSessionIdleTimeout"` + SsoSessionIdleTimeoutRememberMe *string `pulumi:"ssoSessionIdleTimeoutRememberMe"` + SsoSessionMaxLifespan *string `pulumi:"ssoSessionMaxLifespan"` + SsoSessionMaxLifespanRememberMe *string `pulumi:"ssoSessionMaxLifespanRememberMe"` + UserManagedAccess *bool `pulumi:"userManagedAccess"` + VerifyEmail *bool `pulumi:"verifyEmail"` + WebAuthnPasswordlessPolicy *RealmWebAuthnPasswordlessPolicy `pulumi:"webAuthnPasswordlessPolicy"` + WebAuthnPolicy *RealmWebAuthnPolicy `pulumi:"webAuthnPolicy"` } // The set of arguments for constructing a Realm resource. type RealmArgs struct { - // The maximum amount of time a client has to finish the authorization code flow. - AccessCodeLifespan pulumi.StringPtrInput - // The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - AccessCodeLifespanLogin pulumi.StringPtrInput - // The maximum amount of time a user has to complete login related actions, such as updating a password. - AccessCodeLifespanUserAction pulumi.StringPtrInput - // The amount of time an access token can be used before it expires. - AccessTokenLifespan pulumi.StringPtrInput - // The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - AccessTokenLifespanForImplicitFlow pulumi.StringPtrInput - // Used for account management pages. - AccountTheme pulumi.StringPtrInput - // The maximum time a user has to use an admin-generated permit before it expires. + AccessCodeLifespan pulumi.StringPtrInput + AccessCodeLifespanLogin pulumi.StringPtrInput + AccessCodeLifespanUserAction pulumi.StringPtrInput + AccessTokenLifespan pulumi.StringPtrInput + AccessTokenLifespanForImplicitFlow pulumi.StringPtrInput + AccountTheme pulumi.StringPtrInput ActionTokenGeneratedByAdminLifespan pulumi.StringPtrInput - // The maximum time a user has to use a user-generated permit before it expires. - ActionTokenGeneratedByUserLifespan pulumi.StringPtrInput - // Used for the admin console. - AdminTheme pulumi.StringPtrInput - // A map of custom attributes to add to the realm. - Attributes pulumi.MapInput - // The desired flow for browser authentication. Defaults to `browser`. + ActionTokenGeneratedByUserLifespan pulumi.StringPtrInput + AdminTheme pulumi.StringPtrInput + Attributes pulumi.MapInput + // Which flow should be used for BrowserFlow BrowserFlow pulumi.StringPtrInput - // The desired flow for client authentication. Defaults to `clients`. - ClientAuthenticationFlow pulumi.StringPtrInput - // The amount of time a session can be idle before it expires. Users can override it for individual clients. - ClientSessionIdleTimeout pulumi.StringPtrInput - // The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. + // Which flow should be used for ClientAuthenticationFlow + ClientAuthenticationFlow pulumi.StringPtrInput + ClientSessionIdleTimeout pulumi.StringPtrInput ClientSessionMaxLifespan pulumi.StringPtrInput DefaultDefaultClientScopes pulumi.StringArrayInput DefaultOptionalClientScopes pulumi.StringArrayInput - // Default algorithm used to sign tokens for the realm. - DefaultSignatureAlgorithm pulumi.StringPtrInput - // The desired flow for direct access authentication. Defaults to `direct grant`. + DefaultSignatureAlgorithm pulumi.StringPtrInput + // Which flow should be used for DirectGrantFlow DirectGrantFlow pulumi.StringPtrInput - // The display name for the realm that is shown when logging in to the admin console. - DisplayName pulumi.StringPtrInput - // The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. + DisplayName pulumi.StringPtrInput DisplayNameHtml pulumi.StringPtrInput - // The desired flow for Docker authentication. Defaults to `docker auth`. - DockerAuthenticationFlow pulumi.StringPtrInput - // When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. - DuplicateEmailsAllowed pulumi.BoolPtrInput - // When true, the username field is editable. - EditUsernameAllowed pulumi.BoolPtrInput - // Used for emails that are sent by Keycloak. - EmailTheme pulumi.StringPtrInput - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. - Enabled pulumi.BoolPtrInput - // When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - InternalId pulumi.StringPtrInput - Internationalization RealmInternationalizationPtrInput - // Used for the login, forgot password, and registration pages. - LoginTheme pulumi.StringPtrInput - // When true, users may log in with their email address. - LoginWithEmailAllowed pulumi.BoolPtrInput - // The maximum amount of time a client has to finish the device code flow before it expires. - // - // The attributes below should be specified in seconds. - Oauth2DeviceCodeLifespan pulumi.StringPtrInput - // The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - Oauth2DevicePollingInterval pulumi.IntPtrInput - // The amount of time an offline session can be idle before it expires. - OfflineSessionIdleTimeout pulumi.StringPtrInput - // The maximum amount of time before an offline session expires regardless of activity. - OfflineSessionMaxLifespan pulumi.StringPtrInput - // Enable `offlineSessionMaxLifespan`. + // Which flow should be used for DockerAuthenticationFlow + DockerAuthenticationFlow pulumi.StringPtrInput + DuplicateEmailsAllowed pulumi.BoolPtrInput + EditUsernameAllowed pulumi.BoolPtrInput + EmailTheme pulumi.StringPtrInput + Enabled pulumi.BoolPtrInput + InternalId pulumi.StringPtrInput + Internationalization RealmInternationalizationPtrInput + LoginTheme pulumi.StringPtrInput + LoginWithEmailAllowed pulumi.BoolPtrInput + Oauth2DeviceCodeLifespan pulumi.StringPtrInput + Oauth2DevicePollingInterval pulumi.IntPtrInput + OfflineSessionIdleTimeout pulumi.StringPtrInput + OfflineSessionMaxLifespan pulumi.StringPtrInput OfflineSessionMaxLifespanEnabled pulumi.BoolPtrInput OtpPolicy RealmOtpPolicyPtrInput - // The password policy for users within the realm. - // - // The arguments below can be used to configure authentication flow bindings: - PasswordPolicy pulumi.StringPtrInput - // The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - Realm pulumi.StringInput - // Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - // - // The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - RefreshTokenMaxReuse pulumi.IntPtrInput - // When true, user registration will be enabled, and a link for registration will be displayed on the login page. - RegistrationAllowed pulumi.BoolPtrInput - // When true, the user's email will be used as their username during registration. + // String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + // can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + // and notUsername(undefined)" + PasswordPolicy pulumi.StringPtrInput + Realm pulumi.StringInput + RefreshTokenMaxReuse pulumi.IntPtrInput + RegistrationAllowed pulumi.BoolPtrInput RegistrationEmailAsUsername pulumi.BoolPtrInput - // The desired flow for user registration. Defaults to `registration`. + // Which flow should be used for RegistrationFlow RegistrationFlow pulumi.StringPtrInput - // When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - RememberMe pulumi.BoolPtrInput - // The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + RememberMe pulumi.BoolPtrInput + // Which flow should be used for ResetCredentialsFlow ResetCredentialsFlow pulumi.StringPtrInput - // When true, a "forgot password" link will be displayed on the login page. ResetPasswordAllowed pulumi.BoolPtrInput - // If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - RevokeRefreshToken pulumi.BoolPtrInput - SecurityDefenses RealmSecurityDefensesPtrInput - SmtpServer RealmSmtpServerPtrInput - // Can be one of following values: 'none, 'external' or 'all' - SslRequired pulumi.StringPtrInput - // The amount of time a session can be idle before it expires. - SsoSessionIdleTimeout pulumi.StringPtrInput - // Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. + RevokeRefreshToken pulumi.BoolPtrInput + SecurityDefenses RealmSecurityDefensesPtrInput + SmtpServer RealmSmtpServerPtrInput + // SSL Required: Values can be 'none', 'external' or 'all'. + SslRequired pulumi.StringPtrInput + SsoSessionIdleTimeout pulumi.StringPtrInput SsoSessionIdleTimeoutRememberMe pulumi.StringPtrInput - // The maximum amount of time before a session expires regardless of activity. - SsoSessionMaxLifespan pulumi.StringPtrInput - // Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. + SsoSessionMaxLifespan pulumi.StringPtrInput SsoSessionMaxLifespanRememberMe pulumi.StringPtrInput - // When `true`, users are allowed to manage their own resources. Defaults to `false`. - UserManagedAccess pulumi.BoolPtrInput - // When true, users are required to verify their email address after registration and after email address changes. - VerifyEmail pulumi.BoolPtrInput - // Configuration for WebAuthn Passwordless Policy authentication. - // - // Each of these attributes are blocks with the following attributes: - WebAuthnPasswordlessPolicy RealmWebAuthnPasswordlessPolicyPtrInput - // Configuration for WebAuthn Policy authentication. - WebAuthnPolicy RealmWebAuthnPolicyPtrInput + UserManagedAccess pulumi.BoolPtrInput + VerifyEmail pulumi.BoolPtrInput + WebAuthnPasswordlessPolicy RealmWebAuthnPasswordlessPolicyPtrInput + WebAuthnPolicy RealmWebAuthnPolicyPtrInput } func (RealmArgs) ElementType() reflect.Type { @@ -823,72 +483,60 @@ func (o RealmOutput) ToRealmOutputWithContext(ctx context.Context) RealmOutput { return o } -// The maximum amount of time a client has to finish the authorization code flow. func (o RealmOutput) AccessCodeLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.AccessCodeLifespan }).(pulumi.StringOutput) } -// The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. func (o RealmOutput) AccessCodeLifespanLogin() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.AccessCodeLifespanLogin }).(pulumi.StringOutput) } -// The maximum amount of time a user has to complete login related actions, such as updating a password. func (o RealmOutput) AccessCodeLifespanUserAction() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.AccessCodeLifespanUserAction }).(pulumi.StringOutput) } -// The amount of time an access token can be used before it expires. func (o RealmOutput) AccessTokenLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.AccessTokenLifespan }).(pulumi.StringOutput) } -// The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. func (o RealmOutput) AccessTokenLifespanForImplicitFlow() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.AccessTokenLifespanForImplicitFlow }).(pulumi.StringOutput) } -// Used for account management pages. func (o RealmOutput) AccountTheme() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.AccountTheme }).(pulumi.StringPtrOutput) } -// The maximum time a user has to use an admin-generated permit before it expires. func (o RealmOutput) ActionTokenGeneratedByAdminLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.ActionTokenGeneratedByAdminLifespan }).(pulumi.StringOutput) } -// The maximum time a user has to use a user-generated permit before it expires. func (o RealmOutput) ActionTokenGeneratedByUserLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.ActionTokenGeneratedByUserLifespan }).(pulumi.StringOutput) } -// Used for the admin console. func (o RealmOutput) AdminTheme() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.AdminTheme }).(pulumi.StringPtrOutput) } -// A map of custom attributes to add to the realm. func (o RealmOutput) Attributes() pulumi.MapOutput { return o.ApplyT(func(v *Realm) pulumi.MapOutput { return v.Attributes }).(pulumi.MapOutput) } -// The desired flow for browser authentication. Defaults to `browser`. +// Which flow should be used for BrowserFlow func (o RealmOutput) BrowserFlow() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.BrowserFlow }).(pulumi.StringOutput) } -// The desired flow for client authentication. Defaults to `clients`. +// Which flow should be used for ClientAuthenticationFlow func (o RealmOutput) ClientAuthenticationFlow() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.ClientAuthenticationFlow }).(pulumi.StringOutput) } -// The amount of time a session can be idle before it expires. Users can override it for individual clients. func (o RealmOutput) ClientSessionIdleTimeout() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.ClientSessionIdleTimeout }).(pulumi.StringOutput) } -// The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. func (o RealmOutput) ClientSessionMaxLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.ClientSessionMaxLifespan }).(pulumi.StringOutput) } @@ -901,52 +549,44 @@ func (o RealmOutput) DefaultOptionalClientScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v *Realm) pulumi.StringArrayOutput { return v.DefaultOptionalClientScopes }).(pulumi.StringArrayOutput) } -// Default algorithm used to sign tokens for the realm. func (o RealmOutput) DefaultSignatureAlgorithm() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.DefaultSignatureAlgorithm }).(pulumi.StringPtrOutput) } -// The desired flow for direct access authentication. Defaults to `direct grant`. +// Which flow should be used for DirectGrantFlow func (o RealmOutput) DirectGrantFlow() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.DirectGrantFlow }).(pulumi.StringOutput) } -// The display name for the realm that is shown when logging in to the admin console. func (o RealmOutput) DisplayName() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.DisplayName }).(pulumi.StringPtrOutput) } -// The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. func (o RealmOutput) DisplayNameHtml() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.DisplayNameHtml }).(pulumi.StringPtrOutput) } -// The desired flow for Docker authentication. Defaults to `docker auth`. +// Which flow should be used for DockerAuthenticationFlow func (o RealmOutput) DockerAuthenticationFlow() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.DockerAuthenticationFlow }).(pulumi.StringOutput) } -// When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. func (o RealmOutput) DuplicateEmailsAllowed() pulumi.BoolOutput { return o.ApplyT(func(v *Realm) pulumi.BoolOutput { return v.DuplicateEmailsAllowed }).(pulumi.BoolOutput) } -// When true, the username field is editable. func (o RealmOutput) EditUsernameAllowed() pulumi.BoolOutput { return o.ApplyT(func(v *Realm) pulumi.BoolOutput { return v.EditUsernameAllowed }).(pulumi.BoolOutput) } -// Used for emails that are sent by Keycloak. func (o RealmOutput) EmailTheme() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.EmailTheme }).(pulumi.StringPtrOutput) } -// When `false`, users and clients will not be able to access this realm. Defaults to `true`. func (o RealmOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Realm) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } -// When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. func (o RealmOutput) InternalId() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.InternalId }).(pulumi.StringOutput) } @@ -955,39 +595,30 @@ func (o RealmOutput) Internationalization() RealmInternationalizationPtrOutput { return o.ApplyT(func(v *Realm) RealmInternationalizationPtrOutput { return v.Internationalization }).(RealmInternationalizationPtrOutput) } -// Used for the login, forgot password, and registration pages. func (o RealmOutput) LoginTheme() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.LoginTheme }).(pulumi.StringPtrOutput) } -// When true, users may log in with their email address. func (o RealmOutput) LoginWithEmailAllowed() pulumi.BoolOutput { return o.ApplyT(func(v *Realm) pulumi.BoolOutput { return v.LoginWithEmailAllowed }).(pulumi.BoolOutput) } -// The maximum amount of time a client has to finish the device code flow before it expires. -// -// The attributes below should be specified in seconds. func (o RealmOutput) Oauth2DeviceCodeLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.Oauth2DeviceCodeLifespan }).(pulumi.StringOutput) } -// The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. func (o RealmOutput) Oauth2DevicePollingInterval() pulumi.IntOutput { return o.ApplyT(func(v *Realm) pulumi.IntOutput { return v.Oauth2DevicePollingInterval }).(pulumi.IntOutput) } -// The amount of time an offline session can be idle before it expires. func (o RealmOutput) OfflineSessionIdleTimeout() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.OfflineSessionIdleTimeout }).(pulumi.StringOutput) } -// The maximum amount of time before an offline session expires regardless of activity. func (o RealmOutput) OfflineSessionMaxLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.OfflineSessionMaxLifespan }).(pulumi.StringOutput) } -// Enable `offlineSessionMaxLifespan`. func (o RealmOutput) OfflineSessionMaxLifespanEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Realm) pulumi.BoolPtrOutput { return v.OfflineSessionMaxLifespanEnabled }).(pulumi.BoolPtrOutput) } @@ -996,56 +627,47 @@ func (o RealmOutput) OtpPolicy() RealmOtpPolicyOutput { return o.ApplyT(func(v *Realm) RealmOtpPolicyOutput { return v.OtpPolicy }).(RealmOtpPolicyOutput) } -// The password policy for users within the realm. -// -// The arguments below can be used to configure authentication flow bindings: +// String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies +// can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) +// and notUsername(undefined)" func (o RealmOutput) PasswordPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.PasswordPolicy }).(pulumi.StringPtrOutput) } -// The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. func (o RealmOutput) Realm() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.Realm }).(pulumi.StringOutput) } -// Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. -// -// The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. func (o RealmOutput) RefreshTokenMaxReuse() pulumi.IntPtrOutput { return o.ApplyT(func(v *Realm) pulumi.IntPtrOutput { return v.RefreshTokenMaxReuse }).(pulumi.IntPtrOutput) } -// When true, user registration will be enabled, and a link for registration will be displayed on the login page. func (o RealmOutput) RegistrationAllowed() pulumi.BoolOutput { return o.ApplyT(func(v *Realm) pulumi.BoolOutput { return v.RegistrationAllowed }).(pulumi.BoolOutput) } -// When true, the user's email will be used as their username during registration. func (o RealmOutput) RegistrationEmailAsUsername() pulumi.BoolOutput { return o.ApplyT(func(v *Realm) pulumi.BoolOutput { return v.RegistrationEmailAsUsername }).(pulumi.BoolOutput) } -// The desired flow for user registration. Defaults to `registration`. +// Which flow should be used for RegistrationFlow func (o RealmOutput) RegistrationFlow() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.RegistrationFlow }).(pulumi.StringOutput) } -// When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. func (o RealmOutput) RememberMe() pulumi.BoolOutput { return o.ApplyT(func(v *Realm) pulumi.BoolOutput { return v.RememberMe }).(pulumi.BoolOutput) } -// The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. +// Which flow should be used for ResetCredentialsFlow func (o RealmOutput) ResetCredentialsFlow() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.ResetCredentialsFlow }).(pulumi.StringOutput) } -// When true, a "forgot password" link will be displayed on the login page. func (o RealmOutput) ResetPasswordAllowed() pulumi.BoolOutput { return o.ApplyT(func(v *Realm) pulumi.BoolOutput { return v.ResetPasswordAllowed }).(pulumi.BoolOutput) } -// If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. func (o RealmOutput) RevokeRefreshToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Realm) pulumi.BoolPtrOutput { return v.RevokeRefreshToken }).(pulumi.BoolPtrOutput) } @@ -1058,49 +680,39 @@ func (o RealmOutput) SmtpServer() RealmSmtpServerPtrOutput { return o.ApplyT(func(v *Realm) RealmSmtpServerPtrOutput { return v.SmtpServer }).(RealmSmtpServerPtrOutput) } -// Can be one of following values: 'none, 'external' or 'all' +// SSL Required: Values can be 'none', 'external' or 'all'. func (o RealmOutput) SslRequired() pulumi.StringPtrOutput { return o.ApplyT(func(v *Realm) pulumi.StringPtrOutput { return v.SslRequired }).(pulumi.StringPtrOutput) } -// The amount of time a session can be idle before it expires. func (o RealmOutput) SsoSessionIdleTimeout() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.SsoSessionIdleTimeout }).(pulumi.StringOutput) } -// Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. func (o RealmOutput) SsoSessionIdleTimeoutRememberMe() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.SsoSessionIdleTimeoutRememberMe }).(pulumi.StringOutput) } -// The maximum amount of time before a session expires regardless of activity. func (o RealmOutput) SsoSessionMaxLifespan() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.SsoSessionMaxLifespan }).(pulumi.StringOutput) } -// Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. func (o RealmOutput) SsoSessionMaxLifespanRememberMe() pulumi.StringOutput { return o.ApplyT(func(v *Realm) pulumi.StringOutput { return v.SsoSessionMaxLifespanRememberMe }).(pulumi.StringOutput) } -// When `true`, users are allowed to manage their own resources. Defaults to `false`. func (o RealmOutput) UserManagedAccess() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Realm) pulumi.BoolPtrOutput { return v.UserManagedAccess }).(pulumi.BoolPtrOutput) } -// When true, users are required to verify their email address after registration and after email address changes. func (o RealmOutput) VerifyEmail() pulumi.BoolOutput { return o.ApplyT(func(v *Realm) pulumi.BoolOutput { return v.VerifyEmail }).(pulumi.BoolOutput) } -// Configuration for WebAuthn Passwordless Policy authentication. -// -// Each of these attributes are blocks with the following attributes: func (o RealmOutput) WebAuthnPasswordlessPolicy() RealmWebAuthnPasswordlessPolicyOutput { return o.ApplyT(func(v *Realm) RealmWebAuthnPasswordlessPolicyOutput { return v.WebAuthnPasswordlessPolicy }).(RealmWebAuthnPasswordlessPolicyOutput) } -// Configuration for WebAuthn Policy authentication. func (o RealmOutput) WebAuthnPolicy() RealmWebAuthnPolicyOutput { return o.ApplyT(func(v *Realm) RealmWebAuthnPolicyOutput { return v.WebAuthnPolicy }).(RealmWebAuthnPolicyOutput) } diff --git a/sdk/go/keycloak/realmEvents.go b/sdk/go/keycloak/realmEvents.go index bb07c8f9..744eae09 100644 --- a/sdk/go/keycloak/realmEvents.go +++ b/sdk/go/keycloak/realmEvents.go @@ -12,10 +12,13 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # RealmEvents +// // Allows for managing Realm Events settings within Keycloak. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -29,25 +32,24 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), +// Realm: pulumi.String("test"), // }) // if err != nil { // return err // } // _, err = keycloak.NewRealmEvents(ctx, "realmEvents", &keycloak.RealmEventsArgs{ -// RealmId: realm.ID(), -// EventsEnabled: pulumi.Bool(true), -// EventsExpiration: pulumi.Int(3600), -// AdminEventsEnabled: pulumi.Bool(true), // AdminEventsDetailsEnabled: pulumi.Bool(true), +// AdminEventsEnabled: pulumi.Bool(true), // EnabledEventTypes: pulumi.StringArray{ // pulumi.String("LOGIN"), // pulumi.String("LOGOUT"), // }, +// EventsEnabled: pulumi.Bool(true), +// EventsExpiration: pulumi.Int(3600), // EventsListeners: pulumi.StringArray{ // pulumi.String("jboss-logging"), // }, +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -57,27 +59,29 @@ import ( // } // // ``` +// +// +// ### Argument Reference // -// ## Import +// The following arguments are supported: // -// This resource currently does not support importing. +// - `realmId` - (Required) The name of the realm the event settings apply to. +// - `adminEventsEnabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`. +// - `adminEventsDetailsEnabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`. +// - `eventsEnabled` - (Optional) When true, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. +// - `eventsExpiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never. +// - `enabledEventTypes` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. +// - `eventsListeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. type RealmEvents struct { pulumi.CustomResourceState - // When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - AdminEventsDetailsEnabled pulumi.BoolPtrOutput `pulumi:"adminEventsDetailsEnabled"` - // When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - AdminEventsEnabled pulumi.BoolPtrOutput `pulumi:"adminEventsEnabled"` - // The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - EnabledEventTypes pulumi.StringArrayOutput `pulumi:"enabledEventTypes"` - // When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. - EventsEnabled pulumi.BoolPtrOutput `pulumi:"eventsEnabled"` - // The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - EventsExpiration pulumi.IntPtrOutput `pulumi:"eventsExpiration"` - // The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - EventsListeners pulumi.StringArrayOutput `pulumi:"eventsListeners"` - // The name of the realm the event settings apply to. - RealmId pulumi.StringOutput `pulumi:"realmId"` + AdminEventsDetailsEnabled pulumi.BoolPtrOutput `pulumi:"adminEventsDetailsEnabled"` + AdminEventsEnabled pulumi.BoolPtrOutput `pulumi:"adminEventsEnabled"` + EnabledEventTypes pulumi.StringArrayOutput `pulumi:"enabledEventTypes"` + EventsEnabled pulumi.BoolPtrOutput `pulumi:"eventsEnabled"` + EventsExpiration pulumi.IntPtrOutput `pulumi:"eventsExpiration"` + EventsListeners pulumi.StringArrayOutput `pulumi:"eventsListeners"` + RealmId pulumi.StringOutput `pulumi:"realmId"` } // NewRealmEvents registers a new resource with the given unique name, arguments, and options. @@ -113,37 +117,23 @@ func GetRealmEvents(ctx *pulumi.Context, // Input properties used for looking up and filtering RealmEvents resources. type realmEventsState struct { - // When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - AdminEventsDetailsEnabled *bool `pulumi:"adminEventsDetailsEnabled"` - // When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - AdminEventsEnabled *bool `pulumi:"adminEventsEnabled"` - // The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - EnabledEventTypes []string `pulumi:"enabledEventTypes"` - // When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. - EventsEnabled *bool `pulumi:"eventsEnabled"` - // The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - EventsExpiration *int `pulumi:"eventsExpiration"` - // The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - EventsListeners []string `pulumi:"eventsListeners"` - // The name of the realm the event settings apply to. - RealmId *string `pulumi:"realmId"` + AdminEventsDetailsEnabled *bool `pulumi:"adminEventsDetailsEnabled"` + AdminEventsEnabled *bool `pulumi:"adminEventsEnabled"` + EnabledEventTypes []string `pulumi:"enabledEventTypes"` + EventsEnabled *bool `pulumi:"eventsEnabled"` + EventsExpiration *int `pulumi:"eventsExpiration"` + EventsListeners []string `pulumi:"eventsListeners"` + RealmId *string `pulumi:"realmId"` } type RealmEventsState struct { - // When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. AdminEventsDetailsEnabled pulumi.BoolPtrInput - // When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - AdminEventsEnabled pulumi.BoolPtrInput - // The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - EnabledEventTypes pulumi.StringArrayInput - // When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. - EventsEnabled pulumi.BoolPtrInput - // The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - EventsExpiration pulumi.IntPtrInput - // The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - EventsListeners pulumi.StringArrayInput - // The name of the realm the event settings apply to. - RealmId pulumi.StringPtrInput + AdminEventsEnabled pulumi.BoolPtrInput + EnabledEventTypes pulumi.StringArrayInput + EventsEnabled pulumi.BoolPtrInput + EventsExpiration pulumi.IntPtrInput + EventsListeners pulumi.StringArrayInput + RealmId pulumi.StringPtrInput } func (RealmEventsState) ElementType() reflect.Type { @@ -151,38 +141,24 @@ func (RealmEventsState) ElementType() reflect.Type { } type realmEventsArgs struct { - // When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - AdminEventsDetailsEnabled *bool `pulumi:"adminEventsDetailsEnabled"` - // When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - AdminEventsEnabled *bool `pulumi:"adminEventsEnabled"` - // The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - EnabledEventTypes []string `pulumi:"enabledEventTypes"` - // When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. - EventsEnabled *bool `pulumi:"eventsEnabled"` - // The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - EventsExpiration *int `pulumi:"eventsExpiration"` - // The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - EventsListeners []string `pulumi:"eventsListeners"` - // The name of the realm the event settings apply to. - RealmId string `pulumi:"realmId"` + AdminEventsDetailsEnabled *bool `pulumi:"adminEventsDetailsEnabled"` + AdminEventsEnabled *bool `pulumi:"adminEventsEnabled"` + EnabledEventTypes []string `pulumi:"enabledEventTypes"` + EventsEnabled *bool `pulumi:"eventsEnabled"` + EventsExpiration *int `pulumi:"eventsExpiration"` + EventsListeners []string `pulumi:"eventsListeners"` + RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a RealmEvents resource. type RealmEventsArgs struct { - // When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. AdminEventsDetailsEnabled pulumi.BoolPtrInput - // When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - AdminEventsEnabled pulumi.BoolPtrInput - // The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - EnabledEventTypes pulumi.StringArrayInput - // When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. - EventsEnabled pulumi.BoolPtrInput - // The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - EventsExpiration pulumi.IntPtrInput - // The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - EventsListeners pulumi.StringArrayInput - // The name of the realm the event settings apply to. - RealmId pulumi.StringInput + AdminEventsEnabled pulumi.BoolPtrInput + EnabledEventTypes pulumi.StringArrayInput + EventsEnabled pulumi.BoolPtrInput + EventsExpiration pulumi.IntPtrInput + EventsListeners pulumi.StringArrayInput + RealmId pulumi.StringInput } func (RealmEventsArgs) ElementType() reflect.Type { @@ -272,37 +248,30 @@ func (o RealmEventsOutput) ToRealmEventsOutputWithContext(ctx context.Context) R return o } -// When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. func (o RealmEventsOutput) AdminEventsDetailsEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *RealmEvents) pulumi.BoolPtrOutput { return v.AdminEventsDetailsEnabled }).(pulumi.BoolPtrOutput) } -// When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. func (o RealmEventsOutput) AdminEventsEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *RealmEvents) pulumi.BoolPtrOutput { return v.AdminEventsEnabled }).(pulumi.BoolPtrOutput) } -// The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. func (o RealmEventsOutput) EnabledEventTypes() pulumi.StringArrayOutput { return o.ApplyT(func(v *RealmEvents) pulumi.StringArrayOutput { return v.EnabledEventTypes }).(pulumi.StringArrayOutput) } -// When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. func (o RealmEventsOutput) EventsEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *RealmEvents) pulumi.BoolPtrOutput { return v.EventsEnabled }).(pulumi.BoolPtrOutput) } -// The amount of time in seconds events will be saved in the database. Defaults to `0` or never. func (o RealmEventsOutput) EventsExpiration() pulumi.IntPtrOutput { return o.ApplyT(func(v *RealmEvents) pulumi.IntPtrOutput { return v.EventsExpiration }).(pulumi.IntPtrOutput) } -// The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. func (o RealmEventsOutput) EventsListeners() pulumi.StringArrayOutput { return o.ApplyT(func(v *RealmEvents) pulumi.StringArrayOutput { return v.EventsListeners }).(pulumi.StringArrayOutput) } -// The name of the realm the event settings apply to. func (o RealmEventsOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *RealmEvents) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/realmKeystoreAesGenerated.go b/sdk/go/keycloak/realmKeystoreAesGenerated.go index 5419033b..e9d9e36b 100644 --- a/sdk/go/keycloak/realmKeystoreAesGenerated.go +++ b/sdk/go/keycloak/realmKeystoreAesGenerated.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -51,14 +52,15 @@ import ( // } // // ``` +// // // ## Import // // Realm keys can be imported using realm name and keystore id, you can find it in web UI. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/go/keycloak/realmKeystoreEcdsaGenerated.go b/sdk/go/keycloak/realmKeystoreEcdsaGenerated.go index 14d79f29..dabb4117 100644 --- a/sdk/go/keycloak/realmKeystoreEcdsaGenerated.go +++ b/sdk/go/keycloak/realmKeystoreEcdsaGenerated.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -51,14 +52,15 @@ import ( // } // // ``` +// // // ## Import // // Realm keys can be imported using realm name and keystore id, you can find it in web UI. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/go/keycloak/realmKeystoreHmacGenerated.go b/sdk/go/keycloak/realmKeystoreHmacGenerated.go index 2ec3cd28..c959134e 100644 --- a/sdk/go/keycloak/realmKeystoreHmacGenerated.go +++ b/sdk/go/keycloak/realmKeystoreHmacGenerated.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -52,14 +53,15 @@ import ( // } // // ``` +// // // ## Import // // Realm keys can be imported using realm name and keystore id, you can find it in web UI. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/go/keycloak/realmKeystoreJavaGenerated.go b/sdk/go/keycloak/realmKeystoreJavaGenerated.go index 462ff170..586652ab 100644 --- a/sdk/go/keycloak/realmKeystoreJavaGenerated.go +++ b/sdk/go/keycloak/realmKeystoreJavaGenerated.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -55,14 +56,15 @@ import ( // } // // ``` +// // // ## Import // // Realm keys can be imported using realm name and keystore id, you can find it in web UI. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/go/keycloak/realmKeystoreRsa.go b/sdk/go/keycloak/realmKeystoreRsa.go index bcfff6ed..fb037ba7 100644 --- a/sdk/go/keycloak/realmKeystoreRsa.go +++ b/sdk/go/keycloak/realmKeystoreRsa.go @@ -20,9 +20,9 @@ import ( // // Realm keys can be imported using realm name and keystore id, you can find it in web UI. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/go/keycloak/realmKeystoreRsaGenerated.go b/sdk/go/keycloak/realmKeystoreRsaGenerated.go index dcee973b..7ce1d2b1 100644 --- a/sdk/go/keycloak/realmKeystoreRsaGenerated.go +++ b/sdk/go/keycloak/realmKeystoreRsaGenerated.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -52,14 +53,15 @@ import ( // } // // ``` +// // // ## Import // // Realm keys can be imported using realm name and keystore id, you can find it in web UI. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/go/keycloak/realmUserProfile.go b/sdk/go/keycloak/realmUserProfile.go index c95cd2fa..ea596868 100644 --- a/sdk/go/keycloak/realmUserProfile.go +++ b/sdk/go/keycloak/realmUserProfile.go @@ -25,6 +25,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -149,6 +150,7 @@ import ( // } // // ``` +// // // ## Import // diff --git a/sdk/go/keycloak/requiredAction.go b/sdk/go/keycloak/requiredAction.go index 44f84c6b..cc6c4ceb 100644 --- a/sdk/go/keycloak/requiredAction.go +++ b/sdk/go/keycloak/requiredAction.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -50,14 +51,15 @@ import ( // } // // ``` +// // // ## Import // // Authentication executions can be imported using the formats: `{{realm}}/{{alias}}`. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias diff --git a/sdk/go/keycloak/role.go b/sdk/go/keycloak/role.go index 14f63eac..decb232e 100644 --- a/sdk/go/keycloak/role.go +++ b/sdk/go/keycloak/role.go @@ -12,13 +12,16 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # Role +// // Allows for creating and managing roles within Keycloak. // -// Roles allow you define privileges within Keycloak and map them to users and groups. +// Roles allow you define privileges within Keycloak and map them to users +// and groups. // -// ## Example Usage -// ### Realm Role) +// ### Example Usage (Realm role) // +// // ```go // package main // @@ -32,19 +35,15 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // _, err = keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), // Description: pulumi.String("My Realm Role"), -// Attributes: pulumi.Map{ -// "key": pulumi.Any("value"), -// "multivalue": pulumi.Any("value1##value2"), -// }, +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -54,8 +53,11 @@ import ( // } // // ``` -// ### Client Role) +// +// +// ### Example Usage (Client role) // +// // ```go // package main // @@ -70,31 +72,25 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } -// _, err = openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), +// _, err = openid.NewClient(ctx, "client", &openid.ClientArgs{ +// AccessType: pulumi.String("BEARER-ONLY"), // ClientId: pulumi.String("client"), // Enabled: pulumi.Bool(true), -// AccessType: pulumi.String("CONFIDENTIAL"), -// ValidRedirectUris: pulumi.StringArray{ -// pulumi.String("http://localhost:8080/openid-callback"), -// }, +// RealmId: realm.ID(), // }) // if err != nil { // return err // } // _, err = keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.Any(keycloak_client.Openid_client.Id), +// ClientId: pulumi.Any(keycloak_client.Client.Id), // Description: pulumi.String("My Client Role"), -// Attributes: pulumi.Map{ -// "key": pulumi.Any("value"), -// }, +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -104,8 +100,11 @@ import ( // } // // ``` -// ### Composite Role) +// // +// ### Example Usage (Composite role) +// +// // ```go // package main // @@ -120,83 +119,62 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } -// createRole, err := keycloak.NewRole(ctx, "createRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "createRole", &keycloak.RoleArgs{ // RealmId: realm.ID(), -// Attributes: pulumi.Map{ -// "key": pulumi.Any("value"), -// }, // }) // if err != nil { // return err // } -// readRole, err := keycloak.NewRole(ctx, "readRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "readRole", &keycloak.RoleArgs{ // RealmId: realm.ID(), -// Attributes: pulumi.Map{ -// "key": pulumi.Any("value"), -// }, // }) // if err != nil { // return err // } -// updateRole, err := keycloak.NewRole(ctx, "updateRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "updateRole", &keycloak.RoleArgs{ // RealmId: realm.ID(), -// Attributes: pulumi.Map{ -// "key": pulumi.Any("value"), -// }, // }) // if err != nil { // return err // } -// deleteRole, err := keycloak.NewRole(ctx, "deleteRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "deleteRole", &keycloak.RoleArgs{ // RealmId: realm.ID(), -// Attributes: pulumi.Map{ -// "key": pulumi.Any("value"), -// }, // }) // if err != nil { // return err // } -// _, err = openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// RealmId: realm.ID(), +// _, err = openid.NewClient(ctx, "client", &openid.ClientArgs{ +// AccessType: pulumi.String("BEARER-ONLY"), // ClientId: pulumi.String("client"), // Enabled: pulumi.Bool(true), -// AccessType: pulumi.String("CONFIDENTIAL"), -// ValidRedirectUris: pulumi.StringArray{ -// pulumi.String("http://localhost:8080/openid-callback"), -// }, +// RealmId: realm.ID(), // }) // if err != nil { // return err // } -// clientRole, err := keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.Any(keycloak_client.Openid_client.Id), +// _, err = keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ +// ClientId: pulumi.Any(keycloak_client.Client.Id), // Description: pulumi.String("My Client Role"), -// Attributes: pulumi.Map{ -// "key": pulumi.Any("value"), -// }, +// RealmId: realm.ID(), // }) // if err != nil { // return err // } // _, err = keycloak.NewRole(ctx, "adminRole", &keycloak.RoleArgs{ -// RealmId: realm.ID(), // CompositeRoles: pulumi.StringArray{ -// createRole.ID(), -// readRole.ID(), -// updateRole.ID(), -// deleteRole.ID(), -// clientRole.ID(), -// }, -// Attributes: pulumi.Map{ -// "key": pulumi.Any("value"), +// pulumi.String("{keycloak_role.create_role.id}"), +// pulumi.String("{keycloak_role.read_role.id}"), +// pulumi.String("{keycloak_role.update_role.id}"), +// pulumi.String("{keycloak_role.delete_role.id}"), +// pulumi.String("{keycloak_role.client_role.id}"), // }, +// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -206,35 +184,38 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns +// The following arguments are supported: // -// to the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role. +// - `realmId` - (Required) The realm this role exists within. +// - `clientId` - (Optional) When specified, this role will be created as +// a client role attached to the client with the provided ID +// - `name` - (Required) The name of the role +// - `description` - (Optional) The description of the role +// - `compositeRoles` - (Optional) When specified, this role will be a +// composite role, composed of all roles that have an ID present within +// this list. // -// Example: +// ### Import // -// bash +// Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where +// `roleId` is the unique ID that Keycloak assigns to the role. The ID is +// not easy to find in the GUI, but it appears in the URL when editing the +// role. // -// ```sh -// $ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad -// ``` +// Example: type Role struct { pulumi.CustomResourceState - // A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes pulumi.MapOutput `pulumi:"attributes"` - // When specified, this role will be created as a client role attached to the client with the provided ID - ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // When specified, this role will be a composite role, composed of all roles that have an ID present within this list. + Attributes pulumi.MapOutput `pulumi:"attributes"` + ClientId pulumi.StringPtrOutput `pulumi:"clientId"` CompositeRoles pulumi.StringArrayOutput `pulumi:"compositeRoles"` - // The description of the role - Description pulumi.StringPtrOutput `pulumi:"description"` - // The name of the role - Name pulumi.StringOutput `pulumi:"name"` - // The realm this role exists within. - RealmId pulumi.StringOutput `pulumi:"realmId"` + Description pulumi.StringPtrOutput `pulumi:"description"` + Name pulumi.StringOutput `pulumi:"name"` + RealmId pulumi.StringOutput `pulumi:"realmId"` } // NewRole registers a new resource with the given unique name, arguments, and options. @@ -270,33 +251,21 @@ func GetRole(ctx *pulumi.Context, // Input properties used for looking up and filtering Role resources. type roleState struct { - // A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes map[string]interface{} `pulumi:"attributes"` - // When specified, this role will be created as a client role attached to the client with the provided ID - ClientId *string `pulumi:"clientId"` - // When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - CompositeRoles []string `pulumi:"compositeRoles"` - // The description of the role - Description *string `pulumi:"description"` - // The name of the role - Name *string `pulumi:"name"` - // The realm this role exists within. - RealmId *string `pulumi:"realmId"` + Attributes map[string]interface{} `pulumi:"attributes"` + ClientId *string `pulumi:"clientId"` + CompositeRoles []string `pulumi:"compositeRoles"` + Description *string `pulumi:"description"` + Name *string `pulumi:"name"` + RealmId *string `pulumi:"realmId"` } type RoleState struct { - // A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes pulumi.MapInput - // When specified, this role will be created as a client role attached to the client with the provided ID - ClientId pulumi.StringPtrInput - // When specified, this role will be a composite role, composed of all roles that have an ID present within this list. + Attributes pulumi.MapInput + ClientId pulumi.StringPtrInput CompositeRoles pulumi.StringArrayInput - // The description of the role - Description pulumi.StringPtrInput - // The name of the role - Name pulumi.StringPtrInput - // The realm this role exists within. - RealmId pulumi.StringPtrInput + Description pulumi.StringPtrInput + Name pulumi.StringPtrInput + RealmId pulumi.StringPtrInput } func (RoleState) ElementType() reflect.Type { @@ -304,34 +273,22 @@ func (RoleState) ElementType() reflect.Type { } type roleArgs struct { - // A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes map[string]interface{} `pulumi:"attributes"` - // When specified, this role will be created as a client role attached to the client with the provided ID - ClientId *string `pulumi:"clientId"` - // When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - CompositeRoles []string `pulumi:"compositeRoles"` - // The description of the role - Description *string `pulumi:"description"` - // The name of the role - Name *string `pulumi:"name"` - // The realm this role exists within. - RealmId string `pulumi:"realmId"` + Attributes map[string]interface{} `pulumi:"attributes"` + ClientId *string `pulumi:"clientId"` + CompositeRoles []string `pulumi:"compositeRoles"` + Description *string `pulumi:"description"` + Name *string `pulumi:"name"` + RealmId string `pulumi:"realmId"` } // The set of arguments for constructing a Role resource. type RoleArgs struct { - // A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes pulumi.MapInput - // When specified, this role will be created as a client role attached to the client with the provided ID - ClientId pulumi.StringPtrInput - // When specified, this role will be a composite role, composed of all roles that have an ID present within this list. + Attributes pulumi.MapInput + ClientId pulumi.StringPtrInput CompositeRoles pulumi.StringArrayInput - // The description of the role - Description pulumi.StringPtrInput - // The name of the role - Name pulumi.StringPtrInput - // The realm this role exists within. - RealmId pulumi.StringInput + Description pulumi.StringPtrInput + Name pulumi.StringPtrInput + RealmId pulumi.StringInput } func (RoleArgs) ElementType() reflect.Type { @@ -421,32 +378,26 @@ func (o RoleOutput) ToRoleOutputWithContext(ctx context.Context) RoleOutput { return o } -// A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars func (o RoleOutput) Attributes() pulumi.MapOutput { return o.ApplyT(func(v *Role) pulumi.MapOutput { return v.Attributes }).(pulumi.MapOutput) } -// When specified, this role will be created as a client role attached to the client with the provided ID func (o RoleOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *Role) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// When specified, this role will be a composite role, composed of all roles that have an ID present within this list. func (o RoleOutput) CompositeRoles() pulumi.StringArrayOutput { return o.ApplyT(func(v *Role) pulumi.StringArrayOutput { return v.CompositeRoles }).(pulumi.StringArrayOutput) } -// The description of the role func (o RoleOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *Role) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } -// The name of the role func (o RoleOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *Role) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this role exists within. func (o RoleOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *Role) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/saml/client.go b/sdk/go/keycloak/saml/client.go index 4bb9965c..f57eb0eb 100644 --- a/sdk/go/keycloak/saml/client.go +++ b/sdk/go/keycloak/saml/client.go @@ -12,13 +12,17 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # saml.Client +// // Allows for creating and managing Keycloak clients that use the SAML protocol. // -// Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users -// to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. +// Clients are entities that can use Keycloak for user authentication. Typically, +// clients are applications that redirect users to Keycloak for authentication +// in order to take advantage of Keycloak's user sessions for SSO. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -43,18 +47,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // _, err = saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ +// ClientId: pulumi.String("test-saml-client"), +// IncludeAuthnStatement: pulumi.Bool(true), // RealmId: realm.ID(), -// ClientId: pulumi.String("saml-client"), -// SignDocuments: pulumi.Bool(false), // SignAssertions: pulumi.Bool(true), -// IncludeAuthnStatement: pulumi.Bool(true), +// SignDocuments: pulumi.Bool(false), // SigningCertificate: readFileOrPanic("saml-cert.pem"), // SigningPrivateKey: readFileOrPanic("saml-key.pem"), // }) @@ -66,96 +70,84 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak +// The following arguments are supported: // -// assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. +// - `realmId` - (Required) The realm this client is attached to. +// - `clientId` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. +// - `name` - (Optional) The display name of this client in the GUI. +// - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. +// - `description` - (Optional) The description of this client in the GUI. +// - `includeAuthnStatement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. +// - `signDocuments` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. +// - `signAssertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. +// - `clientSignatureRequired` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. +// - `forcePostBinding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. +// - `frontChannelLogout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. +// - `nameIdFormat` - (Optional) Sets the Name ID format for the subject. +// - `rootUrl` - (Optional) When specified, this value is prepended to all relative URLs. +// - `validRedirectUris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. +// - `baseUrl` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. +// - `masterSamlProcessingUrl` - (Optional) When specified, this URL will be used for all SAML requests. +// - `signingCertificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. +// - `signingPrivateKey` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. +// - `idpInitiatedSsoUrlName` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. +// - `idpInitiatedSsoRelayState` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. +// - `assertionConsumerPostUrl` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). +// - `assertionConsumerRedirectUrl` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). +// - `logoutServicePostBindingUrl` - (Optional) SAML POST Binding URL for the client's single logout service. +// - `logoutServiceRedirectBindingUrl` - (Optional) SAML Redirect Binding URL for the client's single logout service. +// - `fullScopeAllowed` - (Optional) - Allow to include all roles mappings in the access token // -// Example: +// ### Import // -// bash +// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `clientKeycloakId` is the unique ID that Keycloak +// assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. // -// ```sh -// $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 -// ``` +// Example: type Client struct { pulumi.CustomResourceState - // SAML POST Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerPostUrl pulumi.StringPtrOutput `pulumi:"assertionConsumerPostUrl"` - // SAML Redirect Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerRedirectUrl pulumi.StringPtrOutput `pulumi:"assertionConsumerRedirectUrl"` - // Override realm authentication flow bindings + AssertionConsumerPostUrl pulumi.StringPtrOutput `pulumi:"assertionConsumerPostUrl"` + AssertionConsumerRedirectUrl pulumi.StringPtrOutput `pulumi:"assertionConsumerRedirectUrl"` AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrOutput `pulumi:"authenticationFlowBindingOverrides"` - // When specified, this URL will be used whenever Keycloak needs to link to this client. - BaseUrl pulumi.StringPtrOutput `pulumi:"baseUrl"` - // The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - CanonicalizationMethod pulumi.StringPtrOutput `pulumi:"canonicalizationMethod"` - // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - ClientId pulumi.StringOutput `pulumi:"clientId"` - // When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. - ClientSignatureRequired pulumi.BoolPtrOutput `pulumi:"clientSignatureRequired"` - // The description of this client in the GUI. - Description pulumi.StringPtrOutput `pulumi:"description"` - // When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` - // When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - EncryptAssertions pulumi.BoolPtrOutput `pulumi:"encryptAssertions"` - // If assertions for the client are encrypted, this certificate will be used for encryption. - EncryptionCertificate pulumi.StringOutput `pulumi:"encryptionCertificate"` - // (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - EncryptionCertificateSha1 pulumi.StringOutput `pulumi:"encryptionCertificateSha1"` - ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` - // Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. - ForceNameIdFormat pulumi.BoolPtrOutput `pulumi:"forceNameIdFormat"` - // When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - ForcePostBinding pulumi.BoolPtrOutput `pulumi:"forcePostBinding"` - // When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - FrontChannelLogout pulumi.BoolPtrOutput `pulumi:"frontChannelLogout"` - // Allow to include all roles mappings in the access token - FullScopeAllowed pulumi.BoolPtrOutput `pulumi:"fullScopeAllowed"` - // Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - IdpInitiatedSsoRelayState pulumi.StringPtrOutput `pulumi:"idpInitiatedSsoRelayState"` - // URL fragment name to reference client when you want to do IDP Initiated SSO. - IdpInitiatedSsoUrlName pulumi.StringPtrOutput `pulumi:"idpInitiatedSsoUrlName"` - // When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - IncludeAuthnStatement pulumi.BoolPtrOutput `pulumi:"includeAuthnStatement"` - // The login theme of this client. - LoginTheme pulumi.StringPtrOutput `pulumi:"loginTheme"` - // SAML POST Binding URL for the client's single logout service. - LogoutServicePostBindingUrl pulumi.StringPtrOutput `pulumi:"logoutServicePostBindingUrl"` - // SAML Redirect Binding URL for the client's single logout service. - LogoutServiceRedirectBindingUrl pulumi.StringPtrOutput `pulumi:"logoutServiceRedirectBindingUrl"` - // When specified, this URL will be used for all SAML requests. - MasterSamlProcessingUrl pulumi.StringPtrOutput `pulumi:"masterSamlProcessingUrl"` - // The display name of this client in the GUI. - Name pulumi.StringOutput `pulumi:"name"` - // Sets the Name ID format for the subject. - NameIdFormat pulumi.StringOutput `pulumi:"nameIdFormat"` - // The realm this client is attached to. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // When specified, this value is prepended to all relative URLs. - RootUrl pulumi.StringPtrOutput `pulumi:"rootUrl"` - // When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - SignAssertions pulumi.BoolPtrOutput `pulumi:"signAssertions"` - // When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - SignDocuments pulumi.BoolPtrOutput `pulumi:"signDocuments"` - // The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - SignatureAlgorithm pulumi.StringPtrOutput `pulumi:"signatureAlgorithm"` - // The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - SignatureKeyName pulumi.StringPtrOutput `pulumi:"signatureKeyName"` - // If documents or assertions from the client are signed, this certificate will be used to verify the signature. - SigningCertificate pulumi.StringOutput `pulumi:"signingCertificate"` - // (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - SigningCertificateSha1 pulumi.StringOutput `pulumi:"signingCertificateSha1"` - // If documents or assertions from the client are signed, this private key will be used to verify the signature. - SigningPrivateKey pulumi.StringOutput `pulumi:"signingPrivateKey"` - // (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - SigningPrivateKeySha1 pulumi.StringOutput `pulumi:"signingPrivateKeySha1"` - // When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - ValidRedirectUris pulumi.StringArrayOutput `pulumi:"validRedirectUris"` + BaseUrl pulumi.StringPtrOutput `pulumi:"baseUrl"` + CanonicalizationMethod pulumi.StringPtrOutput `pulumi:"canonicalizationMethod"` + ClientId pulumi.StringOutput `pulumi:"clientId"` + ClientSignatureRequired pulumi.BoolPtrOutput `pulumi:"clientSignatureRequired"` + Description pulumi.StringPtrOutput `pulumi:"description"` + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + EncryptAssertions pulumi.BoolPtrOutput `pulumi:"encryptAssertions"` + EncryptionCertificate pulumi.StringOutput `pulumi:"encryptionCertificate"` + EncryptionCertificateSha1 pulumi.StringOutput `pulumi:"encryptionCertificateSha1"` + ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` + ForceNameIdFormat pulumi.BoolPtrOutput `pulumi:"forceNameIdFormat"` + ForcePostBinding pulumi.BoolPtrOutput `pulumi:"forcePostBinding"` + FrontChannelLogout pulumi.BoolPtrOutput `pulumi:"frontChannelLogout"` + FullScopeAllowed pulumi.BoolPtrOutput `pulumi:"fullScopeAllowed"` + IdpInitiatedSsoRelayState pulumi.StringPtrOutput `pulumi:"idpInitiatedSsoRelayState"` + IdpInitiatedSsoUrlName pulumi.StringPtrOutput `pulumi:"idpInitiatedSsoUrlName"` + IncludeAuthnStatement pulumi.BoolPtrOutput `pulumi:"includeAuthnStatement"` + LoginTheme pulumi.StringPtrOutput `pulumi:"loginTheme"` + LogoutServicePostBindingUrl pulumi.StringPtrOutput `pulumi:"logoutServicePostBindingUrl"` + LogoutServiceRedirectBindingUrl pulumi.StringPtrOutput `pulumi:"logoutServiceRedirectBindingUrl"` + MasterSamlProcessingUrl pulumi.StringPtrOutput `pulumi:"masterSamlProcessingUrl"` + Name pulumi.StringOutput `pulumi:"name"` + NameIdFormat pulumi.StringOutput `pulumi:"nameIdFormat"` + RealmId pulumi.StringOutput `pulumi:"realmId"` + RootUrl pulumi.StringPtrOutput `pulumi:"rootUrl"` + SignAssertions pulumi.BoolPtrOutput `pulumi:"signAssertions"` + SignDocuments pulumi.BoolPtrOutput `pulumi:"signDocuments"` + SignatureAlgorithm pulumi.StringPtrOutput `pulumi:"signatureAlgorithm"` + SignatureKeyName pulumi.StringPtrOutput `pulumi:"signatureKeyName"` + SigningCertificate pulumi.StringOutput `pulumi:"signingCertificate"` + SigningCertificateSha1 pulumi.StringOutput `pulumi:"signingCertificateSha1"` + SigningPrivateKey pulumi.StringOutput `pulumi:"signingPrivateKey"` + SigningPrivateKeySha1 pulumi.StringOutput `pulumi:"signingPrivateKeySha1"` + ValidRedirectUris pulumi.StringArrayOutput `pulumi:"validRedirectUris"` } // NewClient registers a new resource with the given unique name, arguments, and options. @@ -194,155 +186,83 @@ func GetClient(ctx *pulumi.Context, // Input properties used for looking up and filtering Client resources. type clientState struct { - // SAML POST Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerPostUrl *string `pulumi:"assertionConsumerPostUrl"` - // SAML Redirect Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerRedirectUrl *string `pulumi:"assertionConsumerRedirectUrl"` - // Override realm authentication flow bindings + AssertionConsumerPostUrl *string `pulumi:"assertionConsumerPostUrl"` + AssertionConsumerRedirectUrl *string `pulumi:"assertionConsumerRedirectUrl"` AuthenticationFlowBindingOverrides *ClientAuthenticationFlowBindingOverrides `pulumi:"authenticationFlowBindingOverrides"` - // When specified, this URL will be used whenever Keycloak needs to link to this client. - BaseUrl *string `pulumi:"baseUrl"` - // The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - CanonicalizationMethod *string `pulumi:"canonicalizationMethod"` - // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - ClientId *string `pulumi:"clientId"` - // When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. - ClientSignatureRequired *bool `pulumi:"clientSignatureRequired"` - // The description of this client in the GUI. - Description *string `pulumi:"description"` - // When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled *bool `pulumi:"enabled"` - // When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - EncryptAssertions *bool `pulumi:"encryptAssertions"` - // If assertions for the client are encrypted, this certificate will be used for encryption. - EncryptionCertificate *string `pulumi:"encryptionCertificate"` - // (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - EncryptionCertificateSha1 *string `pulumi:"encryptionCertificateSha1"` - ExtraConfig map[string]interface{} `pulumi:"extraConfig"` - // Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. - ForceNameIdFormat *bool `pulumi:"forceNameIdFormat"` - // When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - ForcePostBinding *bool `pulumi:"forcePostBinding"` - // When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - FrontChannelLogout *bool `pulumi:"frontChannelLogout"` - // Allow to include all roles mappings in the access token - FullScopeAllowed *bool `pulumi:"fullScopeAllowed"` - // Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - IdpInitiatedSsoRelayState *string `pulumi:"idpInitiatedSsoRelayState"` - // URL fragment name to reference client when you want to do IDP Initiated SSO. - IdpInitiatedSsoUrlName *string `pulumi:"idpInitiatedSsoUrlName"` - // When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - IncludeAuthnStatement *bool `pulumi:"includeAuthnStatement"` - // The login theme of this client. - LoginTheme *string `pulumi:"loginTheme"` - // SAML POST Binding URL for the client's single logout service. - LogoutServicePostBindingUrl *string `pulumi:"logoutServicePostBindingUrl"` - // SAML Redirect Binding URL for the client's single logout service. - LogoutServiceRedirectBindingUrl *string `pulumi:"logoutServiceRedirectBindingUrl"` - // When specified, this URL will be used for all SAML requests. - MasterSamlProcessingUrl *string `pulumi:"masterSamlProcessingUrl"` - // The display name of this client in the GUI. - Name *string `pulumi:"name"` - // Sets the Name ID format for the subject. - NameIdFormat *string `pulumi:"nameIdFormat"` - // The realm this client is attached to. - RealmId *string `pulumi:"realmId"` - // When specified, this value is prepended to all relative URLs. - RootUrl *string `pulumi:"rootUrl"` - // When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - SignAssertions *bool `pulumi:"signAssertions"` - // When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - SignDocuments *bool `pulumi:"signDocuments"` - // The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - SignatureAlgorithm *string `pulumi:"signatureAlgorithm"` - // The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - SignatureKeyName *string `pulumi:"signatureKeyName"` - // If documents or assertions from the client are signed, this certificate will be used to verify the signature. - SigningCertificate *string `pulumi:"signingCertificate"` - // (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - SigningCertificateSha1 *string `pulumi:"signingCertificateSha1"` - // If documents or assertions from the client are signed, this private key will be used to verify the signature. - SigningPrivateKey *string `pulumi:"signingPrivateKey"` - // (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - SigningPrivateKeySha1 *string `pulumi:"signingPrivateKeySha1"` - // When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - ValidRedirectUris []string `pulumi:"validRedirectUris"` + BaseUrl *string `pulumi:"baseUrl"` + CanonicalizationMethod *string `pulumi:"canonicalizationMethod"` + ClientId *string `pulumi:"clientId"` + ClientSignatureRequired *bool `pulumi:"clientSignatureRequired"` + Description *string `pulumi:"description"` + Enabled *bool `pulumi:"enabled"` + EncryptAssertions *bool `pulumi:"encryptAssertions"` + EncryptionCertificate *string `pulumi:"encryptionCertificate"` + EncryptionCertificateSha1 *string `pulumi:"encryptionCertificateSha1"` + ExtraConfig map[string]interface{} `pulumi:"extraConfig"` + ForceNameIdFormat *bool `pulumi:"forceNameIdFormat"` + ForcePostBinding *bool `pulumi:"forcePostBinding"` + FrontChannelLogout *bool `pulumi:"frontChannelLogout"` + FullScopeAllowed *bool `pulumi:"fullScopeAllowed"` + IdpInitiatedSsoRelayState *string `pulumi:"idpInitiatedSsoRelayState"` + IdpInitiatedSsoUrlName *string `pulumi:"idpInitiatedSsoUrlName"` + IncludeAuthnStatement *bool `pulumi:"includeAuthnStatement"` + LoginTheme *string `pulumi:"loginTheme"` + LogoutServicePostBindingUrl *string `pulumi:"logoutServicePostBindingUrl"` + LogoutServiceRedirectBindingUrl *string `pulumi:"logoutServiceRedirectBindingUrl"` + MasterSamlProcessingUrl *string `pulumi:"masterSamlProcessingUrl"` + Name *string `pulumi:"name"` + NameIdFormat *string `pulumi:"nameIdFormat"` + RealmId *string `pulumi:"realmId"` + RootUrl *string `pulumi:"rootUrl"` + SignAssertions *bool `pulumi:"signAssertions"` + SignDocuments *bool `pulumi:"signDocuments"` + SignatureAlgorithm *string `pulumi:"signatureAlgorithm"` + SignatureKeyName *string `pulumi:"signatureKeyName"` + SigningCertificate *string `pulumi:"signingCertificate"` + SigningCertificateSha1 *string `pulumi:"signingCertificateSha1"` + SigningPrivateKey *string `pulumi:"signingPrivateKey"` + SigningPrivateKeySha1 *string `pulumi:"signingPrivateKeySha1"` + ValidRedirectUris []string `pulumi:"validRedirectUris"` } type ClientState struct { - // SAML POST Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerPostUrl pulumi.StringPtrInput - // SAML Redirect Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerRedirectUrl pulumi.StringPtrInput - // Override realm authentication flow bindings + AssertionConsumerPostUrl pulumi.StringPtrInput + AssertionConsumerRedirectUrl pulumi.StringPtrInput AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput - // When specified, this URL will be used whenever Keycloak needs to link to this client. - BaseUrl pulumi.StringPtrInput - // The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - CanonicalizationMethod pulumi.StringPtrInput - // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - ClientId pulumi.StringPtrInput - // When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. - ClientSignatureRequired pulumi.BoolPtrInput - // The description of this client in the GUI. - Description pulumi.StringPtrInput - // When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled pulumi.BoolPtrInput - // When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - EncryptAssertions pulumi.BoolPtrInput - // If assertions for the client are encrypted, this certificate will be used for encryption. - EncryptionCertificate pulumi.StringPtrInput - // (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - EncryptionCertificateSha1 pulumi.StringPtrInput - ExtraConfig pulumi.MapInput - // Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. - ForceNameIdFormat pulumi.BoolPtrInput - // When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - ForcePostBinding pulumi.BoolPtrInput - // When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - FrontChannelLogout pulumi.BoolPtrInput - // Allow to include all roles mappings in the access token - FullScopeAllowed pulumi.BoolPtrInput - // Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - IdpInitiatedSsoRelayState pulumi.StringPtrInput - // URL fragment name to reference client when you want to do IDP Initiated SSO. - IdpInitiatedSsoUrlName pulumi.StringPtrInput - // When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - IncludeAuthnStatement pulumi.BoolPtrInput - // The login theme of this client. - LoginTheme pulumi.StringPtrInput - // SAML POST Binding URL for the client's single logout service. - LogoutServicePostBindingUrl pulumi.StringPtrInput - // SAML Redirect Binding URL for the client's single logout service. - LogoutServiceRedirectBindingUrl pulumi.StringPtrInput - // When specified, this URL will be used for all SAML requests. - MasterSamlProcessingUrl pulumi.StringPtrInput - // The display name of this client in the GUI. - Name pulumi.StringPtrInput - // Sets the Name ID format for the subject. - NameIdFormat pulumi.StringPtrInput - // The realm this client is attached to. - RealmId pulumi.StringPtrInput - // When specified, this value is prepended to all relative URLs. - RootUrl pulumi.StringPtrInput - // When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - SignAssertions pulumi.BoolPtrInput - // When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - SignDocuments pulumi.BoolPtrInput - // The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - SignatureAlgorithm pulumi.StringPtrInput - // The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - SignatureKeyName pulumi.StringPtrInput - // If documents or assertions from the client are signed, this certificate will be used to verify the signature. - SigningCertificate pulumi.StringPtrInput - // (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - SigningCertificateSha1 pulumi.StringPtrInput - // If documents or assertions from the client are signed, this private key will be used to verify the signature. - SigningPrivateKey pulumi.StringPtrInput - // (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - SigningPrivateKeySha1 pulumi.StringPtrInput - // When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - ValidRedirectUris pulumi.StringArrayInput + BaseUrl pulumi.StringPtrInput + CanonicalizationMethod pulumi.StringPtrInput + ClientId pulumi.StringPtrInput + ClientSignatureRequired pulumi.BoolPtrInput + Description pulumi.StringPtrInput + Enabled pulumi.BoolPtrInput + EncryptAssertions pulumi.BoolPtrInput + EncryptionCertificate pulumi.StringPtrInput + EncryptionCertificateSha1 pulumi.StringPtrInput + ExtraConfig pulumi.MapInput + ForceNameIdFormat pulumi.BoolPtrInput + ForcePostBinding pulumi.BoolPtrInput + FrontChannelLogout pulumi.BoolPtrInput + FullScopeAllowed pulumi.BoolPtrInput + IdpInitiatedSsoRelayState pulumi.StringPtrInput + IdpInitiatedSsoUrlName pulumi.StringPtrInput + IncludeAuthnStatement pulumi.BoolPtrInput + LoginTheme pulumi.StringPtrInput + LogoutServicePostBindingUrl pulumi.StringPtrInput + LogoutServiceRedirectBindingUrl pulumi.StringPtrInput + MasterSamlProcessingUrl pulumi.StringPtrInput + Name pulumi.StringPtrInput + NameIdFormat pulumi.StringPtrInput + RealmId pulumi.StringPtrInput + RootUrl pulumi.StringPtrInput + SignAssertions pulumi.BoolPtrInput + SignDocuments pulumi.BoolPtrInput + SignatureAlgorithm pulumi.StringPtrInput + SignatureKeyName pulumi.StringPtrInput + SigningCertificate pulumi.StringPtrInput + SigningCertificateSha1 pulumi.StringPtrInput + SigningPrivateKey pulumi.StringPtrInput + SigningPrivateKeySha1 pulumi.StringPtrInput + ValidRedirectUris pulumi.StringArrayInput } func (ClientState) ElementType() reflect.Type { @@ -350,144 +270,78 @@ func (ClientState) ElementType() reflect.Type { } type clientArgs struct { - // SAML POST Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerPostUrl *string `pulumi:"assertionConsumerPostUrl"` - // SAML Redirect Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerRedirectUrl *string `pulumi:"assertionConsumerRedirectUrl"` - // Override realm authentication flow bindings + AssertionConsumerPostUrl *string `pulumi:"assertionConsumerPostUrl"` + AssertionConsumerRedirectUrl *string `pulumi:"assertionConsumerRedirectUrl"` AuthenticationFlowBindingOverrides *ClientAuthenticationFlowBindingOverrides `pulumi:"authenticationFlowBindingOverrides"` - // When specified, this URL will be used whenever Keycloak needs to link to this client. - BaseUrl *string `pulumi:"baseUrl"` - // The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - CanonicalizationMethod *string `pulumi:"canonicalizationMethod"` - // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - ClientId string `pulumi:"clientId"` - // When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. - ClientSignatureRequired *bool `pulumi:"clientSignatureRequired"` - // The description of this client in the GUI. - Description *string `pulumi:"description"` - // When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled *bool `pulumi:"enabled"` - // When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - EncryptAssertions *bool `pulumi:"encryptAssertions"` - // If assertions for the client are encrypted, this certificate will be used for encryption. - EncryptionCertificate *string `pulumi:"encryptionCertificate"` - ExtraConfig map[string]interface{} `pulumi:"extraConfig"` - // Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. - ForceNameIdFormat *bool `pulumi:"forceNameIdFormat"` - // When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - ForcePostBinding *bool `pulumi:"forcePostBinding"` - // When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - FrontChannelLogout *bool `pulumi:"frontChannelLogout"` - // Allow to include all roles mappings in the access token - FullScopeAllowed *bool `pulumi:"fullScopeAllowed"` - // Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - IdpInitiatedSsoRelayState *string `pulumi:"idpInitiatedSsoRelayState"` - // URL fragment name to reference client when you want to do IDP Initiated SSO. - IdpInitiatedSsoUrlName *string `pulumi:"idpInitiatedSsoUrlName"` - // When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - IncludeAuthnStatement *bool `pulumi:"includeAuthnStatement"` - // The login theme of this client. - LoginTheme *string `pulumi:"loginTheme"` - // SAML POST Binding URL for the client's single logout service. - LogoutServicePostBindingUrl *string `pulumi:"logoutServicePostBindingUrl"` - // SAML Redirect Binding URL for the client's single logout service. - LogoutServiceRedirectBindingUrl *string `pulumi:"logoutServiceRedirectBindingUrl"` - // When specified, this URL will be used for all SAML requests. - MasterSamlProcessingUrl *string `pulumi:"masterSamlProcessingUrl"` - // The display name of this client in the GUI. - Name *string `pulumi:"name"` - // Sets the Name ID format for the subject. - NameIdFormat *string `pulumi:"nameIdFormat"` - // The realm this client is attached to. - RealmId string `pulumi:"realmId"` - // When specified, this value is prepended to all relative URLs. - RootUrl *string `pulumi:"rootUrl"` - // When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - SignAssertions *bool `pulumi:"signAssertions"` - // When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - SignDocuments *bool `pulumi:"signDocuments"` - // The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - SignatureAlgorithm *string `pulumi:"signatureAlgorithm"` - // The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - SignatureKeyName *string `pulumi:"signatureKeyName"` - // If documents or assertions from the client are signed, this certificate will be used to verify the signature. - SigningCertificate *string `pulumi:"signingCertificate"` - // If documents or assertions from the client are signed, this private key will be used to verify the signature. - SigningPrivateKey *string `pulumi:"signingPrivateKey"` - // When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - ValidRedirectUris []string `pulumi:"validRedirectUris"` + BaseUrl *string `pulumi:"baseUrl"` + CanonicalizationMethod *string `pulumi:"canonicalizationMethod"` + ClientId string `pulumi:"clientId"` + ClientSignatureRequired *bool `pulumi:"clientSignatureRequired"` + Description *string `pulumi:"description"` + Enabled *bool `pulumi:"enabled"` + EncryptAssertions *bool `pulumi:"encryptAssertions"` + EncryptionCertificate *string `pulumi:"encryptionCertificate"` + ExtraConfig map[string]interface{} `pulumi:"extraConfig"` + ForceNameIdFormat *bool `pulumi:"forceNameIdFormat"` + ForcePostBinding *bool `pulumi:"forcePostBinding"` + FrontChannelLogout *bool `pulumi:"frontChannelLogout"` + FullScopeAllowed *bool `pulumi:"fullScopeAllowed"` + IdpInitiatedSsoRelayState *string `pulumi:"idpInitiatedSsoRelayState"` + IdpInitiatedSsoUrlName *string `pulumi:"idpInitiatedSsoUrlName"` + IncludeAuthnStatement *bool `pulumi:"includeAuthnStatement"` + LoginTheme *string `pulumi:"loginTheme"` + LogoutServicePostBindingUrl *string `pulumi:"logoutServicePostBindingUrl"` + LogoutServiceRedirectBindingUrl *string `pulumi:"logoutServiceRedirectBindingUrl"` + MasterSamlProcessingUrl *string `pulumi:"masterSamlProcessingUrl"` + Name *string `pulumi:"name"` + NameIdFormat *string `pulumi:"nameIdFormat"` + RealmId string `pulumi:"realmId"` + RootUrl *string `pulumi:"rootUrl"` + SignAssertions *bool `pulumi:"signAssertions"` + SignDocuments *bool `pulumi:"signDocuments"` + SignatureAlgorithm *string `pulumi:"signatureAlgorithm"` + SignatureKeyName *string `pulumi:"signatureKeyName"` + SigningCertificate *string `pulumi:"signingCertificate"` + SigningPrivateKey *string `pulumi:"signingPrivateKey"` + ValidRedirectUris []string `pulumi:"validRedirectUris"` } // The set of arguments for constructing a Client resource. type ClientArgs struct { - // SAML POST Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerPostUrl pulumi.StringPtrInput - // SAML Redirect Binding URL for the client's assertion consumer service (login responses). - AssertionConsumerRedirectUrl pulumi.StringPtrInput - // Override realm authentication flow bindings + AssertionConsumerPostUrl pulumi.StringPtrInput + AssertionConsumerRedirectUrl pulumi.StringPtrInput AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput - // When specified, this URL will be used whenever Keycloak needs to link to this client. - BaseUrl pulumi.StringPtrInput - // The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - CanonicalizationMethod pulumi.StringPtrInput - // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - ClientId pulumi.StringInput - // When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. - ClientSignatureRequired pulumi.BoolPtrInput - // The description of this client in the GUI. - Description pulumi.StringPtrInput - // When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - Enabled pulumi.BoolPtrInput - // When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - EncryptAssertions pulumi.BoolPtrInput - // If assertions for the client are encrypted, this certificate will be used for encryption. - EncryptionCertificate pulumi.StringPtrInput - ExtraConfig pulumi.MapInput - // Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. - ForceNameIdFormat pulumi.BoolPtrInput - // When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - ForcePostBinding pulumi.BoolPtrInput - // When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - FrontChannelLogout pulumi.BoolPtrInput - // Allow to include all roles mappings in the access token - FullScopeAllowed pulumi.BoolPtrInput - // Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - IdpInitiatedSsoRelayState pulumi.StringPtrInput - // URL fragment name to reference client when you want to do IDP Initiated SSO. - IdpInitiatedSsoUrlName pulumi.StringPtrInput - // When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - IncludeAuthnStatement pulumi.BoolPtrInput - // The login theme of this client. - LoginTheme pulumi.StringPtrInput - // SAML POST Binding URL for the client's single logout service. - LogoutServicePostBindingUrl pulumi.StringPtrInput - // SAML Redirect Binding URL for the client's single logout service. - LogoutServiceRedirectBindingUrl pulumi.StringPtrInput - // When specified, this URL will be used for all SAML requests. - MasterSamlProcessingUrl pulumi.StringPtrInput - // The display name of this client in the GUI. - Name pulumi.StringPtrInput - // Sets the Name ID format for the subject. - NameIdFormat pulumi.StringPtrInput - // The realm this client is attached to. - RealmId pulumi.StringInput - // When specified, this value is prepended to all relative URLs. - RootUrl pulumi.StringPtrInput - // When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - SignAssertions pulumi.BoolPtrInput - // When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - SignDocuments pulumi.BoolPtrInput - // The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - SignatureAlgorithm pulumi.StringPtrInput - // The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - SignatureKeyName pulumi.StringPtrInput - // If documents or assertions from the client are signed, this certificate will be used to verify the signature. - SigningCertificate pulumi.StringPtrInput - // If documents or assertions from the client are signed, this private key will be used to verify the signature. - SigningPrivateKey pulumi.StringPtrInput - // When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - ValidRedirectUris pulumi.StringArrayInput + BaseUrl pulumi.StringPtrInput + CanonicalizationMethod pulumi.StringPtrInput + ClientId pulumi.StringInput + ClientSignatureRequired pulumi.BoolPtrInput + Description pulumi.StringPtrInput + Enabled pulumi.BoolPtrInput + EncryptAssertions pulumi.BoolPtrInput + EncryptionCertificate pulumi.StringPtrInput + ExtraConfig pulumi.MapInput + ForceNameIdFormat pulumi.BoolPtrInput + ForcePostBinding pulumi.BoolPtrInput + FrontChannelLogout pulumi.BoolPtrInput + FullScopeAllowed pulumi.BoolPtrInput + IdpInitiatedSsoRelayState pulumi.StringPtrInput + IdpInitiatedSsoUrlName pulumi.StringPtrInput + IncludeAuthnStatement pulumi.BoolPtrInput + LoginTheme pulumi.StringPtrInput + LogoutServicePostBindingUrl pulumi.StringPtrInput + LogoutServiceRedirectBindingUrl pulumi.StringPtrInput + MasterSamlProcessingUrl pulumi.StringPtrInput + Name pulumi.StringPtrInput + NameIdFormat pulumi.StringPtrInput + RealmId pulumi.StringInput + RootUrl pulumi.StringPtrInput + SignAssertions pulumi.BoolPtrInput + SignDocuments pulumi.BoolPtrInput + SignatureAlgorithm pulumi.StringPtrInput + SignatureKeyName pulumi.StringPtrInput + SigningCertificate pulumi.StringPtrInput + SigningPrivateKey pulumi.StringPtrInput + ValidRedirectUris pulumi.StringArrayInput } func (ClientArgs) ElementType() reflect.Type { @@ -577,64 +431,52 @@ func (o ClientOutput) ToClientOutputWithContext(ctx context.Context) ClientOutpu return o } -// SAML POST Binding URL for the client's assertion consumer service (login responses). func (o ClientOutput) AssertionConsumerPostUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.AssertionConsumerPostUrl }).(pulumi.StringPtrOutput) } -// SAML Redirect Binding URL for the client's assertion consumer service (login responses). func (o ClientOutput) AssertionConsumerRedirectUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.AssertionConsumerRedirectUrl }).(pulumi.StringPtrOutput) } -// Override realm authentication flow bindings func (o ClientOutput) AuthenticationFlowBindingOverrides() ClientAuthenticationFlowBindingOverridesPtrOutput { return o.ApplyT(func(v *Client) ClientAuthenticationFlowBindingOverridesPtrOutput { return v.AuthenticationFlowBindingOverrides }).(ClientAuthenticationFlowBindingOverridesPtrOutput) } -// When specified, this URL will be used whenever Keycloak needs to link to this client. func (o ClientOutput) BaseUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.BaseUrl }).(pulumi.StringPtrOutput) } -// The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". func (o ClientOutput) CanonicalizationMethod() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.CanonicalizationMethod }).(pulumi.StringPtrOutput) } -// The unique ID of this client, referenced in the URI during authentication and in issued tokens. func (o ClientOutput) ClientId() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.ClientId }).(pulumi.StringOutput) } -// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. func (o ClientOutput) ClientSignatureRequired() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.ClientSignatureRequired }).(pulumi.BoolPtrOutput) } -// The description of this client in the GUI. func (o ClientOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } -// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. func (o ClientOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } -// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. func (o ClientOutput) EncryptAssertions() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.EncryptAssertions }).(pulumi.BoolPtrOutput) } -// If assertions for the client are encrypted, this certificate will be used for encryption. func (o ClientOutput) EncryptionCertificate() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.EncryptionCertificate }).(pulumi.StringOutput) } -// (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. func (o ClientOutput) EncryptionCertificateSha1() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.EncryptionCertificateSha1 }).(pulumi.StringOutput) } @@ -643,122 +485,98 @@ func (o ClientOutput) ExtraConfig() pulumi.MapOutput { return o.ApplyT(func(v *Client) pulumi.MapOutput { return v.ExtraConfig }).(pulumi.MapOutput) } -// Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. func (o ClientOutput) ForceNameIdFormat() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.ForceNameIdFormat }).(pulumi.BoolPtrOutput) } -// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. func (o ClientOutput) ForcePostBinding() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.ForcePostBinding }).(pulumi.BoolPtrOutput) } -// When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. func (o ClientOutput) FrontChannelLogout() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.FrontChannelLogout }).(pulumi.BoolPtrOutput) } -// Allow to include all roles mappings in the access token func (o ClientOutput) FullScopeAllowed() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.FullScopeAllowed }).(pulumi.BoolPtrOutput) } -// Relay state you want to send with SAML request when you want to do IDP Initiated SSO. func (o ClientOutput) IdpInitiatedSsoRelayState() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.IdpInitiatedSsoRelayState }).(pulumi.StringPtrOutput) } -// URL fragment name to reference client when you want to do IDP Initiated SSO. func (o ClientOutput) IdpInitiatedSsoUrlName() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.IdpInitiatedSsoUrlName }).(pulumi.StringPtrOutput) } -// When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. func (o ClientOutput) IncludeAuthnStatement() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.IncludeAuthnStatement }).(pulumi.BoolPtrOutput) } -// The login theme of this client. func (o ClientOutput) LoginTheme() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.LoginTheme }).(pulumi.StringPtrOutput) } -// SAML POST Binding URL for the client's single logout service. func (o ClientOutput) LogoutServicePostBindingUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.LogoutServicePostBindingUrl }).(pulumi.StringPtrOutput) } -// SAML Redirect Binding URL for the client's single logout service. func (o ClientOutput) LogoutServiceRedirectBindingUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.LogoutServiceRedirectBindingUrl }).(pulumi.StringPtrOutput) } -// When specified, this URL will be used for all SAML requests. func (o ClientOutput) MasterSamlProcessingUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.MasterSamlProcessingUrl }).(pulumi.StringPtrOutput) } -// The display name of this client in the GUI. func (o ClientOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// Sets the Name ID format for the subject. func (o ClientOutput) NameIdFormat() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.NameIdFormat }).(pulumi.StringOutput) } -// The realm this client is attached to. func (o ClientOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// When specified, this value is prepended to all relative URLs. func (o ClientOutput) RootUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.RootUrl }).(pulumi.StringPtrOutput) } -// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. func (o ClientOutput) SignAssertions() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.SignAssertions }).(pulumi.BoolPtrOutput) } -// When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. func (o ClientOutput) SignDocuments() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Client) pulumi.BoolPtrOutput { return v.SignDocuments }).(pulumi.BoolPtrOutput) } -// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". func (o ClientOutput) SignatureAlgorithm() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.SignatureAlgorithm }).(pulumi.StringPtrOutput) } -// The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". func (o ClientOutput) SignatureKeyName() pulumi.StringPtrOutput { return o.ApplyT(func(v *Client) pulumi.StringPtrOutput { return v.SignatureKeyName }).(pulumi.StringPtrOutput) } -// If documents or assertions from the client are signed, this certificate will be used to verify the signature. func (o ClientOutput) SigningCertificate() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.SigningCertificate }).(pulumi.StringOutput) } -// (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. func (o ClientOutput) SigningCertificateSha1() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.SigningCertificateSha1 }).(pulumi.StringOutput) } -// If documents or assertions from the client are signed, this private key will be used to verify the signature. func (o ClientOutput) SigningPrivateKey() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.SigningPrivateKey }).(pulumi.StringOutput) } -// (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. func (o ClientOutput) SigningPrivateKeySha1() pulumi.StringOutput { return o.ApplyT(func(v *Client) pulumi.StringOutput { return v.SigningPrivateKeySha1 }).(pulumi.StringOutput) } -// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. func (o ClientOutput) ValidRedirectUris() pulumi.StringArrayOutput { return o.ApplyT(func(v *Client) pulumi.StringArrayOutput { return v.ValidRedirectUris }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/keycloak/saml/clientDefaultScope.go b/sdk/go/keycloak/saml/clientDefaultScope.go index 1a1d75ce..50071397 100644 --- a/sdk/go/keycloak/saml/clientDefaultScope.go +++ b/sdk/go/keycloak/saml/clientDefaultScope.go @@ -14,6 +14,7 @@ import ( // ## Example Usage // +// // ```go // package main // @@ -78,12 +79,13 @@ import ( // } // // ``` +// // // ## Import // // This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist // -// on the server. +// on the server. type ClientDefaultScope struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/saml/clientScope.go b/sdk/go/keycloak/saml/clientScope.go index 6c8e2514..3ec73f97 100644 --- a/sdk/go/keycloak/saml/clientScope.go +++ b/sdk/go/keycloak/saml/clientScope.go @@ -18,6 +18,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -51,16 +52,17 @@ import ( // } // // ``` +// // // ## Import // // Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak // -// assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. +// assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e diff --git a/sdk/go/keycloak/saml/getClient.go b/sdk/go/keycloak/saml/getClient.go index 59be6347..a5776a57 100644 --- a/sdk/go/keycloak/saml/getClient.go +++ b/sdk/go/keycloak/saml/getClient.go @@ -15,6 +15,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -48,6 +49,7 @@ import ( // } // // ``` +// func LookupClient(ctx *pulumi.Context, args *LookupClientArgs, opts ...pulumi.InvokeOption) (*LookupClientResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupClientResult diff --git a/sdk/go/keycloak/saml/getClientInstallationProvider.go b/sdk/go/keycloak/saml/getClientInstallationProvider.go index d753ce60..0ef52869 100644 --- a/sdk/go/keycloak/saml/getClientInstallationProvider.go +++ b/sdk/go/keycloak/saml/getClientInstallationProvider.go @@ -17,6 +17,7 @@ import ( // // In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. // +// // ```go // package main // @@ -78,6 +79,7 @@ import ( // } // // ``` +// func GetClientInstallationProvider(ctx *pulumi.Context, args *GetClientInstallationProviderArgs, opts ...pulumi.InvokeOption) (*GetClientInstallationProviderResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetClientInstallationProviderResult diff --git a/sdk/go/keycloak/saml/identityProvider.go b/sdk/go/keycloak/saml/identityProvider.go index ed38ea29..a80ce1d5 100644 --- a/sdk/go/keycloak/saml/identityProvider.go +++ b/sdk/go/keycloak/saml/identityProvider.go @@ -12,18 +12,20 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing SAML Identity Providers within Keycloak. +// ## # saml.IdentityProvider // -// SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol. +// Allows to create and manage SAML Identity Providers within Keycloak. // -// ## Example Usage +// SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard. // +// ### Example Usage +// +// // ```go // package main // // import ( // -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" // "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml" // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // @@ -31,26 +33,18 @@ import ( // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// _, err = saml.NewIdentityProvider(ctx, "realmSamlIdentityProvider", &saml.IdentityProviderArgs{ -// Realm: realm.ID(), -// Alias: pulumi.String("my-saml-idp"), -// EntityId: pulumi.String("https://domain.com/entity_id"), -// SingleSignOnServiceUrl: pulumi.String("https://domain.com/adfs/ls/"), -// SingleLogoutServiceUrl: pulumi.String("https://domain.com/adfs/ls/?wa=wsignout1.0"), +// _, err := saml.NewIdentityProvider(ctx, "realmIdentityProvider", &saml.IdentityProviderArgs{ +// Alias: pulumi.String("my-idp"), // BackchannelSupported: pulumi.Bool(true), -// PostBindingResponse: pulumi.Bool(true), -// PostBindingLogout: pulumi.Bool(true), +// ForceAuthn: pulumi.Bool(true), // PostBindingAuthnRequest: pulumi.Bool(true), +// PostBindingLogout: pulumi.Bool(true), +// PostBindingResponse: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), +// SingleLogoutServiceUrl: pulumi.String("https://domain.com/adfs/ls/?wa=wsignout1.0"), +// SingleSignOnServiceUrl: pulumi.String("https://domain.com/adfs/ls/"), // StoreToken: pulumi.Bool(false), // TrustEmail: pulumi.Bool(true), -// ForceAuthn: pulumi.Bool(true), // }) // if err != nil { // return err @@ -60,95 +54,129 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. +// The following arguments are supported: // -// Example: +// - `realm` - (Required) The name of the realm. This is unique across Keycloak. +// - `alias` - (Optional) The uniq name of identity provider. +// - `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`. +// - `displayName` - (Optional) The display name for the realm that is shown when logging in to the admin console. +// - `storeToken` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`. +// - `addReadTokenRoleOnCreate` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`. +// - `trustEmail` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`. +// - `linkOnly` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`. +// - `hideOnLoginPage` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. +// - `firstBrokerLoginFlowAlias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. +// - `postBrokerLoginFlowAlias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. +// - `authenticateByDefault` - (Optional) Authenticate users by default. Defaults to `false`. // -// bash +// #### SAML Configuration // -// ```sh -// $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp -// ``` +// - `singleSignOnServiceUrl` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest). +// - `singleLogoutServiceUrl` - (Optional) The Url that must be used to send logout requests. +// - `backchannelSupported` - (Optional) Does the external IDP support back-channel logout ?. +// - `nameIdPolicyFormat` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty. +// - `postBindingResponse` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. +// - `postBindingAuthnRequest` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. +// - `postBindingLogout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. +// - `wantAssertionsSigned` - (Optional) Indicates whether this service provider expects a signed Assertion. +// - `wantAssertionsEncrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion. +// - `forceAuthn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. +// - `validateSignature` - (Optional) Enable/disable signature validation of SAML responses. +// - `signingCertificate` - (Optional) Signing Certificate. +// - `signatureAlgorithm` - (Optional) Signing Algorithm. Defaults to empty. +// - `xmlSignKeyInfoKeyNameTransformer` - (Optional) Sign Key Transformer. Defaults to empty. +// +// ### Import +// +// Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idpAlias` is the identity provider alias. +// +// Example: type IdentityProvider struct { pulumi.CustomResourceState - // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + // Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. AddReadTokenRoleOnCreate pulumi.BoolPtrOutput `pulumi:"addReadTokenRoleOnCreate"` - // The unique name of identity provider. + // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. Alias pulumi.StringOutput `pulumi:"alias"` - // Authenticate users by default. Defaults to `false`. + // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrOutput `pulumi:"authenticateByDefault"` - // Ordered list of requested AuthnContext ClassRefs. + // AuthnContext ClassRefs AuthnContextClassRefs pulumi.StringArrayOutput `pulumi:"authnContextClassRefs"` - // Specifies the comparison method used to evaluate the requested context classes or statements. + // AuthnContext Comparison AuthnContextComparisonType pulumi.StringPtrOutput `pulumi:"authnContextComparisonType"` - // Ordered list of requested AuthnContext DeclRefs. + // AuthnContext DeclRefs AuthnContextDeclRefs pulumi.StringArrayOutput `pulumi:"authnContextDeclRefs"` - // Does the external IDP support backchannel logout?. Defaults to `false`. + // Does the external IDP support backchannel logout? BackchannelSupported pulumi.BoolPtrOutput `pulumi:"backchannelSupported"` - // The display name for the realm that is shown when logging in to the admin console. + // Friendly name for Identity Providers. DisplayName pulumi.StringPtrOutput `pulumi:"displayName"` - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. + // Enable/disable this identity provider. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` // The Entity ID that will be used to uniquely identify this SAML Service Provider. EntityId pulumi.StringOutput `pulumi:"entityId"` ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` - // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + // that there is not yet existing Keycloak account linked with the authenticated identity provider account. FirstBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"firstBrokerLoginFlowAlias"` - // Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + // Require Force Authn. ForceAuthn pulumi.BoolPtrOutput `pulumi:"forceAuthn"` - // A number defining the order of this identity provider in the GUI. + // GUI Order GuiOrder pulumi.StringPtrOutput `pulumi:"guiOrder"` - // If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + // Hide On Login Page. HideOnLoginPage pulumi.BoolPtrOutput `pulumi:"hideOnLoginPage"` // Internal Identity Provider Id InternalId pulumi.StringOutput `pulumi:"internalId"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + // want to allow login from the provider, but want to integrate with a provider LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"` // Login Hint. LoginHint pulumi.StringPtrOutput `pulumi:"loginHint"` - // Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + // Name ID Policy Format. NameIdPolicyFormat pulumi.StringPtrOutput `pulumi:"nameIdPolicyFormat"` - // Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Authn Request. PostBindingAuthnRequest pulumi.BoolPtrOutput `pulumi:"postBindingAuthnRequest"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Logout. PostBindingLogout pulumi.BoolPtrOutput `pulumi:"postBindingLogout"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Post Binding Response. PostBindingResponse pulumi.BoolPtrOutput `pulumi:"postBindingResponse"` - // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + // additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + // you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + // authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"` - // The principal attribute. + // Principal Attribute PrincipalAttribute pulumi.StringPtrOutput `pulumi:"principalAttribute"` - // The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + // Principal Type PrincipalType pulumi.StringPtrOutput `pulumi:"principalType"` - // The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + // provider id, is always saml, unless you have a custom implementation ProviderId pulumi.StringPtrOutput `pulumi:"providerId"` - // The name of the realm. This is unique across Keycloak. + // Realm Name Realm pulumi.StringOutput `pulumi:"realm"` - // Signing Algorithm. Defaults to empty. + // Signing Algorithm. SignatureAlgorithm pulumi.StringPtrOutput `pulumi:"signatureAlgorithm"` // Signing Certificate. SigningCertificate pulumi.StringPtrOutput `pulumi:"signingCertificate"` - // The Url that must be used to send logout requests. + // Logout URL. SingleLogoutServiceUrl pulumi.StringPtrOutput `pulumi:"singleLogoutServiceUrl"` - // The Url that must be used to send authentication requests (SAML AuthnRequest). + // SSO Logout URL. SingleSignOnServiceUrl pulumi.StringOutput `pulumi:"singleSignOnServiceUrl"` - // When `true`, tokens will be stored after authenticating users. Defaults to `true`. + // Enable/disable if tokens must be stored after authenticating users. StoreToken pulumi.BoolPtrOutput `pulumi:"storeToken"` - // The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + // Sync Mode SyncMode pulumi.StringPtrOutput `pulumi:"syncMode"` - // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + // If enabled then email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"` // Enable/disable signature validation of SAML responses. ValidateSignature pulumi.BoolPtrOutput `pulumi:"validateSignature"` - // Indicates whether this service provider expects an encrypted Assertion. + // Want Assertions Encrypted. WantAssertionsEncrypted pulumi.BoolPtrOutput `pulumi:"wantAssertionsEncrypted"` - // Indicates whether this service provider expects a signed Assertion. + // Want Assertions Signed. WantAssertionsSigned pulumi.BoolPtrOutput `pulumi:"wantAssertionsSigned"` - // The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + // Sign Key Transformer. XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrOutput `pulumi:"xmlSignKeyInfoKeyNameTransformer"` } @@ -194,158 +222,168 @@ func GetIdentityProvider(ctx *pulumi.Context, // Input properties used for looking up and filtering IdentityProvider resources. type identityProviderState struct { - // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + // Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. AddReadTokenRoleOnCreate *bool `pulumi:"addReadTokenRoleOnCreate"` - // The unique name of identity provider. + // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. Alias *string `pulumi:"alias"` - // Authenticate users by default. Defaults to `false`. + // Enable/disable authenticate users by default. AuthenticateByDefault *bool `pulumi:"authenticateByDefault"` - // Ordered list of requested AuthnContext ClassRefs. + // AuthnContext ClassRefs AuthnContextClassRefs []string `pulumi:"authnContextClassRefs"` - // Specifies the comparison method used to evaluate the requested context classes or statements. + // AuthnContext Comparison AuthnContextComparisonType *string `pulumi:"authnContextComparisonType"` - // Ordered list of requested AuthnContext DeclRefs. + // AuthnContext DeclRefs AuthnContextDeclRefs []string `pulumi:"authnContextDeclRefs"` - // Does the external IDP support backchannel logout?. Defaults to `false`. + // Does the external IDP support backchannel logout? BackchannelSupported *bool `pulumi:"backchannelSupported"` - // The display name for the realm that is shown when logging in to the admin console. + // Friendly name for Identity Providers. DisplayName *string `pulumi:"displayName"` - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. + // Enable/disable this identity provider. Enabled *bool `pulumi:"enabled"` // The Entity ID that will be used to uniquely identify this SAML Service Provider. EntityId *string `pulumi:"entityId"` ExtraConfig map[string]interface{} `pulumi:"extraConfig"` - // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + // that there is not yet existing Keycloak account linked with the authenticated identity provider account. FirstBrokerLoginFlowAlias *string `pulumi:"firstBrokerLoginFlowAlias"` - // Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + // Require Force Authn. ForceAuthn *bool `pulumi:"forceAuthn"` - // A number defining the order of this identity provider in the GUI. + // GUI Order GuiOrder *string `pulumi:"guiOrder"` - // If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + // Hide On Login Page. HideOnLoginPage *bool `pulumi:"hideOnLoginPage"` // Internal Identity Provider Id InternalId *string `pulumi:"internalId"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + // want to allow login from the provider, but want to integrate with a provider LinkOnly *bool `pulumi:"linkOnly"` // Login Hint. LoginHint *string `pulumi:"loginHint"` - // Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + // Name ID Policy Format. NameIdPolicyFormat *string `pulumi:"nameIdPolicyFormat"` - // Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Authn Request. PostBindingAuthnRequest *bool `pulumi:"postBindingAuthnRequest"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Logout. PostBindingLogout *bool `pulumi:"postBindingLogout"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Post Binding Response. PostBindingResponse *bool `pulumi:"postBindingResponse"` - // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + // additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + // you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + // authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. PostBrokerLoginFlowAlias *string `pulumi:"postBrokerLoginFlowAlias"` - // The principal attribute. + // Principal Attribute PrincipalAttribute *string `pulumi:"principalAttribute"` - // The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + // Principal Type PrincipalType *string `pulumi:"principalType"` - // The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + // provider id, is always saml, unless you have a custom implementation ProviderId *string `pulumi:"providerId"` - // The name of the realm. This is unique across Keycloak. + // Realm Name Realm *string `pulumi:"realm"` - // Signing Algorithm. Defaults to empty. + // Signing Algorithm. SignatureAlgorithm *string `pulumi:"signatureAlgorithm"` // Signing Certificate. SigningCertificate *string `pulumi:"signingCertificate"` - // The Url that must be used to send logout requests. + // Logout URL. SingleLogoutServiceUrl *string `pulumi:"singleLogoutServiceUrl"` - // The Url that must be used to send authentication requests (SAML AuthnRequest). + // SSO Logout URL. SingleSignOnServiceUrl *string `pulumi:"singleSignOnServiceUrl"` - // When `true`, tokens will be stored after authenticating users. Defaults to `true`. + // Enable/disable if tokens must be stored after authenticating users. StoreToken *bool `pulumi:"storeToken"` - // The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + // Sync Mode SyncMode *string `pulumi:"syncMode"` - // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + // If enabled then email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail *bool `pulumi:"trustEmail"` // Enable/disable signature validation of SAML responses. ValidateSignature *bool `pulumi:"validateSignature"` - // Indicates whether this service provider expects an encrypted Assertion. + // Want Assertions Encrypted. WantAssertionsEncrypted *bool `pulumi:"wantAssertionsEncrypted"` - // Indicates whether this service provider expects a signed Assertion. + // Want Assertions Signed. WantAssertionsSigned *bool `pulumi:"wantAssertionsSigned"` - // The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + // Sign Key Transformer. XmlSignKeyInfoKeyNameTransformer *string `pulumi:"xmlSignKeyInfoKeyNameTransformer"` } type IdentityProviderState struct { - // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + // Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. AddReadTokenRoleOnCreate pulumi.BoolPtrInput - // The unique name of identity provider. + // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. Alias pulumi.StringPtrInput - // Authenticate users by default. Defaults to `false`. + // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrInput - // Ordered list of requested AuthnContext ClassRefs. + // AuthnContext ClassRefs AuthnContextClassRefs pulumi.StringArrayInput - // Specifies the comparison method used to evaluate the requested context classes or statements. + // AuthnContext Comparison AuthnContextComparisonType pulumi.StringPtrInput - // Ordered list of requested AuthnContext DeclRefs. + // AuthnContext DeclRefs AuthnContextDeclRefs pulumi.StringArrayInput - // Does the external IDP support backchannel logout?. Defaults to `false`. + // Does the external IDP support backchannel logout? BackchannelSupported pulumi.BoolPtrInput - // The display name for the realm that is shown when logging in to the admin console. + // Friendly name for Identity Providers. DisplayName pulumi.StringPtrInput - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. + // Enable/disable this identity provider. Enabled pulumi.BoolPtrInput // The Entity ID that will be used to uniquely identify this SAML Service Provider. EntityId pulumi.StringPtrInput ExtraConfig pulumi.MapInput - // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + // that there is not yet existing Keycloak account linked with the authenticated identity provider account. FirstBrokerLoginFlowAlias pulumi.StringPtrInput - // Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + // Require Force Authn. ForceAuthn pulumi.BoolPtrInput - // A number defining the order of this identity provider in the GUI. + // GUI Order GuiOrder pulumi.StringPtrInput - // If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + // Hide On Login Page. HideOnLoginPage pulumi.BoolPtrInput // Internal Identity Provider Id InternalId pulumi.StringPtrInput - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + // want to allow login from the provider, but want to integrate with a provider LinkOnly pulumi.BoolPtrInput // Login Hint. LoginHint pulumi.StringPtrInput - // Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + // Name ID Policy Format. NameIdPolicyFormat pulumi.StringPtrInput - // Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Authn Request. PostBindingAuthnRequest pulumi.BoolPtrInput - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Logout. PostBindingLogout pulumi.BoolPtrInput - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Post Binding Response. PostBindingResponse pulumi.BoolPtrInput - // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + // additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + // you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + // authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. PostBrokerLoginFlowAlias pulumi.StringPtrInput - // The principal attribute. + // Principal Attribute PrincipalAttribute pulumi.StringPtrInput - // The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + // Principal Type PrincipalType pulumi.StringPtrInput - // The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + // provider id, is always saml, unless you have a custom implementation ProviderId pulumi.StringPtrInput - // The name of the realm. This is unique across Keycloak. + // Realm Name Realm pulumi.StringPtrInput - // Signing Algorithm. Defaults to empty. + // Signing Algorithm. SignatureAlgorithm pulumi.StringPtrInput // Signing Certificate. SigningCertificate pulumi.StringPtrInput - // The Url that must be used to send logout requests. + // Logout URL. SingleLogoutServiceUrl pulumi.StringPtrInput - // The Url that must be used to send authentication requests (SAML AuthnRequest). + // SSO Logout URL. SingleSignOnServiceUrl pulumi.StringPtrInput - // When `true`, tokens will be stored after authenticating users. Defaults to `true`. + // Enable/disable if tokens must be stored after authenticating users. StoreToken pulumi.BoolPtrInput - // The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + // Sync Mode SyncMode pulumi.StringPtrInput - // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + // If enabled then email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrInput // Enable/disable signature validation of SAML responses. ValidateSignature pulumi.BoolPtrInput - // Indicates whether this service provider expects an encrypted Assertion. + // Want Assertions Encrypted. WantAssertionsEncrypted pulumi.BoolPtrInput - // Indicates whether this service provider expects a signed Assertion. + // Want Assertions Signed. WantAssertionsSigned pulumi.BoolPtrInput - // The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + // Sign Key Transformer. XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrInput } @@ -354,155 +392,165 @@ func (IdentityProviderState) ElementType() reflect.Type { } type identityProviderArgs struct { - // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + // Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. AddReadTokenRoleOnCreate *bool `pulumi:"addReadTokenRoleOnCreate"` - // The unique name of identity provider. + // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. Alias string `pulumi:"alias"` - // Authenticate users by default. Defaults to `false`. + // Enable/disable authenticate users by default. AuthenticateByDefault *bool `pulumi:"authenticateByDefault"` - // Ordered list of requested AuthnContext ClassRefs. + // AuthnContext ClassRefs AuthnContextClassRefs []string `pulumi:"authnContextClassRefs"` - // Specifies the comparison method used to evaluate the requested context classes or statements. + // AuthnContext Comparison AuthnContextComparisonType *string `pulumi:"authnContextComparisonType"` - // Ordered list of requested AuthnContext DeclRefs. + // AuthnContext DeclRefs AuthnContextDeclRefs []string `pulumi:"authnContextDeclRefs"` - // Does the external IDP support backchannel logout?. Defaults to `false`. + // Does the external IDP support backchannel logout? BackchannelSupported *bool `pulumi:"backchannelSupported"` - // The display name for the realm that is shown when logging in to the admin console. + // Friendly name for Identity Providers. DisplayName *string `pulumi:"displayName"` - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. + // Enable/disable this identity provider. Enabled *bool `pulumi:"enabled"` // The Entity ID that will be used to uniquely identify this SAML Service Provider. EntityId string `pulumi:"entityId"` ExtraConfig map[string]interface{} `pulumi:"extraConfig"` - // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + // that there is not yet existing Keycloak account linked with the authenticated identity provider account. FirstBrokerLoginFlowAlias *string `pulumi:"firstBrokerLoginFlowAlias"` - // Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + // Require Force Authn. ForceAuthn *bool `pulumi:"forceAuthn"` - // A number defining the order of this identity provider in the GUI. + // GUI Order GuiOrder *string `pulumi:"guiOrder"` - // If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + // Hide On Login Page. HideOnLoginPage *bool `pulumi:"hideOnLoginPage"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + // want to allow login from the provider, but want to integrate with a provider LinkOnly *bool `pulumi:"linkOnly"` // Login Hint. LoginHint *string `pulumi:"loginHint"` - // Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + // Name ID Policy Format. NameIdPolicyFormat *string `pulumi:"nameIdPolicyFormat"` - // Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Authn Request. PostBindingAuthnRequest *bool `pulumi:"postBindingAuthnRequest"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Logout. PostBindingLogout *bool `pulumi:"postBindingLogout"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Post Binding Response. PostBindingResponse *bool `pulumi:"postBindingResponse"` - // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + // additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + // you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + // authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. PostBrokerLoginFlowAlias *string `pulumi:"postBrokerLoginFlowAlias"` - // The principal attribute. + // Principal Attribute PrincipalAttribute *string `pulumi:"principalAttribute"` - // The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + // Principal Type PrincipalType *string `pulumi:"principalType"` - // The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + // provider id, is always saml, unless you have a custom implementation ProviderId *string `pulumi:"providerId"` - // The name of the realm. This is unique across Keycloak. + // Realm Name Realm string `pulumi:"realm"` - // Signing Algorithm. Defaults to empty. + // Signing Algorithm. SignatureAlgorithm *string `pulumi:"signatureAlgorithm"` // Signing Certificate. SigningCertificate *string `pulumi:"signingCertificate"` - // The Url that must be used to send logout requests. + // Logout URL. SingleLogoutServiceUrl *string `pulumi:"singleLogoutServiceUrl"` - // The Url that must be used to send authentication requests (SAML AuthnRequest). + // SSO Logout URL. SingleSignOnServiceUrl string `pulumi:"singleSignOnServiceUrl"` - // When `true`, tokens will be stored after authenticating users. Defaults to `true`. + // Enable/disable if tokens must be stored after authenticating users. StoreToken *bool `pulumi:"storeToken"` - // The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + // Sync Mode SyncMode *string `pulumi:"syncMode"` - // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + // If enabled then email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail *bool `pulumi:"trustEmail"` // Enable/disable signature validation of SAML responses. ValidateSignature *bool `pulumi:"validateSignature"` - // Indicates whether this service provider expects an encrypted Assertion. + // Want Assertions Encrypted. WantAssertionsEncrypted *bool `pulumi:"wantAssertionsEncrypted"` - // Indicates whether this service provider expects a signed Assertion. + // Want Assertions Signed. WantAssertionsSigned *bool `pulumi:"wantAssertionsSigned"` - // The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + // Sign Key Transformer. XmlSignKeyInfoKeyNameTransformer *string `pulumi:"xmlSignKeyInfoKeyNameTransformer"` } // The set of arguments for constructing a IdentityProvider resource. type IdentityProviderArgs struct { - // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + // Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. AddReadTokenRoleOnCreate pulumi.BoolPtrInput - // The unique name of identity provider. + // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. Alias pulumi.StringInput - // Authenticate users by default. Defaults to `false`. + // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrInput - // Ordered list of requested AuthnContext ClassRefs. + // AuthnContext ClassRefs AuthnContextClassRefs pulumi.StringArrayInput - // Specifies the comparison method used to evaluate the requested context classes or statements. + // AuthnContext Comparison AuthnContextComparisonType pulumi.StringPtrInput - // Ordered list of requested AuthnContext DeclRefs. + // AuthnContext DeclRefs AuthnContextDeclRefs pulumi.StringArrayInput - // Does the external IDP support backchannel logout?. Defaults to `false`. + // Does the external IDP support backchannel logout? BackchannelSupported pulumi.BoolPtrInput - // The display name for the realm that is shown when logging in to the admin console. + // Friendly name for Identity Providers. DisplayName pulumi.StringPtrInput - // When `false`, users and clients will not be able to access this realm. Defaults to `true`. + // Enable/disable this identity provider. Enabled pulumi.BoolPtrInput // The Entity ID that will be used to uniquely identify this SAML Service Provider. EntityId pulumi.StringInput ExtraConfig pulumi.MapInput - // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + // Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + // that there is not yet existing Keycloak account linked with the authenticated identity provider account. FirstBrokerLoginFlowAlias pulumi.StringPtrInput - // Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + // Require Force Authn. ForceAuthn pulumi.BoolPtrInput - // A number defining the order of this identity provider in the GUI. + // GUI Order GuiOrder pulumi.StringPtrInput - // If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + // Hide On Login Page. HideOnLoginPage pulumi.BoolPtrInput - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + // want to allow login from the provider, but want to integrate with a provider LinkOnly pulumi.BoolPtrInput // Login Hint. LoginHint pulumi.StringPtrInput - // Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + // Name ID Policy Format. NameIdPolicyFormat pulumi.StringPtrInput - // Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Authn Request. PostBindingAuthnRequest pulumi.BoolPtrInput - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + // Post Binding Logout. PostBindingLogout pulumi.BoolPtrInput - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Post Binding Response. PostBindingResponse pulumi.BoolPtrInput - // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + // additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + // you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + // authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. PostBrokerLoginFlowAlias pulumi.StringPtrInput - // The principal attribute. + // Principal Attribute PrincipalAttribute pulumi.StringPtrInput - // The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + // Principal Type PrincipalType pulumi.StringPtrInput - // The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + // provider id, is always saml, unless you have a custom implementation ProviderId pulumi.StringPtrInput - // The name of the realm. This is unique across Keycloak. + // Realm Name Realm pulumi.StringInput - // Signing Algorithm. Defaults to empty. + // Signing Algorithm. SignatureAlgorithm pulumi.StringPtrInput // Signing Certificate. SigningCertificate pulumi.StringPtrInput - // The Url that must be used to send logout requests. + // Logout URL. SingleLogoutServiceUrl pulumi.StringPtrInput - // The Url that must be used to send authentication requests (SAML AuthnRequest). + // SSO Logout URL. SingleSignOnServiceUrl pulumi.StringInput - // When `true`, tokens will be stored after authenticating users. Defaults to `true`. + // Enable/disable if tokens must be stored after authenticating users. StoreToken pulumi.BoolPtrInput - // The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + // Sync Mode SyncMode pulumi.StringPtrInput - // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + // If enabled then email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrInput // Enable/disable signature validation of SAML responses. ValidateSignature pulumi.BoolPtrInput - // Indicates whether this service provider expects an encrypted Assertion. + // Want Assertions Encrypted. WantAssertionsEncrypted pulumi.BoolPtrInput - // Indicates whether this service provider expects a signed Assertion. + // Want Assertions Signed. WantAssertionsSigned pulumi.BoolPtrInput - // The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + // Sign Key Transformer. XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrInput } @@ -593,47 +641,47 @@ func (o IdentityProviderOutput) ToIdentityProviderOutputWithContext(ctx context. return o } -// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. +// Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. func (o IdentityProviderOutput) AddReadTokenRoleOnCreate() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.AddReadTokenRoleOnCreate }).(pulumi.BoolPtrOutput) } -// The unique name of identity provider. +// The alias uniquely identifies an identity provider and it is also used to build the redirect uri. func (o IdentityProviderOutput) Alias() pulumi.StringOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringOutput { return v.Alias }).(pulumi.StringOutput) } -// Authenticate users by default. Defaults to `false`. +// Enable/disable authenticate users by default. func (o IdentityProviderOutput) AuthenticateByDefault() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.AuthenticateByDefault }).(pulumi.BoolPtrOutput) } -// Ordered list of requested AuthnContext ClassRefs. +// AuthnContext ClassRefs func (o IdentityProviderOutput) AuthnContextClassRefs() pulumi.StringArrayOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringArrayOutput { return v.AuthnContextClassRefs }).(pulumi.StringArrayOutput) } -// Specifies the comparison method used to evaluate the requested context classes or statements. +// AuthnContext Comparison func (o IdentityProviderOutput) AuthnContextComparisonType() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.AuthnContextComparisonType }).(pulumi.StringPtrOutput) } -// Ordered list of requested AuthnContext DeclRefs. +// AuthnContext DeclRefs func (o IdentityProviderOutput) AuthnContextDeclRefs() pulumi.StringArrayOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringArrayOutput { return v.AuthnContextDeclRefs }).(pulumi.StringArrayOutput) } -// Does the external IDP support backchannel logout?. Defaults to `false`. +// Does the external IDP support backchannel logout? func (o IdentityProviderOutput) BackchannelSupported() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.BackchannelSupported }).(pulumi.BoolPtrOutput) } -// The display name for the realm that is shown when logging in to the admin console. +// Friendly name for Identity Providers. func (o IdentityProviderOutput) DisplayName() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.DisplayName }).(pulumi.StringPtrOutput) } -// When `false`, users and clients will not be able to access this realm. Defaults to `true`. +// Enable/disable this identity provider. func (o IdentityProviderOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } @@ -647,22 +695,23 @@ func (o IdentityProviderOutput) ExtraConfig() pulumi.MapOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.MapOutput { return v.ExtraConfig }).(pulumi.MapOutput) } -// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. +// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means +// that there is not yet existing Keycloak account linked with the authenticated identity provider account. func (o IdentityProviderOutput) FirstBrokerLoginFlowAlias() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.FirstBrokerLoginFlowAlias }).(pulumi.StringPtrOutput) } -// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. +// Require Force Authn. func (o IdentityProviderOutput) ForceAuthn() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.ForceAuthn }).(pulumi.BoolPtrOutput) } -// A number defining the order of this identity provider in the GUI. +// GUI Order func (o IdentityProviderOutput) GuiOrder() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.GuiOrder }).(pulumi.StringPtrOutput) } -// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. +// Hide On Login Page. func (o IdentityProviderOutput) HideOnLoginPage() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.HideOnLoginPage }).(pulumi.BoolPtrOutput) } @@ -672,7 +721,8 @@ func (o IdentityProviderOutput) InternalId() pulumi.StringOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringOutput { return v.InternalId }).(pulumi.StringOutput) } -// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. +// If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't +// want to allow login from the provider, but want to integrate with a provider func (o IdentityProviderOutput) LinkOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.LinkOnly }).(pulumi.BoolPtrOutput) } @@ -682,52 +732,55 @@ func (o IdentityProviderOutput) LoginHint() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.LoginHint }).(pulumi.StringPtrOutput) } -// Specifies the URI reference corresponding to a name identifier format. Defaults to empty. +// Name ID Policy Format. func (o IdentityProviderOutput) NameIdPolicyFormat() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.NameIdPolicyFormat }).(pulumi.StringPtrOutput) } -// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. +// Post Binding Authn Request. func (o IdentityProviderOutput) PostBindingAuthnRequest() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.PostBindingAuthnRequest }).(pulumi.BoolPtrOutput) } -// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. +// Post Binding Logout. func (o IdentityProviderOutput) PostBindingLogout() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.PostBindingLogout }).(pulumi.BoolPtrOutput) } -// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. +// Post Binding Response. func (o IdentityProviderOutput) PostBindingResponse() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.PostBindingResponse }).(pulumi.BoolPtrOutput) } -// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. +// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want +// additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if +// you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that +// authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. func (o IdentityProviderOutput) PostBrokerLoginFlowAlias() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.PostBrokerLoginFlowAlias }).(pulumi.StringPtrOutput) } -// The principal attribute. +// Principal Attribute func (o IdentityProviderOutput) PrincipalAttribute() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.PrincipalAttribute }).(pulumi.StringPtrOutput) } -// The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. +// Principal Type func (o IdentityProviderOutput) PrincipalType() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.PrincipalType }).(pulumi.StringPtrOutput) } -// The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. +// provider id, is always saml, unless you have a custom implementation func (o IdentityProviderOutput) ProviderId() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.ProviderId }).(pulumi.StringPtrOutput) } -// The name of the realm. This is unique across Keycloak. +// Realm Name func (o IdentityProviderOutput) Realm() pulumi.StringOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringOutput { return v.Realm }).(pulumi.StringOutput) } -// Signing Algorithm. Defaults to empty. +// Signing Algorithm. func (o IdentityProviderOutput) SignatureAlgorithm() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.SignatureAlgorithm }).(pulumi.StringPtrOutput) } @@ -737,27 +790,27 @@ func (o IdentityProviderOutput) SigningCertificate() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.SigningCertificate }).(pulumi.StringPtrOutput) } -// The Url that must be used to send logout requests. +// Logout URL. func (o IdentityProviderOutput) SingleLogoutServiceUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.SingleLogoutServiceUrl }).(pulumi.StringPtrOutput) } -// The Url that must be used to send authentication requests (SAML AuthnRequest). +// SSO Logout URL. func (o IdentityProviderOutput) SingleSignOnServiceUrl() pulumi.StringOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringOutput { return v.SingleSignOnServiceUrl }).(pulumi.StringOutput) } -// When `true`, tokens will be stored after authenticating users. Defaults to `true`. +// Enable/disable if tokens must be stored after authenticating users. func (o IdentityProviderOutput) StoreToken() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.StoreToken }).(pulumi.BoolPtrOutput) } -// The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. +// Sync Mode func (o IdentityProviderOutput) SyncMode() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.SyncMode }).(pulumi.StringPtrOutput) } -// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. +// If enabled then email provided by this provider is not verified even if verification is enabled for the realm. func (o IdentityProviderOutput) TrustEmail() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.TrustEmail }).(pulumi.BoolPtrOutput) } @@ -767,17 +820,17 @@ func (o IdentityProviderOutput) ValidateSignature() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.ValidateSignature }).(pulumi.BoolPtrOutput) } -// Indicates whether this service provider expects an encrypted Assertion. +// Want Assertions Encrypted. func (o IdentityProviderOutput) WantAssertionsEncrypted() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.WantAssertionsEncrypted }).(pulumi.BoolPtrOutput) } -// Indicates whether this service provider expects a signed Assertion. +// Want Assertions Signed. func (o IdentityProviderOutput) WantAssertionsSigned() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.WantAssertionsSigned }).(pulumi.BoolPtrOutput) } -// The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. +// Sign Key Transformer. func (o IdentityProviderOutput) XmlSignKeyInfoKeyNameTransformer() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.XmlSignKeyInfoKeyNameTransformer }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/keycloak/saml/pulumiTypes.go b/sdk/go/keycloak/saml/pulumiTypes.go index a0592f2f..dea98e85 100644 --- a/sdk/go/keycloak/saml/pulumiTypes.go +++ b/sdk/go/keycloak/saml/pulumiTypes.go @@ -14,9 +14,7 @@ import ( var _ = internal.GetEnvOrDefault type ClientAuthenticationFlowBindingOverrides struct { - // Browser flow id, (flow needs to exist) - BrowserId *string `pulumi:"browserId"` - // Direct grant flow id (flow needs to exist) + BrowserId *string `pulumi:"browserId"` DirectGrantId *string `pulumi:"directGrantId"` } @@ -32,9 +30,7 @@ type ClientAuthenticationFlowBindingOverridesInput interface { } type ClientAuthenticationFlowBindingOverridesArgs struct { - // Browser flow id, (flow needs to exist) - BrowserId pulumi.StringPtrInput `pulumi:"browserId"` - // Direct grant flow id (flow needs to exist) + BrowserId pulumi.StringPtrInput `pulumi:"browserId"` DirectGrantId pulumi.StringPtrInput `pulumi:"directGrantId"` } @@ -115,12 +111,10 @@ func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFl }).(ClientAuthenticationFlowBindingOverridesPtrOutput) } -// Browser flow id, (flow needs to exist) func (o ClientAuthenticationFlowBindingOverridesOutput) BrowserId() pulumi.StringPtrOutput { return o.ApplyT(func(v ClientAuthenticationFlowBindingOverrides) *string { return v.BrowserId }).(pulumi.StringPtrOutput) } -// Direct grant flow id (flow needs to exist) func (o ClientAuthenticationFlowBindingOverridesOutput) DirectGrantId() pulumi.StringPtrOutput { return o.ApplyT(func(v ClientAuthenticationFlowBindingOverrides) *string { return v.DirectGrantId }).(pulumi.StringPtrOutput) } @@ -149,7 +143,6 @@ func (o ClientAuthenticationFlowBindingOverridesPtrOutput) Elem() ClientAuthenti }).(ClientAuthenticationFlowBindingOverridesOutput) } -// Browser flow id, (flow needs to exist) func (o ClientAuthenticationFlowBindingOverridesPtrOutput) BrowserId() pulumi.StringPtrOutput { return o.ApplyT(func(v *ClientAuthenticationFlowBindingOverrides) *string { if v == nil { @@ -159,7 +152,6 @@ func (o ClientAuthenticationFlowBindingOverridesPtrOutput) BrowserId() pulumi.St }).(pulumi.StringPtrOutput) } -// Direct grant flow id (flow needs to exist) func (o ClientAuthenticationFlowBindingOverridesPtrOutput) DirectGrantId() pulumi.StringPtrOutput { return o.ApplyT(func(v *ClientAuthenticationFlowBindingOverrides) *string { if v == nil { diff --git a/sdk/go/keycloak/saml/scriptProtocolMapper.go b/sdk/go/keycloak/saml/scriptProtocolMapper.go index fdd85621..4ab2891c 100644 --- a/sdk/go/keycloak/saml/scriptProtocolMapper.go +++ b/sdk/go/keycloak/saml/scriptProtocolMapper.go @@ -21,6 +21,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -63,18 +64,19 @@ import ( // } // // ``` +// // // ## Import // // Protocol mappers can be imported using one of the following formats: // -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/go/keycloak/saml/userAttributeProtocolMapper.go b/sdk/go/keycloak/saml/userAttributeProtocolMapper.go index 0910e3d3..58039c9c 100644 --- a/sdk/go/keycloak/saml/userAttributeProtocolMapper.go +++ b/sdk/go/keycloak/saml/userAttributeProtocolMapper.go @@ -12,16 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak. +// ## # saml.UserAttributeProtocolMapper // -// SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute -// in a SAML assertion. +// Allows for creating and managing user attribute protocol mappers for +// SAML clients within Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// SAML user attribute protocol mappers allow you to map custom attributes defined +// for a user within Keycloak to an attribute in a SAML assertion. Protocol mappers +// can be defined for a single client, or they can be defined for a client scope which +// can be shared between multiple different clients. // -// ## Example Usage +// ### Example Usage (Client) // +// // ```go // package main // @@ -35,26 +38,26 @@ import ( // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), +// _, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("saml-client"), +// ClientId: pulumi.String("test-saml-client"), +// RealmId: pulumi.Any(keycloak_realm.Test.Id), // }) // if err != nil { // return err // } // _, err = saml.NewUserAttributeProtocolMapper(ctx, "samlUserAttributeMapper", &saml.UserAttributeProtocolMapperArgs{ -// RealmId: realm.ID(), // ClientId: samlClient.ID(), -// UserAttribute: pulumi.String("displayName"), +// RealmId: pulumi.Any(keycloak_realm.Test.Id), // SamlAttributeName: pulumi.String("displayName"), // SamlAttributeNameFormat: pulumi.String("Unspecified"), +// UserAttribute: pulumi.String("displayName"), // }) // if err != nil { // return err @@ -64,45 +67,39 @@ import ( // } // // ``` +// // -// ## Import -// -// Protocol mappers can be imported using one of the following formats: -// -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// ### Argument Reference // -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The SAML client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The SAML client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `userAttribute` - (Required) The custom user attribute to map. +// - `friendlyName` - (Optional) An optional human-friendly name for this attribute. +// - `samlAttributeName` - (Required) The name of the SAML attribute. +// - `samlAttributeNameFormat` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type UserAttributeProtocolMapper struct { pulumi.CustomResourceState - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // An optional human-friendly name for this attribute. - FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"` - // The display name of this protocol mapper in the GUI. - Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // The name of the SAML attribute. - SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"` - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"` - // The custom user attribute to map. - UserAttribute pulumi.StringOutput `pulumi:"userAttribute"` + ClientId pulumi.StringPtrOutput `pulumi:"clientId"` + ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` + FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"` + Name pulumi.StringOutput `pulumi:"name"` + RealmId pulumi.StringOutput `pulumi:"realmId"` + SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"` + SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"` + UserAttribute pulumi.StringOutput `pulumi:"userAttribute"` } // NewUserAttributeProtocolMapper registers a new resource with the given unique name, arguments, and options. @@ -147,41 +144,25 @@ func GetUserAttributeProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering UserAttributeProtocolMapper resources. type userAttributeProtocolMapperState struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId *string `pulumi:"clientScopeId"` - // An optional human-friendly name for this attribute. - FriendlyName *string `pulumi:"friendlyName"` - // The display name of this protocol mapper in the GUI. - Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId *string `pulumi:"realmId"` - // The name of the SAML attribute. - SamlAttributeName *string `pulumi:"samlAttributeName"` - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. + ClientId *string `pulumi:"clientId"` + ClientScopeId *string `pulumi:"clientScopeId"` + FriendlyName *string `pulumi:"friendlyName"` + Name *string `pulumi:"name"` + RealmId *string `pulumi:"realmId"` + SamlAttributeName *string `pulumi:"samlAttributeName"` SamlAttributeNameFormat *string `pulumi:"samlAttributeNameFormat"` - // The custom user attribute to map. - UserAttribute *string `pulumi:"userAttribute"` + UserAttribute *string `pulumi:"userAttribute"` } type UserAttributeProtocolMapperState struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId pulumi.StringPtrInput - // An optional human-friendly name for this attribute. - FriendlyName pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. - Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. - RealmId pulumi.StringPtrInput - // The name of the SAML attribute. - SamlAttributeName pulumi.StringPtrInput - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. + ClientId pulumi.StringPtrInput + ClientScopeId pulumi.StringPtrInput + FriendlyName pulumi.StringPtrInput + Name pulumi.StringPtrInput + RealmId pulumi.StringPtrInput + SamlAttributeName pulumi.StringPtrInput SamlAttributeNameFormat pulumi.StringPtrInput - // The custom user attribute to map. - UserAttribute pulumi.StringPtrInput + UserAttribute pulumi.StringPtrInput } func (UserAttributeProtocolMapperState) ElementType() reflect.Type { @@ -189,42 +170,26 @@ func (UserAttributeProtocolMapperState) ElementType() reflect.Type { } type userAttributeProtocolMapperArgs struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId *string `pulumi:"clientScopeId"` - // An optional human-friendly name for this attribute. - FriendlyName *string `pulumi:"friendlyName"` - // The display name of this protocol mapper in the GUI. - Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId string `pulumi:"realmId"` - // The name of the SAML attribute. - SamlAttributeName string `pulumi:"samlAttributeName"` - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - SamlAttributeNameFormat string `pulumi:"samlAttributeNameFormat"` - // The custom user attribute to map. - UserAttribute string `pulumi:"userAttribute"` + ClientId *string `pulumi:"clientId"` + ClientScopeId *string `pulumi:"clientScopeId"` + FriendlyName *string `pulumi:"friendlyName"` + Name *string `pulumi:"name"` + RealmId string `pulumi:"realmId"` + SamlAttributeName string `pulumi:"samlAttributeName"` + SamlAttributeNameFormat string `pulumi:"samlAttributeNameFormat"` + UserAttribute string `pulumi:"userAttribute"` } // The set of arguments for constructing a UserAttributeProtocolMapper resource. type UserAttributeProtocolMapperArgs struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId pulumi.StringPtrInput - // An optional human-friendly name for this attribute. - FriendlyName pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. - Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. - RealmId pulumi.StringInput - // The name of the SAML attribute. - SamlAttributeName pulumi.StringInput - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. + ClientId pulumi.StringPtrInput + ClientScopeId pulumi.StringPtrInput + FriendlyName pulumi.StringPtrInput + Name pulumi.StringPtrInput + RealmId pulumi.StringInput + SamlAttributeName pulumi.StringInput SamlAttributeNameFormat pulumi.StringInput - // The custom user attribute to map. - UserAttribute pulumi.StringInput + UserAttribute pulumi.StringInput } func (UserAttributeProtocolMapperArgs) ElementType() reflect.Type { @@ -314,42 +279,34 @@ func (o UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutputWi return o } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. func (o UserAttributeProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. func (o UserAttributeProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// An optional human-friendly name for this attribute. func (o UserAttributeProtocolMapperOutput) FriendlyName() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringPtrOutput { return v.FriendlyName }).(pulumi.StringPtrOutput) } -// The display name of this protocol mapper in the GUI. func (o UserAttributeProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. func (o UserAttributeProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// The name of the SAML attribute. func (o UserAttributeProtocolMapperOutput) SamlAttributeName() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.SamlAttributeName }).(pulumi.StringOutput) } -// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. func (o UserAttributeProtocolMapperOutput) SamlAttributeNameFormat() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.SamlAttributeNameFormat }).(pulumi.StringOutput) } -// The custom user attribute to map. func (o UserAttributeProtocolMapperOutput) UserAttribute() pulumi.StringOutput { return o.ApplyT(func(v *UserAttributeProtocolMapper) pulumi.StringOutput { return v.UserAttribute }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/saml/userPropertyProtocolMapper.go b/sdk/go/keycloak/saml/userPropertyProtocolMapper.go index 6178010c..99fb0792 100644 --- a/sdk/go/keycloak/saml/userPropertyProtocolMapper.go +++ b/sdk/go/keycloak/saml/userPropertyProtocolMapper.go @@ -12,16 +12,19 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// Allows for creating and managing user property protocol mappers for SAML clients within Keycloak. +// ## # saml.UserPropertyProtocolMapper // -// SAML user property protocol mappers allow you to map properties of the Keycloak -// user model to an attribute in a SAML assertion. +// Allows for creating and managing user property protocol mappers for +// SAML clients within Keycloak. // -// Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between -// multiple different clients. +// SAML user property protocol mappers allow you to map properties of the Keycloak +// user model to an attribute in a SAML assertion. Protocol mappers +// can be defined for a single client, or they can be defined for a client scope which +// can be shared between multiple different clients. // -// ## Example Usage +// ### Example Usage (Client) // +// // ```go // package main // @@ -35,26 +38,26 @@ import ( // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), +// _, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("saml-client"), +// ClientId: pulumi.String("test-saml-client"), +// RealmId: pulumi.Any(keycloak_realm.Test.Id), // }) // if err != nil { // return err // } // _, err = saml.NewUserPropertyProtocolMapper(ctx, "samlUserPropertyMapper", &saml.UserPropertyProtocolMapperArgs{ -// RealmId: realm.ID(), // ClientId: samlClient.ID(), -// UserProperty: pulumi.String("email"), +// RealmId: pulumi.Any(keycloak_realm.Test.Id), // SamlAttributeName: pulumi.String("email"), // SamlAttributeNameFormat: pulumi.String("Unspecified"), +// UserProperty: pulumi.String("email"), // }) // if err != nil { // return err @@ -64,45 +67,39 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Protocol mappers can be imported using one of the following formats: -// -// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` -// -// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` +// The following arguments are supported: // -// Example: +// - `realmId` - (Required) The realm this protocol mapper exists within. +// - `clientId` - (Required if `clientScopeId` is not specified) The SAML client this protocol mapper is attached to. +// - `clientScopeId` - (Required if `clientId` is not specified) The SAML client scope this protocol mapper is attached to. +// - `name` - (Required) The display name of this protocol mapper in the GUI. +// - `userProperty` - (Required) The property of the Keycloak user model to map. +// - `friendlyName` - (Optional) An optional human-friendly name for this attribute. +// - `samlAttributeName` - (Required) The name of the SAML attribute. +// - `samlAttributeNameFormat` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. // -// bash +// ### Import // -// ```sh -// $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Protocol mappers can be imported using one of the following formats: +// - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +// - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` // -// ```sh -// $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 -// ``` +// Example: type UserPropertyProtocolMapper struct { pulumi.CustomResourceState - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId pulumi.StringPtrOutput `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` - // An optional human-friendly name for this attribute. - FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"` - // The display name of this protocol mapper in the GUI. - Name pulumi.StringOutput `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // The name of the SAML attribute. - SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"` - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"` - // The property of the Keycloak user model to map. - UserProperty pulumi.StringOutput `pulumi:"userProperty"` + ClientId pulumi.StringPtrOutput `pulumi:"clientId"` + ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"` + FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"` + Name pulumi.StringOutput `pulumi:"name"` + RealmId pulumi.StringOutput `pulumi:"realmId"` + SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"` + SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"` + UserProperty pulumi.StringOutput `pulumi:"userProperty"` } // NewUserPropertyProtocolMapper registers a new resource with the given unique name, arguments, and options. @@ -147,41 +144,25 @@ func GetUserPropertyProtocolMapper(ctx *pulumi.Context, // Input properties used for looking up and filtering UserPropertyProtocolMapper resources. type userPropertyProtocolMapperState struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId *string `pulumi:"clientScopeId"` - // An optional human-friendly name for this attribute. - FriendlyName *string `pulumi:"friendlyName"` - // The display name of this protocol mapper in the GUI. - Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId *string `pulumi:"realmId"` - // The name of the SAML attribute. - SamlAttributeName *string `pulumi:"samlAttributeName"` - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. + ClientId *string `pulumi:"clientId"` + ClientScopeId *string `pulumi:"clientScopeId"` + FriendlyName *string `pulumi:"friendlyName"` + Name *string `pulumi:"name"` + RealmId *string `pulumi:"realmId"` + SamlAttributeName *string `pulumi:"samlAttributeName"` SamlAttributeNameFormat *string `pulumi:"samlAttributeNameFormat"` - // The property of the Keycloak user model to map. - UserProperty *string `pulumi:"userProperty"` + UserProperty *string `pulumi:"userProperty"` } type UserPropertyProtocolMapperState struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId pulumi.StringPtrInput - // An optional human-friendly name for this attribute. - FriendlyName pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. - Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. - RealmId pulumi.StringPtrInput - // The name of the SAML attribute. - SamlAttributeName pulumi.StringPtrInput - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. + ClientId pulumi.StringPtrInput + ClientScopeId pulumi.StringPtrInput + FriendlyName pulumi.StringPtrInput + Name pulumi.StringPtrInput + RealmId pulumi.StringPtrInput + SamlAttributeName pulumi.StringPtrInput SamlAttributeNameFormat pulumi.StringPtrInput - // The property of the Keycloak user model to map. - UserProperty pulumi.StringPtrInput + UserProperty pulumi.StringPtrInput } func (UserPropertyProtocolMapperState) ElementType() reflect.Type { @@ -189,42 +170,26 @@ func (UserPropertyProtocolMapperState) ElementType() reflect.Type { } type userPropertyProtocolMapperArgs struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId *string `pulumi:"clientId"` - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId *string `pulumi:"clientScopeId"` - // An optional human-friendly name for this attribute. - FriendlyName *string `pulumi:"friendlyName"` - // The display name of this protocol mapper in the GUI. - Name *string `pulumi:"name"` - // The realm this protocol mapper exists within. - RealmId string `pulumi:"realmId"` - // The name of the SAML attribute. - SamlAttributeName string `pulumi:"samlAttributeName"` - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - SamlAttributeNameFormat string `pulumi:"samlAttributeNameFormat"` - // The property of the Keycloak user model to map. - UserProperty string `pulumi:"userProperty"` + ClientId *string `pulumi:"clientId"` + ClientScopeId *string `pulumi:"clientScopeId"` + FriendlyName *string `pulumi:"friendlyName"` + Name *string `pulumi:"name"` + RealmId string `pulumi:"realmId"` + SamlAttributeName string `pulumi:"samlAttributeName"` + SamlAttributeNameFormat string `pulumi:"samlAttributeNameFormat"` + UserProperty string `pulumi:"userProperty"` } // The set of arguments for constructing a UserPropertyProtocolMapper resource. type UserPropertyProtocolMapperArgs struct { - // The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - ClientId pulumi.StringPtrInput - // The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - ClientScopeId pulumi.StringPtrInput - // An optional human-friendly name for this attribute. - FriendlyName pulumi.StringPtrInput - // The display name of this protocol mapper in the GUI. - Name pulumi.StringPtrInput - // The realm this protocol mapper exists within. - RealmId pulumi.StringInput - // The name of the SAML attribute. - SamlAttributeName pulumi.StringInput - // The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. + ClientId pulumi.StringPtrInput + ClientScopeId pulumi.StringPtrInput + FriendlyName pulumi.StringPtrInput + Name pulumi.StringPtrInput + RealmId pulumi.StringInput + SamlAttributeName pulumi.StringInput SamlAttributeNameFormat pulumi.StringInput - // The property of the Keycloak user model to map. - UserProperty pulumi.StringInput + UserProperty pulumi.StringInput } func (UserPropertyProtocolMapperArgs) ElementType() reflect.Type { @@ -314,42 +279,34 @@ func (o UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutputWith return o } -// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. func (o UserPropertyProtocolMapperOutput) ClientId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) } -// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. func (o UserPropertyProtocolMapperOutput) ClientScopeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringPtrOutput { return v.ClientScopeId }).(pulumi.StringPtrOutput) } -// An optional human-friendly name for this attribute. func (o UserPropertyProtocolMapperOutput) FriendlyName() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringPtrOutput { return v.FriendlyName }).(pulumi.StringPtrOutput) } -// The display name of this protocol mapper in the GUI. func (o UserPropertyProtocolMapperOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// The realm this protocol mapper exists within. func (o UserPropertyProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// The name of the SAML attribute. func (o UserPropertyProtocolMapperOutput) SamlAttributeName() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.SamlAttributeName }).(pulumi.StringOutput) } -// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. func (o UserPropertyProtocolMapperOutput) SamlAttributeNameFormat() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.SamlAttributeNameFormat }).(pulumi.StringOutput) } -// The property of the Keycloak user model to map. func (o UserPropertyProtocolMapperOutput) UserProperty() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.UserProperty }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/user.go b/sdk/go/keycloak/user.go index 6f734ee5..e06d96d8 100644 --- a/sdk/go/keycloak/user.go +++ b/sdk/go/keycloak/user.go @@ -12,14 +12,17 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// ## # User +// // Allows for creating and managing Users within Keycloak. // -// This resource was created primarily to enable the acceptance tests for the `Group` resource. Creating users within -// Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers -// or identity providers. +// This resource was created primarily to enable the acceptance tests for the `Group` resource. +// Creating users within Keycloak is not recommended. Instead, users should be federated from external sources +// by configuring user federation providers or identity providers. // -// ## Example Usage +// ### Example Usage // +// // ```go // package main // @@ -33,38 +36,34 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), // Enabled: pulumi.Bool(true), +// Realm: pulumi.String("my-realm"), // }) // if err != nil { // return err // } // _, err = keycloak.NewUser(ctx, "user", &keycloak.UserArgs{ -// RealmId: realm.ID(), -// Username: pulumi.String("bob"), -// Enabled: pulumi.Bool(true), // Email: pulumi.String("bob@domain.com"), +// Enabled: pulumi.Bool(true), // FirstName: pulumi.String("Bob"), // LastName: pulumi.String("Bobson"), +// RealmId: realm.ID(), +// Username: pulumi.String("bob"), // }) // if err != nil { // return err // } // _, err = keycloak.NewUser(ctx, "userWithInitialPassword", &keycloak.UserArgs{ -// RealmId: realm.ID(), -// Username: pulumi.String("alice"), -// Enabled: pulumi.Bool(true), // Email: pulumi.String("alice@domain.com"), +// Enabled: pulumi.Bool(true), // FirstName: pulumi.String("Alice"), -// LastName: pulumi.String("Aliceberg"), -// Attributes: pulumi.Map{ -// "foo": pulumi.Any("bar"), -// "multivalue": pulumi.Any("value1##value2"), -// }, // InitialPassword: &keycloak.UserInitialPasswordArgs{ -// Value: pulumi.String("some password"), // Temporary: pulumi.Bool(true), +// Value: pulumi.String("some password"), // }, +// LastName: pulumi.String("Aliceberg"), +// RealmId: realm.ID(), +// Username: pulumi.String("alice"), // }) // if err != nil { // return err @@ -74,45 +73,43 @@ import ( // } // // ``` +// // -// ## Import +// ### Argument Reference // -// Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak +// The following arguments are supported: // -// assigns to the user upon creation. This value can be found in the GUI when editing the user. +// - `realmId` - (Required) The realm this user belongs to. +// - `username` - (Required) The unique username of this user. +// - `initialPassword` (Optional) When given, the user's initial password will be set. +// This attribute is only respected during initial user creation. +// - `value` (Required) The initial password. +// - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`. +// - `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`. +// - `email` - (Optional) The user's email. +// - `firstName` - (Optional) The user's first name. +// - `lastName` - (Optional) The user's last name. // -// Example: +// ### Import // -// bash +// Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `userId` is the unique ID that Keycloak +// assigns to the user upon creation. This value can be found in the GUI when editing the user. // -// ```sh -// $ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4 -// ``` +// Example: type User struct { pulumi.CustomResourceState - // A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes pulumi.MapOutput `pulumi:"attributes"` - // The user's email. - Email pulumi.StringPtrOutput `pulumi:"email"` - // Whether the email address was validated or not. Default to `false`. - EmailVerified pulumi.BoolPtrOutput `pulumi:"emailVerified"` - // When false, this user cannot log in. Defaults to `true`. - Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` - // When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. + Attributes pulumi.MapOutput `pulumi:"attributes"` + Email pulumi.StringPtrOutput `pulumi:"email"` + EmailVerified pulumi.BoolPtrOutput `pulumi:"emailVerified"` + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` FederatedIdentities UserFederatedIdentityArrayOutput `pulumi:"federatedIdentities"` - // The user's first name. - FirstName pulumi.StringPtrOutput `pulumi:"firstName"` - // When given, the user's initial password will be set. This attribute is only respected during initial user creation. - InitialPassword UserInitialPasswordPtrOutput `pulumi:"initialPassword"` - // The user's last name. - LastName pulumi.StringPtrOutput `pulumi:"lastName"` - // The realm this user belongs to. - RealmId pulumi.StringOutput `pulumi:"realmId"` - // A list of required user actions. - RequiredActions pulumi.StringArrayOutput `pulumi:"requiredActions"` - // The unique username of this user. - Username pulumi.StringOutput `pulumi:"username"` + FirstName pulumi.StringPtrOutput `pulumi:"firstName"` + InitialPassword UserInitialPasswordPtrOutput `pulumi:"initialPassword"` + LastName pulumi.StringPtrOutput `pulumi:"lastName"` + RealmId pulumi.StringOutput `pulumi:"realmId"` + RequiredActions pulumi.StringArrayOutput `pulumi:"requiredActions"` + Username pulumi.StringOutput `pulumi:"username"` } // NewUser registers a new resource with the given unique name, arguments, and options. @@ -151,53 +148,31 @@ func GetUser(ctx *pulumi.Context, // Input properties used for looking up and filtering User resources. type userState struct { - // A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes map[string]interface{} `pulumi:"attributes"` - // The user's email. - Email *string `pulumi:"email"` - // Whether the email address was validated or not. Default to `false`. - EmailVerified *bool `pulumi:"emailVerified"` - // When false, this user cannot log in. Defaults to `true`. - Enabled *bool `pulumi:"enabled"` - // When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. + Attributes map[string]interface{} `pulumi:"attributes"` + Email *string `pulumi:"email"` + EmailVerified *bool `pulumi:"emailVerified"` + Enabled *bool `pulumi:"enabled"` FederatedIdentities []UserFederatedIdentity `pulumi:"federatedIdentities"` - // The user's first name. - FirstName *string `pulumi:"firstName"` - // When given, the user's initial password will be set. This attribute is only respected during initial user creation. - InitialPassword *UserInitialPassword `pulumi:"initialPassword"` - // The user's last name. - LastName *string `pulumi:"lastName"` - // The realm this user belongs to. - RealmId *string `pulumi:"realmId"` - // A list of required user actions. - RequiredActions []string `pulumi:"requiredActions"` - // The unique username of this user. - Username *string `pulumi:"username"` + FirstName *string `pulumi:"firstName"` + InitialPassword *UserInitialPassword `pulumi:"initialPassword"` + LastName *string `pulumi:"lastName"` + RealmId *string `pulumi:"realmId"` + RequiredActions []string `pulumi:"requiredActions"` + Username *string `pulumi:"username"` } type UserState struct { - // A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes pulumi.MapInput - // The user's email. - Email pulumi.StringPtrInput - // Whether the email address was validated or not. Default to `false`. - EmailVerified pulumi.BoolPtrInput - // When false, this user cannot log in. Defaults to `true`. - Enabled pulumi.BoolPtrInput - // When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. + Attributes pulumi.MapInput + Email pulumi.StringPtrInput + EmailVerified pulumi.BoolPtrInput + Enabled pulumi.BoolPtrInput FederatedIdentities UserFederatedIdentityArrayInput - // The user's first name. - FirstName pulumi.StringPtrInput - // When given, the user's initial password will be set. This attribute is only respected during initial user creation. - InitialPassword UserInitialPasswordPtrInput - // The user's last name. - LastName pulumi.StringPtrInput - // The realm this user belongs to. - RealmId pulumi.StringPtrInput - // A list of required user actions. - RequiredActions pulumi.StringArrayInput - // The unique username of this user. - Username pulumi.StringPtrInput + FirstName pulumi.StringPtrInput + InitialPassword UserInitialPasswordPtrInput + LastName pulumi.StringPtrInput + RealmId pulumi.StringPtrInput + RequiredActions pulumi.StringArrayInput + Username pulumi.StringPtrInput } func (UserState) ElementType() reflect.Type { @@ -205,54 +180,32 @@ func (UserState) ElementType() reflect.Type { } type userArgs struct { - // A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes map[string]interface{} `pulumi:"attributes"` - // The user's email. - Email *string `pulumi:"email"` - // Whether the email address was validated or not. Default to `false`. - EmailVerified *bool `pulumi:"emailVerified"` - // When false, this user cannot log in. Defaults to `true`. - Enabled *bool `pulumi:"enabled"` - // When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. + Attributes map[string]interface{} `pulumi:"attributes"` + Email *string `pulumi:"email"` + EmailVerified *bool `pulumi:"emailVerified"` + Enabled *bool `pulumi:"enabled"` FederatedIdentities []UserFederatedIdentity `pulumi:"federatedIdentities"` - // The user's first name. - FirstName *string `pulumi:"firstName"` - // When given, the user's initial password will be set. This attribute is only respected during initial user creation. - InitialPassword *UserInitialPassword `pulumi:"initialPassword"` - // The user's last name. - LastName *string `pulumi:"lastName"` - // The realm this user belongs to. - RealmId string `pulumi:"realmId"` - // A list of required user actions. - RequiredActions []string `pulumi:"requiredActions"` - // The unique username of this user. - Username string `pulumi:"username"` + FirstName *string `pulumi:"firstName"` + InitialPassword *UserInitialPassword `pulumi:"initialPassword"` + LastName *string `pulumi:"lastName"` + RealmId string `pulumi:"realmId"` + RequiredActions []string `pulumi:"requiredActions"` + Username string `pulumi:"username"` } // The set of arguments for constructing a User resource. type UserArgs struct { - // A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - Attributes pulumi.MapInput - // The user's email. - Email pulumi.StringPtrInput - // Whether the email address was validated or not. Default to `false`. - EmailVerified pulumi.BoolPtrInput - // When false, this user cannot log in. Defaults to `true`. - Enabled pulumi.BoolPtrInput - // When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. + Attributes pulumi.MapInput + Email pulumi.StringPtrInput + EmailVerified pulumi.BoolPtrInput + Enabled pulumi.BoolPtrInput FederatedIdentities UserFederatedIdentityArrayInput - // The user's first name. - FirstName pulumi.StringPtrInput - // When given, the user's initial password will be set. This attribute is only respected during initial user creation. - InitialPassword UserInitialPasswordPtrInput - // The user's last name. - LastName pulumi.StringPtrInput - // The realm this user belongs to. - RealmId pulumi.StringInput - // A list of required user actions. - RequiredActions pulumi.StringArrayInput - // The unique username of this user. - Username pulumi.StringInput + FirstName pulumi.StringPtrInput + InitialPassword UserInitialPasswordPtrInput + LastName pulumi.StringPtrInput + RealmId pulumi.StringInput + RequiredActions pulumi.StringArrayInput + Username pulumi.StringInput } func (UserArgs) ElementType() reflect.Type { @@ -342,57 +295,46 @@ func (o UserOutput) ToUserOutputWithContext(ctx context.Context) UserOutput { return o } -// A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars func (o UserOutput) Attributes() pulumi.MapOutput { return o.ApplyT(func(v *User) pulumi.MapOutput { return v.Attributes }).(pulumi.MapOutput) } -// The user's email. func (o UserOutput) Email() pulumi.StringPtrOutput { return o.ApplyT(func(v *User) pulumi.StringPtrOutput { return v.Email }).(pulumi.StringPtrOutput) } -// Whether the email address was validated or not. Default to `false`. func (o UserOutput) EmailVerified() pulumi.BoolPtrOutput { return o.ApplyT(func(v *User) pulumi.BoolPtrOutput { return v.EmailVerified }).(pulumi.BoolPtrOutput) } -// When false, this user cannot log in. Defaults to `true`. func (o UserOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *User) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } -// When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. func (o UserOutput) FederatedIdentities() UserFederatedIdentityArrayOutput { return o.ApplyT(func(v *User) UserFederatedIdentityArrayOutput { return v.FederatedIdentities }).(UserFederatedIdentityArrayOutput) } -// The user's first name. func (o UserOutput) FirstName() pulumi.StringPtrOutput { return o.ApplyT(func(v *User) pulumi.StringPtrOutput { return v.FirstName }).(pulumi.StringPtrOutput) } -// When given, the user's initial password will be set. This attribute is only respected during initial user creation. func (o UserOutput) InitialPassword() UserInitialPasswordPtrOutput { return o.ApplyT(func(v *User) UserInitialPasswordPtrOutput { return v.InitialPassword }).(UserInitialPasswordPtrOutput) } -// The user's last name. func (o UserOutput) LastName() pulumi.StringPtrOutput { return o.ApplyT(func(v *User) pulumi.StringPtrOutput { return v.LastName }).(pulumi.StringPtrOutput) } -// The realm this user belongs to. func (o UserOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *User) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// A list of required user actions. func (o UserOutput) RequiredActions() pulumi.StringArrayOutput { return o.ApplyT(func(v *User) pulumi.StringArrayOutput { return v.RequiredActions }).(pulumi.StringArrayOutput) } -// The unique username of this user. func (o UserOutput) Username() pulumi.StringOutput { return o.ApplyT(func(v *User) pulumi.StringOutput { return v.Username }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/userGroups.go b/sdk/go/keycloak/userGroups.go index 2f9294a6..15bad5e5 100644 --- a/sdk/go/keycloak/userGroups.go +++ b/sdk/go/keycloak/userGroups.go @@ -18,7 +18,9 @@ import ( // If `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `UserGroups` for the same `userId`. // // ## Example Usage +// // ### Exhaustive Groups) +// // ```go // package main // @@ -66,7 +68,10 @@ import ( // } // // ``` +// +// // ### Non Exhaustive Groups) +// // ```go // package main // @@ -132,12 +137,13 @@ import ( // } // // ``` +// // // ## Import // // This resource does not support import. Instead of importing, feel free to create this resource // -// as if it did not already exist on the server. +// as if it did not already exist on the server. type UserGroups struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/userRoles.go b/sdk/go/keycloak/userRoles.go index bc09d529..e95c64a2 100644 --- a/sdk/go/keycloak/userRoles.go +++ b/sdk/go/keycloak/userRoles.go @@ -22,8 +22,10 @@ import ( // a role and a composite that includes that role to the same user. // // ## Example Usage +// // ### Exhaustive Roles) // +// // ```go // package main // @@ -95,16 +97,17 @@ import ( // } // // ``` +// // // ## Import // // This resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak // -// assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. +// assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924 diff --git a/sdk/go/keycloak/userTemplateImporterIdentityProviderMapper.go b/sdk/go/keycloak/userTemplateImporterIdentityProviderMapper.go index 150dcb0e..5bf71dbc 100644 --- a/sdk/go/keycloak/userTemplateImporterIdentityProviderMapper.go +++ b/sdk/go/keycloak/userTemplateImporterIdentityProviderMapper.go @@ -22,6 +22,7 @@ import ( // // ## Example Usage // +// // ```go // package main // @@ -70,16 +71,17 @@ import ( // } // // ``` +// // // ## Import // // Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak // -// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. +// assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. // -// Example: +// Example: // -// bash +// bash // // ```sh // $ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/go/keycloak/usersPermissions.go b/sdk/go/keycloak/usersPermissions.go index 6985395d..4fafeead 100644 --- a/sdk/go/keycloak/usersPermissions.go +++ b/sdk/go/keycloak/usersPermissions.go @@ -25,35 +25,6 @@ import ( // 4. Create all scope based permission for the scopes and users resources. // // > This resource should only be created once per realm. -// -// ## Example Usage -// ### Argument Reference -// -// The following arguments are supported: -// -// - `realmId` - (Required) The realm in which to manage fine-grained user permissions. -// -// Each of the scopes that can be managed are defined below: -// -// - `viewScope` - (Optional) When specified, set the scope based view permission. -// - `manageScope` - (Optional) When specified, set the scope based manage permission. -// - `mapRolesScope` - (Optional) When specified, set the scope based mapRoles permission. -// - `manageGroupMembershipScope` - (Optional) When specified, set the scope based manageGroupMembership permission. -// - `impersonateScope` - (Optional) When specified, set the scope based impersonate permission. -// - `userImpersonatedScope` - (Optional) When specified, set the scope based userImpersonated permission. -// -// The configuration block for each of these scopes supports the following arguments: -// -// - `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID. -// - `description` - (Optional) Description of the permission. -// - `decisionStrategy` - (Optional) Decision strategy of the permission. -// -// ### Attributes Reference -// -// In addition to the arguments listed above, the following computed attributes are exported: -// -// - `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`. -// - `authorizationResourceServerId` - Resource server id representing the realm management client on which these permissions are managed. type UsersPermissions struct { pulumi.CustomResourceState diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapper.java index 4c9ca0c4..c3225bb9 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapper.java @@ -17,26 +17,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing an attribute importer identity provider mapper within Keycloak. + * ## # keycloak.AttributeImporterIdentityProviderMapper * - * The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user: - * - For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user. - * - For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user. - * - For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user. + * Allows to create and manage identity provider mappers within Keycloak. * - * > If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper. + * ### Example Usage * - * ## Example Usage + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * * import com.pulumi.Context; * import com.pulumi.Pulumi; * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.oidc.IdentityProvider; - * import com.pulumi.keycloak.oidc.IdentityProviderArgs; * import com.pulumi.keycloak.AttributeImporterIdentityProviderMapper; * import com.pulumi.keycloak.AttributeImporterIdentityProviderMapperArgs; * import java.util.List; @@ -52,157 +45,139 @@ * } * * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() + * var testMapper = new AttributeImporterIdentityProviderMapper("testMapper", AttributeImporterIdentityProviderMapperArgs.builder() + * .attributeName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname") + * .identityProviderAlias("idp_alias") * .realm("my-realm") - * .enabled(true) - * .build()); - * - * var oidcIdentityProvider = new IdentityProvider("oidcIdentityProvider", IdentityProviderArgs.builder() - * .realm(realm.id()) - * .alias("oidc") - * .authorizationUrl("https://example.com/auth") - * .tokenUrl("https://example.com/token") - * .clientId("example_id") - * .clientSecret("example_token") - * .defaultScopes("openid random profile") - * .build()); - * - * var oidcAttributeImporterIdentityProviderMapper = new AttributeImporterIdentityProviderMapper("oidcAttributeImporterIdentityProviderMapper", AttributeImporterIdentityProviderMapperArgs.builder() - * .realm(realm.id()) - * .claimName("my-email-claim") - * .identityProviderAlias(oidcIdentityProvider.alias()) - * .userAttribute("email") - * .extraConfig(Map.of("syncMode", "INHERIT")) + * .userAttribute("lastName") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + * - `realm` - (Required) The name of the realm. + * - `name` - (Required) The name of the mapper. + * - `identity_provider_alias` - (Required) The alias of the associated identity provider. + * - `user_attribute` - (Required) The user attribute name to store SAML attribute. + * - `attribute_name` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead. + * - `attribute_friendly_name` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead. + * - `claim_name` - (Optional) The claim name. * - * Example: + * ### Import * - * bash + * Identity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. * - * ```sh - * $ pulumi import keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b - * ``` + * Example: * */ @ResourceType(type="keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper") public class AttributeImporterIdentityProviderMapper extends com.pulumi.resources.CustomResource { /** - * For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * Attribute Friendly Name * */ @Export(name="attributeFriendlyName", refs={String.class}, tree="[0]") private Output attributeFriendlyName; /** - * @return For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * @return Attribute Friendly Name * */ public Output> attributeFriendlyName() { return Codegen.optional(this.attributeFriendlyName); } /** - * For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * Attribute Name * */ @Export(name="attributeName", refs={String.class}, tree="[0]") private Output attributeName; /** - * @return For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * @return Attribute Name * */ public Output> attributeName() { return Codegen.optional(this.attributeName); } /** - * For OIDC based providers, this is the name of the claim to use. + * Claim Name * */ @Export(name="claimName", refs={String.class}, tree="[0]") private Output claimName; /** - * @return For OIDC based providers, this is the name of the claim to use. + * @return Claim Name * */ public Output> claimName() { return Codegen.optional(this.claimName); } - /** - * Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - */ @Export(name="extraConfig", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") private Output> extraConfig; - /** - * @return Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - */ public Output>> extraConfig() { return Codegen.optional(this.extraConfig); } /** - * The alias of the associated identity provider. + * IDP Alias * */ @Export(name="identityProviderAlias", refs={String.class}, tree="[0]") private Output identityProviderAlias; /** - * @return The alias of the associated identity provider. + * @return IDP Alias * */ public Output identityProviderAlias() { return this.identityProviderAlias; } /** - * The name of the mapper. + * IDP Mapper Name * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The name of the mapper. + * @return IDP Mapper Name * */ public Output name() { return this.name; } /** - * The name of the realm. + * Realm Name * */ @Export(name="realm", refs={String.class}, tree="[0]") private Output realm; /** - * @return The name of the realm. + * @return Realm Name * */ public Output realm() { return this.realm; } /** - * The user attribute or property name to store the mapped result. + * User Attribute * */ @Export(name="userAttribute", refs={String.class}, tree="[0]") private Output userAttribute; /** - * @return The user attribute or property name to store the mapped result. + * @return User Attribute * */ public Output userAttribute() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapperArgs.java index 2cbb5e78..e8f670c8 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapperArgs.java @@ -19,14 +19,14 @@ public final class AttributeImporterIdentityProviderMapperArgs extends com.pulum public static final AttributeImporterIdentityProviderMapperArgs Empty = new AttributeImporterIdentityProviderMapperArgs(); /** - * For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * Attribute Friendly Name * */ @Import(name="attributeFriendlyName") private @Nullable Output attributeFriendlyName; /** - * @return For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * @return Attribute Friendly Name * */ public Optional> attributeFriendlyName() { @@ -34,14 +34,14 @@ public Optional> attributeFriendlyName() { } /** - * For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * Attribute Name * */ @Import(name="attributeName") private @Nullable Output attributeName; /** - * @return For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * @return Attribute Name * */ public Optional> attributeName() { @@ -49,44 +49,36 @@ public Optional> attributeName() { } /** - * For OIDC based providers, this is the name of the claim to use. + * Claim Name * */ @Import(name="claimName") private @Nullable Output claimName; /** - * @return For OIDC based providers, this is the name of the claim to use. + * @return Claim Name * */ public Optional> claimName() { return Optional.ofNullable(this.claimName); } - /** - * Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - */ @Import(name="extraConfig") private @Nullable Output> extraConfig; - /** - * @return Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - */ public Optional>> extraConfig() { return Optional.ofNullable(this.extraConfig); } /** - * The alias of the associated identity provider. + * IDP Alias * */ @Import(name="identityProviderAlias", required=true) private Output identityProviderAlias; /** - * @return The alias of the associated identity provider. + * @return IDP Alias * */ public Output identityProviderAlias() { @@ -94,14 +86,14 @@ public Output identityProviderAlias() { } /** - * The name of the mapper. + * IDP Mapper Name * */ @Import(name="name") private @Nullable Output name; /** - * @return The name of the mapper. + * @return IDP Mapper Name * */ public Optional> name() { @@ -109,14 +101,14 @@ public Optional> name() { } /** - * The name of the realm. + * Realm Name * */ @Import(name="realm", required=true) private Output realm; /** - * @return The name of the realm. + * @return Realm Name * */ public Output realm() { @@ -124,14 +116,14 @@ public Output realm() { } /** - * The user attribute or property name to store the mapped result. + * User Attribute * */ @Import(name="userAttribute", required=true) private Output userAttribute; /** - * @return The user attribute or property name to store the mapped result. + * @return User Attribute * */ public Output userAttribute() { @@ -170,7 +162,7 @@ public Builder(AttributeImporterIdentityProviderMapperArgs defaults) { } /** - * @param attributeFriendlyName For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * @param attributeFriendlyName Attribute Friendly Name * * @return builder * @@ -181,7 +173,7 @@ public Builder attributeFriendlyName(@Nullable Output attributeFriendlyN } /** - * @param attributeFriendlyName For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * @param attributeFriendlyName Attribute Friendly Name * * @return builder * @@ -191,7 +183,7 @@ public Builder attributeFriendlyName(String attributeFriendlyName) { } /** - * @param attributeName For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * @param attributeName Attribute Name * * @return builder * @@ -202,7 +194,7 @@ public Builder attributeName(@Nullable Output attributeName) { } /** - * @param attributeName For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * @param attributeName Attribute Name * * @return builder * @@ -212,7 +204,7 @@ public Builder attributeName(String attributeName) { } /** - * @param claimName For OIDC based providers, this is the name of the claim to use. + * @param claimName Claim Name * * @return builder * @@ -223,7 +215,7 @@ public Builder claimName(@Nullable Output claimName) { } /** - * @param claimName For OIDC based providers, this is the name of the claim to use. + * @param claimName Claim Name * * @return builder * @@ -232,29 +224,17 @@ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } - /** - * @param extraConfig Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - * @return builder - * - */ public Builder extraConfig(@Nullable Output> extraConfig) { $.extraConfig = extraConfig; return this; } - /** - * @param extraConfig Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - * @return builder - * - */ public Builder extraConfig(Map extraConfig) { return extraConfig(Output.of(extraConfig)); } /** - * @param identityProviderAlias The alias of the associated identity provider. + * @param identityProviderAlias IDP Alias * * @return builder * @@ -265,7 +245,7 @@ public Builder identityProviderAlias(Output identityProviderAlias) { } /** - * @param identityProviderAlias The alias of the associated identity provider. + * @param identityProviderAlias IDP Alias * * @return builder * @@ -275,7 +255,7 @@ public Builder identityProviderAlias(String identityProviderAlias) { } /** - * @param name The name of the mapper. + * @param name IDP Mapper Name * * @return builder * @@ -286,7 +266,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The name of the mapper. + * @param name IDP Mapper Name * * @return builder * @@ -296,7 +276,7 @@ public Builder name(String name) { } /** - * @param realm The name of the realm. + * @param realm Realm Name * * @return builder * @@ -307,7 +287,7 @@ public Builder realm(Output realm) { } /** - * @param realm The name of the realm. + * @param realm Realm Name * * @return builder * @@ -317,7 +297,7 @@ public Builder realm(String realm) { } /** - * @param userAttribute The user attribute or property name to store the mapped result. + * @param userAttribute User Attribute * * @return builder * @@ -328,7 +308,7 @@ public Builder userAttribute(Output userAttribute) { } /** - * @param userAttribute The user attribute or property name to store the mapped result. + * @param userAttribute User Attribute * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeToRoleIdentityMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeToRoleIdentityMapper.java index b042deff..a5c980e4 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeToRoleIdentityMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeToRoleIdentityMapper.java @@ -22,6 +22,8 @@ * > If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -81,16 +83,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak * - * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMapping.java b/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMapping.java index 20d8e9c0..dff9fdce 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMapping.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMapping.java @@ -18,6 +18,8 @@ /** * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -72,16 +74,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak * - * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b @@ -119,14 +122,14 @@ public Output identityProviderAlias() { return this.identityProviderAlias; } /** - * The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * */ @Export(name="identityProviderMapper", refs={String.class}, tree="[0]") private Output identityProviderMapper; /** - * @return The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * @return The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * */ public Output identityProviderMapper() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMappingArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMappingArgs.java index 7bccb9d8..271646fb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMappingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMappingArgs.java @@ -49,14 +49,14 @@ public Output identityProviderAlias() { } /** - * The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * */ @Import(name="identityProviderMapper", required=true) private Output identityProviderMapper; /** - * @return The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * @return The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * */ public Output identityProviderMapper() { @@ -164,7 +164,7 @@ public Builder identityProviderAlias(String identityProviderAlias) { } /** - * @param identityProviderMapper The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * @param identityProviderMapper The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * * @return builder * @@ -175,7 +175,7 @@ public Builder identityProviderMapper(Output identityProviderMapper) { } /** - * @param identityProviderMapper The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * @param identityProviderMapper The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java index 044e0ab6..0b155d4f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java @@ -19,12 +19,17 @@ import javax.annotation.Nullable; /** + * ## # keycloak.CustomUserFederation + * * Allows for creating and managing custom user federation providers within Keycloak. * - * A custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). + * A custom user federation provider is an implementation of Keycloak's + * [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). * An example of this implementation can be found here. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -49,91 +54,77 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("test") * .enabled(true) + * .realm("test") * .build()); * * var customUserFederation = new CustomUserFederation("customUserFederation", CustomUserFederationArgs.builder() - * .realmId(realm.id()) - * .providerId("custom") * .enabled(true) - * .config(Map.ofEntries( - * Map.entry("dummyString", "foobar"), - * Map.entry("dummyBool", true), - * Map.entry("multivalue", "value1##value2") - * )) + * .providerId("custom") + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + * The following arguments are supported: * - * The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: + * - `realm_id` - (Required) The realm that this provider will provide user federation for. + * - `name` - (Required) Display name of the provider when displayed in the console. + * - `provider_id` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * - `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:index/customUserFederation:CustomUserFederation custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - * ``` + * Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + * The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: * */ @ResourceType(type="keycloak:index/customUserFederation:CustomUserFederation") public class CustomUserFederation extends com.pulumi.resources.CustomResource { - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ @Export(name="cachePolicy", refs={String.class}, tree="[0]") private Output cachePolicy; - /** - * @return Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ public Output> cachePolicy() { return Codegen.optional(this.cachePolicy); } /** - * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * */ @Export(name="changedSyncPeriod", refs={Integer.class}, tree="[0]") private Output changedSyncPeriod; /** - * @return How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * @return How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * */ public Output> changedSyncPeriod() { return Codegen.optional(this.changedSyncPeriod); } - /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - */ @Export(name="config", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") private Output> config; - /** - * @return The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - */ public Output>> config() { return Codegen.optional(this.config); } /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. * */ @Export(name="enabled", refs={Boolean.class}, tree="[0]") private Output enabled; /** - * @return When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @return When false, this provider will not be used when performing queries for users. * */ public Output> enabled() { @@ -168,56 +159,58 @@ public Output name() { return this.name; } /** - * Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * The parent_id of the generated component. will use realm_id if not specified. * */ @Export(name="parentId", refs={String.class}, tree="[0]") private Output parentId; /** - * @return Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * @return The parent_id of the generated component. will use realm_id if not specified. * */ public Output parentId() { return this.parentId; } /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. * */ @Export(name="priority", refs={Integer.class}, tree="[0]") private Output priority; /** - * @return Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @return Priority of this provider when looking up users. Lower values are first. * */ public Output> priority() { return Codegen.optional(this.priority); } /** - * The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * */ @Export(name="providerId", refs={String.class}, tree="[0]") private Output providerId; /** - * @return The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * @return The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * */ public Output providerId() { return this.providerId; } /** - * The realm that this provider will provide user federation for. + * The realm (name) this provider will provide user federation for. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm that this provider will provide user federation for. + * @return The realm (name) this provider will provide user federation for. * */ public Output realmId() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederationArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederationArgs.java index f48a5d02..b2febfb6 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederationArgs.java @@ -20,60 +20,46 @@ public final class CustomUserFederationArgs extends com.pulumi.resources.Resourc public static final CustomUserFederationArgs Empty = new CustomUserFederationArgs(); - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ @Import(name="cachePolicy") private @Nullable Output cachePolicy; - /** - * @return Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ public Optional> cachePolicy() { return Optional.ofNullable(this.cachePolicy); } /** - * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * */ @Import(name="changedSyncPeriod") private @Nullable Output changedSyncPeriod; /** - * @return How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * @return How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * */ public Optional> changedSyncPeriod() { return Optional.ofNullable(this.changedSyncPeriod); } - /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - */ @Import(name="config") private @Nullable Output> config; - /** - * @return The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - */ public Optional>> config() { return Optional.ofNullable(this.config); } /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. * */ @Import(name="enabled") private @Nullable Output enabled; /** - * @return When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @return When false, this provider will not be used when performing queries for users. * */ public Optional> enabled() { @@ -111,14 +97,14 @@ public Optional> name() { } /** - * Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * The parent_id of the generated component. will use realm_id if not specified. * */ @Import(name="parentId") private @Nullable Output parentId; /** - * @return Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * @return The parent_id of the generated component. will use realm_id if not specified. * */ public Optional> parentId() { @@ -126,14 +112,14 @@ public Optional> parentId() { } /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. * */ @Import(name="priority") private @Nullable Output priority; /** - * @return Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @return Priority of this provider when looking up users. Lower values are first. * */ public Optional> priority() { @@ -141,14 +127,16 @@ public Optional> priority() { } /** - * The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * */ @Import(name="providerId", required=true) private Output providerId; /** - * @return The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * @return The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * */ public Output providerId() { @@ -156,14 +144,14 @@ public Output providerId() { } /** - * The realm that this provider will provide user federation for. + * The realm (name) this provider will provide user federation for. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm that this provider will provide user federation for. + * @return The realm (name) this provider will provide user federation for. * */ public Output realmId() { @@ -203,29 +191,18 @@ public Builder(CustomUserFederationArgs defaults) { $ = new CustomUserFederationArgs(Objects.requireNonNull(defaults)); } - /** - * @param cachePolicy Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - * @return builder - * - */ public Builder cachePolicy(@Nullable Output cachePolicy) { $.cachePolicy = cachePolicy; return this; } - /** - * @param cachePolicy Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - * @return builder - * - */ public Builder cachePolicy(String cachePolicy) { return cachePolicy(Output.of(cachePolicy)); } /** - * @param changedSyncPeriod How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * @param changedSyncPeriod How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * * @return builder * @@ -236,7 +213,8 @@ public Builder changedSyncPeriod(@Nullable Output changedSyncPeriod) { } /** - * @param changedSyncPeriod How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * @param changedSyncPeriod How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * * @return builder * @@ -245,29 +223,17 @@ public Builder changedSyncPeriod(Integer changedSyncPeriod) { return changedSyncPeriod(Output.of(changedSyncPeriod)); } - /** - * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - * @return builder - * - */ public Builder config(@Nullable Output> config) { $.config = config; return this; } - /** - * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - * @return builder - * - */ public Builder config(Map config) { return config(Output.of(config)); } /** - * @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @param enabled When false, this provider will not be used when performing queries for users. * * @return builder * @@ -278,7 +244,7 @@ public Builder enabled(@Nullable Output enabled) { } /** - * @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @param enabled When false, this provider will not be used when performing queries for users. * * @return builder * @@ -330,7 +296,7 @@ public Builder name(String name) { } /** - * @param parentId Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * @param parentId The parent_id of the generated component. will use realm_id if not specified. * * @return builder * @@ -341,7 +307,7 @@ public Builder parentId(@Nullable Output parentId) { } /** - * @param parentId Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * @param parentId The parent_id of the generated component. will use realm_id if not specified. * * @return builder * @@ -351,7 +317,7 @@ public Builder parentId(String parentId) { } /** - * @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @param priority Priority of this provider when looking up users. Lower values are first. * * @return builder * @@ -362,7 +328,7 @@ public Builder priority(@Nullable Output priority) { } /** - * @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @param priority Priority of this provider when looking up users. Lower values are first. * * @return builder * @@ -372,7 +338,8 @@ public Builder priority(Integer priority) { } /** - * @param providerId The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * @param providerId The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * * @return builder * @@ -383,7 +350,8 @@ public Builder providerId(Output providerId) { } /** - * @param providerId The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * @param providerId The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * * @return builder * @@ -393,7 +361,7 @@ public Builder providerId(String providerId) { } /** - * @param realmId The realm that this provider will provide user federation for. + * @param realmId The realm (name) this provider will provide user federation for. * * @return builder * @@ -404,7 +372,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm that this provider will provide user federation for. + * @param realmId The realm (name) this provider will provide user federation for. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroups.java b/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroups.java index c961c9e1..87db6d9d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroups.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroups.java @@ -15,11 +15,16 @@ import javax.annotation.Nullable; /** + * ## # keycloak.DefaultGroups + * * Allows for managing a realm's default groups. * - * > You should not use `keycloak.DefaultGroups` with a group whose members are managed by `keycloak.GroupMemberships`. + * Note that you should not use `keycloak.DefaultGroups` with a group with memberships managed + * by `keycloak.GroupMemberships`. + * + * ### Example Usage * - * ## Example Usage + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -46,8 +51,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var group = new Group("group", GroupArgs.builder() @@ -55,54 +60,40 @@ * .build()); * * var default_ = new DefaultGroups("default", DefaultGroupsArgs.builder() - * .realmId(realm.id()) * .groupIds(group.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Default groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + * The following arguments are supported: * - * Example: + * - `realm_id` - (Required) The realm this group exists in. + * - `group_ids` - (Required) A set of group ids that should be default groups on the realm referenced by `realm_id`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:index/defaultGroups:DefaultGroups default my-realm - * ``` + * Groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + * + * Example: * */ @ResourceType(type="keycloak:index/defaultGroups:DefaultGroups") public class DefaultGroups extends com.pulumi.resources.CustomResource { - /** - * A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - */ @Export(name="groupIds", refs={List.class,String.class}, tree="[0,1]") private Output> groupIds; - /** - * @return A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - */ public Output> groupIds() { return this.groupIds; } - /** - * The realm this group exists in. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this group exists in. - * - */ public Output realmId() { return this.realmId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroupsArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroupsArgs.java index cb37547b..c8580170 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroupsArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroupsArgs.java @@ -15,32 +15,16 @@ public final class DefaultGroupsArgs extends com.pulumi.resources.ResourceArgs { public static final DefaultGroupsArgs Empty = new DefaultGroupsArgs(); - /** - * A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - */ @Import(name="groupIds", required=true) private Output> groupIds; - /** - * @return A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - */ public Output> groupIds() { return this.groupIds; } - /** - * The realm this group exists in. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this group exists in. - * - */ public Output realmId() { return this.realmId; } @@ -70,54 +54,24 @@ public Builder(DefaultGroupsArgs defaults) { $ = new DefaultGroupsArgs(Objects.requireNonNull(defaults)); } - /** - * @param groupIds A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - * @return builder - * - */ public Builder groupIds(Output> groupIds) { $.groupIds = groupIds; return this; } - /** - * @param groupIds A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - * @return builder - * - */ public Builder groupIds(List groupIds) { return groupIds(Output.of(groupIds)); } - /** - * @param groupIds A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - * @return builder - * - */ public Builder groupIds(String... groupIds) { return groupIds(List.of(groupIds)); } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/DefaultRoles.java b/sdk/java/src/main/java/com/pulumi/keycloak/DefaultRoles.java index 16779720..e7b5ad69 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/DefaultRoles.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/DefaultRoles.java @@ -20,7 +20,10 @@ * Note: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak. * * ## Example Usage + * * ### Realm Role) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -57,18 +60,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Default roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite * - * role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing + * role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing * - * the default roles. + * the default roles. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapper.java index d8db778f..5634fb0c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapper.java @@ -17,9 +17,9 @@ import javax.annotation.Nullable; /** - * !> **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `keycloak.GenericProtocolMapper` instead. + * ## # keycloak.GenericClientProtocolMapper * - * Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. + * Allows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak. * * There are two uses cases for using this resource: * * If you implemented a custom protocol mapper, this resource can be used to configure it @@ -28,7 +28,9 @@ * Due to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. * Therefore, if possible, a specific mapper should be used. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -55,56 +57,63 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var samlClient = new Client("samlClient", ClientArgs.builder() - * .realmId(realm.id()) * .clientId("test-client") + * .realmId(realm.id()) * .build()); * * var samlHardcodeAttributeMapper = new GenericClientProtocolMapper("samlHardcodeAttributeMapper", GenericClientProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientId(samlClient.id()) - * .protocol("saml") - * .protocolMapper("saml-hardcode-attribute-mapper") * .config(Map.ofEntries( * Map.entry("attribute.name", "name"), * Map.entry("attribute.nameformat", "Basic"), * Map.entry("attribute.value", "value"), * Map.entry("friendly.name", "display name") * )) + * .protocol("saml") + * .protocolMapper("saml-hardcode-attribute-mapper") + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * Example: + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required) The client this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * - `protocol_mapper` - (Required) The name of the protocol mapper. The protocol mapper must be + * compatible with the specified client. + * - `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * + * Example: * */ @ResourceType(type="keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper") public class GenericClientProtocolMapper extends com.pulumi.resources.CustomResource { /** - * The client this protocol mapper is attached to. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper is attached to. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { @@ -124,71 +133,63 @@ public Output> clientId() { public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } - /** - * A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - */ @Export(name="config", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") private Output> config; - /** - * @return A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - */ public Output> config() { return this.config; } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * The protocol of the client (openid-connect / saml). * */ @Export(name="protocol", refs={String.class}, tree="[0]") private Output protocol; /** - * @return The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * @return The protocol of the client (openid-connect / saml). * */ public Output protocol() { return this.protocol; } /** - * The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * The type of the protocol mapper. * */ @Export(name="protocolMapper", refs={String.class}, tree="[0]") private Output protocolMapper; /** - * @return The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * @return The type of the protocol mapper. * */ public Output protocolMapper() { return this.protocolMapper; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapperArgs.java index e2b6f5e0..bcd23cad 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapperArgs.java @@ -19,14 +19,14 @@ public final class GenericClientProtocolMapperArgs extends com.pulumi.resources. public static final GenericClientProtocolMapperArgs Empty = new GenericClientProtocolMapperArgs(); /** - * The client this protocol mapper is attached to. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper is attached to. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -48,30 +48,22 @@ public Optional> clientScopeId() { return Optional.ofNullable(this.clientScopeId); } - /** - * A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - */ @Import(name="config", required=true) private Output> config; - /** - * @return A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - */ public Output> config() { return this.config; } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -79,14 +71,14 @@ public Optional> name() { } /** - * The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * The protocol of the client (openid-connect / saml). * */ @Import(name="protocol", required=true) private Output protocol; /** - * @return The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * @return The protocol of the client (openid-connect / saml). * */ public Output protocol() { @@ -94,14 +86,14 @@ public Output protocol() { } /** - * The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * The type of the protocol mapper. * */ @Import(name="protocolMapper", required=true) private Output protocolMapper; /** - * @return The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * @return The type of the protocol mapper. * */ public Output protocolMapper() { @@ -109,14 +101,14 @@ public Output protocolMapper() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { @@ -154,7 +146,7 @@ public Builder(GenericClientProtocolMapperArgs defaults) { } /** - * @param clientId The client this protocol mapper is attached to. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -165,7 +157,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper is attached to. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -195,29 +187,17 @@ public Builder clientScopeId(String clientScopeId) { return clientScopeId(Output.of(clientScopeId)); } - /** - * @param config A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - * @return builder - * - */ public Builder config(Output> config) { $.config = config; return this; } - /** - * @param config A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - * @return builder - * - */ public Builder config(Map config) { return config(Output.of(config)); } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -228,7 +208,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -238,7 +218,7 @@ public Builder name(String name) { } /** - * @param protocol The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * @param protocol The protocol of the client (openid-connect / saml). * * @return builder * @@ -249,7 +229,7 @@ public Builder protocol(Output protocol) { } /** - * @param protocol The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * @param protocol The protocol of the client (openid-connect / saml). * * @return builder * @@ -259,7 +239,7 @@ public Builder protocol(String protocol) { } /** - * @param protocolMapper The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * @param protocolMapper The type of the protocol mapper. * * @return builder * @@ -270,7 +250,7 @@ public Builder protocolMapper(Output protocolMapper) { } /** - * @param protocolMapper The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * @param protocolMapper The type of the protocol mapper. * * @return builder * @@ -280,7 +260,7 @@ public Builder protocolMapper(String protocolMapper) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -291,7 +271,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientRoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientRoleMapper.java index 01eaeedc..15381c49 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientRoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientRoleMapper.java @@ -24,7 +24,10 @@ * inside an access token for a client. * * ## Example Usage + * * ### Realm Role To Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -78,7 +81,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Role To Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -147,7 +154,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Realm Role To Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -198,7 +209,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Role To Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -259,18 +274,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Generic client role mappers can be imported using one of the following two formats: * - * - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + * - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` * - * - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + * - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericProtocolMapper.java index c5b8378d..8be02f5f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericProtocolMapper.java @@ -27,6 +27,8 @@ * Therefore, if possible, a specific mapper should be used instead. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -78,14 +80,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericRoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericRoleMapper.java index b577585c..6292c73a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericRoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericRoleMapper.java @@ -22,7 +22,10 @@ * inside an access token for a client. * * ## Example Usage + * * ### Realm Role To Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -76,7 +79,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Role To Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -145,7 +152,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Realm Role To Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -196,7 +207,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Role To Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -257,18 +272,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Generic client role mappers can be imported using one of the following two formats: * - * - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + * - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` * - * - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + * - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/Group.java b/sdk/java/src/main/java/com/pulumi/keycloak/Group.java index bb6590c6..88c64659 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/Group.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/Group.java @@ -17,17 +17,22 @@ import javax.annotation.Nullable; /** + * ## # keycloak.Group + * * Allows for creating and managing Groups within Keycloak. * - * Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and - * group membership can be mapped to a claim. + * Groups provide a logical wrapping for users within Keycloak. Users within a + * group can share attributes and roles, and group membership can be mapped + * to a claim. * * Attributes can also be defined on Groups. * - * Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource **should not** - * be used to manage groups that were created this way. + * Groups can also be federated from external data sources, such as LDAP or Active Directory. + * This resource **should not** be used to manage groups that were created this way. + * + * ### Example Usage * - * ## Example Usage + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -52,8 +57,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var parentGroup = new Group("parentGroup", GroupArgs.builder() @@ -61,107 +66,76 @@ * .build()); * * var childGroup = new Group("childGroup", GroupArgs.builder() - * .realmId(realm.id()) * .parentId(parentGroup.id()) + * .realmId(realm.id()) * .build()); * * var childGroupWithOptionalAttributes = new Group("childGroupWithOptionalAttributes", GroupArgs.builder() - * .realmId(realm.id()) - * .parentId(parentGroup.id()) * .attributes(Map.ofEntries( - * Map.entry("foo", "bar"), - * Map.entry("multivalue", "value1##value2") + * Map.entry("key1", "value1"), + * Map.entry("key2", "value2") * )) + * .parentId(parentGroup.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + * - `realm_id` - (Required) The realm this group exists in. + * - `parent_id` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level. + * - `name` - (Required) The name of the group. + * - `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group. * - * Example: + * ### Attributes Reference * - * bash + * In addition to the arguments listed above, the following computed attributes are exported: * - * ```sh - * $ pulumi import keycloak:index/group:Group child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd - * ``` + * - `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. + * + * ### Import + * + * Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + * assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + * + * Example: * */ @ResourceType(type="keycloak:index/group:Group") public class Group extends com.pulumi.resources.CustomResource { - /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Export(name="attributes", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") private Output> attributes; - /** - * @return A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Output>> attributes() { return Codegen.optional(this.attributes); } - /** - * The name of the group. - * - */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; - /** - * @return The name of the group. - * - */ public Output name() { return this.name; } - /** - * The ID of this group's parent. If omitted, this group will be defined at the root level. - * - */ @Export(name="parentId", refs={String.class}, tree="[0]") private Output parentId; - /** - * @return The ID of this group's parent. If omitted, this group will be defined at the root level. - * - */ public Output> parentId() { return Codegen.optional(this.parentId); } - /** - * (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - * - */ @Export(name="path", refs={String.class}, tree="[0]") private Output path; - /** - * @return (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - * - */ public Output path() { return this.path; } - /** - * The realm this group exists in. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this group exists in. - * - */ public Output realmId() { return this.realmId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupArgs.java index 483546cf..22391119 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupArgs.java @@ -18,62 +18,30 @@ public final class GroupArgs extends com.pulumi.resources.ResourceArgs { public static final GroupArgs Empty = new GroupArgs(); - /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Import(name="attributes") private @Nullable Output> attributes; - /** - * @return A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Optional>> attributes() { return Optional.ofNullable(this.attributes); } - /** - * The name of the group. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The name of the group. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The ID of this group's parent. If omitted, this group will be defined at the root level. - * - */ @Import(name="parentId") private @Nullable Output parentId; - /** - * @return The ID of this group's parent. If omitted, this group will be defined at the root level. - * - */ public Optional> parentId() { return Optional.ofNullable(this.parentId); } - /** - * The realm this group exists in. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this group exists in. - * - */ public Output realmId() { return this.realmId; } @@ -105,86 +73,38 @@ public Builder(GroupArgs defaults) { $ = new GroupArgs(Objects.requireNonNull(defaults)); } - /** - * @param attributes A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(@Nullable Output> attributes) { $.attributes = attributes; return this; } - /** - * @param attributes A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(Map attributes) { return attributes(Output.of(attributes)); } - /** - * @param name The name of the group. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The name of the group. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param parentId The ID of this group's parent. If omitted, this group will be defined at the root level. - * - * @return builder - * - */ public Builder parentId(@Nullable Output parentId) { $.parentId = parentId; return this; } - /** - * @param parentId The ID of this group's parent. If omitted, this group will be defined at the root level. - * - * @return builder - * - */ public Builder parentId(String parentId) { return parentId(Output.of(parentId)); } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java index 310738d4..65a6dcaa 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java @@ -16,23 +16,25 @@ import javax.annotation.Nullable; /** - * Allows for managing a Keycloak group's members. + * ## # keycloak.GroupMemberships * - * Note that this resource attempts to be an **authoritative** source over group members. When this resource takes control - * over a group's members, users that are manually added to the group will be removed, and users that are manually removed - * from the group will be added upon the next run of `pulumi up`. + * Allows for managing a Keycloak group's members. * - * Also note that you should not use `keycloak.GroupMemberships` with a group has been assigned as a default group via - * `keycloak.DefaultGroups`. + * Note that this resource attempts to be an **authoritative** source over group members. + * When this resource takes control over a group's members, users that are manually added + * to the group will be removed, and users that are manually removed from the group will + * be added upon the next run of `pulumi up`. Eventually, a non-authoritative resource + * for group membership will be added to this provider. * - * This resource **should not** be used to control membership of a group that has its members federated from an external - * source via group mapping. + * Also note that you should not use `keycloak.GroupMemberships` with a group has been assigned + * as a default group via `keycloak.DefaultGroups`. * - * To non-exclusively manage the group's of a user, see the [`keycloak.UserGroups` resource][1] + * This resource **should not** be used to control membership of a group that has its members + * federated from an external source via group mapping. * - * This resource paginates its data loading on refresh by 50 items. + * ### Example Usage * - * ## Example Usage + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -61,8 +63,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var group = new Group("group", GroupArgs.builder() @@ -75,65 +77,47 @@ * .build()); * * var groupMembers = new GroupMemberships("groupMembers", GroupMembershipsArgs.builder() - * .realmId(realm.id()) * .groupId(group.id()) * .members(user.username()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * This resource does not support import. Instead of importing, feel free to create this resource + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this group exists in. + * - `group_id` - (Required) The ID of the group this resource should manage memberships for. + * - `members` - (Required) An array of usernames that belong to this group. * - * as if it did not already exist on the server. + * ### Import * - * [1]: providers/mrparkers/keycloak/latest/docs/resources/group_memberships + * This resource does not support import. Instead of importing, feel free to create this resource + * as if it did not already exist on the server. * */ @ResourceType(type="keycloak:index/groupMemberships:GroupMemberships") public class GroupMemberships extends com.pulumi.resources.CustomResource { - /** - * The ID of the group this resource should manage memberships for. - * - */ @Export(name="groupId", refs={String.class}, tree="[0]") private Output groupId; - /** - * @return The ID of the group this resource should manage memberships for. - * - */ public Output> groupId() { return Codegen.optional(this.groupId); } - /** - * A list of usernames that belong to this group. - * - */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; - /** - * @return A list of usernames that belong to this group. - * - */ public Output> members() { return this.members; } - /** - * The realm this group exists in. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this group exists in. - * - */ public Output realmId() { return this.realmId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupMembershipsArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupMembershipsArgs.java index 9ae256f4..2c51c18a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupMembershipsArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupMembershipsArgs.java @@ -17,47 +17,23 @@ public final class GroupMembershipsArgs extends com.pulumi.resources.ResourceArg public static final GroupMembershipsArgs Empty = new GroupMembershipsArgs(); - /** - * The ID of the group this resource should manage memberships for. - * - */ @Import(name="groupId") private @Nullable Output groupId; - /** - * @return The ID of the group this resource should manage memberships for. - * - */ public Optional> groupId() { return Optional.ofNullable(this.groupId); } - /** - * A list of usernames that belong to this group. - * - */ @Import(name="members", required=true) private Output> members; - /** - * @return A list of usernames that belong to this group. - * - */ public Output> members() { return this.members; } - /** - * The realm this group exists in. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this group exists in. - * - */ public Output realmId() { return this.realmId; } @@ -88,75 +64,33 @@ public Builder(GroupMembershipsArgs defaults) { $ = new GroupMembershipsArgs(Objects.requireNonNull(defaults)); } - /** - * @param groupId The ID of the group this resource should manage memberships for. - * - * @return builder - * - */ public Builder groupId(@Nullable Output groupId) { $.groupId = groupId; return this; } - /** - * @param groupId The ID of the group this resource should manage memberships for. - * - * @return builder - * - */ public Builder groupId(String groupId) { return groupId(Output.of(groupId)); } - /** - * @param members A list of usernames that belong to this group. - * - * @return builder - * - */ public Builder members(Output> members) { $.members = members; return this; } - /** - * @param members A list of usernames that belong to this group. - * - * @return builder - * - */ public Builder members(List members) { return members(Output.of(members)); } - /** - * @param members A list of usernames that belong to this group. - * - * @return builder - * - */ public Builder members(String... members) { return members(List.of(members)); } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupRoles.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupRoles.java index 803a7d33..347a3c88 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupRoles.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupRoles.java @@ -17,17 +17,23 @@ import javax.annotation.Nullable; /** + * ## # keycloak.GroupRoles + * * Allows you to manage roles assigned to a Keycloak group. * - * If `exhaustive` is true, this resource attempts to be an **authoritative** source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the - * group will be added upon the next run of `pulumi up`. - * If `exhaustive` is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple `keycloak.GroupRoles` for the same `group_id`. + * Note that this resource attempts to be an **authoritative** source over + * group roles. When this resource takes control over a group's roles, + * roles that are manually added to the group will be removed, and roles + * that are manually removed from the group will be added upon the next run + * of `pulumi up`. + * + * Note that when assigning composite roles to a group, you may see a + * non-empty plan following a `pulumi up` if you assign a role and a + * composite that includes that role to the same group. * - * Note that when assigning composite roles to a group, you may see a non-empty plan following a `pulumi up` if you - * assign a role and a composite that includes that role to the same group. + * ### Example Usage * - * ## Example Usage - * ### Exhaustive Roles) + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -58,26 +64,26 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var realmRole = new Role("realmRole", RoleArgs.builder() - * .realmId(realm.id()) * .description("My Realm Role") + * .realmId(realm.id()) * .build()); * * var client = new Client("client", ClientArgs.builder() - * .realmId(realm.id()) + * .accessType("BEARER-ONLY") * .clientId("client") * .enabled(true) - * .accessType("BEARER-ONLY") + * .realmId(realm.id()) * .build()); * * var clientRole = new Role("clientRole", RoleArgs.builder() - * .realmId(realm.id()) * .clientId(keycloak_client.client().id()) * .description("My Client Role") + * .realmId(realm.id()) * .build()); * * var group = new Group("group", GroupArgs.builder() @@ -85,8 +91,8 @@ * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.id()) + * .realmId(realm.id()) * .roleIds( * realmRole.id(), * clientRole.id()) @@ -95,153 +101,50 @@ * } * } * ``` - * ### Non Exhaustive Roles) - * ```java - * package generated_program; + * <!--End PulumiCodeChooser --> * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.Role; - * import com.pulumi.keycloak.RoleArgs; - * import com.pulumi.keycloak.openid.Client; - * import com.pulumi.keycloak.openid.ClientArgs; - * import com.pulumi.keycloak.Group; - * import com.pulumi.keycloak.GroupArgs; - * import com.pulumi.keycloak.GroupRoles; - * import com.pulumi.keycloak.GroupRolesArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; + * ### Argument Reference * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } + * The following arguments are supported: * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); + * - `realm_id` - (Required) The realm this group exists in. + * - `group_id` - (Required) The ID of the group this resource should + * manage roles for. + * - `role_ids` - (Required) A list of role IDs to map to the group * - * var realmRole = new Role("realmRole", RoleArgs.builder() - * .realmId(realm.id()) - * .description("My Realm Role") - * .build()); + * ### Import * - * var client = new Client("client", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) - * .accessType("BEARER-ONLY") - * .build()); + * This resource can be imported using the format + * `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that + * Keycloak assigns to the group upon creation. This value can be found in + * the URI when editing this group in the GUI, and is typically a GUID. * - * var clientRole = new Role("clientRole", RoleArgs.builder() - * .realmId(realm.id()) - * .clientId(keycloak_client.client().id()) - * .description("My Client Role") - * .build()); - * - * var group = new Group("group", GroupArgs.builder() - * .realmId(realm.id()) - * .build()); - * - * var groupRoleAssociation1 = new GroupRoles("groupRoleAssociation1", GroupRolesArgs.builder() - * .realmId(realm.id()) - * .groupId(group.id()) - * .exhaustive(false) - * .roleIds(realmRole.id()) - * .build()); - * - * var groupRoleAssociation2 = new GroupRoles("groupRoleAssociation2", GroupRolesArgs.builder() - * .realmId(realm.id()) - * .groupId(group.id()) - * .exhaustive(false) - * .roleIds(clientRole.id()) - * .build()); - * - * } - * } - * ``` - * - * ## Import - * - * This resource can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak - * - * assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically - * - * a GUID. - * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:index/groupRoles:GroupRoles group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94 - * ``` + * Example: * */ @ResourceType(type="keycloak:index/groupRoles:GroupRoles") public class GroupRoles extends com.pulumi.resources.CustomResource { - /** - * Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - */ @Export(name="exhaustive", refs={Boolean.class}, tree="[0]") private Output exhaustive; - /** - * @return Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - */ public Output> exhaustive() { return Codegen.optional(this.exhaustive); } - /** - * The ID of the group this resource should manage roles for. - * - */ @Export(name="groupId", refs={String.class}, tree="[0]") private Output groupId; - /** - * @return The ID of the group this resource should manage roles for. - * - */ public Output groupId() { return this.groupId; } - /** - * The realm this group exists in. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this group exists in. - * - */ public Output realmId() { return this.realmId; } - /** - * A list of role IDs to map to the group. - * - */ @Export(name="roleIds", refs={List.class,String.class}, tree="[0,1]") private Output> roleIds; - /** - * @return A list of role IDs to map to the group. - * - */ public Output> roleIds() { return this.roleIds; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupRolesArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupRolesArgs.java index c3e7a925..5446f261 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupRolesArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupRolesArgs.java @@ -18,62 +18,30 @@ public final class GroupRolesArgs extends com.pulumi.resources.ResourceArgs { public static final GroupRolesArgs Empty = new GroupRolesArgs(); - /** - * Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - */ @Import(name="exhaustive") private @Nullable Output exhaustive; - /** - * @return Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - */ public Optional> exhaustive() { return Optional.ofNullable(this.exhaustive); } - /** - * The ID of the group this resource should manage roles for. - * - */ @Import(name="groupId", required=true) private Output groupId; - /** - * @return The ID of the group this resource should manage roles for. - * - */ public Output groupId() { return this.groupId; } - /** - * The realm this group exists in. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this group exists in. - * - */ public Output realmId() { return this.realmId; } - /** - * A list of role IDs to map to the group. - * - */ @Import(name="roleIds", required=true) private Output> roleIds; - /** - * @return A list of role IDs to map to the group. - * - */ public Output> roleIds() { return this.roleIds; } @@ -105,96 +73,42 @@ public Builder(GroupRolesArgs defaults) { $ = new GroupRolesArgs(Objects.requireNonNull(defaults)); } - /** - * @param exhaustive Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - * @return builder - * - */ public Builder exhaustive(@Nullable Output exhaustive) { $.exhaustive = exhaustive; return this; } - /** - * @param exhaustive Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - * @return builder - * - */ public Builder exhaustive(Boolean exhaustive) { return exhaustive(Output.of(exhaustive)); } - /** - * @param groupId The ID of the group this resource should manage roles for. - * - * @return builder - * - */ public Builder groupId(Output groupId) { $.groupId = groupId; return this; } - /** - * @param groupId The ID of the group this resource should manage roles for. - * - * @return builder - * - */ public Builder groupId(String groupId) { return groupId(Output.of(groupId)); } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param roleIds A list of role IDs to map to the group. - * - * @return builder - * - */ public Builder roleIds(Output> roleIds) { $.roleIds = roleIds; return this; } - /** - * @param roleIds A list of role IDs to map to the group. - * - * @return builder - * - */ public Builder roleIds(List roleIds) { return roleIds(Output.of(roleIds)); } - /** - * @param roleIds A list of role IDs to map to the group. - * - * @return builder - * - */ public Builder roleIds(String... roleIds) { return roleIds(List.of(roleIds)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedAttributeIdentityProviderMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedAttributeIdentityProviderMapper.java index 33d1584b..80619eee 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedAttributeIdentityProviderMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedAttributeIdentityProviderMapper.java @@ -23,6 +23,8 @@ * The identity provider hardcoded attribute mapper will set the specified value to the IDP attribute. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -74,6 +76,7 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * */ @ResourceType(type="keycloak:index/hardcodedAttributeIdentityProviderMapper:HardcodedAttributeIdentityProviderMapper") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedRoleIdentityMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedRoleIdentityMapper.java index c8214c4f..04db04dc 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedRoleIdentityMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedRoleIdentityMapper.java @@ -22,6 +22,8 @@ * The identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -78,6 +80,7 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * */ @ResourceType(type="keycloak:index/hardcodedRoleIdentityMapper:HardcodedRoleIdentityMapper") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/IdentityProviderTokenExchangeScopePermission.java b/sdk/java/src/main/java/com/pulumi/keycloak/IdentityProviderTokenExchangeScopePermission.java index cd518add..317da018 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/IdentityProviderTokenExchangeScopePermission.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/IdentityProviderTokenExchangeScopePermission.java @@ -17,6 +17,8 @@ /** * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -79,16 +81,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * This resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that * - * you assign to the identity provider upon creation. + * you assign to the identity provider upon creation. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java b/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java index abfc85b2..79de6db0 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java @@ -42,6 +42,8 @@ public final class KeycloakFunctions { * This data source can be used to fetch the ID of an authentication execution within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -79,6 +81,7 @@ public final class KeycloakFunctions { * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getAuthenticationExecution(GetAuthenticationExecutionArgs args) { @@ -88,6 +91,8 @@ public static Output getAuthenticationExecutio * This data source can be used to fetch the ID of an authentication execution within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -125,6 +130,7 @@ public static Output getAuthenticationExecutio * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getAuthenticationExecutionPlain(GetAuthenticationExecutionPlainArgs args) { @@ -134,6 +140,8 @@ public static CompletableFuture getAuthenticat * This data source can be used to fetch the ID of an authentication execution within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -171,6 +179,7 @@ public static CompletableFuture getAuthenticat * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getAuthenticationExecution(GetAuthenticationExecutionArgs args, InvokeOptions options) { @@ -180,6 +189,8 @@ public static Output getAuthenticationExecutio * This data source can be used to fetch the ID of an authentication execution within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -217,6 +228,7 @@ public static Output getAuthenticationExecutio * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getAuthenticationExecutionPlain(GetAuthenticationExecutionPlainArgs args, InvokeOptions options) { @@ -226,6 +238,8 @@ public static CompletableFuture getAuthenticat * This data source can be used to fetch the ID of an authentication flow within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -262,6 +276,7 @@ public static CompletableFuture getAuthenticat * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getAuthenticationFlow(GetAuthenticationFlowArgs args) { @@ -271,6 +286,8 @@ public static Output getAuthenticationFlow(GetAuthe * This data source can be used to fetch the ID of an authentication flow within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -307,6 +324,7 @@ public static Output getAuthenticationFlow(GetAuthe * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getAuthenticationFlowPlain(GetAuthenticationFlowPlainArgs args) { @@ -316,6 +334,8 @@ public static CompletableFuture getAuthenticationFl * This data source can be used to fetch the ID of an authentication flow within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -352,6 +372,7 @@ public static CompletableFuture getAuthenticationFl * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getAuthenticationFlow(GetAuthenticationFlowArgs args, InvokeOptions options) { @@ -361,6 +382,8 @@ public static Output getAuthenticationFlow(GetAuthe * This data source can be used to fetch the ID of an authentication flow within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -397,6 +420,7 @@ public static Output getAuthenticationFlow(GetAuthe * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getAuthenticationFlowPlain(GetAuthenticationFlowPlainArgs args, InvokeOptions options) { @@ -407,6 +431,8 @@ public static CompletableFuture getAuthenticationFl * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -478,6 +504,7 @@ public static CompletableFuture getAuthenticationFl * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientDescriptionConverter(GetClientDescriptionConverterArgs args) { @@ -488,6 +515,8 @@ public static Output getClientDescriptionCo * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -559,6 +588,7 @@ public static Output getClientDescriptionCo * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientDescriptionConverterPlain(GetClientDescriptionConverterPlainArgs args) { @@ -569,6 +599,8 @@ public static CompletableFuture getClientDe * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -640,6 +672,7 @@ public static CompletableFuture getClientDe * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientDescriptionConverter(GetClientDescriptionConverterArgs args, InvokeOptions options) { @@ -650,6 +683,8 @@ public static Output getClientDescriptionCo * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -721,16 +756,21 @@ public static Output getClientDescriptionCo * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientDescriptionConverterPlain(GetClientDescriptionConverterPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter", TypeShape.of(GetClientDescriptionConverterResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.Group data source + * * This data source can be used to fetch properties of a Keycloak group for * usage with other resources, such as `keycloak.GroupRoles`. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -758,39 +798,58 @@ public static CompletableFuture getClientDe * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) * .name("offline_access") + * .realmId(realm.id()) * .build()); * * final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder() - * .realmId(realm.id()) * .name("group") + * .realmId(realm.id()) * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) - * .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) + * .realmId(realm.id()) + * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this group exists within. + * - `name` - (Required) The name of the group + * + * ### Attributes Reference + * + * In addition to the arguments listed above, the following computed attributes are exported: + * + * - `id` - The unique ID of the group, which can be used as an argument to + * other resources supported by this provider. * */ public static Output getGroup(GetGroupArgs args) { return getGroup(args, InvokeOptions.Empty); } /** + * ## # keycloak.Group data source + * * This data source can be used to fetch properties of a Keycloak group for * usage with other resources, such as `keycloak.GroupRoles`. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -818,39 +877,58 @@ public static Output getGroup(GetGroupArgs args) { * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) * .name("offline_access") + * .realmId(realm.id()) * .build()); * * final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder() - * .realmId(realm.id()) * .name("group") + * .realmId(realm.id()) * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) - * .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) + * .realmId(realm.id()) + * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this group exists within. + * - `name` - (Required) The name of the group + * + * ### Attributes Reference + * + * In addition to the arguments listed above, the following computed attributes are exported: + * + * - `id` - The unique ID of the group, which can be used as an argument to + * other resources supported by this provider. * */ public static CompletableFuture getGroupPlain(GetGroupPlainArgs args) { return getGroupPlain(args, InvokeOptions.Empty); } /** + * ## # keycloak.Group data source + * * This data source can be used to fetch properties of a Keycloak group for * usage with other resources, such as `keycloak.GroupRoles`. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -878,39 +956,58 @@ public static CompletableFuture getGroupPlain(GetGroupPlainArgs * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) * .name("offline_access") + * .realmId(realm.id()) * .build()); * * final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder() - * .realmId(realm.id()) * .name("group") + * .realmId(realm.id()) * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) - * .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) + * .realmId(realm.id()) + * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this group exists within. + * - `name` - (Required) The name of the group + * + * ### Attributes Reference + * + * In addition to the arguments listed above, the following computed attributes are exported: + * + * - `id` - The unique ID of the group, which can be used as an argument to + * other resources supported by this provider. * */ public static Output getGroup(GetGroupArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("keycloak:index/getGroup:getGroup", TypeShape.of(GetGroupResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.Group data source + * * This data source can be used to fetch properties of a Keycloak group for * usage with other resources, such as `keycloak.GroupRoles`. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -938,39 +1035,58 @@ public static Output getGroup(GetGroupArgs args, InvokeOptions o * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) * .name("offline_access") + * .realmId(realm.id()) * .build()); * * final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder() - * .realmId(realm.id()) * .name("group") + * .realmId(realm.id()) * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) - * .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) + * .realmId(realm.id()) + * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this group exists within. + * - `name` - (Required) The name of the group + * + * ### Attributes Reference + * + * In addition to the arguments listed above, the following computed attributes are exported: + * + * - `id` - The unique ID of the group, which can be used as an argument to + * other resources supported by this provider. * */ public static CompletableFuture getGroupPlain(GetGroupPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("keycloak:index/getGroup:getGroup", TypeShape.of(GetGroupResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.Realm data source + * * This data source can be used to fetch properties of a Keycloak realm for * usage with other resources. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -999,22 +1115,37 @@ public static CompletableFuture getGroupPlain(GetGroupPlainArgs * .build()); * * var group = new Role("group", RoleArgs.builder() - * .realmId(realm.applyValue(getRealmResult -> getRealmResult.id())) + * .realmId(data.keycloak_realm().id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm` - (Required) The realm name. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.Realm` resource for details on the exported attributes. * */ public static Output getRealm(GetRealmArgs args) { return getRealm(args, InvokeOptions.Empty); } /** + * ## # keycloak.Realm data source + * * This data source can be used to fetch properties of a Keycloak realm for * usage with other resources. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1043,22 +1174,37 @@ public static Output getRealm(GetRealmArgs args) { * .build()); * * var group = new Role("group", RoleArgs.builder() - * .realmId(realm.applyValue(getRealmResult -> getRealmResult.id())) + * .realmId(data.keycloak_realm().id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm` - (Required) The realm name. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.Realm` resource for details on the exported attributes. * */ public static CompletableFuture getRealmPlain(GetRealmPlainArgs args) { return getRealmPlain(args, InvokeOptions.Empty); } /** + * ## # keycloak.Realm data source + * * This data source can be used to fetch properties of a Keycloak realm for * usage with other resources. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1087,22 +1233,37 @@ public static CompletableFuture getRealmPlain(GetRealmPlainArgs * .build()); * * var group = new Role("group", RoleArgs.builder() - * .realmId(realm.applyValue(getRealmResult -> getRealmResult.id())) + * .realmId(data.keycloak_realm().id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm` - (Required) The realm name. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.Realm` resource for details on the exported attributes. * */ public static Output getRealm(GetRealmArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("keycloak:index/getRealm:getRealm", TypeShape.of(GetRealmResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.Realm data source + * * This data source can be used to fetch properties of a Keycloak realm for * usage with other resources. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1131,74 +1292,97 @@ public static Output getRealm(GetRealmArgs args, InvokeOptions o * .build()); * * var group = new Role("group", RoleArgs.builder() - * .realmId(realm.applyValue(getRealmResult -> getRealmResult.id())) + * .realmId(data.keycloak_realm().id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm` - (Required) The realm name. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.Realm` resource for details on the exported attributes. * */ public static CompletableFuture getRealmPlain(GetRealmPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("keycloak:index/getRealm:getRealm", TypeShape.of(GetRealmResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.getRealmKeys data source + * * Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. * * Remarks: * * - A key must meet all filter criteria - * - This data source may return more than one value. - * - If no key matches the filter criteria, then an error will be returned. + * - This datasource may return more than one value. + * - If no key matches the filter criteria, then an error is returned. * */ public static Output getRealmKeys(GetRealmKeysArgs args) { return getRealmKeys(args, InvokeOptions.Empty); } /** + * ## # keycloak.getRealmKeys data source + * * Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. * * Remarks: * * - A key must meet all filter criteria - * - This data source may return more than one value. - * - If no key matches the filter criteria, then an error will be returned. + * - This datasource may return more than one value. + * - If no key matches the filter criteria, then an error is returned. * */ public static CompletableFuture getRealmKeysPlain(GetRealmKeysPlainArgs args) { return getRealmKeysPlain(args, InvokeOptions.Empty); } /** + * ## # keycloak.getRealmKeys data source + * * Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. * * Remarks: * * - A key must meet all filter criteria - * - This data source may return more than one value. - * - If no key matches the filter criteria, then an error will be returned. + * - This datasource may return more than one value. + * - If no key matches the filter criteria, then an error is returned. * */ public static Output getRealmKeys(GetRealmKeysArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("keycloak:index/getRealmKeys:getRealmKeys", TypeShape.of(GetRealmKeysResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.getRealmKeys data source + * * Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. * * Remarks: * * - A key must meet all filter criteria - * - This data source may return more than one value. - * - If no key matches the filter criteria, then an error will be returned. + * - This datasource may return more than one value. + * - If no key matches the filter criteria, then an error is returned. * */ public static CompletableFuture getRealmKeysPlain(GetRealmKeysPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("keycloak:index/getRealmKeys:getRealmKeys", TypeShape.of(GetRealmKeysResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.Role data source + * * This data source can be used to fetch properties of a Keycloak role for * usage with other resources, such as `keycloak.GroupRoles`. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1227,13 +1411,13 @@ public static CompletableFuture getRealmKeysPlain(GetRealmKe * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) * .name("offline_access") + * .realmId(realm.id()) * .build()); * * var group = new Group("group", GroupArgs.builder() @@ -1241,24 +1425,46 @@ public static CompletableFuture getRealmKeysPlain(GetRealmKe * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.id()) - * .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) + * .realmId(realm.id()) + * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this role exists within. + * - `client_id` - (Optional) When specified, this role is assumed to be a + * client role belonging to the client with the provided ID + * - `name` - (Required) The name of the role + * + * ### Attributes Reference + * + * In addition to the arguments listed above, the following computed attributes are exported: + * + * - `id` - The unique ID of the role, which can be used as an argument to + * other resources supported by this provider. + * - `description` - The description of the role. * */ public static Output getRole(GetRoleArgs args) { return getRole(args, InvokeOptions.Empty); } /** + * ## # keycloak.Role data source + * * This data source can be used to fetch properties of a Keycloak role for * usage with other resources, such as `keycloak.GroupRoles`. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1287,13 +1493,13 @@ public static Output getRole(GetRoleArgs args) { * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) * .name("offline_access") + * .realmId(realm.id()) * .build()); * * var group = new Group("group", GroupArgs.builder() @@ -1301,24 +1507,46 @@ public static Output getRole(GetRoleArgs args) { * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.id()) - * .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) + * .realmId(realm.id()) + * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this role exists within. + * - `client_id` - (Optional) When specified, this role is assumed to be a + * client role belonging to the client with the provided ID + * - `name` - (Required) The name of the role + * + * ### Attributes Reference + * + * In addition to the arguments listed above, the following computed attributes are exported: + * + * - `id` - The unique ID of the role, which can be used as an argument to + * other resources supported by this provider. + * - `description` - The description of the role. * */ public static CompletableFuture getRolePlain(GetRolePlainArgs args) { return getRolePlain(args, InvokeOptions.Empty); } /** + * ## # keycloak.Role data source + * * This data source can be used to fetch properties of a Keycloak role for * usage with other resources, such as `keycloak.GroupRoles`. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1347,13 +1575,13 @@ public static CompletableFuture getRolePlain(GetRolePlainArgs arg * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) * .name("offline_access") + * .realmId(realm.id()) * .build()); * * var group = new Group("group", GroupArgs.builder() @@ -1361,24 +1589,46 @@ public static CompletableFuture getRolePlain(GetRolePlainArgs arg * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.id()) - * .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) + * .realmId(realm.id()) + * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this role exists within. + * - `client_id` - (Optional) When specified, this role is assumed to be a + * client role belonging to the client with the provided ID + * - `name` - (Required) The name of the role + * + * ### Attributes Reference + * + * In addition to the arguments listed above, the following computed attributes are exported: + * + * - `id` - The unique ID of the role, which can be used as an argument to + * other resources supported by this provider. + * - `description` - The description of the role. * */ public static Output getRole(GetRoleArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("keycloak:index/getRole:getRole", TypeShape.of(GetRoleResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.Role data source + * * This data source can be used to fetch properties of a Keycloak role for * usage with other resources, such as `keycloak.GroupRoles`. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1407,13 +1657,13 @@ public static Output getRole(GetRoleArgs args, InvokeOptions opti * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) * .name("offline_access") + * .realmId(realm.id()) * .build()); * * var group = new Group("group", GroupArgs.builder() @@ -1421,14 +1671,32 @@ public static Output getRole(GetRoleArgs args, InvokeOptions opti * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .realmId(realm.id()) * .groupId(group.id()) - * .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) + * .realmId(realm.id()) + * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm this role exists within. + * - `client_id` - (Optional) When specified, this role is assumed to be a + * client role belonging to the client with the provided ID + * - `name` - (Required) The name of the role + * + * ### Attributes Reference + * + * In addition to the arguments listed above, the following computed attributes are exported: + * + * - `id` - The unique ID of the role, which can be used as an argument to + * other resources supported by this provider. + * - `description` - The description of the role. * */ public static CompletableFuture getRolePlain(GetRolePlainArgs args, InvokeOptions options) { @@ -1438,6 +1706,8 @@ public static CompletableFuture getRolePlain(GetRolePlainArgs arg * This data source can be used to fetch properties of a user within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1473,6 +1743,7 @@ public static CompletableFuture getRolePlain(GetRolePlainArgs arg * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getUser(GetUserArgs args) { @@ -1482,6 +1753,8 @@ public static Output getUser(GetUserArgs args) { * This data source can be used to fetch properties of a user within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1517,6 +1790,7 @@ public static Output getUser(GetUserArgs args) { * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getUserPlain(GetUserPlainArgs args) { @@ -1526,6 +1800,8 @@ public static CompletableFuture getUserPlain(GetUserPlainArgs arg * This data source can be used to fetch properties of a user within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1561,6 +1837,7 @@ public static CompletableFuture getUserPlain(GetUserPlainArgs arg * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getUser(GetUserArgs args, InvokeOptions options) { @@ -1570,6 +1847,8 @@ public static Output getUser(GetUserArgs args, InvokeOptions opti * This data source can be used to fetch properties of a user within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1605,6 +1884,7 @@ public static Output getUser(GetUserArgs args, InvokeOptions opti * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getUserPlain(GetUserPlainArgs args, InvokeOptions options) { @@ -1614,6 +1894,8 @@ public static CompletableFuture getUserPlain(GetUserPlainArgs arg * This data source can be used to fetch the realm roles of a user within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1655,6 +1937,7 @@ public static CompletableFuture getUserPlain(GetUserPlainArgs arg * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getUserRealmRoles(GetUserRealmRolesArgs args) { @@ -1664,6 +1947,8 @@ public static Output getUserRealmRoles(GetUserRealmRole * This data source can be used to fetch the realm roles of a user within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1705,6 +1990,7 @@ public static Output getUserRealmRoles(GetUserRealmRole * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getUserRealmRolesPlain(GetUserRealmRolesPlainArgs args) { @@ -1714,6 +2000,8 @@ public static CompletableFuture getUserRealmRolesPlain( * This data source can be used to fetch the realm roles of a user within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1755,6 +2043,7 @@ public static CompletableFuture getUserRealmRolesPlain( * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getUserRealmRoles(GetUserRealmRolesArgs args, InvokeOptions options) { @@ -1764,6 +2053,8 @@ public static Output getUserRealmRoles(GetUserRealmRole * This data source can be used to fetch the realm roles of a user within Keycloak. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1805,6 +2096,7 @@ public static Output getUserRealmRoles(GetUserRealmRole * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getUserRealmRolesPlain(GetUserRealmRolesPlainArgs args, InvokeOptions options) { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/Realm.java b/sdk/java/src/main/java/com/pulumi/keycloak/Realm.java index 41353cf1..f6921af9 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/Realm.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/Realm.java @@ -25,311 +25,105 @@ import java.util.Optional; import javax.annotation.Nullable; -/** - * Allows for creating and managing Realms within Keycloak. - * - * A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated - * from multiple sources. - * - * ## Example Usage - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.inputs.RealmInternationalizationArgs; - * import com.pulumi.keycloak.inputs.RealmSecurityDefensesArgs; - * import com.pulumi.keycloak.inputs.RealmSecurityDefensesBruteForceDetectionArgs; - * import com.pulumi.keycloak.inputs.RealmSecurityDefensesHeadersArgs; - * import com.pulumi.keycloak.inputs.RealmSmtpServerArgs; - * import com.pulumi.keycloak.inputs.RealmSmtpServerAuthArgs; - * import com.pulumi.keycloak.inputs.RealmWebAuthnPolicyArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .accessCodeLifespan("1h") - * .attributes(Map.of("mycustomAttribute", "myCustomValue")) - * .displayName("my realm") - * .displayNameHtml("<b>my realm</b>") - * .enabled(true) - * .internationalization(RealmInternationalizationArgs.builder() - * .defaultLocale("en") - * .supportedLocales( - * "en", - * "de", - * "es") - * .build()) - * .loginTheme("base") - * .passwordPolicy("upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername") - * .realm("my-realm") - * .securityDefenses(RealmSecurityDefensesArgs.builder() - * .bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder() - * .failureResetTimeSeconds(43200) - * .maxFailureWaitSeconds(900) - * .maxLoginFailures(30) - * .minimumQuickLoginWaitSeconds(60) - * .permanentLockout(false) - * .quickLoginCheckMilliSeconds(1000) - * .waitIncrementSeconds(60) - * .build()) - * .headers(RealmSecurityDefensesHeadersArgs.builder() - * .contentSecurityPolicy("frame-src 'self'; frame-ancestors 'self'; object-src 'none';") - * .contentSecurityPolicyReportOnly("") - * .strictTransportSecurity("max-age=31536000; includeSubDomains") - * .xContentTypeOptions("nosniff") - * .xFrameOptions("DENY") - * .xRobotsTag("none") - * .xXssProtection("1; mode=block") - * .build()) - * .build()) - * .smtpServer(RealmSmtpServerArgs.builder() - * .auth(RealmSmtpServerAuthArgs.builder() - * .password("password") - * .username("tom") - * .build()) - * .from("example@example.com") - * .host("smtp.example.com") - * .build()) - * .sslRequired("external") - * .webAuthnPolicy(RealmWebAuthnPolicyArgs.builder() - * .relyingPartyEntityName("Example") - * .relyingPartyId("keycloak.example.com") - * .signatureAlgorithms( - * "ES256", - * "RS256") - * .build()) - * .build()); - * - * } - * } - * ``` - * ## Default Client Scopes - * - * - `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - * - `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. - * - * ## Import - * - * Realms can be imported using their name. - * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:index/realm:Realm realm my-realm - * ``` - * - */ @ResourceType(type="keycloak:index/realm:Realm") public class Realm extends com.pulumi.resources.CustomResource { - /** - * The maximum amount of time a client has to finish the authorization code flow. - * - */ @Export(name="accessCodeLifespan", refs={String.class}, tree="[0]") private Output accessCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the authorization code flow. - * - */ public Output accessCodeLifespan() { return this.accessCodeLifespan; } - /** - * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - */ @Export(name="accessCodeLifespanLogin", refs={String.class}, tree="[0]") private Output accessCodeLifespanLogin; - /** - * @return The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - */ public Output accessCodeLifespanLogin() { return this.accessCodeLifespanLogin; } - /** - * The maximum amount of time a user has to complete login related actions, such as updating a password. - * - */ @Export(name="accessCodeLifespanUserAction", refs={String.class}, tree="[0]") private Output accessCodeLifespanUserAction; - /** - * @return The maximum amount of time a user has to complete login related actions, such as updating a password. - * - */ public Output accessCodeLifespanUserAction() { return this.accessCodeLifespanUserAction; } - /** - * The amount of time an access token can be used before it expires. - * - */ @Export(name="accessTokenLifespan", refs={String.class}, tree="[0]") private Output accessTokenLifespan; - /** - * @return The amount of time an access token can be used before it expires. - * - */ public Output accessTokenLifespan() { return this.accessTokenLifespan; } - /** - * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - */ @Export(name="accessTokenLifespanForImplicitFlow", refs={String.class}, tree="[0]") private Output accessTokenLifespanForImplicitFlow; - /** - * @return The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - */ public Output accessTokenLifespanForImplicitFlow() { return this.accessTokenLifespanForImplicitFlow; } - /** - * Used for account management pages. - * - */ @Export(name="accountTheme", refs={String.class}, tree="[0]") private Output accountTheme; - /** - * @return Used for account management pages. - * - */ public Output> accountTheme() { return Codegen.optional(this.accountTheme); } - /** - * The maximum time a user has to use an admin-generated permit before it expires. - * - */ @Export(name="actionTokenGeneratedByAdminLifespan", refs={String.class}, tree="[0]") private Output actionTokenGeneratedByAdminLifespan; - /** - * @return The maximum time a user has to use an admin-generated permit before it expires. - * - */ public Output actionTokenGeneratedByAdminLifespan() { return this.actionTokenGeneratedByAdminLifespan; } - /** - * The maximum time a user has to use a user-generated permit before it expires. - * - */ @Export(name="actionTokenGeneratedByUserLifespan", refs={String.class}, tree="[0]") private Output actionTokenGeneratedByUserLifespan; - /** - * @return The maximum time a user has to use a user-generated permit before it expires. - * - */ public Output actionTokenGeneratedByUserLifespan() { return this.actionTokenGeneratedByUserLifespan; } - /** - * Used for the admin console. - * - */ @Export(name="adminTheme", refs={String.class}, tree="[0]") private Output adminTheme; - /** - * @return Used for the admin console. - * - */ public Output> adminTheme() { return Codegen.optional(this.adminTheme); } - /** - * A map of custom attributes to add to the realm. - * - */ @Export(name="attributes", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") private Output> attributes; - /** - * @return A map of custom attributes to add to the realm. - * - */ public Output>> attributes() { return Codegen.optional(this.attributes); } /** - * The desired flow for browser authentication. Defaults to `browser`. + * Which flow should be used for BrowserFlow * */ @Export(name="browserFlow", refs={String.class}, tree="[0]") private Output browserFlow; /** - * @return The desired flow for browser authentication. Defaults to `browser`. + * @return Which flow should be used for BrowserFlow * */ public Output browserFlow() { return this.browserFlow; } /** - * The desired flow for client authentication. Defaults to `clients`. + * Which flow should be used for ClientAuthenticationFlow * */ @Export(name="clientAuthenticationFlow", refs={String.class}, tree="[0]") private Output clientAuthenticationFlow; /** - * @return The desired flow for client authentication. Defaults to `clients`. + * @return Which flow should be used for ClientAuthenticationFlow * */ public Output clientAuthenticationFlow() { return this.clientAuthenticationFlow; } - /** - * The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - */ @Export(name="clientSessionIdleTimeout", refs={String.class}, tree="[0]") private Output clientSessionIdleTimeout; - /** - * @return The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - */ public Output clientSessionIdleTimeout() { return this.clientSessionIdleTimeout; } - /** - * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - */ @Export(name="clientSessionMaxLifespan", refs={String.class}, tree="[0]") private Output clientSessionMaxLifespan; - /** - * @return The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - */ public Output clientSessionMaxLifespan() { return this.clientSessionMaxLifespan; } @@ -345,143 +139,79 @@ public Output>> defaultDefaultClientScopes() { public Output>> defaultOptionalClientScopes() { return Codegen.optional(this.defaultOptionalClientScopes); } - /** - * Default algorithm used to sign tokens for the realm. - * - */ @Export(name="defaultSignatureAlgorithm", refs={String.class}, tree="[0]") private Output defaultSignatureAlgorithm; - /** - * @return Default algorithm used to sign tokens for the realm. - * - */ public Output> defaultSignatureAlgorithm() { return Codegen.optional(this.defaultSignatureAlgorithm); } /** - * The desired flow for direct access authentication. Defaults to `direct grant`. + * Which flow should be used for DirectGrantFlow * */ @Export(name="directGrantFlow", refs={String.class}, tree="[0]") private Output directGrantFlow; /** - * @return The desired flow for direct access authentication. Defaults to `direct grant`. + * @return Which flow should be used for DirectGrantFlow * */ public Output directGrantFlow() { return this.directGrantFlow; } - /** - * The display name for the realm that is shown when logging in to the admin console. - * - */ @Export(name="displayName", refs={String.class}, tree="[0]") private Output displayName; - /** - * @return The display name for the realm that is shown when logging in to the admin console. - * - */ public Output> displayName() { return Codegen.optional(this.displayName); } - /** - * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - */ @Export(name="displayNameHtml", refs={String.class}, tree="[0]") private Output displayNameHtml; - /** - * @return The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - */ public Output> displayNameHtml() { return Codegen.optional(this.displayNameHtml); } /** - * The desired flow for Docker authentication. Defaults to `docker auth`. + * Which flow should be used for DockerAuthenticationFlow * */ @Export(name="dockerAuthenticationFlow", refs={String.class}, tree="[0]") private Output dockerAuthenticationFlow; /** - * @return The desired flow for Docker authentication. Defaults to `docker auth`. + * @return Which flow should be used for DockerAuthenticationFlow * */ public Output dockerAuthenticationFlow() { return this.dockerAuthenticationFlow; } - /** - * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - */ @Export(name="duplicateEmailsAllowed", refs={Boolean.class}, tree="[0]") private Output duplicateEmailsAllowed; - /** - * @return When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - */ public Output duplicateEmailsAllowed() { return this.duplicateEmailsAllowed; } - /** - * When true, the username field is editable. - * - */ @Export(name="editUsernameAllowed", refs={Boolean.class}, tree="[0]") private Output editUsernameAllowed; - /** - * @return When true, the username field is editable. - * - */ public Output editUsernameAllowed() { return this.editUsernameAllowed; } - /** - * Used for emails that are sent by Keycloak. - * - */ @Export(name="emailTheme", refs={String.class}, tree="[0]") private Output emailTheme; - /** - * @return Used for emails that are sent by Keycloak. - * - */ public Output> emailTheme() { return Codegen.optional(this.emailTheme); } - /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - */ @Export(name="enabled", refs={Boolean.class}, tree="[0]") private Output enabled; - /** - * @return When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - */ public Output> enabled() { return Codegen.optional(this.enabled); } - /** - * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - */ @Export(name="internalId", refs={String.class}, tree="[0]") private Output internalId; - /** - * @return When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - */ public Output internalId() { return this.internalId; } @@ -491,105 +221,45 @@ public Output internalId() { public Output> internationalization() { return Codegen.optional(this.internationalization); } - /** - * Used for the login, forgot password, and registration pages. - * - */ @Export(name="loginTheme", refs={String.class}, tree="[0]") private Output loginTheme; - /** - * @return Used for the login, forgot password, and registration pages. - * - */ public Output> loginTheme() { return Codegen.optional(this.loginTheme); } - /** - * When true, users may log in with their email address. - * - */ @Export(name="loginWithEmailAllowed", refs={Boolean.class}, tree="[0]") private Output loginWithEmailAllowed; - /** - * @return When true, users may log in with their email address. - * - */ public Output loginWithEmailAllowed() { return this.loginWithEmailAllowed; } - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - */ @Export(name="oauth2DeviceCodeLifespan", refs={String.class}, tree="[0]") private Output oauth2DeviceCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - */ public Output oauth2DeviceCodeLifespan() { return this.oauth2DeviceCodeLifespan; } - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ @Export(name="oauth2DevicePollingInterval", refs={Integer.class}, tree="[0]") private Output oauth2DevicePollingInterval; - /** - * @return The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ public Output oauth2DevicePollingInterval() { return this.oauth2DevicePollingInterval; } - /** - * The amount of time an offline session can be idle before it expires. - * - */ @Export(name="offlineSessionIdleTimeout", refs={String.class}, tree="[0]") private Output offlineSessionIdleTimeout; - /** - * @return The amount of time an offline session can be idle before it expires. - * - */ public Output offlineSessionIdleTimeout() { return this.offlineSessionIdleTimeout; } - /** - * The maximum amount of time before an offline session expires regardless of activity. - * - */ @Export(name="offlineSessionMaxLifespan", refs={String.class}, tree="[0]") private Output offlineSessionMaxLifespan; - /** - * @return The maximum amount of time before an offline session expires regardless of activity. - * - */ public Output offlineSessionMaxLifespan() { return this.offlineSessionMaxLifespan; } - /** - * Enable `offline_session_max_lifespan`. - * - */ @Export(name="offlineSessionMaxLifespanEnabled", refs={Boolean.class}, tree="[0]") private Output offlineSessionMaxLifespanEnabled; - /** - * @return Enable `offline_session_max_lifespan`. - * - */ public Output> offlineSessionMaxLifespanEnabled() { return Codegen.optional(this.offlineSessionMaxLifespanEnabled); } @@ -600,150 +270,90 @@ public Output otpPolicy() { return this.otpPolicy; } /** - * The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * */ @Export(name="passwordPolicy", refs={String.class}, tree="[0]") private Output passwordPolicy; /** - * @return The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * @return String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * */ public Output> passwordPolicy() { return Codegen.optional(this.passwordPolicy); } - /** - * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - */ @Export(name="realm", refs={String.class}, tree="[0]") private Output realm; - /** - * @return The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - */ public Output realm() { return this.realm; } - /** - * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - */ @Export(name="refreshTokenMaxReuse", refs={Integer.class}, tree="[0]") private Output refreshTokenMaxReuse; - /** - * @return Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - */ public Output> refreshTokenMaxReuse() { return Codegen.optional(this.refreshTokenMaxReuse); } - /** - * When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - */ @Export(name="registrationAllowed", refs={Boolean.class}, tree="[0]") private Output registrationAllowed; - /** - * @return When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - */ public Output registrationAllowed() { return this.registrationAllowed; } - /** - * When true, the user's email will be used as their username during registration. - * - */ @Export(name="registrationEmailAsUsername", refs={Boolean.class}, tree="[0]") private Output registrationEmailAsUsername; - /** - * @return When true, the user's email will be used as their username during registration. - * - */ public Output registrationEmailAsUsername() { return this.registrationEmailAsUsername; } /** - * The desired flow for user registration. Defaults to `registration`. + * Which flow should be used for RegistrationFlow * */ @Export(name="registrationFlow", refs={String.class}, tree="[0]") private Output registrationFlow; /** - * @return The desired flow for user registration. Defaults to `registration`. + * @return Which flow should be used for RegistrationFlow * */ public Output registrationFlow() { return this.registrationFlow; } - /** - * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - */ @Export(name="rememberMe", refs={Boolean.class}, tree="[0]") private Output rememberMe; - /** - * @return When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - */ public Output rememberMe() { return this.rememberMe; } /** - * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * Which flow should be used for ResetCredentialsFlow * */ @Export(name="resetCredentialsFlow", refs={String.class}, tree="[0]") private Output resetCredentialsFlow; /** - * @return The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * @return Which flow should be used for ResetCredentialsFlow * */ public Output resetCredentialsFlow() { return this.resetCredentialsFlow; } - /** - * When true, a "forgot password" link will be displayed on the login page. - * - */ @Export(name="resetPasswordAllowed", refs={Boolean.class}, tree="[0]") private Output resetPasswordAllowed; - /** - * @return When true, a "forgot password" link will be displayed on the login page. - * - */ public Output resetPasswordAllowed() { return this.resetPasswordAllowed; } - /** - * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - */ @Export(name="revokeRefreshToken", refs={Boolean.class}, tree="[0]") private Output revokeRefreshToken; - /** - * @return If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - */ public Output> revokeRefreshToken() { return Codegen.optional(this.revokeRefreshToken); } @@ -760,132 +370,64 @@ public Output> smtpServer() { return Codegen.optional(this.smtpServer); } /** - * Can be one of following values: 'none, 'external' or 'all' + * SSL Required: Values can be 'none', 'external' or 'all'. * */ @Export(name="sslRequired", refs={String.class}, tree="[0]") private Output sslRequired; /** - * @return Can be one of following values: 'none, 'external' or 'all' + * @return SSL Required: Values can be 'none', 'external' or 'all'. * */ public Output> sslRequired() { return Codegen.optional(this.sslRequired); } - /** - * The amount of time a session can be idle before it expires. - * - */ @Export(name="ssoSessionIdleTimeout", refs={String.class}, tree="[0]") private Output ssoSessionIdleTimeout; - /** - * @return The amount of time a session can be idle before it expires. - * - */ public Output ssoSessionIdleTimeout() { return this.ssoSessionIdleTimeout; } - /** - * Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - */ @Export(name="ssoSessionIdleTimeoutRememberMe", refs={String.class}, tree="[0]") private Output ssoSessionIdleTimeoutRememberMe; - /** - * @return Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - */ public Output ssoSessionIdleTimeoutRememberMe() { return this.ssoSessionIdleTimeoutRememberMe; } - /** - * The maximum amount of time before a session expires regardless of activity. - * - */ @Export(name="ssoSessionMaxLifespan", refs={String.class}, tree="[0]") private Output ssoSessionMaxLifespan; - /** - * @return The maximum amount of time before a session expires regardless of activity. - * - */ public Output ssoSessionMaxLifespan() { return this.ssoSessionMaxLifespan; } - /** - * Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - */ @Export(name="ssoSessionMaxLifespanRememberMe", refs={String.class}, tree="[0]") private Output ssoSessionMaxLifespanRememberMe; - /** - * @return Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - */ public Output ssoSessionMaxLifespanRememberMe() { return this.ssoSessionMaxLifespanRememberMe; } - /** - * When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - */ @Export(name="userManagedAccess", refs={Boolean.class}, tree="[0]") private Output userManagedAccess; - /** - * @return When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - */ public Output> userManagedAccess() { return Codegen.optional(this.userManagedAccess); } - /** - * When true, users are required to verify their email address after registration and after email address changes. - * - */ @Export(name="verifyEmail", refs={Boolean.class}, tree="[0]") private Output verifyEmail; - /** - * @return When true, users are required to verify their email address after registration and after email address changes. - * - */ public Output verifyEmail() { return this.verifyEmail; } - /** - * Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - */ @Export(name="webAuthnPasswordlessPolicy", refs={RealmWebAuthnPasswordlessPolicy.class}, tree="[0]") private Output webAuthnPasswordlessPolicy; - /** - * @return Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - */ public Output webAuthnPasswordlessPolicy() { return this.webAuthnPasswordlessPolicy; } - /** - * Configuration for WebAuthn Policy authentication. - * - */ @Export(name="webAuthnPolicy", refs={RealmWebAuthnPolicy.class}, tree="[0]") private Output webAuthnPolicy; - /** - * @return Configuration for WebAuthn Policy authentication. - * - */ public Output webAuthnPolicy() { return this.webAuthnPolicy; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmArgs.java index 2d1e34ec..9f732fcb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmArgs.java @@ -27,165 +27,85 @@ public final class RealmArgs extends com.pulumi.resources.ResourceArgs { public static final RealmArgs Empty = new RealmArgs(); - /** - * The maximum amount of time a client has to finish the authorization code flow. - * - */ @Import(name="accessCodeLifespan") private @Nullable Output accessCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the authorization code flow. - * - */ public Optional> accessCodeLifespan() { return Optional.ofNullable(this.accessCodeLifespan); } - /** - * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - */ @Import(name="accessCodeLifespanLogin") private @Nullable Output accessCodeLifespanLogin; - /** - * @return The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - */ public Optional> accessCodeLifespanLogin() { return Optional.ofNullable(this.accessCodeLifespanLogin); } - /** - * The maximum amount of time a user has to complete login related actions, such as updating a password. - * - */ @Import(name="accessCodeLifespanUserAction") private @Nullable Output accessCodeLifespanUserAction; - /** - * @return The maximum amount of time a user has to complete login related actions, such as updating a password. - * - */ public Optional> accessCodeLifespanUserAction() { return Optional.ofNullable(this.accessCodeLifespanUserAction); } - /** - * The amount of time an access token can be used before it expires. - * - */ @Import(name="accessTokenLifespan") private @Nullable Output accessTokenLifespan; - /** - * @return The amount of time an access token can be used before it expires. - * - */ public Optional> accessTokenLifespan() { return Optional.ofNullable(this.accessTokenLifespan); } - /** - * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - */ @Import(name="accessTokenLifespanForImplicitFlow") private @Nullable Output accessTokenLifespanForImplicitFlow; - /** - * @return The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - */ public Optional> accessTokenLifespanForImplicitFlow() { return Optional.ofNullable(this.accessTokenLifespanForImplicitFlow); } - /** - * Used for account management pages. - * - */ @Import(name="accountTheme") private @Nullable Output accountTheme; - /** - * @return Used for account management pages. - * - */ public Optional> accountTheme() { return Optional.ofNullable(this.accountTheme); } - /** - * The maximum time a user has to use an admin-generated permit before it expires. - * - */ @Import(name="actionTokenGeneratedByAdminLifespan") private @Nullable Output actionTokenGeneratedByAdminLifespan; - /** - * @return The maximum time a user has to use an admin-generated permit before it expires. - * - */ public Optional> actionTokenGeneratedByAdminLifespan() { return Optional.ofNullable(this.actionTokenGeneratedByAdminLifespan); } - /** - * The maximum time a user has to use a user-generated permit before it expires. - * - */ @Import(name="actionTokenGeneratedByUserLifespan") private @Nullable Output actionTokenGeneratedByUserLifespan; - /** - * @return The maximum time a user has to use a user-generated permit before it expires. - * - */ public Optional> actionTokenGeneratedByUserLifespan() { return Optional.ofNullable(this.actionTokenGeneratedByUserLifespan); } - /** - * Used for the admin console. - * - */ @Import(name="adminTheme") private @Nullable Output adminTheme; - /** - * @return Used for the admin console. - * - */ public Optional> adminTheme() { return Optional.ofNullable(this.adminTheme); } - /** - * A map of custom attributes to add to the realm. - * - */ @Import(name="attributes") private @Nullable Output> attributes; - /** - * @return A map of custom attributes to add to the realm. - * - */ public Optional>> attributes() { return Optional.ofNullable(this.attributes); } /** - * The desired flow for browser authentication. Defaults to `browser`. + * Which flow should be used for BrowserFlow * */ @Import(name="browserFlow") private @Nullable Output browserFlow; /** - * @return The desired flow for browser authentication. Defaults to `browser`. + * @return Which flow should be used for BrowserFlow * */ public Optional> browserFlow() { @@ -193,46 +113,30 @@ public Optional> browserFlow() { } /** - * The desired flow for client authentication. Defaults to `clients`. + * Which flow should be used for ClientAuthenticationFlow * */ @Import(name="clientAuthenticationFlow") private @Nullable Output clientAuthenticationFlow; /** - * @return The desired flow for client authentication. Defaults to `clients`. + * @return Which flow should be used for ClientAuthenticationFlow * */ public Optional> clientAuthenticationFlow() { return Optional.ofNullable(this.clientAuthenticationFlow); } - /** - * The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - */ @Import(name="clientSessionIdleTimeout") private @Nullable Output clientSessionIdleTimeout; - /** - * @return The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - */ public Optional> clientSessionIdleTimeout() { return Optional.ofNullable(this.clientSessionIdleTimeout); } - /** - * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - */ @Import(name="clientSessionMaxLifespan") private @Nullable Output clientSessionMaxLifespan; - /** - * @return The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - */ public Optional> clientSessionMaxLifespan() { return Optional.ofNullable(this.clientSessionMaxLifespan); } @@ -251,152 +155,88 @@ public Optional>> defaultOptionalClientScopes() { return Optional.ofNullable(this.defaultOptionalClientScopes); } - /** - * Default algorithm used to sign tokens for the realm. - * - */ @Import(name="defaultSignatureAlgorithm") private @Nullable Output defaultSignatureAlgorithm; - /** - * @return Default algorithm used to sign tokens for the realm. - * - */ public Optional> defaultSignatureAlgorithm() { return Optional.ofNullable(this.defaultSignatureAlgorithm); } /** - * The desired flow for direct access authentication. Defaults to `direct grant`. + * Which flow should be used for DirectGrantFlow * */ @Import(name="directGrantFlow") private @Nullable Output directGrantFlow; /** - * @return The desired flow for direct access authentication. Defaults to `direct grant`. + * @return Which flow should be used for DirectGrantFlow * */ public Optional> directGrantFlow() { return Optional.ofNullable(this.directGrantFlow); } - /** - * The display name for the realm that is shown when logging in to the admin console. - * - */ @Import(name="displayName") private @Nullable Output displayName; - /** - * @return The display name for the realm that is shown when logging in to the admin console. - * - */ public Optional> displayName() { return Optional.ofNullable(this.displayName); } - /** - * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - */ @Import(name="displayNameHtml") private @Nullable Output displayNameHtml; - /** - * @return The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - */ public Optional> displayNameHtml() { return Optional.ofNullable(this.displayNameHtml); } /** - * The desired flow for Docker authentication. Defaults to `docker auth`. + * Which flow should be used for DockerAuthenticationFlow * */ @Import(name="dockerAuthenticationFlow") private @Nullable Output dockerAuthenticationFlow; /** - * @return The desired flow for Docker authentication. Defaults to `docker auth`. + * @return Which flow should be used for DockerAuthenticationFlow * */ public Optional> dockerAuthenticationFlow() { return Optional.ofNullable(this.dockerAuthenticationFlow); } - /** - * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - */ @Import(name="duplicateEmailsAllowed") private @Nullable Output duplicateEmailsAllowed; - /** - * @return When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - */ public Optional> duplicateEmailsAllowed() { return Optional.ofNullable(this.duplicateEmailsAllowed); } - /** - * When true, the username field is editable. - * - */ @Import(name="editUsernameAllowed") private @Nullable Output editUsernameAllowed; - /** - * @return When true, the username field is editable. - * - */ public Optional> editUsernameAllowed() { return Optional.ofNullable(this.editUsernameAllowed); } - /** - * Used for emails that are sent by Keycloak. - * - */ @Import(name="emailTheme") private @Nullable Output emailTheme; - /** - * @return Used for emails that are sent by Keycloak. - * - */ public Optional> emailTheme() { return Optional.ofNullable(this.emailTheme); } - /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - */ @Import(name="enabled") private @Nullable Output enabled; - /** - * @return When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - */ public Optional> enabled() { return Optional.ofNullable(this.enabled); } - /** - * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - */ @Import(name="internalId") private @Nullable Output internalId; - /** - * @return When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - */ public Optional> internalId() { return Optional.ofNullable(this.internalId); } @@ -408,111 +248,51 @@ public Optional> internationalization() { return Optional.ofNullable(this.internationalization); } - /** - * Used for the login, forgot password, and registration pages. - * - */ @Import(name="loginTheme") private @Nullable Output loginTheme; - /** - * @return Used for the login, forgot password, and registration pages. - * - */ public Optional> loginTheme() { return Optional.ofNullable(this.loginTheme); } - /** - * When true, users may log in with their email address. - * - */ @Import(name="loginWithEmailAllowed") private @Nullable Output loginWithEmailAllowed; - /** - * @return When true, users may log in with their email address. - * - */ public Optional> loginWithEmailAllowed() { return Optional.ofNullable(this.loginWithEmailAllowed); } - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - */ @Import(name="oauth2DeviceCodeLifespan") private @Nullable Output oauth2DeviceCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - */ public Optional> oauth2DeviceCodeLifespan() { return Optional.ofNullable(this.oauth2DeviceCodeLifespan); } - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ @Import(name="oauth2DevicePollingInterval") private @Nullable Output oauth2DevicePollingInterval; - /** - * @return The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ public Optional> oauth2DevicePollingInterval() { return Optional.ofNullable(this.oauth2DevicePollingInterval); } - /** - * The amount of time an offline session can be idle before it expires. - * - */ @Import(name="offlineSessionIdleTimeout") private @Nullable Output offlineSessionIdleTimeout; - /** - * @return The amount of time an offline session can be idle before it expires. - * - */ public Optional> offlineSessionIdleTimeout() { return Optional.ofNullable(this.offlineSessionIdleTimeout); } - /** - * The maximum amount of time before an offline session expires regardless of activity. - * - */ @Import(name="offlineSessionMaxLifespan") private @Nullable Output offlineSessionMaxLifespan; - /** - * @return The maximum amount of time before an offline session expires regardless of activity. - * - */ public Optional> offlineSessionMaxLifespan() { return Optional.ofNullable(this.offlineSessionMaxLifespan); } - /** - * Enable `offline_session_max_lifespan`. - * - */ @Import(name="offlineSessionMaxLifespanEnabled") private @Nullable Output offlineSessionMaxLifespanEnabled; - /** - * @return Enable `offline_session_max_lifespan`. - * - */ public Optional> offlineSessionMaxLifespanEnabled() { return Optional.ofNullable(this.offlineSessionMaxLifespanEnabled); } @@ -525,159 +305,99 @@ public Optional> otpPolicy() { } /** - * The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * */ @Import(name="passwordPolicy") private @Nullable Output passwordPolicy; /** - * @return The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * @return String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * */ public Optional> passwordPolicy() { return Optional.ofNullable(this.passwordPolicy); } - /** - * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - */ @Import(name="realm", required=true) private Output realm; - /** - * @return The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - */ public Output realm() { return this.realm; } - /** - * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - */ @Import(name="refreshTokenMaxReuse") private @Nullable Output refreshTokenMaxReuse; - /** - * @return Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - */ public Optional> refreshTokenMaxReuse() { return Optional.ofNullable(this.refreshTokenMaxReuse); } - /** - * When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - */ @Import(name="registrationAllowed") private @Nullable Output registrationAllowed; - /** - * @return When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - */ public Optional> registrationAllowed() { return Optional.ofNullable(this.registrationAllowed); } - /** - * When true, the user's email will be used as their username during registration. - * - */ @Import(name="registrationEmailAsUsername") private @Nullable Output registrationEmailAsUsername; - /** - * @return When true, the user's email will be used as their username during registration. - * - */ public Optional> registrationEmailAsUsername() { return Optional.ofNullable(this.registrationEmailAsUsername); } /** - * The desired flow for user registration. Defaults to `registration`. + * Which flow should be used for RegistrationFlow * */ @Import(name="registrationFlow") private @Nullable Output registrationFlow; /** - * @return The desired flow for user registration. Defaults to `registration`. + * @return Which flow should be used for RegistrationFlow * */ public Optional> registrationFlow() { return Optional.ofNullable(this.registrationFlow); } - /** - * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - */ @Import(name="rememberMe") private @Nullable Output rememberMe; - /** - * @return When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - */ public Optional> rememberMe() { return Optional.ofNullable(this.rememberMe); } /** - * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * Which flow should be used for ResetCredentialsFlow * */ @Import(name="resetCredentialsFlow") private @Nullable Output resetCredentialsFlow; /** - * @return The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * @return Which flow should be used for ResetCredentialsFlow * */ public Optional> resetCredentialsFlow() { return Optional.ofNullable(this.resetCredentialsFlow); } - /** - * When true, a "forgot password" link will be displayed on the login page. - * - */ @Import(name="resetPasswordAllowed") private @Nullable Output resetPasswordAllowed; - /** - * @return When true, a "forgot password" link will be displayed on the login page. - * - */ public Optional> resetPasswordAllowed() { return Optional.ofNullable(this.resetPasswordAllowed); } - /** - * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - */ @Import(name="revokeRefreshToken") private @Nullable Output revokeRefreshToken; - /** - * @return If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - */ public Optional> revokeRefreshToken() { return Optional.ofNullable(this.revokeRefreshToken); } @@ -697,140 +417,72 @@ public Optional> smtpServer() { } /** - * Can be one of following values: 'none, 'external' or 'all' + * SSL Required: Values can be 'none', 'external' or 'all'. * */ @Import(name="sslRequired") private @Nullable Output sslRequired; /** - * @return Can be one of following values: 'none, 'external' or 'all' + * @return SSL Required: Values can be 'none', 'external' or 'all'. * */ public Optional> sslRequired() { return Optional.ofNullable(this.sslRequired); } - /** - * The amount of time a session can be idle before it expires. - * - */ @Import(name="ssoSessionIdleTimeout") private @Nullable Output ssoSessionIdleTimeout; - /** - * @return The amount of time a session can be idle before it expires. - * - */ public Optional> ssoSessionIdleTimeout() { return Optional.ofNullable(this.ssoSessionIdleTimeout); } - /** - * Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - */ @Import(name="ssoSessionIdleTimeoutRememberMe") private @Nullable Output ssoSessionIdleTimeoutRememberMe; - /** - * @return Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - */ public Optional> ssoSessionIdleTimeoutRememberMe() { return Optional.ofNullable(this.ssoSessionIdleTimeoutRememberMe); } - /** - * The maximum amount of time before a session expires regardless of activity. - * - */ @Import(name="ssoSessionMaxLifespan") private @Nullable Output ssoSessionMaxLifespan; - /** - * @return The maximum amount of time before a session expires regardless of activity. - * - */ public Optional> ssoSessionMaxLifespan() { return Optional.ofNullable(this.ssoSessionMaxLifespan); } - /** - * Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - */ @Import(name="ssoSessionMaxLifespanRememberMe") private @Nullable Output ssoSessionMaxLifespanRememberMe; - /** - * @return Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - */ public Optional> ssoSessionMaxLifespanRememberMe() { return Optional.ofNullable(this.ssoSessionMaxLifespanRememberMe); } - /** - * When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - */ @Import(name="userManagedAccess") private @Nullable Output userManagedAccess; - /** - * @return When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - */ public Optional> userManagedAccess() { return Optional.ofNullable(this.userManagedAccess); } - /** - * When true, users are required to verify their email address after registration and after email address changes. - * - */ @Import(name="verifyEmail") private @Nullable Output verifyEmail; - /** - * @return When true, users are required to verify their email address after registration and after email address changes. - * - */ public Optional> verifyEmail() { return Optional.ofNullable(this.verifyEmail); } - /** - * Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - */ @Import(name="webAuthnPasswordlessPolicy") private @Nullable Output webAuthnPasswordlessPolicy; - /** - * @return Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - */ public Optional> webAuthnPasswordlessPolicy() { return Optional.ofNullable(this.webAuthnPasswordlessPolicy); } - /** - * Configuration for WebAuthn Policy authentication. - * - */ @Import(name="webAuthnPolicy") private @Nullable Output webAuthnPolicy; - /** - * @return Configuration for WebAuthn Policy authentication. - * - */ public Optional> webAuthnPolicy() { return Optional.ofNullable(this.webAuthnPolicy); } @@ -914,218 +566,98 @@ public Builder(RealmArgs defaults) { $ = new RealmArgs(Objects.requireNonNull(defaults)); } - /** - * @param accessCodeLifespan The maximum amount of time a client has to finish the authorization code flow. - * - * @return builder - * - */ public Builder accessCodeLifespan(@Nullable Output accessCodeLifespan) { $.accessCodeLifespan = accessCodeLifespan; return this; } - /** - * @param accessCodeLifespan The maximum amount of time a client has to finish the authorization code flow. - * - * @return builder - * - */ public Builder accessCodeLifespan(String accessCodeLifespan) { return accessCodeLifespan(Output.of(accessCodeLifespan)); } - /** - * @param accessCodeLifespanLogin The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - * @return builder - * - */ public Builder accessCodeLifespanLogin(@Nullable Output accessCodeLifespanLogin) { $.accessCodeLifespanLogin = accessCodeLifespanLogin; return this; } - /** - * @param accessCodeLifespanLogin The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - * @return builder - * - */ public Builder accessCodeLifespanLogin(String accessCodeLifespanLogin) { return accessCodeLifespanLogin(Output.of(accessCodeLifespanLogin)); } - /** - * @param accessCodeLifespanUserAction The maximum amount of time a user has to complete login related actions, such as updating a password. - * - * @return builder - * - */ public Builder accessCodeLifespanUserAction(@Nullable Output accessCodeLifespanUserAction) { $.accessCodeLifespanUserAction = accessCodeLifespanUserAction; return this; } - /** - * @param accessCodeLifespanUserAction The maximum amount of time a user has to complete login related actions, such as updating a password. - * - * @return builder - * - */ public Builder accessCodeLifespanUserAction(String accessCodeLifespanUserAction) { return accessCodeLifespanUserAction(Output.of(accessCodeLifespanUserAction)); } - /** - * @param accessTokenLifespan The amount of time an access token can be used before it expires. - * - * @return builder - * - */ public Builder accessTokenLifespan(@Nullable Output accessTokenLifespan) { $.accessTokenLifespan = accessTokenLifespan; return this; } - /** - * @param accessTokenLifespan The amount of time an access token can be used before it expires. - * - * @return builder - * - */ public Builder accessTokenLifespan(String accessTokenLifespan) { return accessTokenLifespan(Output.of(accessTokenLifespan)); } - /** - * @param accessTokenLifespanForImplicitFlow The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - * @return builder - * - */ public Builder accessTokenLifespanForImplicitFlow(@Nullable Output accessTokenLifespanForImplicitFlow) { $.accessTokenLifespanForImplicitFlow = accessTokenLifespanForImplicitFlow; return this; } - /** - * @param accessTokenLifespanForImplicitFlow The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - * @return builder - * - */ public Builder accessTokenLifespanForImplicitFlow(String accessTokenLifespanForImplicitFlow) { return accessTokenLifespanForImplicitFlow(Output.of(accessTokenLifespanForImplicitFlow)); } - /** - * @param accountTheme Used for account management pages. - * - * @return builder - * - */ public Builder accountTheme(@Nullable Output accountTheme) { $.accountTheme = accountTheme; return this; } - /** - * @param accountTheme Used for account management pages. - * - * @return builder - * - */ public Builder accountTheme(String accountTheme) { return accountTheme(Output.of(accountTheme)); } - /** - * @param actionTokenGeneratedByAdminLifespan The maximum time a user has to use an admin-generated permit before it expires. - * - * @return builder - * - */ public Builder actionTokenGeneratedByAdminLifespan(@Nullable Output actionTokenGeneratedByAdminLifespan) { $.actionTokenGeneratedByAdminLifespan = actionTokenGeneratedByAdminLifespan; return this; } - /** - * @param actionTokenGeneratedByAdminLifespan The maximum time a user has to use an admin-generated permit before it expires. - * - * @return builder - * - */ public Builder actionTokenGeneratedByAdminLifespan(String actionTokenGeneratedByAdminLifespan) { return actionTokenGeneratedByAdminLifespan(Output.of(actionTokenGeneratedByAdminLifespan)); } - /** - * @param actionTokenGeneratedByUserLifespan The maximum time a user has to use a user-generated permit before it expires. - * - * @return builder - * - */ public Builder actionTokenGeneratedByUserLifespan(@Nullable Output actionTokenGeneratedByUserLifespan) { $.actionTokenGeneratedByUserLifespan = actionTokenGeneratedByUserLifespan; return this; } - /** - * @param actionTokenGeneratedByUserLifespan The maximum time a user has to use a user-generated permit before it expires. - * - * @return builder - * - */ public Builder actionTokenGeneratedByUserLifespan(String actionTokenGeneratedByUserLifespan) { return actionTokenGeneratedByUserLifespan(Output.of(actionTokenGeneratedByUserLifespan)); } - /** - * @param adminTheme Used for the admin console. - * - * @return builder - * - */ public Builder adminTheme(@Nullable Output adminTheme) { $.adminTheme = adminTheme; return this; } - /** - * @param adminTheme Used for the admin console. - * - * @return builder - * - */ public Builder adminTheme(String adminTheme) { return adminTheme(Output.of(adminTheme)); } - /** - * @param attributes A map of custom attributes to add to the realm. - * - * @return builder - * - */ public Builder attributes(@Nullable Output> attributes) { $.attributes = attributes; return this; } - /** - * @param attributes A map of custom attributes to add to the realm. - * - * @return builder - * - */ public Builder attributes(Map attributes) { return attributes(Output.of(attributes)); } /** - * @param browserFlow The desired flow for browser authentication. Defaults to `browser`. + * @param browserFlow Which flow should be used for BrowserFlow * * @return builder * @@ -1136,7 +668,7 @@ public Builder browserFlow(@Nullable Output browserFlow) { } /** - * @param browserFlow The desired flow for browser authentication. Defaults to `browser`. + * @param browserFlow Which flow should be used for BrowserFlow * * @return builder * @@ -1146,7 +678,7 @@ public Builder browserFlow(String browserFlow) { } /** - * @param clientAuthenticationFlow The desired flow for client authentication. Defaults to `clients`. + * @param clientAuthenticationFlow Which flow should be used for ClientAuthenticationFlow * * @return builder * @@ -1157,7 +689,7 @@ public Builder clientAuthenticationFlow(@Nullable Output clientAuthentic } /** - * @param clientAuthenticationFlow The desired flow for client authentication. Defaults to `clients`. + * @param clientAuthenticationFlow Which flow should be used for ClientAuthenticationFlow * * @return builder * @@ -1166,44 +698,20 @@ public Builder clientAuthenticationFlow(String clientAuthenticationFlow) { return clientAuthenticationFlow(Output.of(clientAuthenticationFlow)); } - /** - * @param clientSessionIdleTimeout The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - * @return builder - * - */ public Builder clientSessionIdleTimeout(@Nullable Output clientSessionIdleTimeout) { $.clientSessionIdleTimeout = clientSessionIdleTimeout; return this; } - /** - * @param clientSessionIdleTimeout The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - * @return builder - * - */ public Builder clientSessionIdleTimeout(String clientSessionIdleTimeout) { return clientSessionIdleTimeout(Output.of(clientSessionIdleTimeout)); } - /** - * @param clientSessionMaxLifespan The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - * @return builder - * - */ public Builder clientSessionMaxLifespan(@Nullable Output clientSessionMaxLifespan) { $.clientSessionMaxLifespan = clientSessionMaxLifespan; return this; } - /** - * @param clientSessionMaxLifespan The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - * @return builder - * - */ public Builder clientSessionMaxLifespan(String clientSessionMaxLifespan) { return clientSessionMaxLifespan(Output.of(clientSessionMaxLifespan)); } @@ -1234,29 +742,17 @@ public Builder defaultOptionalClientScopes(String... defaultOptionalClientScopes return defaultOptionalClientScopes(List.of(defaultOptionalClientScopes)); } - /** - * @param defaultSignatureAlgorithm Default algorithm used to sign tokens for the realm. - * - * @return builder - * - */ public Builder defaultSignatureAlgorithm(@Nullable Output defaultSignatureAlgorithm) { $.defaultSignatureAlgorithm = defaultSignatureAlgorithm; return this; } - /** - * @param defaultSignatureAlgorithm Default algorithm used to sign tokens for the realm. - * - * @return builder - * - */ public Builder defaultSignatureAlgorithm(String defaultSignatureAlgorithm) { return defaultSignatureAlgorithm(Output.of(defaultSignatureAlgorithm)); } /** - * @param directGrantFlow The desired flow for direct access authentication. Defaults to `direct grant`. + * @param directGrantFlow Which flow should be used for DirectGrantFlow * * @return builder * @@ -1267,7 +763,7 @@ public Builder directGrantFlow(@Nullable Output directGrantFlow) { } /** - * @param directGrantFlow The desired flow for direct access authentication. Defaults to `direct grant`. + * @param directGrantFlow Which flow should be used for DirectGrantFlow * * @return builder * @@ -1276,50 +772,26 @@ public Builder directGrantFlow(String directGrantFlow) { return directGrantFlow(Output.of(directGrantFlow)); } - /** - * @param displayName The display name for the realm that is shown when logging in to the admin console. - * - * @return builder - * - */ public Builder displayName(@Nullable Output displayName) { $.displayName = displayName; return this; } - /** - * @param displayName The display name for the realm that is shown when logging in to the admin console. - * - * @return builder - * - */ public Builder displayName(String displayName) { return displayName(Output.of(displayName)); } - /** - * @param displayNameHtml The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - * @return builder - * - */ public Builder displayNameHtml(@Nullable Output displayNameHtml) { $.displayNameHtml = displayNameHtml; return this; } - /** - * @param displayNameHtml The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - * @return builder - * - */ public Builder displayNameHtml(String displayNameHtml) { return displayNameHtml(Output.of(displayNameHtml)); } /** - * @param dockerAuthenticationFlow The desired flow for Docker authentication. Defaults to `docker auth`. + * @param dockerAuthenticationFlow Which flow should be used for DockerAuthenticationFlow * * @return builder * @@ -1330,7 +802,7 @@ public Builder dockerAuthenticationFlow(@Nullable Output dockerAuthentic } /** - * @param dockerAuthenticationFlow The desired flow for Docker authentication. Defaults to `docker auth`. + * @param dockerAuthenticationFlow Which flow should be used for DockerAuthenticationFlow * * @return builder * @@ -1339,107 +811,47 @@ public Builder dockerAuthenticationFlow(String dockerAuthenticationFlow) { return dockerAuthenticationFlow(Output.of(dockerAuthenticationFlow)); } - /** - * @param duplicateEmailsAllowed When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - * @return builder - * - */ public Builder duplicateEmailsAllowed(@Nullable Output duplicateEmailsAllowed) { $.duplicateEmailsAllowed = duplicateEmailsAllowed; return this; } - /** - * @param duplicateEmailsAllowed When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - * @return builder - * - */ public Builder duplicateEmailsAllowed(Boolean duplicateEmailsAllowed) { return duplicateEmailsAllowed(Output.of(duplicateEmailsAllowed)); } - /** - * @param editUsernameAllowed When true, the username field is editable. - * - * @return builder - * - */ public Builder editUsernameAllowed(@Nullable Output editUsernameAllowed) { $.editUsernameAllowed = editUsernameAllowed; return this; } - /** - * @param editUsernameAllowed When true, the username field is editable. - * - * @return builder - * - */ public Builder editUsernameAllowed(Boolean editUsernameAllowed) { return editUsernameAllowed(Output.of(editUsernameAllowed)); } - /** - * @param emailTheme Used for emails that are sent by Keycloak. - * - * @return builder - * - */ public Builder emailTheme(@Nullable Output emailTheme) { $.emailTheme = emailTheme; return this; } - /** - * @param emailTheme Used for emails that are sent by Keycloak. - * - * @return builder - * - */ public Builder emailTheme(String emailTheme) { return emailTheme(Output.of(emailTheme)); } - /** - * @param enabled When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(@Nullable Output enabled) { $.enabled = enabled; return this; } - /** - * @param enabled When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(Boolean enabled) { return enabled(Output.of(enabled)); } - /** - * @param internalId When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - * @return builder - * - */ public Builder internalId(@Nullable Output internalId) { $.internalId = internalId; return this; } - /** - * @param internalId When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - * @return builder - * - */ public Builder internalId(String internalId) { return internalId(Output.of(internalId)); } @@ -1453,153 +865,65 @@ public Builder internationalization(RealmInternationalizationArgs internationali return internationalization(Output.of(internationalization)); } - /** - * @param loginTheme Used for the login, forgot password, and registration pages. - * - * @return builder - * - */ public Builder loginTheme(@Nullable Output loginTheme) { $.loginTheme = loginTheme; return this; } - /** - * @param loginTheme Used for the login, forgot password, and registration pages. - * - * @return builder - * - */ public Builder loginTheme(String loginTheme) { return loginTheme(Output.of(loginTheme)); } - /** - * @param loginWithEmailAllowed When true, users may log in with their email address. - * - * @return builder - * - */ public Builder loginWithEmailAllowed(@Nullable Output loginWithEmailAllowed) { $.loginWithEmailAllowed = loginWithEmailAllowed; return this; } - /** - * @param loginWithEmailAllowed When true, users may log in with their email address. - * - * @return builder - * - */ public Builder loginWithEmailAllowed(Boolean loginWithEmailAllowed) { return loginWithEmailAllowed(Output.of(loginWithEmailAllowed)); } - /** - * @param oauth2DeviceCodeLifespan The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - * @return builder - * - */ public Builder oauth2DeviceCodeLifespan(@Nullable Output oauth2DeviceCodeLifespan) { $.oauth2DeviceCodeLifespan = oauth2DeviceCodeLifespan; return this; } - /** - * @param oauth2DeviceCodeLifespan The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - * @return builder - * - */ public Builder oauth2DeviceCodeLifespan(String oauth2DeviceCodeLifespan) { return oauth2DeviceCodeLifespan(Output.of(oauth2DeviceCodeLifespan)); } - /** - * @param oauth2DevicePollingInterval The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - * @return builder - * - */ public Builder oauth2DevicePollingInterval(@Nullable Output oauth2DevicePollingInterval) { $.oauth2DevicePollingInterval = oauth2DevicePollingInterval; return this; } - /** - * @param oauth2DevicePollingInterval The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - * @return builder - * - */ public Builder oauth2DevicePollingInterval(Integer oauth2DevicePollingInterval) { return oauth2DevicePollingInterval(Output.of(oauth2DevicePollingInterval)); } - /** - * @param offlineSessionIdleTimeout The amount of time an offline session can be idle before it expires. - * - * @return builder - * - */ public Builder offlineSessionIdleTimeout(@Nullable Output offlineSessionIdleTimeout) { $.offlineSessionIdleTimeout = offlineSessionIdleTimeout; return this; } - /** - * @param offlineSessionIdleTimeout The amount of time an offline session can be idle before it expires. - * - * @return builder - * - */ public Builder offlineSessionIdleTimeout(String offlineSessionIdleTimeout) { return offlineSessionIdleTimeout(Output.of(offlineSessionIdleTimeout)); } - /** - * @param offlineSessionMaxLifespan The maximum amount of time before an offline session expires regardless of activity. - * - * @return builder - * - */ public Builder offlineSessionMaxLifespan(@Nullable Output offlineSessionMaxLifespan) { $.offlineSessionMaxLifespan = offlineSessionMaxLifespan; return this; } - /** - * @param offlineSessionMaxLifespan The maximum amount of time before an offline session expires regardless of activity. - * - * @return builder - * - */ public Builder offlineSessionMaxLifespan(String offlineSessionMaxLifespan) { return offlineSessionMaxLifespan(Output.of(offlineSessionMaxLifespan)); } - /** - * @param offlineSessionMaxLifespanEnabled Enable `offline_session_max_lifespan`. - * - * @return builder - * - */ public Builder offlineSessionMaxLifespanEnabled(@Nullable Output offlineSessionMaxLifespanEnabled) { $.offlineSessionMaxLifespanEnabled = offlineSessionMaxLifespanEnabled; return this; } - /** - * @param offlineSessionMaxLifespanEnabled Enable `offline_session_max_lifespan`. - * - * @return builder - * - */ public Builder offlineSessionMaxLifespanEnabled(Boolean offlineSessionMaxLifespanEnabled) { return offlineSessionMaxLifespanEnabled(Output.of(offlineSessionMaxLifespanEnabled)); } @@ -1614,9 +938,9 @@ public Builder otpPolicy(RealmOtpPolicyArgs otpPolicy) { } /** - * @param passwordPolicy The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * @param passwordPolicy String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * * @return builder * @@ -1627,9 +951,9 @@ public Builder passwordPolicy(@Nullable Output passwordPolicy) { } /** - * @param passwordPolicy The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * @param passwordPolicy String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * * @return builder * @@ -1638,96 +962,44 @@ public Builder passwordPolicy(String passwordPolicy) { return passwordPolicy(Output.of(passwordPolicy)); } - /** - * @param realm The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - * @return builder - * - */ public Builder realm(Output realm) { $.realm = realm; return this; } - /** - * @param realm The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - * @return builder - * - */ public Builder realm(String realm) { return realm(Output.of(realm)); } - /** - * @param refreshTokenMaxReuse Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - * @return builder - * - */ public Builder refreshTokenMaxReuse(@Nullable Output refreshTokenMaxReuse) { $.refreshTokenMaxReuse = refreshTokenMaxReuse; return this; } - /** - * @param refreshTokenMaxReuse Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - * @return builder - * - */ public Builder refreshTokenMaxReuse(Integer refreshTokenMaxReuse) { return refreshTokenMaxReuse(Output.of(refreshTokenMaxReuse)); } - /** - * @param registrationAllowed When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - * @return builder - * - */ public Builder registrationAllowed(@Nullable Output registrationAllowed) { $.registrationAllowed = registrationAllowed; return this; } - /** - * @param registrationAllowed When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - * @return builder - * - */ public Builder registrationAllowed(Boolean registrationAllowed) { return registrationAllowed(Output.of(registrationAllowed)); } - /** - * @param registrationEmailAsUsername When true, the user's email will be used as their username during registration. - * - * @return builder - * - */ public Builder registrationEmailAsUsername(@Nullable Output registrationEmailAsUsername) { $.registrationEmailAsUsername = registrationEmailAsUsername; return this; } - /** - * @param registrationEmailAsUsername When true, the user's email will be used as their username during registration. - * - * @return builder - * - */ public Builder registrationEmailAsUsername(Boolean registrationEmailAsUsername) { return registrationEmailAsUsername(Output.of(registrationEmailAsUsername)); } /** - * @param registrationFlow The desired flow for user registration. Defaults to `registration`. + * @param registrationFlow Which flow should be used for RegistrationFlow * * @return builder * @@ -1738,7 +1010,7 @@ public Builder registrationFlow(@Nullable Output registrationFlow) { } /** - * @param registrationFlow The desired flow for user registration. Defaults to `registration`. + * @param registrationFlow Which flow should be used for RegistrationFlow * * @return builder * @@ -1747,29 +1019,17 @@ public Builder registrationFlow(String registrationFlow) { return registrationFlow(Output.of(registrationFlow)); } - /** - * @param rememberMe When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - * @return builder - * - */ public Builder rememberMe(@Nullable Output rememberMe) { $.rememberMe = rememberMe; return this; } - /** - * @param rememberMe When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - * @return builder - * - */ public Builder rememberMe(Boolean rememberMe) { return rememberMe(Output.of(rememberMe)); } /** - * @param resetCredentialsFlow The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * @param resetCredentialsFlow Which flow should be used for ResetCredentialsFlow * * @return builder * @@ -1780,7 +1040,7 @@ public Builder resetCredentialsFlow(@Nullable Output resetCredentialsFlo } /** - * @param resetCredentialsFlow The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * @param resetCredentialsFlow Which flow should be used for ResetCredentialsFlow * * @return builder * @@ -1789,44 +1049,20 @@ public Builder resetCredentialsFlow(String resetCredentialsFlow) { return resetCredentialsFlow(Output.of(resetCredentialsFlow)); } - /** - * @param resetPasswordAllowed When true, a "forgot password" link will be displayed on the login page. - * - * @return builder - * - */ public Builder resetPasswordAllowed(@Nullable Output resetPasswordAllowed) { $.resetPasswordAllowed = resetPasswordAllowed; return this; } - /** - * @param resetPasswordAllowed When true, a "forgot password" link will be displayed on the login page. - * - * @return builder - * - */ public Builder resetPasswordAllowed(Boolean resetPasswordAllowed) { return resetPasswordAllowed(Output.of(resetPasswordAllowed)); } - /** - * @param revokeRefreshToken If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - * @return builder - * - */ public Builder revokeRefreshToken(@Nullable Output revokeRefreshToken) { $.revokeRefreshToken = revokeRefreshToken; return this; } - /** - * @param revokeRefreshToken If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - * @return builder - * - */ public Builder revokeRefreshToken(Boolean revokeRefreshToken) { return revokeRefreshToken(Output.of(revokeRefreshToken)); } @@ -1850,7 +1086,7 @@ public Builder smtpServer(RealmSmtpServerArgs smtpServer) { } /** - * @param sslRequired Can be one of following values: 'none, 'external' or 'all' + * @param sslRequired SSL Required: Values can be 'none', 'external' or 'all'. * * @return builder * @@ -1861,7 +1097,7 @@ public Builder sslRequired(@Nullable Output sslRequired) { } /** - * @param sslRequired Can be one of following values: 'none, 'external' or 'all' + * @param sslRequired SSL Required: Values can be 'none', 'external' or 'all'. * * @return builder * @@ -1870,174 +1106,74 @@ public Builder sslRequired(String sslRequired) { return sslRequired(Output.of(sslRequired)); } - /** - * @param ssoSessionIdleTimeout The amount of time a session can be idle before it expires. - * - * @return builder - * - */ public Builder ssoSessionIdleTimeout(@Nullable Output ssoSessionIdleTimeout) { $.ssoSessionIdleTimeout = ssoSessionIdleTimeout; return this; } - /** - * @param ssoSessionIdleTimeout The amount of time a session can be idle before it expires. - * - * @return builder - * - */ public Builder ssoSessionIdleTimeout(String ssoSessionIdleTimeout) { return ssoSessionIdleTimeout(Output.of(ssoSessionIdleTimeout)); } - /** - * @param ssoSessionIdleTimeoutRememberMe Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - * @return builder - * - */ public Builder ssoSessionIdleTimeoutRememberMe(@Nullable Output ssoSessionIdleTimeoutRememberMe) { $.ssoSessionIdleTimeoutRememberMe = ssoSessionIdleTimeoutRememberMe; return this; } - /** - * @param ssoSessionIdleTimeoutRememberMe Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - * @return builder - * - */ public Builder ssoSessionIdleTimeoutRememberMe(String ssoSessionIdleTimeoutRememberMe) { return ssoSessionIdleTimeoutRememberMe(Output.of(ssoSessionIdleTimeoutRememberMe)); } - /** - * @param ssoSessionMaxLifespan The maximum amount of time before a session expires regardless of activity. - * - * @return builder - * - */ public Builder ssoSessionMaxLifespan(@Nullable Output ssoSessionMaxLifespan) { $.ssoSessionMaxLifespan = ssoSessionMaxLifespan; return this; } - /** - * @param ssoSessionMaxLifespan The maximum amount of time before a session expires regardless of activity. - * - * @return builder - * - */ public Builder ssoSessionMaxLifespan(String ssoSessionMaxLifespan) { return ssoSessionMaxLifespan(Output.of(ssoSessionMaxLifespan)); } - /** - * @param ssoSessionMaxLifespanRememberMe Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - * @return builder - * - */ public Builder ssoSessionMaxLifespanRememberMe(@Nullable Output ssoSessionMaxLifespanRememberMe) { $.ssoSessionMaxLifespanRememberMe = ssoSessionMaxLifespanRememberMe; return this; } - /** - * @param ssoSessionMaxLifespanRememberMe Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - * @return builder - * - */ public Builder ssoSessionMaxLifespanRememberMe(String ssoSessionMaxLifespanRememberMe) { return ssoSessionMaxLifespanRememberMe(Output.of(ssoSessionMaxLifespanRememberMe)); } - /** - * @param userManagedAccess When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - * @return builder - * - */ public Builder userManagedAccess(@Nullable Output userManagedAccess) { $.userManagedAccess = userManagedAccess; return this; } - /** - * @param userManagedAccess When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - * @return builder - * - */ public Builder userManagedAccess(Boolean userManagedAccess) { return userManagedAccess(Output.of(userManagedAccess)); } - /** - * @param verifyEmail When true, users are required to verify their email address after registration and after email address changes. - * - * @return builder - * - */ public Builder verifyEmail(@Nullable Output verifyEmail) { $.verifyEmail = verifyEmail; return this; } - /** - * @param verifyEmail When true, users are required to verify their email address after registration and after email address changes. - * - * @return builder - * - */ public Builder verifyEmail(Boolean verifyEmail) { return verifyEmail(Output.of(verifyEmail)); } - /** - * @param webAuthnPasswordlessPolicy Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - * @return builder - * - */ public Builder webAuthnPasswordlessPolicy(@Nullable Output webAuthnPasswordlessPolicy) { $.webAuthnPasswordlessPolicy = webAuthnPasswordlessPolicy; return this; } - /** - * @param webAuthnPasswordlessPolicy Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - * @return builder - * - */ public Builder webAuthnPasswordlessPolicy(RealmWebAuthnPasswordlessPolicyArgs webAuthnPasswordlessPolicy) { return webAuthnPasswordlessPolicy(Output.of(webAuthnPasswordlessPolicy)); } - /** - * @param webAuthnPolicy Configuration for WebAuthn Policy authentication. - * - * @return builder - * - */ public Builder webAuthnPolicy(@Nullable Output webAuthnPolicy) { $.webAuthnPolicy = webAuthnPolicy; return this; } - /** - * @param webAuthnPolicy Configuration for WebAuthn Policy authentication. - * - * @return builder - * - */ public Builder webAuthnPolicy(RealmWebAuthnPolicyArgs webAuthnPolicy) { return webAuthnPolicy(Output.of(webAuthnPolicy)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmEvents.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmEvents.java index 4d4e6f51..f689166f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmEvents.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmEvents.java @@ -18,9 +18,13 @@ import javax.annotation.Nullable; /** + * ## # keycloak.RealmEvents + * * Allows for managing Realm Events settings within Keycloak. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -45,128 +49,80 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) + * .realm("test") * .build()); * * var realmEvents = new RealmEvents("realmEvents", RealmEventsArgs.builder() - * .realmId(realm.id()) - * .eventsEnabled(true) - * .eventsExpiration(3600) - * .adminEventsEnabled(true) * .adminEventsDetailsEnabled(true) + * .adminEventsEnabled(true) * .enabledEventTypes( * "LOGIN", * "LOGOUT") + * .eventsEnabled(true) + * .eventsExpiration(3600) * .eventsListeners("jboss-logging") + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * This resource currently does not support importing. + * The following arguments are supported: + * + * - `realm_id` - (Required) The name of the realm the event settings apply to. + * - `admin_events_enabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`. + * - `admin_events_details_enabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`. + * - `events_enabled` - (Optional) When true, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. + * - `events_expiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never. + * - `enabled_event_types` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. + * - `events_listeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. * */ @ResourceType(type="keycloak:index/realmEvents:RealmEvents") public class RealmEvents extends com.pulumi.resources.CustomResource { - /** - * When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - */ @Export(name="adminEventsDetailsEnabled", refs={Boolean.class}, tree="[0]") private Output adminEventsDetailsEnabled; - /** - * @return When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - */ public Output> adminEventsDetailsEnabled() { return Codegen.optional(this.adminEventsDetailsEnabled); } - /** - * When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ @Export(name="adminEventsEnabled", refs={Boolean.class}, tree="[0]") private Output adminEventsEnabled; - /** - * @return When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ public Output> adminEventsEnabled() { return Codegen.optional(this.adminEventsEnabled); } - /** - * The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - */ @Export(name="enabledEventTypes", refs={List.class,String.class}, tree="[0,1]") private Output> enabledEventTypes; - /** - * @return The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - */ public Output>> enabledEventTypes() { return Codegen.optional(this.enabledEventTypes); } - /** - * When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ @Export(name="eventsEnabled", refs={Boolean.class}, tree="[0]") private Output eventsEnabled; - /** - * @return When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ public Output> eventsEnabled() { return Codegen.optional(this.eventsEnabled); } - /** - * The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - */ @Export(name="eventsExpiration", refs={Integer.class}, tree="[0]") private Output eventsExpiration; - /** - * @return The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - */ public Output> eventsExpiration() { return Codegen.optional(this.eventsExpiration); } - /** - * The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - */ @Export(name="eventsListeners", refs={List.class,String.class}, tree="[0,1]") private Output> eventsListeners; - /** - * @return The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - */ public Output>> eventsListeners() { return Codegen.optional(this.eventsListeners); } - /** - * The name of the realm the event settings apply to. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The name of the realm the event settings apply to. - * - */ public Output realmId() { return this.realmId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmEventsArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmEventsArgs.java index d9fec2f3..7094f69d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmEventsArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmEventsArgs.java @@ -19,107 +19,51 @@ public final class RealmEventsArgs extends com.pulumi.resources.ResourceArgs { public static final RealmEventsArgs Empty = new RealmEventsArgs(); - /** - * When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - */ @Import(name="adminEventsDetailsEnabled") private @Nullable Output adminEventsDetailsEnabled; - /** - * @return When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - */ public Optional> adminEventsDetailsEnabled() { return Optional.ofNullable(this.adminEventsDetailsEnabled); } - /** - * When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ @Import(name="adminEventsEnabled") private @Nullable Output adminEventsEnabled; - /** - * @return When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ public Optional> adminEventsEnabled() { return Optional.ofNullable(this.adminEventsEnabled); } - /** - * The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - */ @Import(name="enabledEventTypes") private @Nullable Output> enabledEventTypes; - /** - * @return The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - */ public Optional>> enabledEventTypes() { return Optional.ofNullable(this.enabledEventTypes); } - /** - * When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ @Import(name="eventsEnabled") private @Nullable Output eventsEnabled; - /** - * @return When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ public Optional> eventsEnabled() { return Optional.ofNullable(this.eventsEnabled); } - /** - * The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - */ @Import(name="eventsExpiration") private @Nullable Output eventsExpiration; - /** - * @return The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - */ public Optional> eventsExpiration() { return Optional.ofNullable(this.eventsExpiration); } - /** - * The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - */ @Import(name="eventsListeners") private @Nullable Output> eventsListeners; - /** - * @return The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - */ public Optional>> eventsListeners() { return Optional.ofNullable(this.eventsListeners); } - /** - * The name of the realm the event settings apply to. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The name of the realm the event settings apply to. - * - */ public Output realmId() { return this.realmId; } @@ -154,169 +98,73 @@ public Builder(RealmEventsArgs defaults) { $ = new RealmEventsArgs(Objects.requireNonNull(defaults)); } - /** - * @param adminEventsDetailsEnabled When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - * @return builder - * - */ public Builder adminEventsDetailsEnabled(@Nullable Output adminEventsDetailsEnabled) { $.adminEventsDetailsEnabled = adminEventsDetailsEnabled; return this; } - /** - * @param adminEventsDetailsEnabled When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - * @return builder - * - */ public Builder adminEventsDetailsEnabled(Boolean adminEventsDetailsEnabled) { return adminEventsDetailsEnabled(Output.of(adminEventsDetailsEnabled)); } - /** - * @param adminEventsEnabled When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - * @return builder - * - */ public Builder adminEventsEnabled(@Nullable Output adminEventsEnabled) { $.adminEventsEnabled = adminEventsEnabled; return this; } - /** - * @param adminEventsEnabled When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - * @return builder - * - */ public Builder adminEventsEnabled(Boolean adminEventsEnabled) { return adminEventsEnabled(Output.of(adminEventsEnabled)); } - /** - * @param enabledEventTypes The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - * @return builder - * - */ public Builder enabledEventTypes(@Nullable Output> enabledEventTypes) { $.enabledEventTypes = enabledEventTypes; return this; } - /** - * @param enabledEventTypes The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - * @return builder - * - */ public Builder enabledEventTypes(List enabledEventTypes) { return enabledEventTypes(Output.of(enabledEventTypes)); } - /** - * @param enabledEventTypes The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - * @return builder - * - */ public Builder enabledEventTypes(String... enabledEventTypes) { return enabledEventTypes(List.of(enabledEventTypes)); } - /** - * @param eventsEnabled When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - * @return builder - * - */ public Builder eventsEnabled(@Nullable Output eventsEnabled) { $.eventsEnabled = eventsEnabled; return this; } - /** - * @param eventsEnabled When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - * @return builder - * - */ public Builder eventsEnabled(Boolean eventsEnabled) { return eventsEnabled(Output.of(eventsEnabled)); } - /** - * @param eventsExpiration The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - * @return builder - * - */ public Builder eventsExpiration(@Nullable Output eventsExpiration) { $.eventsExpiration = eventsExpiration; return this; } - /** - * @param eventsExpiration The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - * @return builder - * - */ public Builder eventsExpiration(Integer eventsExpiration) { return eventsExpiration(Output.of(eventsExpiration)); } - /** - * @param eventsListeners The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - * @return builder - * - */ public Builder eventsListeners(@Nullable Output> eventsListeners) { $.eventsListeners = eventsListeners; return this; } - /** - * @param eventsListeners The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - * @return builder - * - */ public Builder eventsListeners(List eventsListeners) { return eventsListeners(Output.of(eventsListeners)); } - /** - * @param eventsListeners The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - * @return builder - * - */ public Builder eventsListeners(String... eventsListeners) { return eventsListeners(List.of(eventsListeners)); } - /** - * @param realmId The name of the realm the event settings apply to. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The name of the realm the event settings apply to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreAesGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreAesGenerated.java index ea7efb0a..dd243abb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreAesGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreAesGenerated.java @@ -22,6 +22,8 @@ * A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -60,14 +62,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreEcdsaGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreEcdsaGenerated.java index d34e5739..276f92ef 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreEcdsaGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreEcdsaGenerated.java @@ -22,6 +22,8 @@ * A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -60,14 +62,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreHmacGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreHmacGenerated.java index 7b574afd..2f923785 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreHmacGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreHmacGenerated.java @@ -22,6 +22,8 @@ * A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -61,14 +63,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreJavaGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreJavaGenerated.java index 8cc6d51c..33bd2147 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreJavaGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreJavaGenerated.java @@ -22,6 +22,8 @@ * A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -64,14 +66,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsa.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsa.java index 4f8e6531..78100344 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsa.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsa.java @@ -23,6 +23,7 @@ * * ## Example Usage * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -65,14 +66,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsaGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsaGenerated.java index d40c6007..62c25796 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsaGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsaGenerated.java @@ -22,6 +22,8 @@ * A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -61,14 +63,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java index 5b4dd33a..960c7351 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java @@ -30,6 +30,8 @@ * It can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -126,6 +128,7 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RequiredAction.java b/sdk/java/src/main/java/com/pulumi/keycloak/RequiredAction.java index 4b9b6256..00b26985 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RequiredAction.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RequiredAction.java @@ -22,6 +22,8 @@ * [Required actions](https://www.keycloak.org/docs/latest/server_admin/#con-required-actions_server_administration_guide) specify actions required before the first login of all new users. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -59,14 +61,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Authentication executions can be imported using the formats: `{{realm}}/{{alias}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/Role.java b/sdk/java/src/main/java/com/pulumi/keycloak/Role.java index feb7b8af..68d518ba 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/Role.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/Role.java @@ -18,12 +18,16 @@ import javax.annotation.Nullable; /** + * ## # keycloak.Role + * * Allows for creating and managing roles within Keycloak. * - * Roles allow you define privileges within Keycloak and map them to users and groups. + * Roles allow you define privileges within Keycloak and map them to users + * and groups. + * + * ### Example Usage (Realm role) * - * ## Example Usage - * ### Realm Role) + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -48,23 +52,23 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var realmRole = new Role("realmRole", RoleArgs.builder() - * .realmId(realm.id()) * .description("My Realm Role") - * .attributes(Map.ofEntries( - * Map.entry("key", "value"), - * Map.entry("multivalue", "value1##value2") - * )) + * .realmId(realm.id()) * .build()); * * } * } * ``` - * ### Client Role) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client role) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -91,29 +95,31 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * - * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) + * var client = new Client("client", ClientArgs.builder() + * .accessType("BEARER-ONLY") * .clientId("client") * .enabled(true) - * .accessType("CONFIDENTIAL") - * .validRedirectUris("http://localhost:8080/openid-callback") + * .realmId(realm.id()) * .build()); * * var clientRole = new Role("clientRole", RoleArgs.builder() - * .realmId(realm.id()) - * .clientId(keycloak_client.openid_client().id()) + * .clientId(keycloak_client.client().id()) * .description("My Client Role") - * .attributes(Map.of("key", "value")) + * .realmId(realm.id()) * .build()); * * } * } * ``` - * ### Composite Role) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Composite role) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -140,158 +146,112 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var createRole = new Role("createRole", RoleArgs.builder() * .realmId(realm.id()) - * .attributes(Map.of("key", "value")) * .build()); * * var readRole = new Role("readRole", RoleArgs.builder() * .realmId(realm.id()) - * .attributes(Map.of("key", "value")) * .build()); * * var updateRole = new Role("updateRole", RoleArgs.builder() * .realmId(realm.id()) - * .attributes(Map.of("key", "value")) * .build()); * * var deleteRole = new Role("deleteRole", RoleArgs.builder() * .realmId(realm.id()) - * .attributes(Map.of("key", "value")) * .build()); * - * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) + * var client = new Client("client", ClientArgs.builder() + * .accessType("BEARER-ONLY") * .clientId("client") * .enabled(true) - * .accessType("CONFIDENTIAL") - * .validRedirectUris("http://localhost:8080/openid-callback") + * .realmId(realm.id()) * .build()); * * var clientRole = new Role("clientRole", RoleArgs.builder() - * .realmId(realm.id()) - * .clientId(keycloak_client.openid_client().id()) + * .clientId(keycloak_client.client().id()) * .description("My Client Role") - * .attributes(Map.of("key", "value")) + * .realmId(realm.id()) * .build()); * * var adminRole = new Role("adminRole", RoleArgs.builder() - * .realmId(realm.id()) * .compositeRoles( - * createRole.id(), - * readRole.id(), - * updateRole.id(), - * deleteRole.id(), - * clientRole.id()) - * .attributes(Map.of("key", "value")) + * "{keycloak_role.create_role.id}", + * "{keycloak_role.read_role.id}", + * "{keycloak_role.update_role.id}", + * "{keycloak_role.delete_role.id}", + * "{keycloak_role.client_role.id}") + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns + * The following arguments are supported: * - * to the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role. + * - `realm_id` - (Required) The realm this role exists within. + * - `client_id` - (Optional) When specified, this role will be created as + * a client role attached to the client with the provided ID + * - `name` - (Required) The name of the role + * - `description` - (Optional) The description of the role + * - `composite_roles` - (Optional) When specified, this role will be a + * composite role, composed of all roles that have an ID present within + * this list. * - * Example: + * ### Import * - * bash + * Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where + * `role_id` is the unique ID that Keycloak assigns to the role. The ID is + * not easy to find in the GUI, but it appears in the URL when editing the + * role. * - * ```sh - * $ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad - * ``` + * Example: * */ @ResourceType(type="keycloak:index/role:Role") public class Role extends com.pulumi.resources.CustomResource { - /** - * A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Export(name="attributes", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") private Output> attributes; - /** - * @return A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Output>> attributes() { return Codegen.optional(this.attributes); } - /** - * When specified, this role will be created as a client role attached to the client with the provided ID - * - */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; - /** - * @return When specified, this role will be created as a client role attached to the client with the provided ID - * - */ public Output> clientId() { return Codegen.optional(this.clientId); } - /** - * When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - */ @Export(name="compositeRoles", refs={List.class,String.class}, tree="[0,1]") private Output> compositeRoles; - /** - * @return When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - */ public Output>> compositeRoles() { return Codegen.optional(this.compositeRoles); } - /** - * The description of the role - * - */ @Export(name="description", refs={String.class}, tree="[0]") private Output description; - /** - * @return The description of the role - * - */ public Output> description() { return Codegen.optional(this.description); } - /** - * The name of the role - * - */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; - /** - * @return The name of the role - * - */ public Output name() { return this.name; } - /** - * The realm this role exists within. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this role exists within. - * - */ public Output realmId() { return this.realmId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RoleArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/RoleArgs.java index ba23e2fe..09539905 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RoleArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RoleArgs.java @@ -19,92 +19,44 @@ public final class RoleArgs extends com.pulumi.resources.ResourceArgs { public static final RoleArgs Empty = new RoleArgs(); - /** - * A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Import(name="attributes") private @Nullable Output> attributes; - /** - * @return A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Optional>> attributes() { return Optional.ofNullable(this.attributes); } - /** - * When specified, this role will be created as a client role attached to the client with the provided ID - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return When specified, this role will be created as a client role attached to the client with the provided ID - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - */ @Import(name="compositeRoles") private @Nullable Output> compositeRoles; - /** - * @return When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - */ public Optional>> compositeRoles() { return Optional.ofNullable(this.compositeRoles); } - /** - * The description of the role - * - */ @Import(name="description") private @Nullable Output description; - /** - * @return The description of the role - * - */ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * The name of the role - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The name of the role - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The realm this role exists within. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this role exists within. - * - */ public Output realmId() { return this.realmId; } @@ -138,138 +90,60 @@ public Builder(RoleArgs defaults) { $ = new RoleArgs(Objects.requireNonNull(defaults)); } - /** - * @param attributes A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(@Nullable Output> attributes) { $.attributes = attributes; return this; } - /** - * @param attributes A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(Map attributes) { return attributes(Output.of(attributes)); } - /** - * @param clientId When specified, this role will be created as a client role attached to the client with the provided ID - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId When specified, this role will be created as a client role attached to the client with the provided ID - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param compositeRoles When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - * @return builder - * - */ public Builder compositeRoles(@Nullable Output> compositeRoles) { $.compositeRoles = compositeRoles; return this; } - /** - * @param compositeRoles When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - * @return builder - * - */ public Builder compositeRoles(List compositeRoles) { return compositeRoles(Output.of(compositeRoles)); } - /** - * @param compositeRoles When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - * @return builder - * - */ public Builder compositeRoles(String... compositeRoles) { return compositeRoles(List.of(compositeRoles)); } - /** - * @param description The description of the role - * - * @return builder - * - */ public Builder description(@Nullable Output description) { $.description = description; return this; } - /** - * @param description The description of the role - * - * @return builder - * - */ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param name The name of the role - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The name of the role - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this role exists within. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this role exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/User.java b/sdk/java/src/main/java/com/pulumi/keycloak/User.java index e1f686a0..e5b9bb20 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/User.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/User.java @@ -21,13 +21,17 @@ import javax.annotation.Nullable; /** + * ## # keycloak.User + * * Allows for creating and managing Users within Keycloak. * - * This resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource. Creating users within - * Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers - * or identity providers. + * This resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource. + * Creating users within Keycloak is not recommended. Instead, users should be federated from external sources + * by configuring user federation providers or identity providers. + * + * ### Example Usage * - * ## Example Usage + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -53,208 +57,125 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var user = new User("user", UserArgs.builder() - * .realmId(realm.id()) - * .username("bob") - * .enabled(true) * .email("bob@domain.com") + * .enabled(true) * .firstName("Bob") * .lastName("Bobson") + * .realmId(realm.id()) + * .username("bob") * .build()); * * var userWithInitialPassword = new User("userWithInitialPassword", UserArgs.builder() - * .realmId(realm.id()) - * .username("alice") - * .enabled(true) * .email("alice@domain.com") + * .enabled(true) * .firstName("Alice") - * .lastName("Aliceberg") - * .attributes(Map.ofEntries( - * Map.entry("foo", "bar"), - * Map.entry("multivalue", "value1##value2") - * )) * .initialPassword(UserInitialPasswordArgs.builder() - * .value("some password") * .temporary(true) + * .value("some password") * .build()) + * .lastName("Aliceberg") + * .realmId(realm.id()) + * .username("alice") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the user upon creation. This value can be found in the GUI when editing the user. + * - `realm_id` - (Required) The realm this user belongs to. + * - `username` - (Required) The unique username of this user. + * - `initial_password` (Optional) When given, the user's initial password will be set. + * This attribute is only respected during initial user creation. + * - `value` (Required) The initial password. + * - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`. + * - `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`. + * - `email` - (Optional) The user's email. + * - `first_name` - (Optional) The user's first name. + * - `last_name` - (Optional) The user's last name. * - * Example: + * ### Import * - * bash + * Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + * assigns to the user upon creation. This value can be found in the GUI when editing the user. * - * ```sh - * $ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4 - * ``` + * Example: * */ @ResourceType(type="keycloak:index/user:User") public class User extends com.pulumi.resources.CustomResource { - /** - * A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Export(name="attributes", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") private Output> attributes; - /** - * @return A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Output>> attributes() { return Codegen.optional(this.attributes); } - /** - * The user's email. - * - */ @Export(name="email", refs={String.class}, tree="[0]") private Output email; - /** - * @return The user's email. - * - */ public Output> email() { return Codegen.optional(this.email); } - /** - * Whether the email address was validated or not. Default to `false`. - * - */ @Export(name="emailVerified", refs={Boolean.class}, tree="[0]") private Output emailVerified; - /** - * @return Whether the email address was validated or not. Default to `false`. - * - */ public Output> emailVerified() { return Codegen.optional(this.emailVerified); } - /** - * When false, this user cannot log in. Defaults to `true`. - * - */ @Export(name="enabled", refs={Boolean.class}, tree="[0]") private Output enabled; - /** - * @return When false, this user cannot log in. Defaults to `true`. - * - */ public Output> enabled() { return Codegen.optional(this.enabled); } - /** - * When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - */ @Export(name="federatedIdentities", refs={List.class,UserFederatedIdentity.class}, tree="[0,1]") private Output> federatedIdentities; - /** - * @return When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - */ public Output>> federatedIdentities() { return Codegen.optional(this.federatedIdentities); } - /** - * The user's first name. - * - */ @Export(name="firstName", refs={String.class}, tree="[0]") private Output firstName; - /** - * @return The user's first name. - * - */ public Output> firstName() { return Codegen.optional(this.firstName); } - /** - * When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - */ @Export(name="initialPassword", refs={UserInitialPassword.class}, tree="[0]") private Output initialPassword; - /** - * @return When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - */ public Output> initialPassword() { return Codegen.optional(this.initialPassword); } - /** - * The user's last name. - * - */ @Export(name="lastName", refs={String.class}, tree="[0]") private Output lastName; - /** - * @return The user's last name. - * - */ public Output> lastName() { return Codegen.optional(this.lastName); } - /** - * The realm this user belongs to. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this user belongs to. - * - */ public Output realmId() { return this.realmId; } - /** - * A list of required user actions. - * - */ @Export(name="requiredActions", refs={List.class,String.class}, tree="[0,1]") private Output> requiredActions; - /** - * @return A list of required user actions. - * - */ public Output>> requiredActions() { return Codegen.optional(this.requiredActions); } - /** - * The unique username of this user. - * - */ @Export(name="username", refs={String.class}, tree="[0]") private Output username; - /** - * @return The unique username of this user. - * - */ public Output username() { return this.username; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UserArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/UserArgs.java index e1090d4b..b6a52c28 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UserArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UserArgs.java @@ -22,167 +22,79 @@ public final class UserArgs extends com.pulumi.resources.ResourceArgs { public static final UserArgs Empty = new UserArgs(); - /** - * A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Import(name="attributes") private @Nullable Output> attributes; - /** - * @return A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Optional>> attributes() { return Optional.ofNullable(this.attributes); } - /** - * The user's email. - * - */ @Import(name="email") private @Nullable Output email; - /** - * @return The user's email. - * - */ public Optional> email() { return Optional.ofNullable(this.email); } - /** - * Whether the email address was validated or not. Default to `false`. - * - */ @Import(name="emailVerified") private @Nullable Output emailVerified; - /** - * @return Whether the email address was validated or not. Default to `false`. - * - */ public Optional> emailVerified() { return Optional.ofNullable(this.emailVerified); } - /** - * When false, this user cannot log in. Defaults to `true`. - * - */ @Import(name="enabled") private @Nullable Output enabled; - /** - * @return When false, this user cannot log in. Defaults to `true`. - * - */ public Optional> enabled() { return Optional.ofNullable(this.enabled); } - /** - * When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - */ @Import(name="federatedIdentities") private @Nullable Output> federatedIdentities; - /** - * @return When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - */ public Optional>> federatedIdentities() { return Optional.ofNullable(this.federatedIdentities); } - /** - * The user's first name. - * - */ @Import(name="firstName") private @Nullable Output firstName; - /** - * @return The user's first name. - * - */ public Optional> firstName() { return Optional.ofNullable(this.firstName); } - /** - * When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - */ @Import(name="initialPassword") private @Nullable Output initialPassword; - /** - * @return When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - */ public Optional> initialPassword() { return Optional.ofNullable(this.initialPassword); } - /** - * The user's last name. - * - */ @Import(name="lastName") private @Nullable Output lastName; - /** - * @return The user's last name. - * - */ public Optional> lastName() { return Optional.ofNullable(this.lastName); } - /** - * The realm this user belongs to. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this user belongs to. - * - */ public Output realmId() { return this.realmId; } - /** - * A list of required user actions. - * - */ @Import(name="requiredActions") private @Nullable Output> requiredActions; - /** - * @return A list of required user actions. - * - */ public Optional>> requiredActions() { return Optional.ofNullable(this.requiredActions); } - /** - * The unique username of this user. - * - */ @Import(name="username", required=true) private Output username; - /** - * @return The unique username of this user. - * - */ public Output username() { return this.username; } @@ -221,253 +133,109 @@ public Builder(UserArgs defaults) { $ = new UserArgs(Objects.requireNonNull(defaults)); } - /** - * @param attributes A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(@Nullable Output> attributes) { $.attributes = attributes; return this; } - /** - * @param attributes A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(Map attributes) { return attributes(Output.of(attributes)); } - /** - * @param email The user's email. - * - * @return builder - * - */ public Builder email(@Nullable Output email) { $.email = email; return this; } - /** - * @param email The user's email. - * - * @return builder - * - */ public Builder email(String email) { return email(Output.of(email)); } - /** - * @param emailVerified Whether the email address was validated or not. Default to `false`. - * - * @return builder - * - */ public Builder emailVerified(@Nullable Output emailVerified) { $.emailVerified = emailVerified; return this; } - /** - * @param emailVerified Whether the email address was validated or not. Default to `false`. - * - * @return builder - * - */ public Builder emailVerified(Boolean emailVerified) { return emailVerified(Output.of(emailVerified)); } - /** - * @param enabled When false, this user cannot log in. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(@Nullable Output enabled) { $.enabled = enabled; return this; } - /** - * @param enabled When false, this user cannot log in. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(Boolean enabled) { return enabled(Output.of(enabled)); } - /** - * @param federatedIdentities When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - * @return builder - * - */ public Builder federatedIdentities(@Nullable Output> federatedIdentities) { $.federatedIdentities = federatedIdentities; return this; } - /** - * @param federatedIdentities When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - * @return builder - * - */ public Builder federatedIdentities(List federatedIdentities) { return federatedIdentities(Output.of(federatedIdentities)); } - /** - * @param federatedIdentities When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - * @return builder - * - */ public Builder federatedIdentities(UserFederatedIdentityArgs... federatedIdentities) { return federatedIdentities(List.of(federatedIdentities)); } - /** - * @param firstName The user's first name. - * - * @return builder - * - */ public Builder firstName(@Nullable Output firstName) { $.firstName = firstName; return this; } - /** - * @param firstName The user's first name. - * - * @return builder - * - */ public Builder firstName(String firstName) { return firstName(Output.of(firstName)); } - /** - * @param initialPassword When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - * @return builder - * - */ public Builder initialPassword(@Nullable Output initialPassword) { $.initialPassword = initialPassword; return this; } - /** - * @param initialPassword When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - * @return builder - * - */ public Builder initialPassword(UserInitialPasswordArgs initialPassword) { return initialPassword(Output.of(initialPassword)); } - /** - * @param lastName The user's last name. - * - * @return builder - * - */ public Builder lastName(@Nullable Output lastName) { $.lastName = lastName; return this; } - /** - * @param lastName The user's last name. - * - * @return builder - * - */ public Builder lastName(String lastName) { return lastName(Output.of(lastName)); } - /** - * @param realmId The realm this user belongs to. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this user belongs to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param requiredActions A list of required user actions. - * - * @return builder - * - */ public Builder requiredActions(@Nullable Output> requiredActions) { $.requiredActions = requiredActions; return this; } - /** - * @param requiredActions A list of required user actions. - * - * @return builder - * - */ public Builder requiredActions(List requiredActions) { return requiredActions(Output.of(requiredActions)); } - /** - * @param requiredActions A list of required user actions. - * - * @return builder - * - */ public Builder requiredActions(String... requiredActions) { return requiredActions(List.of(requiredActions)); } - /** - * @param username The unique username of this user. - * - * @return builder - * - */ public Builder username(Output username) { $.username = username; return this; } - /** - * @param username The unique username of this user. - * - * @return builder - * - */ public Builder username(String username) { return username(Output.of(username)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UserGroups.java b/sdk/java/src/main/java/com/pulumi/keycloak/UserGroups.java index 11a181e9..3e59a266 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UserGroups.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UserGroups.java @@ -23,7 +23,9 @@ * If `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `keycloak.UserGroups` for the same `user_id`. * * ## Example Usage + * * ### Exhaustive Groups) + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -74,7 +76,10 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Non Exhaustive Groups) + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -137,12 +142,13 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * This resource does not support import. Instead of importing, feel free to create this resource * - * as if it did not already exist on the server. + * as if it did not already exist on the server. * */ @ResourceType(type="keycloak:index/userGroups:UserGroups") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UserRoles.java b/sdk/java/src/main/java/com/pulumi/keycloak/UserRoles.java index 443aaeaf..1a01d82d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UserRoles.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UserRoles.java @@ -27,7 +27,10 @@ * a role and a composite that includes that role to the same user. * * ## Example Usage + * * ### Exhaustive Roles) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -100,16 +103,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * This resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak * - * assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. + * assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UserTemplateImporterIdentityProviderMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/UserTemplateImporterIdentityProviderMapper.java index cdfe226e..cd013129 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UserTemplateImporterIdentityProviderMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UserTemplateImporterIdentityProviderMapper.java @@ -26,6 +26,8 @@ * > If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -76,16 +78,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak * - * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UsersPermissions.java b/sdk/java/src/main/java/com/pulumi/keycloak/UsersPermissions.java index 35c81a44..a782a74c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UsersPermissions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UsersPermissions.java @@ -38,6 +38,7 @@ * * ## Example Usage * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -146,6 +147,8 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Argument Reference * * The following arguments are supported: diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Bindings.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Bindings.java index d482b50e..15788016 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Bindings.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Bindings.java @@ -29,6 +29,8 @@ * and this resource to manage authentication flow bindings, you should choose one or the other. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -91,6 +93,7 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * */ @ResourceType(type="keycloak:authentication/bindings:Bindings") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Execution.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Execution.java index d87a858b..1eeffa60 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Execution.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Execution.java @@ -23,6 +23,8 @@ * > Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -78,14 +80,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Authentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/ExecutionConfig.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/ExecutionConfig.java index d30b581f..1ca7aa98 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/ExecutionConfig.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/ExecutionConfig.java @@ -19,6 +19,8 @@ * configuration (such as with the `identity-provider-redirector` execution), this can be managed with this resource. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -72,18 +74,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Configurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`. * - * If the `authenticationExecutionId` is incorrect, the import will still be successful. + * If the `authenticationExecutionId` is incorrect, the import will still be successful. * - * A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. + * A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:authentication/executionConfig:ExecutionConfig config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Flow.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Flow.java index c81cd4a6..80d4e419 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Flow.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Flow.java @@ -22,6 +22,8 @@ * is a container for these actions, which are otherwise known as executions. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -67,22 +69,23 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Authentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is * - * typically a GUID which is autogenerated when the flow is created via Keycloak. + * typically a GUID which is autogenerated when the flow is created via Keycloak. * - * Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the + * Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the * - * "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, + * "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, * - * which will be a list of authentication flows. + * which will be a list of authentication flows. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:authentication/flow:Flow flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Subflow.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Subflow.java index dcc0a509..94944b8c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Subflow.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Subflow.java @@ -21,6 +21,8 @@ * As its name implies, an authentication subflow is contained in an authentication flow. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -67,24 +69,25 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Authentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`. * - * The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. + * The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. * - * Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the + * Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the * - * "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to + * "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to * - * `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. + * `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. * - * __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). + * __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/"Parent Flow"/3bad1172-bb5c-4a77-9615-c2606eb03081 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/AttributeImporterIdentityProviderMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/AttributeImporterIdentityProviderMapperState.java index e23a8cf9..d2daa411 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/AttributeImporterIdentityProviderMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/AttributeImporterIdentityProviderMapperState.java @@ -18,14 +18,14 @@ public final class AttributeImporterIdentityProviderMapperState extends com.pulu public static final AttributeImporterIdentityProviderMapperState Empty = new AttributeImporterIdentityProviderMapperState(); /** - * For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * Attribute Friendly Name * */ @Import(name="attributeFriendlyName") private @Nullable Output attributeFriendlyName; /** - * @return For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * @return Attribute Friendly Name * */ public Optional> attributeFriendlyName() { @@ -33,14 +33,14 @@ public Optional> attributeFriendlyName() { } /** - * For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * Attribute Name * */ @Import(name="attributeName") private @Nullable Output attributeName; /** - * @return For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * @return Attribute Name * */ public Optional> attributeName() { @@ -48,44 +48,36 @@ public Optional> attributeName() { } /** - * For OIDC based providers, this is the name of the claim to use. + * Claim Name * */ @Import(name="claimName") private @Nullable Output claimName; /** - * @return For OIDC based providers, this is the name of the claim to use. + * @return Claim Name * */ public Optional> claimName() { return Optional.ofNullable(this.claimName); } - /** - * Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - */ @Import(name="extraConfig") private @Nullable Output> extraConfig; - /** - * @return Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - */ public Optional>> extraConfig() { return Optional.ofNullable(this.extraConfig); } /** - * The alias of the associated identity provider. + * IDP Alias * */ @Import(name="identityProviderAlias") private @Nullable Output identityProviderAlias; /** - * @return The alias of the associated identity provider. + * @return IDP Alias * */ public Optional> identityProviderAlias() { @@ -93,14 +85,14 @@ public Optional> identityProviderAlias() { } /** - * The name of the mapper. + * IDP Mapper Name * */ @Import(name="name") private @Nullable Output name; /** - * @return The name of the mapper. + * @return IDP Mapper Name * */ public Optional> name() { @@ -108,14 +100,14 @@ public Optional> name() { } /** - * The name of the realm. + * Realm Name * */ @Import(name="realm") private @Nullable Output realm; /** - * @return The name of the realm. + * @return Realm Name * */ public Optional> realm() { @@ -123,14 +115,14 @@ public Optional> realm() { } /** - * The user attribute or property name to store the mapped result. + * User Attribute * */ @Import(name="userAttribute") private @Nullable Output userAttribute; /** - * @return The user attribute or property name to store the mapped result. + * @return User Attribute * */ public Optional> userAttribute() { @@ -169,7 +161,7 @@ public Builder(AttributeImporterIdentityProviderMapperState defaults) { } /** - * @param attributeFriendlyName For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * @param attributeFriendlyName Attribute Friendly Name * * @return builder * @@ -180,7 +172,7 @@ public Builder attributeFriendlyName(@Nullable Output attributeFriendlyN } /** - * @param attributeFriendlyName For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + * @param attributeFriendlyName Attribute Friendly Name * * @return builder * @@ -190,7 +182,7 @@ public Builder attributeFriendlyName(String attributeFriendlyName) { } /** - * @param attributeName For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * @param attributeName Attribute Name * * @return builder * @@ -201,7 +193,7 @@ public Builder attributeName(@Nullable Output attributeName) { } /** - * @param attributeName For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + * @param attributeName Attribute Name * * @return builder * @@ -211,7 +203,7 @@ public Builder attributeName(String attributeName) { } /** - * @param claimName For OIDC based providers, this is the name of the claim to use. + * @param claimName Claim Name * * @return builder * @@ -222,7 +214,7 @@ public Builder claimName(@Nullable Output claimName) { } /** - * @param claimName For OIDC based providers, this is the name of the claim to use. + * @param claimName Claim Name * * @return builder * @@ -231,29 +223,17 @@ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } - /** - * @param extraConfig Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - * @return builder - * - */ public Builder extraConfig(@Nullable Output> extraConfig) { $.extraConfig = extraConfig; return this; } - /** - * @param extraConfig Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - * - * @return builder - * - */ public Builder extraConfig(Map extraConfig) { return extraConfig(Output.of(extraConfig)); } /** - * @param identityProviderAlias The alias of the associated identity provider. + * @param identityProviderAlias IDP Alias * * @return builder * @@ -264,7 +244,7 @@ public Builder identityProviderAlias(@Nullable Output identityProviderAl } /** - * @param identityProviderAlias The alias of the associated identity provider. + * @param identityProviderAlias IDP Alias * * @return builder * @@ -274,7 +254,7 @@ public Builder identityProviderAlias(String identityProviderAlias) { } /** - * @param name The name of the mapper. + * @param name IDP Mapper Name * * @return builder * @@ -285,7 +265,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The name of the mapper. + * @param name IDP Mapper Name * * @return builder * @@ -295,7 +275,7 @@ public Builder name(String name) { } /** - * @param realm The name of the realm. + * @param realm Realm Name * * @return builder * @@ -306,7 +286,7 @@ public Builder realm(@Nullable Output realm) { } /** - * @param realm The name of the realm. + * @param realm Realm Name * * @return builder * @@ -316,7 +296,7 @@ public Builder realm(String realm) { } /** - * @param userAttribute The user attribute or property name to store the mapped result. + * @param userAttribute User Attribute * * @return builder * @@ -327,7 +307,7 @@ public Builder userAttribute(@Nullable Output userAttribute) { } /** - * @param userAttribute The user attribute or property name to store the mapped result. + * @param userAttribute User Attribute * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomIdentityProviderMappingState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomIdentityProviderMappingState.java index d2ccf01f..23090b96 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomIdentityProviderMappingState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomIdentityProviderMappingState.java @@ -48,14 +48,14 @@ public Optional> identityProviderAlias() { } /** - * The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * */ @Import(name="identityProviderMapper") private @Nullable Output identityProviderMapper; /** - * @return The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * @return The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * */ public Optional> identityProviderMapper() { @@ -163,7 +163,7 @@ public Builder identityProviderAlias(String identityProviderAlias) { } /** - * @param identityProviderMapper The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * @param identityProviderMapper The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * * @return builder * @@ -174,7 +174,7 @@ public Builder identityProviderMapper(@Nullable Output identityProviderM } /** - * @param identityProviderMapper The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * @param identityProviderMapper The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomUserFederationState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomUserFederationState.java index 1f118cc4..95b875ab 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomUserFederationState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomUserFederationState.java @@ -19,60 +19,46 @@ public final class CustomUserFederationState extends com.pulumi.resources.Resour public static final CustomUserFederationState Empty = new CustomUserFederationState(); - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ @Import(name="cachePolicy") private @Nullable Output cachePolicy; - /** - * @return Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ public Optional> cachePolicy() { return Optional.ofNullable(this.cachePolicy); } /** - * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * */ @Import(name="changedSyncPeriod") private @Nullable Output changedSyncPeriod; /** - * @return How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * @return How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * */ public Optional> changedSyncPeriod() { return Optional.ofNullable(this.changedSyncPeriod); } - /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - */ @Import(name="config") private @Nullable Output> config; - /** - * @return The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - */ public Optional>> config() { return Optional.ofNullable(this.config); } /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. * */ @Import(name="enabled") private @Nullable Output enabled; /** - * @return When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @return When false, this provider will not be used when performing queries for users. * */ public Optional> enabled() { @@ -110,14 +96,14 @@ public Optional> name() { } /** - * Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * The parent_id of the generated component. will use realm_id if not specified. * */ @Import(name="parentId") private @Nullable Output parentId; /** - * @return Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * @return The parent_id of the generated component. will use realm_id if not specified. * */ public Optional> parentId() { @@ -125,14 +111,14 @@ public Optional> parentId() { } /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. * */ @Import(name="priority") private @Nullable Output priority; /** - * @return Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @return Priority of this provider when looking up users. Lower values are first. * */ public Optional> priority() { @@ -140,14 +126,16 @@ public Optional> priority() { } /** - * The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * */ @Import(name="providerId") private @Nullable Output providerId; /** - * @return The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * @return The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * */ public Optional> providerId() { @@ -155,14 +143,14 @@ public Optional> providerId() { } /** - * The realm that this provider will provide user federation for. + * The realm (name) this provider will provide user federation for. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm that this provider will provide user federation for. + * @return The realm (name) this provider will provide user federation for. * */ public Optional> realmId() { @@ -202,29 +190,18 @@ public Builder(CustomUserFederationState defaults) { $ = new CustomUserFederationState(Objects.requireNonNull(defaults)); } - /** - * @param cachePolicy Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - * @return builder - * - */ public Builder cachePolicy(@Nullable Output cachePolicy) { $.cachePolicy = cachePolicy; return this; } - /** - * @param cachePolicy Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - * @return builder - * - */ public Builder cachePolicy(String cachePolicy) { return cachePolicy(Output.of(cachePolicy)); } /** - * @param changedSyncPeriod How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * @param changedSyncPeriod How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * * @return builder * @@ -235,7 +212,8 @@ public Builder changedSyncPeriod(@Nullable Output changedSyncPeriod) { } /** - * @param changedSyncPeriod How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * @param changedSyncPeriod How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. * * @return builder * @@ -244,29 +222,17 @@ public Builder changedSyncPeriod(Integer changedSyncPeriod) { return changedSyncPeriod(Output.of(changedSyncPeriod)); } - /** - * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - * @return builder - * - */ public Builder config(@Nullable Output> config) { $.config = config; return this; } - /** - * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - * - * @return builder - * - */ public Builder config(Map config) { return config(Output.of(config)); } /** - * @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @param enabled When false, this provider will not be used when performing queries for users. * * @return builder * @@ -277,7 +243,7 @@ public Builder enabled(@Nullable Output enabled) { } /** - * @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @param enabled When false, this provider will not be used when performing queries for users. * * @return builder * @@ -329,7 +295,7 @@ public Builder name(String name) { } /** - * @param parentId Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * @param parentId The parent_id of the generated component. will use realm_id if not specified. * * @return builder * @@ -340,7 +306,7 @@ public Builder parentId(@Nullable Output parentId) { } /** - * @param parentId Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + * @param parentId The parent_id of the generated component. will use realm_id if not specified. * * @return builder * @@ -350,7 +316,7 @@ public Builder parentId(String parentId) { } /** - * @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @param priority Priority of this provider when looking up users. Lower values are first. * * @return builder * @@ -361,7 +327,7 @@ public Builder priority(@Nullable Output priority) { } /** - * @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @param priority Priority of this provider when looking up users. Lower values are first. * * @return builder * @@ -371,7 +337,8 @@ public Builder priority(Integer priority) { } /** - * @param providerId The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * @param providerId The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * * @return builder * @@ -382,7 +349,8 @@ public Builder providerId(@Nullable Output providerId) { } /** - * @param providerId The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * @param providerId The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface * * @return builder * @@ -392,7 +360,7 @@ public Builder providerId(String providerId) { } /** - * @param realmId The realm that this provider will provide user federation for. + * @param realmId The realm (name) this provider will provide user federation for. * * @return builder * @@ -403,7 +371,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm that this provider will provide user federation for. + * @param realmId The realm (name) this provider will provide user federation for. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/DefaultGroupsState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/DefaultGroupsState.java index 78d8f560..9f9c20e2 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/DefaultGroupsState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/DefaultGroupsState.java @@ -16,32 +16,16 @@ public final class DefaultGroupsState extends com.pulumi.resources.ResourceArgs public static final DefaultGroupsState Empty = new DefaultGroupsState(); - /** - * A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - */ @Import(name="groupIds") private @Nullable Output> groupIds; - /** - * @return A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - */ public Optional>> groupIds() { return Optional.ofNullable(this.groupIds); } - /** - * The realm this group exists in. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this group exists in. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } @@ -71,54 +55,24 @@ public Builder(DefaultGroupsState defaults) { $ = new DefaultGroupsState(Objects.requireNonNull(defaults)); } - /** - * @param groupIds A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - * @return builder - * - */ public Builder groupIds(@Nullable Output> groupIds) { $.groupIds = groupIds; return this; } - /** - * @param groupIds A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - * @return builder - * - */ public Builder groupIds(List groupIds) { return groupIds(Output.of(groupIds)); } - /** - * @param groupIds A set of group ids that should be default groups on the realm referenced by `realm_id`. - * - * @return builder - * - */ public Builder groupIds(String... groupIds) { return groupIds(List.of(groupIds)); } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GenericClientProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GenericClientProtocolMapperState.java index cbd88e29..5fc4bc8e 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GenericClientProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GenericClientProtocolMapperState.java @@ -18,14 +18,14 @@ public final class GenericClientProtocolMapperState extends com.pulumi.resources public static final GenericClientProtocolMapperState Empty = new GenericClientProtocolMapperState(); /** - * The client this protocol mapper is attached to. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper is attached to. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -47,30 +47,22 @@ public Optional> clientScopeId() { return Optional.ofNullable(this.clientScopeId); } - /** - * A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - */ @Import(name="config") private @Nullable Output> config; - /** - * @return A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - */ public Optional>> config() { return Optional.ofNullable(this.config); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -78,14 +70,14 @@ public Optional> name() { } /** - * The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * The protocol of the client (openid-connect / saml). * */ @Import(name="protocol") private @Nullable Output protocol; /** - * @return The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * @return The protocol of the client (openid-connect / saml). * */ public Optional> protocol() { @@ -93,14 +85,14 @@ public Optional> protocol() { } /** - * The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * The type of the protocol mapper. * */ @Import(name="protocolMapper") private @Nullable Output protocolMapper; /** - * @return The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * @return The type of the protocol mapper. * */ public Optional> protocolMapper() { @@ -108,14 +100,14 @@ public Optional> protocolMapper() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { @@ -153,7 +145,7 @@ public Builder(GenericClientProtocolMapperState defaults) { } /** - * @param clientId The client this protocol mapper is attached to. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -164,7 +156,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper is attached to. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -194,29 +186,17 @@ public Builder clientScopeId(String clientScopeId) { return clientScopeId(Output.of(clientScopeId)); } - /** - * @param config A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - * @return builder - * - */ public Builder config(@Nullable Output> config) { $.config = config; return this; } - /** - * @param config A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - * - * @return builder - * - */ public Builder config(Map config) { return config(Output.of(config)); } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -227,7 +207,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -237,7 +217,7 @@ public Builder name(String name) { } /** - * @param protocol The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * @param protocol The protocol of the client (openid-connect / saml). * * @return builder * @@ -248,7 +228,7 @@ public Builder protocol(@Nullable Output protocol) { } /** - * @param protocol The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * @param protocol The protocol of the client (openid-connect / saml). * * @return builder * @@ -258,7 +238,7 @@ public Builder protocol(String protocol) { } /** - * @param protocolMapper The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * @param protocolMapper The type of the protocol mapper. * * @return builder * @@ -269,7 +249,7 @@ public Builder protocolMapper(@Nullable Output protocolMapper) { } /** - * @param protocolMapper The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * @param protocolMapper The type of the protocol mapper. * * @return builder * @@ -279,7 +259,7 @@ public Builder protocolMapper(String protocolMapper) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -290,7 +270,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetGroupArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetGroupArgs.java index 0b55c6bf..15e8d330 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetGroupArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetGroupArgs.java @@ -14,32 +14,16 @@ public final class GetGroupArgs extends com.pulumi.resources.InvokeArgs { public static final GetGroupArgs Empty = new GetGroupArgs(); - /** - * The name of the group. If there are multiple groups match `name`, the first result will be returned. - * - */ @Import(name="name", required=true) private Output name; - /** - * @return The name of the group. If there are multiple groups match `name`, the first result will be returned. - * - */ public Output name() { return this.name; } - /** - * The realm this group exists within. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this group exists within. - * - */ public Output realmId() { return this.realmId; } @@ -69,44 +53,20 @@ public Builder(GetGroupArgs defaults) { $ = new GetGroupArgs(Objects.requireNonNull(defaults)); } - /** - * @param name The name of the group. If there are multiple groups match `name`, the first result will be returned. - * - * @return builder - * - */ public Builder name(Output name) { $.name = name; return this; } - /** - * @param name The name of the group. If there are multiple groups match `name`, the first result will be returned. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this group exists within. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetGroupPlainArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetGroupPlainArgs.java index b8943274..a7d0d9d8 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetGroupPlainArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetGroupPlainArgs.java @@ -13,32 +13,16 @@ public final class GetGroupPlainArgs extends com.pulumi.resources.InvokeArgs { public static final GetGroupPlainArgs Empty = new GetGroupPlainArgs(); - /** - * The name of the group. If there are multiple groups match `name`, the first result will be returned. - * - */ @Import(name="name", required=true) private String name; - /** - * @return The name of the group. If there are multiple groups match `name`, the first result will be returned. - * - */ public String name() { return this.name; } - /** - * The realm this group exists within. - * - */ @Import(name="realmId", required=true) private String realmId; - /** - * @return The realm this group exists within. - * - */ public String realmId() { return this.realmId; } @@ -68,23 +52,11 @@ public Builder(GetGroupPlainArgs defaults) { $ = new GetGroupPlainArgs(Objects.requireNonNull(defaults)); } - /** - * @param name The name of the group. If there are multiple groups match `name`, the first result will be returned. - * - * @return builder - * - */ public Builder name(String name) { $.name = name; return this; } - /** - * @param realmId The realm this group exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { $.realmId = realmId; return this; diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmArgs.java index 063f1cc8..e6ea1e60 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmArgs.java @@ -67,17 +67,9 @@ public Optional> otpPolicy() { return Optional.ofNullable(this.otpPolicy); } - /** - * The realm name. - * - */ @Import(name="realm", required=true) private Output realm; - /** - * @return The realm name. - * - */ public Output realm() { return this.realm; } @@ -210,23 +202,11 @@ public Builder otpPolicy(GetRealmOtpPolicyArgs otpPolicy) { return otpPolicy(Output.of(otpPolicy)); } - /** - * @param realm The realm name. - * - * @return builder - * - */ public Builder realm(Output realm) { $.realm = realm; return this; } - /** - * @param realm The realm name. - * - * @return builder - * - */ public Builder realm(String realm) { return realm(Output.of(realm)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmKeysArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmKeysArgs.java index fbe17d52..593d6591 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmKeysArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmKeysArgs.java @@ -17,47 +17,23 @@ public final class GetRealmKeysArgs extends com.pulumi.resources.InvokeArgs { public static final GetRealmKeysArgs Empty = new GetRealmKeysArgs(); - /** - * When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - */ @Import(name="algorithms") private @Nullable Output> algorithms; - /** - * @return When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - */ public Optional>> algorithms() { return Optional.ofNullable(this.algorithms); } - /** - * The realm from which the keys will be retrieved. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm from which the keys will be retrieved. - * - */ public Output realmId() { return this.realmId; } - /** - * When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - */ @Import(name="statuses") private @Nullable Output> statuses; - /** - * @return When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - */ public Optional>> statuses() { return Optional.ofNullable(this.statuses); } @@ -88,85 +64,37 @@ public Builder(GetRealmKeysArgs defaults) { $ = new GetRealmKeysArgs(Objects.requireNonNull(defaults)); } - /** - * @param algorithms When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - * @return builder - * - */ public Builder algorithms(@Nullable Output> algorithms) { $.algorithms = algorithms; return this; } - /** - * @param algorithms When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - * @return builder - * - */ public Builder algorithms(List algorithms) { return algorithms(Output.of(algorithms)); } - /** - * @param algorithms When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - * @return builder - * - */ public Builder algorithms(String... algorithms) { return algorithms(List.of(algorithms)); } - /** - * @param realmId The realm from which the keys will be retrieved. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm from which the keys will be retrieved. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param statuses When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - * @return builder - * - */ public Builder statuses(@Nullable Output> statuses) { $.statuses = statuses; return this; } - /** - * @param statuses When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - * @return builder - * - */ public Builder statuses(List statuses) { return statuses(Output.of(statuses)); } - /** - * @param statuses When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - * @return builder - * - */ public Builder statuses(String... statuses) { return statuses(List.of(statuses)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmKeysPlainArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmKeysPlainArgs.java index ea84af0b..c2f38996 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmKeysPlainArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmKeysPlainArgs.java @@ -16,47 +16,23 @@ public final class GetRealmKeysPlainArgs extends com.pulumi.resources.InvokeArgs public static final GetRealmKeysPlainArgs Empty = new GetRealmKeysPlainArgs(); - /** - * When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - */ @Import(name="algorithms") private @Nullable List algorithms; - /** - * @return When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - */ public Optional> algorithms() { return Optional.ofNullable(this.algorithms); } - /** - * The realm from which the keys will be retrieved. - * - */ @Import(name="realmId", required=true) private String realmId; - /** - * @return The realm from which the keys will be retrieved. - * - */ public String realmId() { return this.realmId; } - /** - * When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - */ @Import(name="statuses") private @Nullable List statuses; - /** - * @return When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - */ public Optional> statuses() { return Optional.ofNullable(this.statuses); } @@ -87,55 +63,25 @@ public Builder(GetRealmKeysPlainArgs defaults) { $ = new GetRealmKeysPlainArgs(Objects.requireNonNull(defaults)); } - /** - * @param algorithms When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - * @return builder - * - */ public Builder algorithms(@Nullable List algorithms) { $.algorithms = algorithms; return this; } - /** - * @param algorithms When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - * - * @return builder - * - */ public Builder algorithms(String... algorithms) { return algorithms(List.of(algorithms)); } - /** - * @param realmId The realm from which the keys will be retrieved. - * - * @return builder - * - */ public Builder realmId(String realmId) { $.realmId = realmId; return this; } - /** - * @param statuses When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - * @return builder - * - */ public Builder statuses(@Nullable List statuses) { $.statuses = statuses; return this; } - /** - * @param statuses When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - * @return builder - * - */ public Builder statuses(String... statuses) { return statuses(List.of(statuses)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmPlainArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmPlainArgs.java index 0ba753b1..71069338 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmPlainArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRealmPlainArgs.java @@ -66,17 +66,9 @@ public Optional otpPolicy() { return Optional.ofNullable(this.otpPolicy); } - /** - * The realm name. - * - */ @Import(name="realm", required=true) private String realm; - /** - * @return The realm name. - * - */ public String realm() { return this.realm; } @@ -185,12 +177,6 @@ public Builder otpPolicy(@Nullable GetRealmOtpPolicy otpPolicy) { return this; } - /** - * @param realm The realm name. - * - * @return builder - * - */ public Builder realm(String realm) { $.realm = realm; return this; diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRoleArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRoleArgs.java index df2d8c63..fa1b070b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRoleArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRoleArgs.java @@ -16,47 +16,23 @@ public final class GetRoleArgs extends com.pulumi.resources.InvokeArgs { public static final GetRoleArgs Empty = new GetRoleArgs(); - /** - * When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * The name of the role. - * - */ @Import(name="name", required=true) private Output name; - /** - * @return The name of the role. - * - */ public Output name() { return this.name; } - /** - * The realm this role exists within. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this role exists within. - * - */ public Output realmId() { return this.realmId; } @@ -87,65 +63,29 @@ public Builder(GetRoleArgs defaults) { $ = new GetRoleArgs(Objects.requireNonNull(defaults)); } - /** - * @param clientId When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param name The name of the role. - * - * @return builder - * - */ public Builder name(Output name) { $.name = name; return this; } - /** - * @param name The name of the role. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this role exists within. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this role exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRolePlainArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRolePlainArgs.java index c5545d8f..064580ed 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRolePlainArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GetRolePlainArgs.java @@ -15,47 +15,23 @@ public final class GetRolePlainArgs extends com.pulumi.resources.InvokeArgs { public static final GetRolePlainArgs Empty = new GetRolePlainArgs(); - /** - * When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - * - */ @Import(name="clientId") private @Nullable String clientId; - /** - * @return When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - * - */ public Optional clientId() { return Optional.ofNullable(this.clientId); } - /** - * The name of the role. - * - */ @Import(name="name", required=true) private String name; - /** - * @return The name of the role. - * - */ public String name() { return this.name; } - /** - * The realm this role exists within. - * - */ @Import(name="realmId", required=true) private String realmId; - /** - * @return The realm this role exists within. - * - */ public String realmId() { return this.realmId; } @@ -86,34 +62,16 @@ public Builder(GetRolePlainArgs defaults) { $ = new GetRolePlainArgs(Objects.requireNonNull(defaults)); } - /** - * @param clientId When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - * - * @return builder - * - */ public Builder clientId(@Nullable String clientId) { $.clientId = clientId; return this; } - /** - * @param name The name of the role. - * - * @return builder - * - */ public Builder name(String name) { $.name = name; return this; } - /** - * @param realmId The realm this role exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { $.realmId = realmId; return this; diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupMembershipsState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupMembershipsState.java index d5615252..4d960cc2 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupMembershipsState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupMembershipsState.java @@ -16,47 +16,23 @@ public final class GroupMembershipsState extends com.pulumi.resources.ResourceAr public static final GroupMembershipsState Empty = new GroupMembershipsState(); - /** - * The ID of the group this resource should manage memberships for. - * - */ @Import(name="groupId") private @Nullable Output groupId; - /** - * @return The ID of the group this resource should manage memberships for. - * - */ public Optional> groupId() { return Optional.ofNullable(this.groupId); } - /** - * A list of usernames that belong to this group. - * - */ @Import(name="members") private @Nullable Output> members; - /** - * @return A list of usernames that belong to this group. - * - */ public Optional>> members() { return Optional.ofNullable(this.members); } - /** - * The realm this group exists in. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this group exists in. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } @@ -87,75 +63,33 @@ public Builder(GroupMembershipsState defaults) { $ = new GroupMembershipsState(Objects.requireNonNull(defaults)); } - /** - * @param groupId The ID of the group this resource should manage memberships for. - * - * @return builder - * - */ public Builder groupId(@Nullable Output groupId) { $.groupId = groupId; return this; } - /** - * @param groupId The ID of the group this resource should manage memberships for. - * - * @return builder - * - */ public Builder groupId(String groupId) { return groupId(Output.of(groupId)); } - /** - * @param members A list of usernames that belong to this group. - * - * @return builder - * - */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - /** - * @param members A list of usernames that belong to this group. - * - * @return builder - * - */ public Builder members(List members) { return members(Output.of(members)); } - /** - * @param members A list of usernames that belong to this group. - * - * @return builder - * - */ public Builder members(String... members) { return members(List.of(members)); } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupRolesState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupRolesState.java index be9327bd..c9336378 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupRolesState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupRolesState.java @@ -17,62 +17,30 @@ public final class GroupRolesState extends com.pulumi.resources.ResourceArgs { public static final GroupRolesState Empty = new GroupRolesState(); - /** - * Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - */ @Import(name="exhaustive") private @Nullable Output exhaustive; - /** - * @return Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - */ public Optional> exhaustive() { return Optional.ofNullable(this.exhaustive); } - /** - * The ID of the group this resource should manage roles for. - * - */ @Import(name="groupId") private @Nullable Output groupId; - /** - * @return The ID of the group this resource should manage roles for. - * - */ public Optional> groupId() { return Optional.ofNullable(this.groupId); } - /** - * The realm this group exists in. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this group exists in. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * A list of role IDs to map to the group. - * - */ @Import(name="roleIds") private @Nullable Output> roleIds; - /** - * @return A list of role IDs to map to the group. - * - */ public Optional>> roleIds() { return Optional.ofNullable(this.roleIds); } @@ -104,96 +72,42 @@ public Builder(GroupRolesState defaults) { $ = new GroupRolesState(Objects.requireNonNull(defaults)); } - /** - * @param exhaustive Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - * @return builder - * - */ public Builder exhaustive(@Nullable Output exhaustive) { $.exhaustive = exhaustive; return this; } - /** - * @param exhaustive Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - * - * @return builder - * - */ public Builder exhaustive(Boolean exhaustive) { return exhaustive(Output.of(exhaustive)); } - /** - * @param groupId The ID of the group this resource should manage roles for. - * - * @return builder - * - */ public Builder groupId(@Nullable Output groupId) { $.groupId = groupId; return this; } - /** - * @param groupId The ID of the group this resource should manage roles for. - * - * @return builder - * - */ public Builder groupId(String groupId) { return groupId(Output.of(groupId)); } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param roleIds A list of role IDs to map to the group. - * - * @return builder - * - */ public Builder roleIds(@Nullable Output> roleIds) { $.roleIds = roleIds; return this; } - /** - * @param roleIds A list of role IDs to map to the group. - * - * @return builder - * - */ public Builder roleIds(List roleIds) { return roleIds(Output.of(roleIds)); } - /** - * @param roleIds A list of role IDs to map to the group. - * - * @return builder - * - */ public Builder roleIds(String... roleIds) { return roleIds(List.of(roleIds)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupState.java index 13d8b94e..b0d551f9 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupState.java @@ -17,77 +17,37 @@ public final class GroupState extends com.pulumi.resources.ResourceArgs { public static final GroupState Empty = new GroupState(); - /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Import(name="attributes") private @Nullable Output> attributes; - /** - * @return A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Optional>> attributes() { return Optional.ofNullable(this.attributes); } - /** - * The name of the group. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The name of the group. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The ID of this group's parent. If omitted, this group will be defined at the root level. - * - */ @Import(name="parentId") private @Nullable Output parentId; - /** - * @return The ID of this group's parent. If omitted, this group will be defined at the root level. - * - */ public Optional> parentId() { return Optional.ofNullable(this.parentId); } - /** - * (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - * - */ @Import(name="path") private @Nullable Output path; - /** - * @return (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - * - */ public Optional> path() { return Optional.ofNullable(this.path); } - /** - * The realm this group exists in. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this group exists in. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } @@ -120,107 +80,47 @@ public Builder(GroupState defaults) { $ = new GroupState(Objects.requireNonNull(defaults)); } - /** - * @param attributes A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(@Nullable Output> attributes) { $.attributes = attributes; return this; } - /** - * @param attributes A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(Map attributes) { return attributes(Output.of(attributes)); } - /** - * @param name The name of the group. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The name of the group. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param parentId The ID of this group's parent. If omitted, this group will be defined at the root level. - * - * @return builder - * - */ public Builder parentId(@Nullable Output parentId) { $.parentId = parentId; return this; } - /** - * @param parentId The ID of this group's parent. If omitted, this group will be defined at the root level. - * - * @return builder - * - */ public Builder parentId(String parentId) { return parentId(Output.of(parentId)); } - /** - * @param path (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - * - * @return builder - * - */ public Builder path(@Nullable Output path) { $.path = path; return this; } - /** - * @param path (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - * - * @return builder - * - */ public Builder path(String path) { return path(Output.of(path)); } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this group exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmEventsState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmEventsState.java index 039265f9..efc76ebc 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmEventsState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmEventsState.java @@ -18,107 +18,51 @@ public final class RealmEventsState extends com.pulumi.resources.ResourceArgs { public static final RealmEventsState Empty = new RealmEventsState(); - /** - * When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - */ @Import(name="adminEventsDetailsEnabled") private @Nullable Output adminEventsDetailsEnabled; - /** - * @return When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - */ public Optional> adminEventsDetailsEnabled() { return Optional.ofNullable(this.adminEventsDetailsEnabled); } - /** - * When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ @Import(name="adminEventsEnabled") private @Nullable Output adminEventsEnabled; - /** - * @return When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ public Optional> adminEventsEnabled() { return Optional.ofNullable(this.adminEventsEnabled); } - /** - * The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - */ @Import(name="enabledEventTypes") private @Nullable Output> enabledEventTypes; - /** - * @return The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - */ public Optional>> enabledEventTypes() { return Optional.ofNullable(this.enabledEventTypes); } - /** - * When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ @Import(name="eventsEnabled") private @Nullable Output eventsEnabled; - /** - * @return When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - */ public Optional> eventsEnabled() { return Optional.ofNullable(this.eventsEnabled); } - /** - * The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - */ @Import(name="eventsExpiration") private @Nullable Output eventsExpiration; - /** - * @return The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - */ public Optional> eventsExpiration() { return Optional.ofNullable(this.eventsExpiration); } - /** - * The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - */ @Import(name="eventsListeners") private @Nullable Output> eventsListeners; - /** - * @return The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - */ public Optional>> eventsListeners() { return Optional.ofNullable(this.eventsListeners); } - /** - * The name of the realm the event settings apply to. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The name of the realm the event settings apply to. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } @@ -153,169 +97,73 @@ public Builder(RealmEventsState defaults) { $ = new RealmEventsState(Objects.requireNonNull(defaults)); } - /** - * @param adminEventsDetailsEnabled When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - * @return builder - * - */ public Builder adminEventsDetailsEnabled(@Nullable Output adminEventsDetailsEnabled) { $.adminEventsDetailsEnabled = adminEventsDetailsEnabled; return this; } - /** - * @param adminEventsDetailsEnabled When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - * - * @return builder - * - */ public Builder adminEventsDetailsEnabled(Boolean adminEventsDetailsEnabled) { return adminEventsDetailsEnabled(Output.of(adminEventsDetailsEnabled)); } - /** - * @param adminEventsEnabled When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - * @return builder - * - */ public Builder adminEventsEnabled(@Nullable Output adminEventsEnabled) { $.adminEventsEnabled = adminEventsEnabled; return this; } - /** - * @param adminEventsEnabled When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - * - * @return builder - * - */ public Builder adminEventsEnabled(Boolean adminEventsEnabled) { return adminEventsEnabled(Output.of(adminEventsEnabled)); } - /** - * @param enabledEventTypes The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - * @return builder - * - */ public Builder enabledEventTypes(@Nullable Output> enabledEventTypes) { $.enabledEventTypes = enabledEventTypes; return this; } - /** - * @param enabledEventTypes The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - * @return builder - * - */ public Builder enabledEventTypes(List enabledEventTypes) { return enabledEventTypes(Output.of(enabledEventTypes)); } - /** - * @param enabledEventTypes The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - * - * @return builder - * - */ public Builder enabledEventTypes(String... enabledEventTypes) { return enabledEventTypes(List.of(enabledEventTypes)); } - /** - * @param eventsEnabled When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - * @return builder - * - */ public Builder eventsEnabled(@Nullable Output eventsEnabled) { $.eventsEnabled = eventsEnabled; return this; } - /** - * @param eventsEnabled When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - * - * @return builder - * - */ public Builder eventsEnabled(Boolean eventsEnabled) { return eventsEnabled(Output.of(eventsEnabled)); } - /** - * @param eventsExpiration The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - * @return builder - * - */ public Builder eventsExpiration(@Nullable Output eventsExpiration) { $.eventsExpiration = eventsExpiration; return this; } - /** - * @param eventsExpiration The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - * - * @return builder - * - */ public Builder eventsExpiration(Integer eventsExpiration) { return eventsExpiration(Output.of(eventsExpiration)); } - /** - * @param eventsListeners The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - * @return builder - * - */ public Builder eventsListeners(@Nullable Output> eventsListeners) { $.eventsListeners = eventsListeners; return this; } - /** - * @param eventsListeners The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - * @return builder - * - */ public Builder eventsListeners(List eventsListeners) { return eventsListeners(Output.of(eventsListeners)); } - /** - * @param eventsListeners The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - * - * @return builder - * - */ public Builder eventsListeners(String... eventsListeners) { return eventsListeners(List.of(eventsListeners)); } - /** - * @param realmId The name of the realm the event settings apply to. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The name of the realm the event settings apply to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmInternationalizationArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmInternationalizationArgs.java index bca484a7..b38128e1 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmInternationalizationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmInternationalizationArgs.java @@ -15,32 +15,16 @@ public final class RealmInternationalizationArgs extends com.pulumi.resources.Re public static final RealmInternationalizationArgs Empty = new RealmInternationalizationArgs(); - /** - * The locale to use by default. This locale code must be present within the `supported_locales` list. - * - */ @Import(name="defaultLocale", required=true) private Output defaultLocale; - /** - * @return The locale to use by default. This locale code must be present within the `supported_locales` list. - * - */ public Output defaultLocale() { return this.defaultLocale; } - /** - * A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - * - */ @Import(name="supportedLocales", required=true) private Output> supportedLocales; - /** - * @return A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - * - */ public Output> supportedLocales() { return this.supportedLocales; } @@ -70,54 +54,24 @@ public Builder(RealmInternationalizationArgs defaults) { $ = new RealmInternationalizationArgs(Objects.requireNonNull(defaults)); } - /** - * @param defaultLocale The locale to use by default. This locale code must be present within the `supported_locales` list. - * - * @return builder - * - */ public Builder defaultLocale(Output defaultLocale) { $.defaultLocale = defaultLocale; return this; } - /** - * @param defaultLocale The locale to use by default. This locale code must be present within the `supported_locales` list. - * - * @return builder - * - */ public Builder defaultLocale(String defaultLocale) { return defaultLocale(Output.of(defaultLocale)); } - /** - * @param supportedLocales A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - * - * @return builder - * - */ public Builder supportedLocales(Output> supportedLocales) { $.supportedLocales = supportedLocales; return this; } - /** - * @param supportedLocales A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - * - * @return builder - * - */ public Builder supportedLocales(List supportedLocales) { return supportedLocales(Output.of(supportedLocales)); } - /** - * @param supportedLocales A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - * - * @return builder - * - */ public Builder supportedLocales(String... supportedLocales) { return supportedLocales(List.of(supportedLocales)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmOtpPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmOtpPolicyArgs.java index 4458ab56..06f57f8a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmOtpPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmOtpPolicyArgs.java @@ -17,89 +17,57 @@ public final class RealmOtpPolicyArgs extends com.pulumi.resources.ResourceArgs public static final RealmOtpPolicyArgs Empty = new RealmOtpPolicyArgs(); /** - * What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + * What hashing algorithm should be used to generate the OTP. * */ @Import(name="algorithm") private @Nullable Output algorithm; /** - * @return What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + * @return What hashing algorithm should be used to generate the OTP. * */ public Optional> algorithm() { return Optional.ofNullable(this.algorithm); } - /** - * How many digits the OTP have. Defaults to `6`. - * - */ @Import(name="digits") private @Nullable Output digits; - /** - * @return How many digits the OTP have. Defaults to `6`. - * - */ public Optional> digits() { return Optional.ofNullable(this.digits); } - /** - * What should the initial counter value be. Defaults to `2`. - * - */ @Import(name="initialCounter") private @Nullable Output initialCounter; - /** - * @return What should the initial counter value be. Defaults to `2`. - * - */ public Optional> initialCounter() { return Optional.ofNullable(this.initialCounter); } - /** - * How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - * - */ @Import(name="lookAheadWindow") private @Nullable Output lookAheadWindow; - /** - * @return How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - * - */ public Optional> lookAheadWindow() { return Optional.ofNullable(this.lookAheadWindow); } - /** - * How many seconds should an OTP token be valid. Defaults to `30`. - * - */ @Import(name="period") private @Nullable Output period; - /** - * @return How many seconds should an OTP token be valid. Defaults to `30`. - * - */ public Optional> period() { return Optional.ofNullable(this.period); } /** - * One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + * OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password * */ @Import(name="type") private @Nullable Output type; /** - * @return One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + * @return OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password * */ public Optional> type() { @@ -136,7 +104,7 @@ public Builder(RealmOtpPolicyArgs defaults) { } /** - * @param algorithm What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + * @param algorithm What hashing algorithm should be used to generate the OTP. * * @return builder * @@ -147,7 +115,7 @@ public Builder algorithm(@Nullable Output algorithm) { } /** - * @param algorithm What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + * @param algorithm What hashing algorithm should be used to generate the OTP. * * @return builder * @@ -156,92 +124,44 @@ public Builder algorithm(String algorithm) { return algorithm(Output.of(algorithm)); } - /** - * @param digits How many digits the OTP have. Defaults to `6`. - * - * @return builder - * - */ public Builder digits(@Nullable Output digits) { $.digits = digits; return this; } - /** - * @param digits How many digits the OTP have. Defaults to `6`. - * - * @return builder - * - */ public Builder digits(Integer digits) { return digits(Output.of(digits)); } - /** - * @param initialCounter What should the initial counter value be. Defaults to `2`. - * - * @return builder - * - */ public Builder initialCounter(@Nullable Output initialCounter) { $.initialCounter = initialCounter; return this; } - /** - * @param initialCounter What should the initial counter value be. Defaults to `2`. - * - * @return builder - * - */ public Builder initialCounter(Integer initialCounter) { return initialCounter(Output.of(initialCounter)); } - /** - * @param lookAheadWindow How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - * - * @return builder - * - */ public Builder lookAheadWindow(@Nullable Output lookAheadWindow) { $.lookAheadWindow = lookAheadWindow; return this; } - /** - * @param lookAheadWindow How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - * - * @return builder - * - */ public Builder lookAheadWindow(Integer lookAheadWindow) { return lookAheadWindow(Output.of(lookAheadWindow)); } - /** - * @param period How many seconds should an OTP token be valid. Defaults to `30`. - * - * @return builder - * - */ public Builder period(@Nullable Output period) { $.period = period; return this; } - /** - * @param period How many seconds should an OTP token be valid. Defaults to `30`. - * - * @return builder - * - */ public Builder period(Integer period) { return period(Output.of(period)); } /** - * @param type One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + * @param type OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password * * @return builder * @@ -252,7 +172,7 @@ public Builder type(@Nullable Output type) { } /** - * @param type One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + * @param type OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSecurityDefensesBruteForceDetectionArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSecurityDefensesBruteForceDetectionArgs.java index 8373b987..87a132f0 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSecurityDefensesBruteForceDetectionArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSecurityDefensesBruteForceDetectionArgs.java @@ -16,17 +16,9 @@ public final class RealmSecurityDefensesBruteForceDetectionArgs extends com.pulu public static final RealmSecurityDefensesBruteForceDetectionArgs Empty = new RealmSecurityDefensesBruteForceDetectionArgs(); - /** - * When will failure count be reset? - * - */ @Import(name="failureResetTimeSeconds") private @Nullable Output failureResetTimeSeconds; - /** - * @return When will failure count be reset? - * - */ public Optional> failureResetTimeSeconds() { return Optional.ofNullable(this.failureResetTimeSeconds); } @@ -38,79 +30,37 @@ public Optional> maxFailureWaitSeconds() { return Optional.ofNullable(this.maxFailureWaitSeconds); } - /** - * How many failures before wait is triggered. - * - */ @Import(name="maxLoginFailures") private @Nullable Output maxLoginFailures; - /** - * @return How many failures before wait is triggered. - * - */ public Optional> maxLoginFailures() { return Optional.ofNullable(this.maxLoginFailures); } - /** - * How long to wait after a quick login failure. - * - ` max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - * - */ @Import(name="minimumQuickLoginWaitSeconds") private @Nullable Output minimumQuickLoginWaitSeconds; - /** - * @return How long to wait after a quick login failure. - * - ` max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - * - */ public Optional> minimumQuickLoginWaitSeconds() { return Optional.ofNullable(this.minimumQuickLoginWaitSeconds); } - /** - * When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - * - */ @Import(name="permanentLockout") private @Nullable Output permanentLockout; - /** - * @return When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - * - */ public Optional> permanentLockout() { return Optional.ofNullable(this.permanentLockout); } - /** - * Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - * - */ @Import(name="quickLoginCheckMilliSeconds") private @Nullable Output quickLoginCheckMilliSeconds; - /** - * @return Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - * - */ public Optional> quickLoginCheckMilliSeconds() { return Optional.ofNullable(this.quickLoginCheckMilliSeconds); } - /** - * This represents the amount of time a user should be locked out when the login failure threshold has been met. - * - */ @Import(name="waitIncrementSeconds") private @Nullable Output waitIncrementSeconds; - /** - * @return This represents the amount of time a user should be locked out when the login failure threshold has been met. - * - */ public Optional> waitIncrementSeconds() { return Optional.ofNullable(this.waitIncrementSeconds); } @@ -145,23 +95,11 @@ public Builder(RealmSecurityDefensesBruteForceDetectionArgs defaults) { $ = new RealmSecurityDefensesBruteForceDetectionArgs(Objects.requireNonNull(defaults)); } - /** - * @param failureResetTimeSeconds When will failure count be reset? - * - * @return builder - * - */ public Builder failureResetTimeSeconds(@Nullable Output failureResetTimeSeconds) { $.failureResetTimeSeconds = failureResetTimeSeconds; return this; } - /** - * @param failureResetTimeSeconds When will failure count be reset? - * - * @return builder - * - */ public Builder failureResetTimeSeconds(Integer failureResetTimeSeconds) { return failureResetTimeSeconds(Output.of(failureResetTimeSeconds)); } @@ -175,109 +113,47 @@ public Builder maxFailureWaitSeconds(Integer maxFailureWaitSeconds) { return maxFailureWaitSeconds(Output.of(maxFailureWaitSeconds)); } - /** - * @param maxLoginFailures How many failures before wait is triggered. - * - * @return builder - * - */ public Builder maxLoginFailures(@Nullable Output maxLoginFailures) { $.maxLoginFailures = maxLoginFailures; return this; } - /** - * @param maxLoginFailures How many failures before wait is triggered. - * - * @return builder - * - */ public Builder maxLoginFailures(Integer maxLoginFailures) { return maxLoginFailures(Output.of(maxLoginFailures)); } - /** - * @param minimumQuickLoginWaitSeconds How long to wait after a quick login failure. - * - ` max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - * - * @return builder - * - */ public Builder minimumQuickLoginWaitSeconds(@Nullable Output minimumQuickLoginWaitSeconds) { $.minimumQuickLoginWaitSeconds = minimumQuickLoginWaitSeconds; return this; } - /** - * @param minimumQuickLoginWaitSeconds How long to wait after a quick login failure. - * - ` max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - * - * @return builder - * - */ public Builder minimumQuickLoginWaitSeconds(Integer minimumQuickLoginWaitSeconds) { return minimumQuickLoginWaitSeconds(Output.of(minimumQuickLoginWaitSeconds)); } - /** - * @param permanentLockout When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - * - * @return builder - * - */ public Builder permanentLockout(@Nullable Output permanentLockout) { $.permanentLockout = permanentLockout; return this; } - /** - * @param permanentLockout When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - * - * @return builder - * - */ public Builder permanentLockout(Boolean permanentLockout) { return permanentLockout(Output.of(permanentLockout)); } - /** - * @param quickLoginCheckMilliSeconds Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - * - * @return builder - * - */ public Builder quickLoginCheckMilliSeconds(@Nullable Output quickLoginCheckMilliSeconds) { $.quickLoginCheckMilliSeconds = quickLoginCheckMilliSeconds; return this; } - /** - * @param quickLoginCheckMilliSeconds Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - * - * @return builder - * - */ public Builder quickLoginCheckMilliSeconds(Integer quickLoginCheckMilliSeconds) { return quickLoginCheckMilliSeconds(Output.of(quickLoginCheckMilliSeconds)); } - /** - * @param waitIncrementSeconds This represents the amount of time a user should be locked out when the login failure threshold has been met. - * - * @return builder - * - */ public Builder waitIncrementSeconds(@Nullable Output waitIncrementSeconds) { $.waitIncrementSeconds = waitIncrementSeconds; return this; } - /** - * @param waitIncrementSeconds This represents the amount of time a user should be locked out when the login failure threshold has been met. - * - * @return builder - * - */ public Builder waitIncrementSeconds(Integer waitIncrementSeconds) { return waitIncrementSeconds(Output.of(waitIncrementSeconds)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSecurityDefensesHeadersArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSecurityDefensesHeadersArgs.java index 56878953..4f03b42a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSecurityDefensesHeadersArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSecurityDefensesHeadersArgs.java @@ -15,122 +15,58 @@ public final class RealmSecurityDefensesHeadersArgs extends com.pulumi.resources public static final RealmSecurityDefensesHeadersArgs Empty = new RealmSecurityDefensesHeadersArgs(); - /** - * Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - * - */ @Import(name="contentSecurityPolicy") private @Nullable Output contentSecurityPolicy; - /** - * @return Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - * - */ public Optional> contentSecurityPolicy() { return Optional.ofNullable(this.contentSecurityPolicy); } - /** - * Used for testing Content Security Policies. - * - */ @Import(name="contentSecurityPolicyReportOnly") private @Nullable Output contentSecurityPolicyReportOnly; - /** - * @return Used for testing Content Security Policies. - * - */ public Optional> contentSecurityPolicyReportOnly() { return Optional.ofNullable(this.contentSecurityPolicyReportOnly); } - /** - * The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - * - */ @Import(name="referrerPolicy") private @Nullable Output referrerPolicy; - /** - * @return The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - * - */ public Optional> referrerPolicy() { return Optional.ofNullable(this.referrerPolicy); } - /** - * The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - * - */ @Import(name="strictTransportSecurity") private @Nullable Output strictTransportSecurity; - /** - * @return The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - * - */ public Optional> strictTransportSecurity() { return Optional.ofNullable(this.strictTransportSecurity); } - /** - * Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - * - */ @Import(name="xContentTypeOptions") private @Nullable Output xContentTypeOptions; - /** - * @return Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - * - */ public Optional> xContentTypeOptions() { return Optional.ofNullable(this.xContentTypeOptions); } - /** - * Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - * - */ @Import(name="xFrameOptions") private @Nullable Output xFrameOptions; - /** - * @return Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - * - */ public Optional> xFrameOptions() { return Optional.ofNullable(this.xFrameOptions); } - /** - * Prevent pages from appearing in search engines. - * - */ @Import(name="xRobotsTag") private @Nullable Output xRobotsTag; - /** - * @return Prevent pages from appearing in search engines. - * - */ public Optional> xRobotsTag() { return Optional.ofNullable(this.xRobotsTag); } - /** - * This header configures the Cross-site scripting (XSS) filter in your browser. - * - */ @Import(name="xXssProtection") private @Nullable Output xXssProtection; - /** - * @return This header configures the Cross-site scripting (XSS) filter in your browser. - * - */ public Optional> xXssProtection() { return Optional.ofNullable(this.xXssProtection); } @@ -166,170 +102,74 @@ public Builder(RealmSecurityDefensesHeadersArgs defaults) { $ = new RealmSecurityDefensesHeadersArgs(Objects.requireNonNull(defaults)); } - /** - * @param contentSecurityPolicy Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - * - * @return builder - * - */ public Builder contentSecurityPolicy(@Nullable Output contentSecurityPolicy) { $.contentSecurityPolicy = contentSecurityPolicy; return this; } - /** - * @param contentSecurityPolicy Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - * - * @return builder - * - */ public Builder contentSecurityPolicy(String contentSecurityPolicy) { return contentSecurityPolicy(Output.of(contentSecurityPolicy)); } - /** - * @param contentSecurityPolicyReportOnly Used for testing Content Security Policies. - * - * @return builder - * - */ public Builder contentSecurityPolicyReportOnly(@Nullable Output contentSecurityPolicyReportOnly) { $.contentSecurityPolicyReportOnly = contentSecurityPolicyReportOnly; return this; } - /** - * @param contentSecurityPolicyReportOnly Used for testing Content Security Policies. - * - * @return builder - * - */ public Builder contentSecurityPolicyReportOnly(String contentSecurityPolicyReportOnly) { return contentSecurityPolicyReportOnly(Output.of(contentSecurityPolicyReportOnly)); } - /** - * @param referrerPolicy The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - * - * @return builder - * - */ public Builder referrerPolicy(@Nullable Output referrerPolicy) { $.referrerPolicy = referrerPolicy; return this; } - /** - * @param referrerPolicy The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - * - * @return builder - * - */ public Builder referrerPolicy(String referrerPolicy) { return referrerPolicy(Output.of(referrerPolicy)); } - /** - * @param strictTransportSecurity The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - * - * @return builder - * - */ public Builder strictTransportSecurity(@Nullable Output strictTransportSecurity) { $.strictTransportSecurity = strictTransportSecurity; return this; } - /** - * @param strictTransportSecurity The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - * - * @return builder - * - */ public Builder strictTransportSecurity(String strictTransportSecurity) { return strictTransportSecurity(Output.of(strictTransportSecurity)); } - /** - * @param xContentTypeOptions Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - * - * @return builder - * - */ public Builder xContentTypeOptions(@Nullable Output xContentTypeOptions) { $.xContentTypeOptions = xContentTypeOptions; return this; } - /** - * @param xContentTypeOptions Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - * - * @return builder - * - */ public Builder xContentTypeOptions(String xContentTypeOptions) { return xContentTypeOptions(Output.of(xContentTypeOptions)); } - /** - * @param xFrameOptions Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - * - * @return builder - * - */ public Builder xFrameOptions(@Nullable Output xFrameOptions) { $.xFrameOptions = xFrameOptions; return this; } - /** - * @param xFrameOptions Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - * - * @return builder - * - */ public Builder xFrameOptions(String xFrameOptions) { return xFrameOptions(Output.of(xFrameOptions)); } - /** - * @param xRobotsTag Prevent pages from appearing in search engines. - * - * @return builder - * - */ public Builder xRobotsTag(@Nullable Output xRobotsTag) { $.xRobotsTag = xRobotsTag; return this; } - /** - * @param xRobotsTag Prevent pages from appearing in search engines. - * - * @return builder - * - */ public Builder xRobotsTag(String xRobotsTag) { return xRobotsTag(Output.of(xRobotsTag)); } - /** - * @param xXssProtection This header configures the Cross-site scripting (XSS) filter in your browser. - * - * @return builder - * - */ public Builder xXssProtection(@Nullable Output xXssProtection) { $.xXssProtection = xXssProtection; return this; } - /** - * @param xXssProtection This header configures the Cross-site scripting (XSS) filter in your browser. - * - * @return builder - * - */ public Builder xXssProtection(String xXssProtection) { return xXssProtection(Output.of(xXssProtection)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSmtpServerArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSmtpServerArgs.java index 5b2b7968..bb44617c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSmtpServerArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSmtpServerArgs.java @@ -18,152 +18,72 @@ public final class RealmSmtpServerArgs extends com.pulumi.resources.ResourceArgs public static final RealmSmtpServerArgs Empty = new RealmSmtpServerArgs(); - /** - * Enables authentication to the SMTP server. This block supports the following arguments: - * - */ @Import(name="auth") private @Nullable Output auth; - /** - * @return Enables authentication to the SMTP server. This block supports the following arguments: - * - */ public Optional> auth() { return Optional.ofNullable(this.auth); } - /** - * The email address uses for bounces. - * - */ @Import(name="envelopeFrom") private @Nullable Output envelopeFrom; - /** - * @return The email address uses for bounces. - * - */ public Optional> envelopeFrom() { return Optional.ofNullable(this.envelopeFrom); } - /** - * The email address for the sender. - * - */ @Import(name="from", required=true) private Output from; - /** - * @return The email address for the sender. - * - */ public Output from() { return this.from; } - /** - * The display name of the sender email address. - * - */ @Import(name="fromDisplayName") private @Nullable Output fromDisplayName; - /** - * @return The display name of the sender email address. - * - */ public Optional> fromDisplayName() { return Optional.ofNullable(this.fromDisplayName); } - /** - * The host of the SMTP server. - * - */ @Import(name="host", required=true) private Output host; - /** - * @return The host of the SMTP server. - * - */ public Output host() { return this.host; } - /** - * The port of the SMTP server (defaults to 25). - * - */ @Import(name="port") private @Nullable Output port; - /** - * @return The port of the SMTP server (defaults to 25). - * - */ public Optional> port() { return Optional.ofNullable(this.port); } - /** - * The "reply to" email address. - * - */ @Import(name="replyTo") private @Nullable Output replyTo; - /** - * @return The "reply to" email address. - * - */ public Optional> replyTo() { return Optional.ofNullable(this.replyTo); } - /** - * The display name of the "reply to" email address. - * - */ @Import(name="replyToDisplayName") private @Nullable Output replyToDisplayName; - /** - * @return The display name of the "reply to" email address. - * - */ public Optional> replyToDisplayName() { return Optional.ofNullable(this.replyToDisplayName); } - /** - * When `true`, enables SSL. Defaults to `false`. - * - */ @Import(name="ssl") private @Nullable Output ssl; - /** - * @return When `true`, enables SSL. Defaults to `false`. - * - */ public Optional> ssl() { return Optional.ofNullable(this.ssl); } - /** - * When `true`, enables StartTLS. Defaults to `false`. - * - */ @Import(name="starttls") private @Nullable Output starttls; - /** - * @return When `true`, enables StartTLS. Defaults to `false`. - * - */ public Optional> starttls() { return Optional.ofNullable(this.starttls); } @@ -201,212 +121,92 @@ public Builder(RealmSmtpServerArgs defaults) { $ = new RealmSmtpServerArgs(Objects.requireNonNull(defaults)); } - /** - * @param auth Enables authentication to the SMTP server. This block supports the following arguments: - * - * @return builder - * - */ public Builder auth(@Nullable Output auth) { $.auth = auth; return this; } - /** - * @param auth Enables authentication to the SMTP server. This block supports the following arguments: - * - * @return builder - * - */ public Builder auth(RealmSmtpServerAuthArgs auth) { return auth(Output.of(auth)); } - /** - * @param envelopeFrom The email address uses for bounces. - * - * @return builder - * - */ public Builder envelopeFrom(@Nullable Output envelopeFrom) { $.envelopeFrom = envelopeFrom; return this; } - /** - * @param envelopeFrom The email address uses for bounces. - * - * @return builder - * - */ public Builder envelopeFrom(String envelopeFrom) { return envelopeFrom(Output.of(envelopeFrom)); } - /** - * @param from The email address for the sender. - * - * @return builder - * - */ public Builder from(Output from) { $.from = from; return this; } - /** - * @param from The email address for the sender. - * - * @return builder - * - */ public Builder from(String from) { return from(Output.of(from)); } - /** - * @param fromDisplayName The display name of the sender email address. - * - * @return builder - * - */ public Builder fromDisplayName(@Nullable Output fromDisplayName) { $.fromDisplayName = fromDisplayName; return this; } - /** - * @param fromDisplayName The display name of the sender email address. - * - * @return builder - * - */ public Builder fromDisplayName(String fromDisplayName) { return fromDisplayName(Output.of(fromDisplayName)); } - /** - * @param host The host of the SMTP server. - * - * @return builder - * - */ public Builder host(Output host) { $.host = host; return this; } - /** - * @param host The host of the SMTP server. - * - * @return builder - * - */ public Builder host(String host) { return host(Output.of(host)); } - /** - * @param port The port of the SMTP server (defaults to 25). - * - * @return builder - * - */ public Builder port(@Nullable Output port) { $.port = port; return this; } - /** - * @param port The port of the SMTP server (defaults to 25). - * - * @return builder - * - */ public Builder port(String port) { return port(Output.of(port)); } - /** - * @param replyTo The "reply to" email address. - * - * @return builder - * - */ public Builder replyTo(@Nullable Output replyTo) { $.replyTo = replyTo; return this; } - /** - * @param replyTo The "reply to" email address. - * - * @return builder - * - */ public Builder replyTo(String replyTo) { return replyTo(Output.of(replyTo)); } - /** - * @param replyToDisplayName The display name of the "reply to" email address. - * - * @return builder - * - */ public Builder replyToDisplayName(@Nullable Output replyToDisplayName) { $.replyToDisplayName = replyToDisplayName; return this; } - /** - * @param replyToDisplayName The display name of the "reply to" email address. - * - * @return builder - * - */ public Builder replyToDisplayName(String replyToDisplayName) { return replyToDisplayName(Output.of(replyToDisplayName)); } - /** - * @param ssl When `true`, enables SSL. Defaults to `false`. - * - * @return builder - * - */ public Builder ssl(@Nullable Output ssl) { $.ssl = ssl; return this; } - /** - * @param ssl When `true`, enables SSL. Defaults to `false`. - * - * @return builder - * - */ public Builder ssl(Boolean ssl) { return ssl(Output.of(ssl)); } - /** - * @param starttls When `true`, enables StartTLS. Defaults to `false`. - * - * @return builder - * - */ public Builder starttls(@Nullable Output starttls) { $.starttls = starttls; return this; } - /** - * @param starttls When `true`, enables StartTLS. Defaults to `false`. - * - * @return builder - * - */ public Builder starttls(Boolean starttls) { return starttls(Output.of(starttls)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSmtpServerAuthArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSmtpServerAuthArgs.java index 6d432991..e4c84239 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSmtpServerAuthArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmSmtpServerAuthArgs.java @@ -14,32 +14,16 @@ public final class RealmSmtpServerAuthArgs extends com.pulumi.resources.Resource public static final RealmSmtpServerAuthArgs Empty = new RealmSmtpServerAuthArgs(); - /** - * The SMTP server password. - * - */ @Import(name="password", required=true) private Output password; - /** - * @return The SMTP server password. - * - */ public Output password() { return this.password; } - /** - * The SMTP server username. - * - */ @Import(name="username", required=true) private Output username; - /** - * @return The SMTP server username. - * - */ public Output username() { return this.username; } @@ -69,44 +53,20 @@ public Builder(RealmSmtpServerAuthArgs defaults) { $ = new RealmSmtpServerAuthArgs(Objects.requireNonNull(defaults)); } - /** - * @param password The SMTP server password. - * - * @return builder - * - */ public Builder password(Output password) { $.password = password; return this; } - /** - * @param password The SMTP server password. - * - * @return builder - * - */ public Builder password(String password) { return password(Output.of(password)); } - /** - * @param username The SMTP server username. - * - * @return builder - * - */ public Builder username(Output username) { $.username = username; return this; } - /** - * @param username The SMTP server username. - * - * @return builder - * - */ public Builder username(String username) { return username(Output.of(username)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmState.java index 2237fe0c..efa4cbb5 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmState.java @@ -26,165 +26,85 @@ public final class RealmState extends com.pulumi.resources.ResourceArgs { public static final RealmState Empty = new RealmState(); - /** - * The maximum amount of time a client has to finish the authorization code flow. - * - */ @Import(name="accessCodeLifespan") private @Nullable Output accessCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the authorization code flow. - * - */ public Optional> accessCodeLifespan() { return Optional.ofNullable(this.accessCodeLifespan); } - /** - * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - */ @Import(name="accessCodeLifespanLogin") private @Nullable Output accessCodeLifespanLogin; - /** - * @return The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - */ public Optional> accessCodeLifespanLogin() { return Optional.ofNullable(this.accessCodeLifespanLogin); } - /** - * The maximum amount of time a user has to complete login related actions, such as updating a password. - * - */ @Import(name="accessCodeLifespanUserAction") private @Nullable Output accessCodeLifespanUserAction; - /** - * @return The maximum amount of time a user has to complete login related actions, such as updating a password. - * - */ public Optional> accessCodeLifespanUserAction() { return Optional.ofNullable(this.accessCodeLifespanUserAction); } - /** - * The amount of time an access token can be used before it expires. - * - */ @Import(name="accessTokenLifespan") private @Nullable Output accessTokenLifespan; - /** - * @return The amount of time an access token can be used before it expires. - * - */ public Optional> accessTokenLifespan() { return Optional.ofNullable(this.accessTokenLifespan); } - /** - * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - */ @Import(name="accessTokenLifespanForImplicitFlow") private @Nullable Output accessTokenLifespanForImplicitFlow; - /** - * @return The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - */ public Optional> accessTokenLifespanForImplicitFlow() { return Optional.ofNullable(this.accessTokenLifespanForImplicitFlow); } - /** - * Used for account management pages. - * - */ @Import(name="accountTheme") private @Nullable Output accountTheme; - /** - * @return Used for account management pages. - * - */ public Optional> accountTheme() { return Optional.ofNullable(this.accountTheme); } - /** - * The maximum time a user has to use an admin-generated permit before it expires. - * - */ @Import(name="actionTokenGeneratedByAdminLifespan") private @Nullable Output actionTokenGeneratedByAdminLifespan; - /** - * @return The maximum time a user has to use an admin-generated permit before it expires. - * - */ public Optional> actionTokenGeneratedByAdminLifespan() { return Optional.ofNullable(this.actionTokenGeneratedByAdminLifespan); } - /** - * The maximum time a user has to use a user-generated permit before it expires. - * - */ @Import(name="actionTokenGeneratedByUserLifespan") private @Nullable Output actionTokenGeneratedByUserLifespan; - /** - * @return The maximum time a user has to use a user-generated permit before it expires. - * - */ public Optional> actionTokenGeneratedByUserLifespan() { return Optional.ofNullable(this.actionTokenGeneratedByUserLifespan); } - /** - * Used for the admin console. - * - */ @Import(name="adminTheme") private @Nullable Output adminTheme; - /** - * @return Used for the admin console. - * - */ public Optional> adminTheme() { return Optional.ofNullable(this.adminTheme); } - /** - * A map of custom attributes to add to the realm. - * - */ @Import(name="attributes") private @Nullable Output> attributes; - /** - * @return A map of custom attributes to add to the realm. - * - */ public Optional>> attributes() { return Optional.ofNullable(this.attributes); } /** - * The desired flow for browser authentication. Defaults to `browser`. + * Which flow should be used for BrowserFlow * */ @Import(name="browserFlow") private @Nullable Output browserFlow; /** - * @return The desired flow for browser authentication. Defaults to `browser`. + * @return Which flow should be used for BrowserFlow * */ public Optional> browserFlow() { @@ -192,46 +112,30 @@ public Optional> browserFlow() { } /** - * The desired flow for client authentication. Defaults to `clients`. + * Which flow should be used for ClientAuthenticationFlow * */ @Import(name="clientAuthenticationFlow") private @Nullable Output clientAuthenticationFlow; /** - * @return The desired flow for client authentication. Defaults to `clients`. + * @return Which flow should be used for ClientAuthenticationFlow * */ public Optional> clientAuthenticationFlow() { return Optional.ofNullable(this.clientAuthenticationFlow); } - /** - * The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - */ @Import(name="clientSessionIdleTimeout") private @Nullable Output clientSessionIdleTimeout; - /** - * @return The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - */ public Optional> clientSessionIdleTimeout() { return Optional.ofNullable(this.clientSessionIdleTimeout); } - /** - * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - */ @Import(name="clientSessionMaxLifespan") private @Nullable Output clientSessionMaxLifespan; - /** - * @return The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - */ public Optional> clientSessionMaxLifespan() { return Optional.ofNullable(this.clientSessionMaxLifespan); } @@ -250,152 +154,88 @@ public Optional>> defaultOptionalClientScopes() { return Optional.ofNullable(this.defaultOptionalClientScopes); } - /** - * Default algorithm used to sign tokens for the realm. - * - */ @Import(name="defaultSignatureAlgorithm") private @Nullable Output defaultSignatureAlgorithm; - /** - * @return Default algorithm used to sign tokens for the realm. - * - */ public Optional> defaultSignatureAlgorithm() { return Optional.ofNullable(this.defaultSignatureAlgorithm); } /** - * The desired flow for direct access authentication. Defaults to `direct grant`. + * Which flow should be used for DirectGrantFlow * */ @Import(name="directGrantFlow") private @Nullable Output directGrantFlow; /** - * @return The desired flow for direct access authentication. Defaults to `direct grant`. + * @return Which flow should be used for DirectGrantFlow * */ public Optional> directGrantFlow() { return Optional.ofNullable(this.directGrantFlow); } - /** - * The display name for the realm that is shown when logging in to the admin console. - * - */ @Import(name="displayName") private @Nullable Output displayName; - /** - * @return The display name for the realm that is shown when logging in to the admin console. - * - */ public Optional> displayName() { return Optional.ofNullable(this.displayName); } - /** - * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - */ @Import(name="displayNameHtml") private @Nullable Output displayNameHtml; - /** - * @return The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - */ public Optional> displayNameHtml() { return Optional.ofNullable(this.displayNameHtml); } /** - * The desired flow for Docker authentication. Defaults to `docker auth`. + * Which flow should be used for DockerAuthenticationFlow * */ @Import(name="dockerAuthenticationFlow") private @Nullable Output dockerAuthenticationFlow; /** - * @return The desired flow for Docker authentication. Defaults to `docker auth`. + * @return Which flow should be used for DockerAuthenticationFlow * */ public Optional> dockerAuthenticationFlow() { return Optional.ofNullable(this.dockerAuthenticationFlow); } - /** - * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - */ @Import(name="duplicateEmailsAllowed") private @Nullable Output duplicateEmailsAllowed; - /** - * @return When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - */ public Optional> duplicateEmailsAllowed() { return Optional.ofNullable(this.duplicateEmailsAllowed); } - /** - * When true, the username field is editable. - * - */ @Import(name="editUsernameAllowed") private @Nullable Output editUsernameAllowed; - /** - * @return When true, the username field is editable. - * - */ public Optional> editUsernameAllowed() { return Optional.ofNullable(this.editUsernameAllowed); } - /** - * Used for emails that are sent by Keycloak. - * - */ @Import(name="emailTheme") private @Nullable Output emailTheme; - /** - * @return Used for emails that are sent by Keycloak. - * - */ public Optional> emailTheme() { return Optional.ofNullable(this.emailTheme); } - /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - */ @Import(name="enabled") private @Nullable Output enabled; - /** - * @return When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - */ public Optional> enabled() { return Optional.ofNullable(this.enabled); } - /** - * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - */ @Import(name="internalId") private @Nullable Output internalId; - /** - * @return When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - */ public Optional> internalId() { return Optional.ofNullable(this.internalId); } @@ -407,111 +247,51 @@ public Optional> internationalization() { return Optional.ofNullable(this.internationalization); } - /** - * Used for the login, forgot password, and registration pages. - * - */ @Import(name="loginTheme") private @Nullable Output loginTheme; - /** - * @return Used for the login, forgot password, and registration pages. - * - */ public Optional> loginTheme() { return Optional.ofNullable(this.loginTheme); } - /** - * When true, users may log in with their email address. - * - */ @Import(name="loginWithEmailAllowed") private @Nullable Output loginWithEmailAllowed; - /** - * @return When true, users may log in with their email address. - * - */ public Optional> loginWithEmailAllowed() { return Optional.ofNullable(this.loginWithEmailAllowed); } - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - */ @Import(name="oauth2DeviceCodeLifespan") private @Nullable Output oauth2DeviceCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - */ public Optional> oauth2DeviceCodeLifespan() { return Optional.ofNullable(this.oauth2DeviceCodeLifespan); } - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ @Import(name="oauth2DevicePollingInterval") private @Nullable Output oauth2DevicePollingInterval; - /** - * @return The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ public Optional> oauth2DevicePollingInterval() { return Optional.ofNullable(this.oauth2DevicePollingInterval); } - /** - * The amount of time an offline session can be idle before it expires. - * - */ @Import(name="offlineSessionIdleTimeout") private @Nullable Output offlineSessionIdleTimeout; - /** - * @return The amount of time an offline session can be idle before it expires. - * - */ public Optional> offlineSessionIdleTimeout() { return Optional.ofNullable(this.offlineSessionIdleTimeout); } - /** - * The maximum amount of time before an offline session expires regardless of activity. - * - */ @Import(name="offlineSessionMaxLifespan") private @Nullable Output offlineSessionMaxLifespan; - /** - * @return The maximum amount of time before an offline session expires regardless of activity. - * - */ public Optional> offlineSessionMaxLifespan() { return Optional.ofNullable(this.offlineSessionMaxLifespan); } - /** - * Enable `offline_session_max_lifespan`. - * - */ @Import(name="offlineSessionMaxLifespanEnabled") private @Nullable Output offlineSessionMaxLifespanEnabled; - /** - * @return Enable `offline_session_max_lifespan`. - * - */ public Optional> offlineSessionMaxLifespanEnabled() { return Optional.ofNullable(this.offlineSessionMaxLifespanEnabled); } @@ -524,159 +304,99 @@ public Optional> otpPolicy() { } /** - * The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * */ @Import(name="passwordPolicy") private @Nullable Output passwordPolicy; /** - * @return The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * @return String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * */ public Optional> passwordPolicy() { return Optional.ofNullable(this.passwordPolicy); } - /** - * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - */ @Import(name="realm") private @Nullable Output realm; - /** - * @return The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - */ public Optional> realm() { return Optional.ofNullable(this.realm); } - /** - * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - */ @Import(name="refreshTokenMaxReuse") private @Nullable Output refreshTokenMaxReuse; - /** - * @return Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - */ public Optional> refreshTokenMaxReuse() { return Optional.ofNullable(this.refreshTokenMaxReuse); } - /** - * When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - */ @Import(name="registrationAllowed") private @Nullable Output registrationAllowed; - /** - * @return When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - */ public Optional> registrationAllowed() { return Optional.ofNullable(this.registrationAllowed); } - /** - * When true, the user's email will be used as their username during registration. - * - */ @Import(name="registrationEmailAsUsername") private @Nullable Output registrationEmailAsUsername; - /** - * @return When true, the user's email will be used as their username during registration. - * - */ public Optional> registrationEmailAsUsername() { return Optional.ofNullable(this.registrationEmailAsUsername); } /** - * The desired flow for user registration. Defaults to `registration`. + * Which flow should be used for RegistrationFlow * */ @Import(name="registrationFlow") private @Nullable Output registrationFlow; /** - * @return The desired flow for user registration. Defaults to `registration`. + * @return Which flow should be used for RegistrationFlow * */ public Optional> registrationFlow() { return Optional.ofNullable(this.registrationFlow); } - /** - * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - */ @Import(name="rememberMe") private @Nullable Output rememberMe; - /** - * @return When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - */ public Optional> rememberMe() { return Optional.ofNullable(this.rememberMe); } /** - * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * Which flow should be used for ResetCredentialsFlow * */ @Import(name="resetCredentialsFlow") private @Nullable Output resetCredentialsFlow; /** - * @return The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * @return Which flow should be used for ResetCredentialsFlow * */ public Optional> resetCredentialsFlow() { return Optional.ofNullable(this.resetCredentialsFlow); } - /** - * When true, a "forgot password" link will be displayed on the login page. - * - */ @Import(name="resetPasswordAllowed") private @Nullable Output resetPasswordAllowed; - /** - * @return When true, a "forgot password" link will be displayed on the login page. - * - */ public Optional> resetPasswordAllowed() { return Optional.ofNullable(this.resetPasswordAllowed); } - /** - * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - */ @Import(name="revokeRefreshToken") private @Nullable Output revokeRefreshToken; - /** - * @return If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - */ public Optional> revokeRefreshToken() { return Optional.ofNullable(this.revokeRefreshToken); } @@ -696,140 +416,72 @@ public Optional> smtpServer() { } /** - * Can be one of following values: 'none, 'external' or 'all' + * SSL Required: Values can be 'none', 'external' or 'all'. * */ @Import(name="sslRequired") private @Nullable Output sslRequired; /** - * @return Can be one of following values: 'none, 'external' or 'all' + * @return SSL Required: Values can be 'none', 'external' or 'all'. * */ public Optional> sslRequired() { return Optional.ofNullable(this.sslRequired); } - /** - * The amount of time a session can be idle before it expires. - * - */ @Import(name="ssoSessionIdleTimeout") private @Nullable Output ssoSessionIdleTimeout; - /** - * @return The amount of time a session can be idle before it expires. - * - */ public Optional> ssoSessionIdleTimeout() { return Optional.ofNullable(this.ssoSessionIdleTimeout); } - /** - * Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - */ @Import(name="ssoSessionIdleTimeoutRememberMe") private @Nullable Output ssoSessionIdleTimeoutRememberMe; - /** - * @return Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - */ public Optional> ssoSessionIdleTimeoutRememberMe() { return Optional.ofNullable(this.ssoSessionIdleTimeoutRememberMe); } - /** - * The maximum amount of time before a session expires regardless of activity. - * - */ @Import(name="ssoSessionMaxLifespan") private @Nullable Output ssoSessionMaxLifespan; - /** - * @return The maximum amount of time before a session expires regardless of activity. - * - */ public Optional> ssoSessionMaxLifespan() { return Optional.ofNullable(this.ssoSessionMaxLifespan); } - /** - * Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - */ @Import(name="ssoSessionMaxLifespanRememberMe") private @Nullable Output ssoSessionMaxLifespanRememberMe; - /** - * @return Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - */ public Optional> ssoSessionMaxLifespanRememberMe() { return Optional.ofNullable(this.ssoSessionMaxLifespanRememberMe); } - /** - * When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - */ @Import(name="userManagedAccess") private @Nullable Output userManagedAccess; - /** - * @return When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - */ public Optional> userManagedAccess() { return Optional.ofNullable(this.userManagedAccess); } - /** - * When true, users are required to verify their email address after registration and after email address changes. - * - */ @Import(name="verifyEmail") private @Nullable Output verifyEmail; - /** - * @return When true, users are required to verify their email address after registration and after email address changes. - * - */ public Optional> verifyEmail() { return Optional.ofNullable(this.verifyEmail); } - /** - * Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - */ @Import(name="webAuthnPasswordlessPolicy") private @Nullable Output webAuthnPasswordlessPolicy; - /** - * @return Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - */ public Optional> webAuthnPasswordlessPolicy() { return Optional.ofNullable(this.webAuthnPasswordlessPolicy); } - /** - * Configuration for WebAuthn Policy authentication. - * - */ @Import(name="webAuthnPolicy") private @Nullable Output webAuthnPolicy; - /** - * @return Configuration for WebAuthn Policy authentication. - * - */ public Optional> webAuthnPolicy() { return Optional.ofNullable(this.webAuthnPolicy); } @@ -913,218 +565,98 @@ public Builder(RealmState defaults) { $ = new RealmState(Objects.requireNonNull(defaults)); } - /** - * @param accessCodeLifespan The maximum amount of time a client has to finish the authorization code flow. - * - * @return builder - * - */ public Builder accessCodeLifespan(@Nullable Output accessCodeLifespan) { $.accessCodeLifespan = accessCodeLifespan; return this; } - /** - * @param accessCodeLifespan The maximum amount of time a client has to finish the authorization code flow. - * - * @return builder - * - */ public Builder accessCodeLifespan(String accessCodeLifespan) { return accessCodeLifespan(Output.of(accessCodeLifespan)); } - /** - * @param accessCodeLifespanLogin The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - * @return builder - * - */ public Builder accessCodeLifespanLogin(@Nullable Output accessCodeLifespanLogin) { $.accessCodeLifespanLogin = accessCodeLifespanLogin; return this; } - /** - * @param accessCodeLifespanLogin The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - * - * @return builder - * - */ public Builder accessCodeLifespanLogin(String accessCodeLifespanLogin) { return accessCodeLifespanLogin(Output.of(accessCodeLifespanLogin)); } - /** - * @param accessCodeLifespanUserAction The maximum amount of time a user has to complete login related actions, such as updating a password. - * - * @return builder - * - */ public Builder accessCodeLifespanUserAction(@Nullable Output accessCodeLifespanUserAction) { $.accessCodeLifespanUserAction = accessCodeLifespanUserAction; return this; } - /** - * @param accessCodeLifespanUserAction The maximum amount of time a user has to complete login related actions, such as updating a password. - * - * @return builder - * - */ public Builder accessCodeLifespanUserAction(String accessCodeLifespanUserAction) { return accessCodeLifespanUserAction(Output.of(accessCodeLifespanUserAction)); } - /** - * @param accessTokenLifespan The amount of time an access token can be used before it expires. - * - * @return builder - * - */ public Builder accessTokenLifespan(@Nullable Output accessTokenLifespan) { $.accessTokenLifespan = accessTokenLifespan; return this; } - /** - * @param accessTokenLifespan The amount of time an access token can be used before it expires. - * - * @return builder - * - */ public Builder accessTokenLifespan(String accessTokenLifespan) { return accessTokenLifespan(Output.of(accessTokenLifespan)); } - /** - * @param accessTokenLifespanForImplicitFlow The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - * @return builder - * - */ public Builder accessTokenLifespanForImplicitFlow(@Nullable Output accessTokenLifespanForImplicitFlow) { $.accessTokenLifespanForImplicitFlow = accessTokenLifespanForImplicitFlow; return this; } - /** - * @param accessTokenLifespanForImplicitFlow The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - * - * @return builder - * - */ public Builder accessTokenLifespanForImplicitFlow(String accessTokenLifespanForImplicitFlow) { return accessTokenLifespanForImplicitFlow(Output.of(accessTokenLifespanForImplicitFlow)); } - /** - * @param accountTheme Used for account management pages. - * - * @return builder - * - */ public Builder accountTheme(@Nullable Output accountTheme) { $.accountTheme = accountTheme; return this; } - /** - * @param accountTheme Used for account management pages. - * - * @return builder - * - */ public Builder accountTheme(String accountTheme) { return accountTheme(Output.of(accountTheme)); } - /** - * @param actionTokenGeneratedByAdminLifespan The maximum time a user has to use an admin-generated permit before it expires. - * - * @return builder - * - */ public Builder actionTokenGeneratedByAdminLifespan(@Nullable Output actionTokenGeneratedByAdminLifespan) { $.actionTokenGeneratedByAdminLifespan = actionTokenGeneratedByAdminLifespan; return this; } - /** - * @param actionTokenGeneratedByAdminLifespan The maximum time a user has to use an admin-generated permit before it expires. - * - * @return builder - * - */ public Builder actionTokenGeneratedByAdminLifespan(String actionTokenGeneratedByAdminLifespan) { return actionTokenGeneratedByAdminLifespan(Output.of(actionTokenGeneratedByAdminLifespan)); } - /** - * @param actionTokenGeneratedByUserLifespan The maximum time a user has to use a user-generated permit before it expires. - * - * @return builder - * - */ public Builder actionTokenGeneratedByUserLifespan(@Nullable Output actionTokenGeneratedByUserLifespan) { $.actionTokenGeneratedByUserLifespan = actionTokenGeneratedByUserLifespan; return this; } - /** - * @param actionTokenGeneratedByUserLifespan The maximum time a user has to use a user-generated permit before it expires. - * - * @return builder - * - */ public Builder actionTokenGeneratedByUserLifespan(String actionTokenGeneratedByUserLifespan) { return actionTokenGeneratedByUserLifespan(Output.of(actionTokenGeneratedByUserLifespan)); } - /** - * @param adminTheme Used for the admin console. - * - * @return builder - * - */ public Builder adminTheme(@Nullable Output adminTheme) { $.adminTheme = adminTheme; return this; } - /** - * @param adminTheme Used for the admin console. - * - * @return builder - * - */ public Builder adminTheme(String adminTheme) { return adminTheme(Output.of(adminTheme)); } - /** - * @param attributes A map of custom attributes to add to the realm. - * - * @return builder - * - */ public Builder attributes(@Nullable Output> attributes) { $.attributes = attributes; return this; } - /** - * @param attributes A map of custom attributes to add to the realm. - * - * @return builder - * - */ public Builder attributes(Map attributes) { return attributes(Output.of(attributes)); } /** - * @param browserFlow The desired flow for browser authentication. Defaults to `browser`. + * @param browserFlow Which flow should be used for BrowserFlow * * @return builder * @@ -1135,7 +667,7 @@ public Builder browserFlow(@Nullable Output browserFlow) { } /** - * @param browserFlow The desired flow for browser authentication. Defaults to `browser`. + * @param browserFlow Which flow should be used for BrowserFlow * * @return builder * @@ -1145,7 +677,7 @@ public Builder browserFlow(String browserFlow) { } /** - * @param clientAuthenticationFlow The desired flow for client authentication. Defaults to `clients`. + * @param clientAuthenticationFlow Which flow should be used for ClientAuthenticationFlow * * @return builder * @@ -1156,7 +688,7 @@ public Builder clientAuthenticationFlow(@Nullable Output clientAuthentic } /** - * @param clientAuthenticationFlow The desired flow for client authentication. Defaults to `clients`. + * @param clientAuthenticationFlow Which flow should be used for ClientAuthenticationFlow * * @return builder * @@ -1165,44 +697,20 @@ public Builder clientAuthenticationFlow(String clientAuthenticationFlow) { return clientAuthenticationFlow(Output.of(clientAuthenticationFlow)); } - /** - * @param clientSessionIdleTimeout The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - * @return builder - * - */ public Builder clientSessionIdleTimeout(@Nullable Output clientSessionIdleTimeout) { $.clientSessionIdleTimeout = clientSessionIdleTimeout; return this; } - /** - * @param clientSessionIdleTimeout The amount of time a session can be idle before it expires. Users can override it for individual clients. - * - * @return builder - * - */ public Builder clientSessionIdleTimeout(String clientSessionIdleTimeout) { return clientSessionIdleTimeout(Output.of(clientSessionIdleTimeout)); } - /** - * @param clientSessionMaxLifespan The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - * @return builder - * - */ public Builder clientSessionMaxLifespan(@Nullable Output clientSessionMaxLifespan) { $.clientSessionMaxLifespan = clientSessionMaxLifespan; return this; } - /** - * @param clientSessionMaxLifespan The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - * - * @return builder - * - */ public Builder clientSessionMaxLifespan(String clientSessionMaxLifespan) { return clientSessionMaxLifespan(Output.of(clientSessionMaxLifespan)); } @@ -1233,29 +741,17 @@ public Builder defaultOptionalClientScopes(String... defaultOptionalClientScopes return defaultOptionalClientScopes(List.of(defaultOptionalClientScopes)); } - /** - * @param defaultSignatureAlgorithm Default algorithm used to sign tokens for the realm. - * - * @return builder - * - */ public Builder defaultSignatureAlgorithm(@Nullable Output defaultSignatureAlgorithm) { $.defaultSignatureAlgorithm = defaultSignatureAlgorithm; return this; } - /** - * @param defaultSignatureAlgorithm Default algorithm used to sign tokens for the realm. - * - * @return builder - * - */ public Builder defaultSignatureAlgorithm(String defaultSignatureAlgorithm) { return defaultSignatureAlgorithm(Output.of(defaultSignatureAlgorithm)); } /** - * @param directGrantFlow The desired flow for direct access authentication. Defaults to `direct grant`. + * @param directGrantFlow Which flow should be used for DirectGrantFlow * * @return builder * @@ -1266,7 +762,7 @@ public Builder directGrantFlow(@Nullable Output directGrantFlow) { } /** - * @param directGrantFlow The desired flow for direct access authentication. Defaults to `direct grant`. + * @param directGrantFlow Which flow should be used for DirectGrantFlow * * @return builder * @@ -1275,50 +771,26 @@ public Builder directGrantFlow(String directGrantFlow) { return directGrantFlow(Output.of(directGrantFlow)); } - /** - * @param displayName The display name for the realm that is shown when logging in to the admin console. - * - * @return builder - * - */ public Builder displayName(@Nullable Output displayName) { $.displayName = displayName; return this; } - /** - * @param displayName The display name for the realm that is shown when logging in to the admin console. - * - * @return builder - * - */ public Builder displayName(String displayName) { return displayName(Output.of(displayName)); } - /** - * @param displayNameHtml The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - * @return builder - * - */ public Builder displayNameHtml(@Nullable Output displayNameHtml) { $.displayNameHtml = displayNameHtml; return this; } - /** - * @param displayNameHtml The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - * - * @return builder - * - */ public Builder displayNameHtml(String displayNameHtml) { return displayNameHtml(Output.of(displayNameHtml)); } /** - * @param dockerAuthenticationFlow The desired flow for Docker authentication. Defaults to `docker auth`. + * @param dockerAuthenticationFlow Which flow should be used for DockerAuthenticationFlow * * @return builder * @@ -1329,7 +801,7 @@ public Builder dockerAuthenticationFlow(@Nullable Output dockerAuthentic } /** - * @param dockerAuthenticationFlow The desired flow for Docker authentication. Defaults to `docker auth`. + * @param dockerAuthenticationFlow Which flow should be used for DockerAuthenticationFlow * * @return builder * @@ -1338,107 +810,47 @@ public Builder dockerAuthenticationFlow(String dockerAuthenticationFlow) { return dockerAuthenticationFlow(Output.of(dockerAuthenticationFlow)); } - /** - * @param duplicateEmailsAllowed When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - * @return builder - * - */ public Builder duplicateEmailsAllowed(@Nullable Output duplicateEmailsAllowed) { $.duplicateEmailsAllowed = duplicateEmailsAllowed; return this; } - /** - * @param duplicateEmailsAllowed When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - * - * @return builder - * - */ public Builder duplicateEmailsAllowed(Boolean duplicateEmailsAllowed) { return duplicateEmailsAllowed(Output.of(duplicateEmailsAllowed)); } - /** - * @param editUsernameAllowed When true, the username field is editable. - * - * @return builder - * - */ public Builder editUsernameAllowed(@Nullable Output editUsernameAllowed) { $.editUsernameAllowed = editUsernameAllowed; return this; } - /** - * @param editUsernameAllowed When true, the username field is editable. - * - * @return builder - * - */ public Builder editUsernameAllowed(Boolean editUsernameAllowed) { return editUsernameAllowed(Output.of(editUsernameAllowed)); } - /** - * @param emailTheme Used for emails that are sent by Keycloak. - * - * @return builder - * - */ public Builder emailTheme(@Nullable Output emailTheme) { $.emailTheme = emailTheme; return this; } - /** - * @param emailTheme Used for emails that are sent by Keycloak. - * - * @return builder - * - */ public Builder emailTheme(String emailTheme) { return emailTheme(Output.of(emailTheme)); } - /** - * @param enabled When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(@Nullable Output enabled) { $.enabled = enabled; return this; } - /** - * @param enabled When `false`, users and clients will not be able to access this realm. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(Boolean enabled) { return enabled(Output.of(enabled)); } - /** - * @param internalId When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - * @return builder - * - */ public Builder internalId(@Nullable Output internalId) { $.internalId = internalId; return this; } - /** - * @param internalId When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - * - * @return builder - * - */ public Builder internalId(String internalId) { return internalId(Output.of(internalId)); } @@ -1452,153 +864,65 @@ public Builder internationalization(RealmInternationalizationArgs internationali return internationalization(Output.of(internationalization)); } - /** - * @param loginTheme Used for the login, forgot password, and registration pages. - * - * @return builder - * - */ public Builder loginTheme(@Nullable Output loginTheme) { $.loginTheme = loginTheme; return this; } - /** - * @param loginTheme Used for the login, forgot password, and registration pages. - * - * @return builder - * - */ public Builder loginTheme(String loginTheme) { return loginTheme(Output.of(loginTheme)); } - /** - * @param loginWithEmailAllowed When true, users may log in with their email address. - * - * @return builder - * - */ public Builder loginWithEmailAllowed(@Nullable Output loginWithEmailAllowed) { $.loginWithEmailAllowed = loginWithEmailAllowed; return this; } - /** - * @param loginWithEmailAllowed When true, users may log in with their email address. - * - * @return builder - * - */ public Builder loginWithEmailAllowed(Boolean loginWithEmailAllowed) { return loginWithEmailAllowed(Output.of(loginWithEmailAllowed)); } - /** - * @param oauth2DeviceCodeLifespan The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - * @return builder - * - */ public Builder oauth2DeviceCodeLifespan(@Nullable Output oauth2DeviceCodeLifespan) { $.oauth2DeviceCodeLifespan = oauth2DeviceCodeLifespan; return this; } - /** - * @param oauth2DeviceCodeLifespan The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - * - * @return builder - * - */ public Builder oauth2DeviceCodeLifespan(String oauth2DeviceCodeLifespan) { return oauth2DeviceCodeLifespan(Output.of(oauth2DeviceCodeLifespan)); } - /** - * @param oauth2DevicePollingInterval The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - * @return builder - * - */ public Builder oauth2DevicePollingInterval(@Nullable Output oauth2DevicePollingInterval) { $.oauth2DevicePollingInterval = oauth2DevicePollingInterval; return this; } - /** - * @param oauth2DevicePollingInterval The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - * @return builder - * - */ public Builder oauth2DevicePollingInterval(Integer oauth2DevicePollingInterval) { return oauth2DevicePollingInterval(Output.of(oauth2DevicePollingInterval)); } - /** - * @param offlineSessionIdleTimeout The amount of time an offline session can be idle before it expires. - * - * @return builder - * - */ public Builder offlineSessionIdleTimeout(@Nullable Output offlineSessionIdleTimeout) { $.offlineSessionIdleTimeout = offlineSessionIdleTimeout; return this; } - /** - * @param offlineSessionIdleTimeout The amount of time an offline session can be idle before it expires. - * - * @return builder - * - */ public Builder offlineSessionIdleTimeout(String offlineSessionIdleTimeout) { return offlineSessionIdleTimeout(Output.of(offlineSessionIdleTimeout)); } - /** - * @param offlineSessionMaxLifespan The maximum amount of time before an offline session expires regardless of activity. - * - * @return builder - * - */ public Builder offlineSessionMaxLifespan(@Nullable Output offlineSessionMaxLifespan) { $.offlineSessionMaxLifespan = offlineSessionMaxLifespan; return this; } - /** - * @param offlineSessionMaxLifespan The maximum amount of time before an offline session expires regardless of activity. - * - * @return builder - * - */ public Builder offlineSessionMaxLifespan(String offlineSessionMaxLifespan) { return offlineSessionMaxLifespan(Output.of(offlineSessionMaxLifespan)); } - /** - * @param offlineSessionMaxLifespanEnabled Enable `offline_session_max_lifespan`. - * - * @return builder - * - */ public Builder offlineSessionMaxLifespanEnabled(@Nullable Output offlineSessionMaxLifespanEnabled) { $.offlineSessionMaxLifespanEnabled = offlineSessionMaxLifespanEnabled; return this; } - /** - * @param offlineSessionMaxLifespanEnabled Enable `offline_session_max_lifespan`. - * - * @return builder - * - */ public Builder offlineSessionMaxLifespanEnabled(Boolean offlineSessionMaxLifespanEnabled) { return offlineSessionMaxLifespanEnabled(Output.of(offlineSessionMaxLifespanEnabled)); } @@ -1613,9 +937,9 @@ public Builder otpPolicy(RealmOtpPolicyArgs otpPolicy) { } /** - * @param passwordPolicy The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * @param passwordPolicy String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * * @return builder * @@ -1626,9 +950,9 @@ public Builder passwordPolicy(@Nullable Output passwordPolicy) { } /** - * @param passwordPolicy The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * @param passwordPolicy String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" * * @return builder * @@ -1637,96 +961,44 @@ public Builder passwordPolicy(String passwordPolicy) { return passwordPolicy(Output.of(passwordPolicy)); } - /** - * @param realm The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - * @return builder - * - */ public Builder realm(@Nullable Output realm) { $.realm = realm; return this; } - /** - * @param realm The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - * - * @return builder - * - */ public Builder realm(String realm) { return realm(Output.of(realm)); } - /** - * @param refreshTokenMaxReuse Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - * @return builder - * - */ public Builder refreshTokenMaxReuse(@Nullable Output refreshTokenMaxReuse) { $.refreshTokenMaxReuse = refreshTokenMaxReuse; return this; } - /** - * @param refreshTokenMaxReuse Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - * - * @return builder - * - */ public Builder refreshTokenMaxReuse(Integer refreshTokenMaxReuse) { return refreshTokenMaxReuse(Output.of(refreshTokenMaxReuse)); } - /** - * @param registrationAllowed When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - * @return builder - * - */ public Builder registrationAllowed(@Nullable Output registrationAllowed) { $.registrationAllowed = registrationAllowed; return this; } - /** - * @param registrationAllowed When true, user registration will be enabled, and a link for registration will be displayed on the login page. - * - * @return builder - * - */ public Builder registrationAllowed(Boolean registrationAllowed) { return registrationAllowed(Output.of(registrationAllowed)); } - /** - * @param registrationEmailAsUsername When true, the user's email will be used as their username during registration. - * - * @return builder - * - */ public Builder registrationEmailAsUsername(@Nullable Output registrationEmailAsUsername) { $.registrationEmailAsUsername = registrationEmailAsUsername; return this; } - /** - * @param registrationEmailAsUsername When true, the user's email will be used as their username during registration. - * - * @return builder - * - */ public Builder registrationEmailAsUsername(Boolean registrationEmailAsUsername) { return registrationEmailAsUsername(Output.of(registrationEmailAsUsername)); } /** - * @param registrationFlow The desired flow for user registration. Defaults to `registration`. + * @param registrationFlow Which flow should be used for RegistrationFlow * * @return builder * @@ -1737,7 +1009,7 @@ public Builder registrationFlow(@Nullable Output registrationFlow) { } /** - * @param registrationFlow The desired flow for user registration. Defaults to `registration`. + * @param registrationFlow Which flow should be used for RegistrationFlow * * @return builder * @@ -1746,29 +1018,17 @@ public Builder registrationFlow(String registrationFlow) { return registrationFlow(Output.of(registrationFlow)); } - /** - * @param rememberMe When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - * @return builder - * - */ public Builder rememberMe(@Nullable Output rememberMe) { $.rememberMe = rememberMe; return this; } - /** - * @param rememberMe When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - * - * @return builder - * - */ public Builder rememberMe(Boolean rememberMe) { return rememberMe(Output.of(rememberMe)); } /** - * @param resetCredentialsFlow The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * @param resetCredentialsFlow Which flow should be used for ResetCredentialsFlow * * @return builder * @@ -1779,7 +1039,7 @@ public Builder resetCredentialsFlow(@Nullable Output resetCredentialsFlo } /** - * @param resetCredentialsFlow The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * @param resetCredentialsFlow Which flow should be used for ResetCredentialsFlow * * @return builder * @@ -1788,44 +1048,20 @@ public Builder resetCredentialsFlow(String resetCredentialsFlow) { return resetCredentialsFlow(Output.of(resetCredentialsFlow)); } - /** - * @param resetPasswordAllowed When true, a "forgot password" link will be displayed on the login page. - * - * @return builder - * - */ public Builder resetPasswordAllowed(@Nullable Output resetPasswordAllowed) { $.resetPasswordAllowed = resetPasswordAllowed; return this; } - /** - * @param resetPasswordAllowed When true, a "forgot password" link will be displayed on the login page. - * - * @return builder - * - */ public Builder resetPasswordAllowed(Boolean resetPasswordAllowed) { return resetPasswordAllowed(Output.of(resetPasswordAllowed)); } - /** - * @param revokeRefreshToken If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - * @return builder - * - */ public Builder revokeRefreshToken(@Nullable Output revokeRefreshToken) { $.revokeRefreshToken = revokeRefreshToken; return this; } - /** - * @param revokeRefreshToken If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - * - * @return builder - * - */ public Builder revokeRefreshToken(Boolean revokeRefreshToken) { return revokeRefreshToken(Output.of(revokeRefreshToken)); } @@ -1849,7 +1085,7 @@ public Builder smtpServer(RealmSmtpServerArgs smtpServer) { } /** - * @param sslRequired Can be one of following values: 'none, 'external' or 'all' + * @param sslRequired SSL Required: Values can be 'none', 'external' or 'all'. * * @return builder * @@ -1860,7 +1096,7 @@ public Builder sslRequired(@Nullable Output sslRequired) { } /** - * @param sslRequired Can be one of following values: 'none, 'external' or 'all' + * @param sslRequired SSL Required: Values can be 'none', 'external' or 'all'. * * @return builder * @@ -1869,174 +1105,74 @@ public Builder sslRequired(String sslRequired) { return sslRequired(Output.of(sslRequired)); } - /** - * @param ssoSessionIdleTimeout The amount of time a session can be idle before it expires. - * - * @return builder - * - */ public Builder ssoSessionIdleTimeout(@Nullable Output ssoSessionIdleTimeout) { $.ssoSessionIdleTimeout = ssoSessionIdleTimeout; return this; } - /** - * @param ssoSessionIdleTimeout The amount of time a session can be idle before it expires. - * - * @return builder - * - */ public Builder ssoSessionIdleTimeout(String ssoSessionIdleTimeout) { return ssoSessionIdleTimeout(Output.of(ssoSessionIdleTimeout)); } - /** - * @param ssoSessionIdleTimeoutRememberMe Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - * @return builder - * - */ public Builder ssoSessionIdleTimeoutRememberMe(@Nullable Output ssoSessionIdleTimeoutRememberMe) { $.ssoSessionIdleTimeoutRememberMe = ssoSessionIdleTimeoutRememberMe; return this; } - /** - * @param ssoSessionIdleTimeoutRememberMe Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - * - * @return builder - * - */ public Builder ssoSessionIdleTimeoutRememberMe(String ssoSessionIdleTimeoutRememberMe) { return ssoSessionIdleTimeoutRememberMe(Output.of(ssoSessionIdleTimeoutRememberMe)); } - /** - * @param ssoSessionMaxLifespan The maximum amount of time before a session expires regardless of activity. - * - * @return builder - * - */ public Builder ssoSessionMaxLifespan(@Nullable Output ssoSessionMaxLifespan) { $.ssoSessionMaxLifespan = ssoSessionMaxLifespan; return this; } - /** - * @param ssoSessionMaxLifespan The maximum amount of time before a session expires regardless of activity. - * - * @return builder - * - */ public Builder ssoSessionMaxLifespan(String ssoSessionMaxLifespan) { return ssoSessionMaxLifespan(Output.of(ssoSessionMaxLifespan)); } - /** - * @param ssoSessionMaxLifespanRememberMe Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - * @return builder - * - */ public Builder ssoSessionMaxLifespanRememberMe(@Nullable Output ssoSessionMaxLifespanRememberMe) { $.ssoSessionMaxLifespanRememberMe = ssoSessionMaxLifespanRememberMe; return this; } - /** - * @param ssoSessionMaxLifespanRememberMe Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - * - * @return builder - * - */ public Builder ssoSessionMaxLifespanRememberMe(String ssoSessionMaxLifespanRememberMe) { return ssoSessionMaxLifespanRememberMe(Output.of(ssoSessionMaxLifespanRememberMe)); } - /** - * @param userManagedAccess When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - * @return builder - * - */ public Builder userManagedAccess(@Nullable Output userManagedAccess) { $.userManagedAccess = userManagedAccess; return this; } - /** - * @param userManagedAccess When `true`, users are allowed to manage their own resources. Defaults to `false`. - * - * @return builder - * - */ public Builder userManagedAccess(Boolean userManagedAccess) { return userManagedAccess(Output.of(userManagedAccess)); } - /** - * @param verifyEmail When true, users are required to verify their email address after registration and after email address changes. - * - * @return builder - * - */ public Builder verifyEmail(@Nullable Output verifyEmail) { $.verifyEmail = verifyEmail; return this; } - /** - * @param verifyEmail When true, users are required to verify their email address after registration and after email address changes. - * - * @return builder - * - */ public Builder verifyEmail(Boolean verifyEmail) { return verifyEmail(Output.of(verifyEmail)); } - /** - * @param webAuthnPasswordlessPolicy Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - * @return builder - * - */ public Builder webAuthnPasswordlessPolicy(@Nullable Output webAuthnPasswordlessPolicy) { $.webAuthnPasswordlessPolicy = webAuthnPasswordlessPolicy; return this; } - /** - * @param webAuthnPasswordlessPolicy Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - * - * @return builder - * - */ public Builder webAuthnPasswordlessPolicy(RealmWebAuthnPasswordlessPolicyArgs webAuthnPasswordlessPolicy) { return webAuthnPasswordlessPolicy(Output.of(webAuthnPasswordlessPolicy)); } - /** - * @param webAuthnPolicy Configuration for WebAuthn Policy authentication. - * - * @return builder - * - */ public Builder webAuthnPolicy(@Nullable Output webAuthnPolicy) { $.webAuthnPolicy = webAuthnPolicy; return this; } - /** - * @param webAuthnPolicy Configuration for WebAuthn Policy authentication. - * - * @return builder - * - */ public Builder webAuthnPolicy(RealmWebAuthnPolicyArgs webAuthnPolicy) { return webAuthnPolicy(Output.of(webAuthnPolicy)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPasswordlessPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPasswordlessPolicyArgs.java index de9c8f60..32d3753f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPasswordlessPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPasswordlessPolicyArgs.java @@ -18,30 +18,22 @@ public final class RealmWebAuthnPasswordlessPolicyArgs extends com.pulumi.resour public static final RealmWebAuthnPasswordlessPolicyArgs Empty = new RealmWebAuthnPasswordlessPolicyArgs(); - /** - * A set of AAGUIDs for which an authenticator can be registered. - * - */ @Import(name="acceptableAaguids") private @Nullable Output> acceptableAaguids; - /** - * @return A set of AAGUIDs for which an authenticator can be registered. - * - */ public Optional>> acceptableAaguids() { return Optional.ofNullable(this.acceptableAaguids); } /** - * The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * Either none, indirect or direct * */ @Import(name="attestationConveyancePreference") private @Nullable Output attestationConveyancePreference; /** - * @return The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @return Either none, indirect or direct * */ public Optional> attestationConveyancePreference() { @@ -49,89 +41,57 @@ public Optional> attestationConveyancePreference() { } /** - * The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * Either platform or cross-platform * */ @Import(name="authenticatorAttachment") private @Nullable Output authenticatorAttachment; /** - * @return The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @return Either platform or cross-platform * */ public Optional> authenticatorAttachment() { return Optional.ofNullable(this.authenticatorAttachment); } - /** - * When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - */ @Import(name="avoidSameAuthenticatorRegister") private @Nullable Output avoidSameAuthenticatorRegister; - /** - * @return When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - */ public Optional> avoidSameAuthenticatorRegister() { return Optional.ofNullable(this.avoidSameAuthenticatorRegister); } - /** - * The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - */ @Import(name="createTimeout") private @Nullable Output createTimeout; - /** - * @return The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - */ public Optional> createTimeout() { return Optional.ofNullable(this.createTimeout); } - /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - */ @Import(name="relyingPartyEntityName") private @Nullable Output relyingPartyEntityName; - /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - */ public Optional> relyingPartyEntityName() { return Optional.ofNullable(this.relyingPartyEntityName); } - /** - * The WebAuthn relying party ID. - * - */ @Import(name="relyingPartyId") private @Nullable Output relyingPartyId; - /** - * @return The WebAuthn relying party ID. - * - */ public Optional> relyingPartyId() { return Optional.ofNullable(this.relyingPartyId); } /** - * Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * Either Yes or No * */ @Import(name="requireResidentKey") private @Nullable Output requireResidentKey; /** - * @return Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @return Either Yes or No * */ public Optional> requireResidentKey() { @@ -139,14 +99,14 @@ public Optional> requireResidentKey() { } /** - * A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * */ @Import(name="signatureAlgorithms") private @Nullable Output> signatureAlgorithms; /** - * @return A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @return Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * */ public Optional>> signatureAlgorithms() { @@ -154,14 +114,14 @@ public Optional>> signatureAlgorithms() { } /** - * Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * Either required, preferred or discouraged * */ @Import(name="userVerificationRequirement") private @Nullable Output userVerificationRequirement; /** - * @return Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @return Either required, preferred or discouraged * */ public Optional> userVerificationRequirement() { @@ -201,39 +161,21 @@ public Builder(RealmWebAuthnPasswordlessPolicyArgs defaults) { $ = new RealmWebAuthnPasswordlessPolicyArgs(Objects.requireNonNull(defaults)); } - /** - * @param acceptableAaguids A set of AAGUIDs for which an authenticator can be registered. - * - * @return builder - * - */ public Builder acceptableAaguids(@Nullable Output> acceptableAaguids) { $.acceptableAaguids = acceptableAaguids; return this; } - /** - * @param acceptableAaguids A set of AAGUIDs for which an authenticator can be registered. - * - * @return builder - * - */ public Builder acceptableAaguids(List acceptableAaguids) { return acceptableAaguids(Output.of(acceptableAaguids)); } - /** - * @param acceptableAaguids A set of AAGUIDs for which an authenticator can be registered. - * - * @return builder - * - */ public Builder acceptableAaguids(String... acceptableAaguids) { return acceptableAaguids(List.of(acceptableAaguids)); } /** - * @param attestationConveyancePreference The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @param attestationConveyancePreference Either none, indirect or direct * * @return builder * @@ -244,7 +186,7 @@ public Builder attestationConveyancePreference(@Nullable Output attestat } /** - * @param attestationConveyancePreference The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @param attestationConveyancePreference Either none, indirect or direct * * @return builder * @@ -254,7 +196,7 @@ public Builder attestationConveyancePreference(String attestationConveyancePrefe } /** - * @param authenticatorAttachment The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @param authenticatorAttachment Either platform or cross-platform * * @return builder * @@ -265,7 +207,7 @@ public Builder authenticatorAttachment(@Nullable Output authenticatorAtt } /** - * @param authenticatorAttachment The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @param authenticatorAttachment Either platform or cross-platform * * @return builder * @@ -274,92 +216,44 @@ public Builder authenticatorAttachment(String authenticatorAttachment) { return authenticatorAttachment(Output.of(authenticatorAttachment)); } - /** - * @param avoidSameAuthenticatorRegister When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - * @return builder - * - */ public Builder avoidSameAuthenticatorRegister(@Nullable Output avoidSameAuthenticatorRegister) { $.avoidSameAuthenticatorRegister = avoidSameAuthenticatorRegister; return this; } - /** - * @param avoidSameAuthenticatorRegister When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - * @return builder - * - */ public Builder avoidSameAuthenticatorRegister(Boolean avoidSameAuthenticatorRegister) { return avoidSameAuthenticatorRegister(Output.of(avoidSameAuthenticatorRegister)); } - /** - * @param createTimeout The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - * @return builder - * - */ public Builder createTimeout(@Nullable Output createTimeout) { $.createTimeout = createTimeout; return this; } - /** - * @param createTimeout The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - * @return builder - * - */ public Builder createTimeout(Integer createTimeout) { return createTimeout(Output.of(createTimeout)); } - /** - * @param relyingPartyEntityName A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - * @return builder - * - */ public Builder relyingPartyEntityName(@Nullable Output relyingPartyEntityName) { $.relyingPartyEntityName = relyingPartyEntityName; return this; } - /** - * @param relyingPartyEntityName A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - * @return builder - * - */ public Builder relyingPartyEntityName(String relyingPartyEntityName) { return relyingPartyEntityName(Output.of(relyingPartyEntityName)); } - /** - * @param relyingPartyId The WebAuthn relying party ID. - * - * @return builder - * - */ public Builder relyingPartyId(@Nullable Output relyingPartyId) { $.relyingPartyId = relyingPartyId; return this; } - /** - * @param relyingPartyId The WebAuthn relying party ID. - * - * @return builder - * - */ public Builder relyingPartyId(String relyingPartyId) { return relyingPartyId(Output.of(relyingPartyId)); } /** - * @param requireResidentKey Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @param requireResidentKey Either Yes or No * * @return builder * @@ -370,7 +264,7 @@ public Builder requireResidentKey(@Nullable Output requireResidentKey) { } /** - * @param requireResidentKey Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @param requireResidentKey Either Yes or No * * @return builder * @@ -380,7 +274,7 @@ public Builder requireResidentKey(String requireResidentKey) { } /** - * @param signatureAlgorithms A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @param signatureAlgorithms Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * * @return builder * @@ -391,7 +285,7 @@ public Builder signatureAlgorithms(@Nullable Output> signatureAlgor } /** - * @param signatureAlgorithms A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @param signatureAlgorithms Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * * @return builder * @@ -401,7 +295,7 @@ public Builder signatureAlgorithms(List signatureAlgorithms) { } /** - * @param signatureAlgorithms A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @param signatureAlgorithms Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * * @return builder * @@ -411,7 +305,7 @@ public Builder signatureAlgorithms(String... signatureAlgorithms) { } /** - * @param userVerificationRequirement Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @param userVerificationRequirement Either required, preferred or discouraged * * @return builder * @@ -422,7 +316,7 @@ public Builder userVerificationRequirement(@Nullable Output userVerifica } /** - * @param userVerificationRequirement Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @param userVerificationRequirement Either required, preferred or discouraged * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPolicyArgs.java index 65b4d847..c747d7bc 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPolicyArgs.java @@ -18,30 +18,22 @@ public final class RealmWebAuthnPolicyArgs extends com.pulumi.resources.Resource public static final RealmWebAuthnPolicyArgs Empty = new RealmWebAuthnPolicyArgs(); - /** - * A set of AAGUIDs for which an authenticator can be registered. - * - */ @Import(name="acceptableAaguids") private @Nullable Output> acceptableAaguids; - /** - * @return A set of AAGUIDs for which an authenticator can be registered. - * - */ public Optional>> acceptableAaguids() { return Optional.ofNullable(this.acceptableAaguids); } /** - * The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * Either none, indirect or direct * */ @Import(name="attestationConveyancePreference") private @Nullable Output attestationConveyancePreference; /** - * @return The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @return Either none, indirect or direct * */ public Optional> attestationConveyancePreference() { @@ -49,89 +41,57 @@ public Optional> attestationConveyancePreference() { } /** - * The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * Either platform or cross-platform * */ @Import(name="authenticatorAttachment") private @Nullable Output authenticatorAttachment; /** - * @return The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @return Either platform or cross-platform * */ public Optional> authenticatorAttachment() { return Optional.ofNullable(this.authenticatorAttachment); } - /** - * When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - */ @Import(name="avoidSameAuthenticatorRegister") private @Nullable Output avoidSameAuthenticatorRegister; - /** - * @return When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - */ public Optional> avoidSameAuthenticatorRegister() { return Optional.ofNullable(this.avoidSameAuthenticatorRegister); } - /** - * The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - */ @Import(name="createTimeout") private @Nullable Output createTimeout; - /** - * @return The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - */ public Optional> createTimeout() { return Optional.ofNullable(this.createTimeout); } - /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - */ @Import(name="relyingPartyEntityName") private @Nullable Output relyingPartyEntityName; - /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - */ public Optional> relyingPartyEntityName() { return Optional.ofNullable(this.relyingPartyEntityName); } - /** - * The WebAuthn relying party ID. - * - */ @Import(name="relyingPartyId") private @Nullable Output relyingPartyId; - /** - * @return The WebAuthn relying party ID. - * - */ public Optional> relyingPartyId() { return Optional.ofNullable(this.relyingPartyId); } /** - * Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * Either Yes or No * */ @Import(name="requireResidentKey") private @Nullable Output requireResidentKey; /** - * @return Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @return Either Yes or No * */ public Optional> requireResidentKey() { @@ -139,14 +99,14 @@ public Optional> requireResidentKey() { } /** - * A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * */ @Import(name="signatureAlgorithms") private @Nullable Output> signatureAlgorithms; /** - * @return A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @return Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * */ public Optional>> signatureAlgorithms() { @@ -154,14 +114,14 @@ public Optional>> signatureAlgorithms() { } /** - * Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * Either required, preferred or discouraged * */ @Import(name="userVerificationRequirement") private @Nullable Output userVerificationRequirement; /** - * @return Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @return Either required, preferred or discouraged * */ public Optional> userVerificationRequirement() { @@ -201,39 +161,21 @@ public Builder(RealmWebAuthnPolicyArgs defaults) { $ = new RealmWebAuthnPolicyArgs(Objects.requireNonNull(defaults)); } - /** - * @param acceptableAaguids A set of AAGUIDs for which an authenticator can be registered. - * - * @return builder - * - */ public Builder acceptableAaguids(@Nullable Output> acceptableAaguids) { $.acceptableAaguids = acceptableAaguids; return this; } - /** - * @param acceptableAaguids A set of AAGUIDs for which an authenticator can be registered. - * - * @return builder - * - */ public Builder acceptableAaguids(List acceptableAaguids) { return acceptableAaguids(Output.of(acceptableAaguids)); } - /** - * @param acceptableAaguids A set of AAGUIDs for which an authenticator can be registered. - * - * @return builder - * - */ public Builder acceptableAaguids(String... acceptableAaguids) { return acceptableAaguids(List.of(acceptableAaguids)); } /** - * @param attestationConveyancePreference The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @param attestationConveyancePreference Either none, indirect or direct * * @return builder * @@ -244,7 +186,7 @@ public Builder attestationConveyancePreference(@Nullable Output attestat } /** - * @param attestationConveyancePreference The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @param attestationConveyancePreference Either none, indirect or direct * * @return builder * @@ -254,7 +196,7 @@ public Builder attestationConveyancePreference(String attestationConveyancePrefe } /** - * @param authenticatorAttachment The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @param authenticatorAttachment Either platform or cross-platform * * @return builder * @@ -265,7 +207,7 @@ public Builder authenticatorAttachment(@Nullable Output authenticatorAtt } /** - * @param authenticatorAttachment The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @param authenticatorAttachment Either platform or cross-platform * * @return builder * @@ -274,92 +216,44 @@ public Builder authenticatorAttachment(String authenticatorAttachment) { return authenticatorAttachment(Output.of(authenticatorAttachment)); } - /** - * @param avoidSameAuthenticatorRegister When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - * @return builder - * - */ public Builder avoidSameAuthenticatorRegister(@Nullable Output avoidSameAuthenticatorRegister) { $.avoidSameAuthenticatorRegister = avoidSameAuthenticatorRegister; return this; } - /** - * @param avoidSameAuthenticatorRegister When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - * @return builder - * - */ public Builder avoidSameAuthenticatorRegister(Boolean avoidSameAuthenticatorRegister) { return avoidSameAuthenticatorRegister(Output.of(avoidSameAuthenticatorRegister)); } - /** - * @param createTimeout The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - * @return builder - * - */ public Builder createTimeout(@Nullable Output createTimeout) { $.createTimeout = createTimeout; return this; } - /** - * @param createTimeout The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - * @return builder - * - */ public Builder createTimeout(Integer createTimeout) { return createTimeout(Output.of(createTimeout)); } - /** - * @param relyingPartyEntityName A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - * @return builder - * - */ public Builder relyingPartyEntityName(@Nullable Output relyingPartyEntityName) { $.relyingPartyEntityName = relyingPartyEntityName; return this; } - /** - * @param relyingPartyEntityName A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - * @return builder - * - */ public Builder relyingPartyEntityName(String relyingPartyEntityName) { return relyingPartyEntityName(Output.of(relyingPartyEntityName)); } - /** - * @param relyingPartyId The WebAuthn relying party ID. - * - * @return builder - * - */ public Builder relyingPartyId(@Nullable Output relyingPartyId) { $.relyingPartyId = relyingPartyId; return this; } - /** - * @param relyingPartyId The WebAuthn relying party ID. - * - * @return builder - * - */ public Builder relyingPartyId(String relyingPartyId) { return relyingPartyId(Output.of(relyingPartyId)); } /** - * @param requireResidentKey Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @param requireResidentKey Either Yes or No * * @return builder * @@ -370,7 +264,7 @@ public Builder requireResidentKey(@Nullable Output requireResidentKey) { } /** - * @param requireResidentKey Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @param requireResidentKey Either Yes or No * * @return builder * @@ -380,7 +274,7 @@ public Builder requireResidentKey(String requireResidentKey) { } /** - * @param signatureAlgorithms A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @param signatureAlgorithms Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * * @return builder * @@ -391,7 +285,7 @@ public Builder signatureAlgorithms(@Nullable Output> signatureAlgor } /** - * @param signatureAlgorithms A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @param signatureAlgorithms Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * * @return builder * @@ -401,7 +295,7 @@ public Builder signatureAlgorithms(List signatureAlgorithms) { } /** - * @param signatureAlgorithms A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @param signatureAlgorithms Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * * @return builder * @@ -411,7 +305,7 @@ public Builder signatureAlgorithms(String... signatureAlgorithms) { } /** - * @param userVerificationRequirement Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @param userVerificationRequirement Either required, preferred or discouraged * * @return builder * @@ -422,7 +316,7 @@ public Builder userVerificationRequirement(@Nullable Output userVerifica } /** - * @param userVerificationRequirement Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @param userVerificationRequirement Either required, preferred or discouraged * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RoleState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RoleState.java index c2f2805d..f6bb18d9 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RoleState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RoleState.java @@ -18,92 +18,44 @@ public final class RoleState extends com.pulumi.resources.ResourceArgs { public static final RoleState Empty = new RoleState(); - /** - * A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Import(name="attributes") private @Nullable Output> attributes; - /** - * @return A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Optional>> attributes() { return Optional.ofNullable(this.attributes); } - /** - * When specified, this role will be created as a client role attached to the client with the provided ID - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return When specified, this role will be created as a client role attached to the client with the provided ID - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - */ @Import(name="compositeRoles") private @Nullable Output> compositeRoles; - /** - * @return When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - */ public Optional>> compositeRoles() { return Optional.ofNullable(this.compositeRoles); } - /** - * The description of the role - * - */ @Import(name="description") private @Nullable Output description; - /** - * @return The description of the role - * - */ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * The name of the role - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The name of the role - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The realm this role exists within. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this role exists within. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } @@ -137,138 +89,60 @@ public Builder(RoleState defaults) { $ = new RoleState(Objects.requireNonNull(defaults)); } - /** - * @param attributes A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(@Nullable Output> attributes) { $.attributes = attributes; return this; } - /** - * @param attributes A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(Map attributes) { return attributes(Output.of(attributes)); } - /** - * @param clientId When specified, this role will be created as a client role attached to the client with the provided ID - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId When specified, this role will be created as a client role attached to the client with the provided ID - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param compositeRoles When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - * @return builder - * - */ public Builder compositeRoles(@Nullable Output> compositeRoles) { $.compositeRoles = compositeRoles; return this; } - /** - * @param compositeRoles When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - * @return builder - * - */ public Builder compositeRoles(List compositeRoles) { return compositeRoles(Output.of(compositeRoles)); } - /** - * @param compositeRoles When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - * - * @return builder - * - */ public Builder compositeRoles(String... compositeRoles) { return compositeRoles(List.of(compositeRoles)); } - /** - * @param description The description of the role - * - * @return builder - * - */ public Builder description(@Nullable Output description) { $.description = description; return this; } - /** - * @param description The description of the role - * - * @return builder - * - */ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param name The name of the role - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The name of the role - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this role exists within. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this role exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserFederatedIdentityArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserFederatedIdentityArgs.java index 659f006a..90346415 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserFederatedIdentityArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserFederatedIdentityArgs.java @@ -14,47 +14,23 @@ public final class UserFederatedIdentityArgs extends com.pulumi.resources.Resour public static final UserFederatedIdentityArgs Empty = new UserFederatedIdentityArgs(); - /** - * The name of the identity provider - * - */ @Import(name="identityProvider", required=true) private Output identityProvider; - /** - * @return The name of the identity provider - * - */ public Output identityProvider() { return this.identityProvider; } - /** - * The ID of the user defined in the identity provider - * - */ @Import(name="userId", required=true) private Output userId; - /** - * @return The ID of the user defined in the identity provider - * - */ public Output userId() { return this.userId; } - /** - * The user name of the user defined in the identity provider - * - */ @Import(name="userName", required=true) private Output userName; - /** - * @return The user name of the user defined in the identity provider - * - */ public Output userName() { return this.userName; } @@ -85,65 +61,29 @@ public Builder(UserFederatedIdentityArgs defaults) { $ = new UserFederatedIdentityArgs(Objects.requireNonNull(defaults)); } - /** - * @param identityProvider The name of the identity provider - * - * @return builder - * - */ public Builder identityProvider(Output identityProvider) { $.identityProvider = identityProvider; return this; } - /** - * @param identityProvider The name of the identity provider - * - * @return builder - * - */ public Builder identityProvider(String identityProvider) { return identityProvider(Output.of(identityProvider)); } - /** - * @param userId The ID of the user defined in the identity provider - * - * @return builder - * - */ public Builder userId(Output userId) { $.userId = userId; return this; } - /** - * @param userId The ID of the user defined in the identity provider - * - * @return builder - * - */ public Builder userId(String userId) { return userId(Output.of(userId)); } - /** - * @param userName The user name of the user defined in the identity provider - * - * @return builder - * - */ public Builder userName(Output userName) { $.userName = userName; return this; } - /** - * @param userName The user name of the user defined in the identity provider - * - * @return builder - * - */ public Builder userName(String userName) { return userName(Output.of(userName)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserInitialPasswordArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserInitialPasswordArgs.java index 0e74f368..aaeae9dc 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserInitialPasswordArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserInitialPasswordArgs.java @@ -17,32 +17,16 @@ public final class UserInitialPasswordArgs extends com.pulumi.resources.Resource public static final UserInitialPasswordArgs Empty = new UserInitialPasswordArgs(); - /** - * If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - * - */ @Import(name="temporary") private @Nullable Output temporary; - /** - * @return If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - * - */ public Optional> temporary() { return Optional.ofNullable(this.temporary); } - /** - * The initial password. - * - */ @Import(name="value", required=true) private Output value; - /** - * @return The initial password. - * - */ public Output value() { return this.value; } @@ -72,44 +56,20 @@ public Builder(UserInitialPasswordArgs defaults) { $ = new UserInitialPasswordArgs(Objects.requireNonNull(defaults)); } - /** - * @param temporary If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - * - * @return builder - * - */ public Builder temporary(@Nullable Output temporary) { $.temporary = temporary; return this; } - /** - * @param temporary If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - * - * @return builder - * - */ public Builder temporary(Boolean temporary) { return temporary(Output.of(temporary)); } - /** - * @param value The initial password. - * - * @return builder - * - */ public Builder value(Output value) { $.value = value; return this; } - /** - * @param value The initial password. - * - * @return builder - * - */ public Builder value(String value) { return value(Output.of(value)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserState.java index 2e903e07..ccee4503 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserState.java @@ -21,167 +21,79 @@ public final class UserState extends com.pulumi.resources.ResourceArgs { public static final UserState Empty = new UserState(); - /** - * A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ @Import(name="attributes") private @Nullable Output> attributes; - /** - * @return A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - */ public Optional>> attributes() { return Optional.ofNullable(this.attributes); } - /** - * The user's email. - * - */ @Import(name="email") private @Nullable Output email; - /** - * @return The user's email. - * - */ public Optional> email() { return Optional.ofNullable(this.email); } - /** - * Whether the email address was validated or not. Default to `false`. - * - */ @Import(name="emailVerified") private @Nullable Output emailVerified; - /** - * @return Whether the email address was validated or not. Default to `false`. - * - */ public Optional> emailVerified() { return Optional.ofNullable(this.emailVerified); } - /** - * When false, this user cannot log in. Defaults to `true`. - * - */ @Import(name="enabled") private @Nullable Output enabled; - /** - * @return When false, this user cannot log in. Defaults to `true`. - * - */ public Optional> enabled() { return Optional.ofNullable(this.enabled); } - /** - * When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - */ @Import(name="federatedIdentities") private @Nullable Output> federatedIdentities; - /** - * @return When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - */ public Optional>> federatedIdentities() { return Optional.ofNullable(this.federatedIdentities); } - /** - * The user's first name. - * - */ @Import(name="firstName") private @Nullable Output firstName; - /** - * @return The user's first name. - * - */ public Optional> firstName() { return Optional.ofNullable(this.firstName); } - /** - * When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - */ @Import(name="initialPassword") private @Nullable Output initialPassword; - /** - * @return When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - */ public Optional> initialPassword() { return Optional.ofNullable(this.initialPassword); } - /** - * The user's last name. - * - */ @Import(name="lastName") private @Nullable Output lastName; - /** - * @return The user's last name. - * - */ public Optional> lastName() { return Optional.ofNullable(this.lastName); } - /** - * The realm this user belongs to. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this user belongs to. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * A list of required user actions. - * - */ @Import(name="requiredActions") private @Nullable Output> requiredActions; - /** - * @return A list of required user actions. - * - */ public Optional>> requiredActions() { return Optional.ofNullable(this.requiredActions); } - /** - * The unique username of this user. - * - */ @Import(name="username") private @Nullable Output username; - /** - * @return The unique username of this user. - * - */ public Optional> username() { return Optional.ofNullable(this.username); } @@ -220,253 +132,109 @@ public Builder(UserState defaults) { $ = new UserState(Objects.requireNonNull(defaults)); } - /** - * @param attributes A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(@Nullable Output> attributes) { $.attributes = attributes; return this; } - /** - * @param attributes A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - * - * @return builder - * - */ public Builder attributes(Map attributes) { return attributes(Output.of(attributes)); } - /** - * @param email The user's email. - * - * @return builder - * - */ public Builder email(@Nullable Output email) { $.email = email; return this; } - /** - * @param email The user's email. - * - * @return builder - * - */ public Builder email(String email) { return email(Output.of(email)); } - /** - * @param emailVerified Whether the email address was validated or not. Default to `false`. - * - * @return builder - * - */ public Builder emailVerified(@Nullable Output emailVerified) { $.emailVerified = emailVerified; return this; } - /** - * @param emailVerified Whether the email address was validated or not. Default to `false`. - * - * @return builder - * - */ public Builder emailVerified(Boolean emailVerified) { return emailVerified(Output.of(emailVerified)); } - /** - * @param enabled When false, this user cannot log in. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(@Nullable Output enabled) { $.enabled = enabled; return this; } - /** - * @param enabled When false, this user cannot log in. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(Boolean enabled) { return enabled(Output.of(enabled)); } - /** - * @param federatedIdentities When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - * @return builder - * - */ public Builder federatedIdentities(@Nullable Output> federatedIdentities) { $.federatedIdentities = federatedIdentities; return this; } - /** - * @param federatedIdentities When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - * @return builder - * - */ public Builder federatedIdentities(List federatedIdentities) { return federatedIdentities(Output.of(federatedIdentities)); } - /** - * @param federatedIdentities When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - * - * @return builder - * - */ public Builder federatedIdentities(UserFederatedIdentityArgs... federatedIdentities) { return federatedIdentities(List.of(federatedIdentities)); } - /** - * @param firstName The user's first name. - * - * @return builder - * - */ public Builder firstName(@Nullable Output firstName) { $.firstName = firstName; return this; } - /** - * @param firstName The user's first name. - * - * @return builder - * - */ public Builder firstName(String firstName) { return firstName(Output.of(firstName)); } - /** - * @param initialPassword When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - * @return builder - * - */ public Builder initialPassword(@Nullable Output initialPassword) { $.initialPassword = initialPassword; return this; } - /** - * @param initialPassword When given, the user's initial password will be set. This attribute is only respected during initial user creation. - * - * @return builder - * - */ public Builder initialPassword(UserInitialPasswordArgs initialPassword) { return initialPassword(Output.of(initialPassword)); } - /** - * @param lastName The user's last name. - * - * @return builder - * - */ public Builder lastName(@Nullable Output lastName) { $.lastName = lastName; return this; } - /** - * @param lastName The user's last name. - * - * @return builder - * - */ public Builder lastName(String lastName) { return lastName(Output.of(lastName)); } - /** - * @param realmId The realm this user belongs to. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this user belongs to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param requiredActions A list of required user actions. - * - * @return builder - * - */ public Builder requiredActions(@Nullable Output> requiredActions) { $.requiredActions = requiredActions; return this; } - /** - * @param requiredActions A list of required user actions. - * - * @return builder - * - */ public Builder requiredActions(List requiredActions) { return requiredActions(Output.of(requiredActions)); } - /** - * @param requiredActions A list of required user actions. - * - * @return builder - * - */ public Builder requiredActions(String... requiredActions) { return requiredActions(List.of(requiredActions)); } - /** - * @param username The unique username of this user. - * - * @return builder - * - */ public Builder username(@Nullable Output username) { $.username = username; return this; } - /** - * @param username The unique username of this user. - * - * @return builder - * - */ public Builder username(String username) { return username(Output.of(username)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/CustomMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/CustomMapper.java index 4f993a0c..3e8d77da 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/CustomMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/CustomMapper.java @@ -26,6 +26,8 @@ * The custom mapper should already be deployed into keycloak in order to be correctly configured. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -84,16 +86,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapper.java index 083f9883..e62d41f3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapper.java @@ -16,12 +16,17 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing full name mappers for Keycloak users federated via LDAP. + * ## # keycloak.ldap.FullNameMapper * - * The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a - * Keycloak user. + * Allows for creating and managing full name mappers for Keycloak users federated + * via LDAP. * - * ## Example Usage + * The LDAP full name mapper can map a user's full name from an LDAP attribute + * to the first and last name attributes of a Keycloak user. + * + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -48,132 +53,112 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("test") * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .realmId(realm.id()) - * .usernameLdapAttribute("cn") + * .bindCredential("admin") + * .bindDn("cn=admin,dc=example,dc=org") + * .connectionUrl("ldap://openldap") * .rdnLdapAttribute("cn") - * .uuidLdapAttribute("entryDN") + * .realmId(realm.id()) * .userObjectClasses( * "simpleSecurityObject", * "organizationalRole") - * .connectionUrl("ldap://openldap") + * .usernameLdapAttribute("cn") * .usersDn("dc=example,dc=org") - * .bindDn("cn=admin,dc=example,dc=org") - * .bindCredential("admin") + * .uuidLdapAttribute("entryDN") * .build()); * * var ldapFullNameMapper = new FullNameMapper("ldapFullNameMapper", FullNameMapperArgs.builder() - * .realmId(realm.id()) - * .ldapUserFederationId(ldapUserFederation.id()) * .ldapFullNameAttribute("cn") + * .ldapUserFederationId(ldapUserFederation.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import - * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * ### Argument Reference * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The following arguments are supported: * - * Example: + * - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + * - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `ldap_full_name_attribute` - (Required) The name of the LDAP attribute containing the user's full name. + * - `read_only` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. + * - `write_only` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: * */ @ResourceType(type="keycloak:ldap/fullNameMapper:FullNameMapper") public class FullNameMapper extends com.pulumi.resources.CustomResource { - /** - * The name of the LDAP attribute containing the user's full name. - * - */ @Export(name="ldapFullNameAttribute", refs={String.class}, tree="[0]") private Output ldapFullNameAttribute; - /** - * @return The name of the LDAP attribute containing the user's full name. - * - */ public Output ldapFullNameAttribute() { return this.ldapFullNameAttribute; } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Export(name="ldapUserFederationId", refs={String.class}, tree="[0]") private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { return this.ldapUserFederationId; } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Output name() { return this.name; } - /** - * When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - */ @Export(name="readOnly", refs={Boolean.class}, tree="[0]") private Output readOnly; - /** - * @return When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - */ public Output> readOnly() { return Codegen.optional(this.readOnly); } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { return this.realmId; } - /** - * When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - */ @Export(name="writeOnly", refs={Boolean.class}, tree="[0]") private Output writeOnly; - /** - * @return When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - */ public Output> writeOnly() { return Codegen.optional(this.writeOnly); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapperArgs.java index ea700ef2..f7e00f1d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapperArgs.java @@ -17,30 +17,22 @@ public final class FullNameMapperArgs extends com.pulumi.resources.ResourceArgs public static final FullNameMapperArgs Empty = new FullNameMapperArgs(); - /** - * The name of the LDAP attribute containing the user's full name. - * - */ @Import(name="ldapFullNameAttribute", required=true) private Output ldapFullNameAttribute; - /** - * @return The name of the LDAP attribute containing the user's full name. - * - */ public Output ldapFullNameAttribute() { return this.ldapFullNameAttribute; } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId", required=true) private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { @@ -48,61 +40,45 @@ public Output ldapUserFederationId() { } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - */ @Import(name="readOnly") private @Nullable Output readOnly; - /** - * @return When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - */ public Optional> readOnly() { return Optional.ofNullable(this.readOnly); } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { return this.realmId; } - /** - * When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - */ @Import(name="writeOnly") private @Nullable Output writeOnly; - /** - * @return When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - */ public Optional> writeOnly() { return Optional.ofNullable(this.writeOnly); } @@ -136,29 +112,17 @@ public Builder(FullNameMapperArgs defaults) { $ = new FullNameMapperArgs(Objects.requireNonNull(defaults)); } - /** - * @param ldapFullNameAttribute The name of the LDAP attribute containing the user's full name. - * - * @return builder - * - */ public Builder ldapFullNameAttribute(Output ldapFullNameAttribute) { $.ldapFullNameAttribute = ldapFullNameAttribute; return this; } - /** - * @param ldapFullNameAttribute The name of the LDAP attribute containing the user's full name. - * - * @return builder - * - */ public Builder ldapFullNameAttribute(String ldapFullNameAttribute) { return ldapFullNameAttribute(Output.of(ldapFullNameAttribute)); } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -169,7 +133,7 @@ public Builder ldapUserFederationId(Output ldapUserFederationId) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -179,7 +143,7 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -190,7 +154,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -199,29 +163,17 @@ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param readOnly When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - * @return builder - * - */ public Builder readOnly(@Nullable Output readOnly) { $.readOnly = readOnly; return this; } - /** - * @param readOnly When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - * @return builder - * - */ public Builder readOnly(Boolean readOnly) { return readOnly(Output.of(readOnly)); } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -232,7 +184,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -241,23 +193,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param writeOnly When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - * @return builder - * - */ public Builder writeOnly(@Nullable Output writeOnly) { $.writeOnly = writeOnly; return this; } - /** - * @param writeOnly When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - * @return builder - * - */ public Builder writeOnly(Boolean writeOnly) { return writeOnly(Output.of(writeOnly)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java index c7d8ce28..a99077a7 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java @@ -17,12 +17,18 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing group mappers for Keycloak users federated via LDAP. + * ## # keycloak.ldap.GroupMapper * - * The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also - * create the groups within Keycloak if they do not already exist. + * Allows for creating and managing group mappers for Keycloak users federated + * via LDAP. * - * ## Example Usage + * The LDAP group mapper can be used to map an LDAP user's groups from some DN + * to Keycloak groups. This group mapper will also create the groups within Keycloak + * if they do not already exist. + * + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -49,306 +55,201 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("test") * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .realmId(realm.id()) - * .usernameLdapAttribute("cn") + * .bindCredential("admin") + * .bindDn("cn=admin,dc=example,dc=org") + * .connectionUrl("ldap://openldap") * .rdnLdapAttribute("cn") - * .uuidLdapAttribute("entryDN") + * .realmId(realm.id()) * .userObjectClasses( * "simpleSecurityObject", * "organizationalRole") - * .connectionUrl("ldap://openldap") + * .usernameLdapAttribute("cn") * .usersDn("dc=example,dc=org") - * .bindDn("cn=admin,dc=example,dc=org") - * .bindCredential("admin") + * .uuidLdapAttribute("entryDN") * .build()); * * var ldapGroupMapper = new GroupMapper("ldapGroupMapper", GroupMapperArgs.builder() - * .realmId(realm.id()) - * .ldapUserFederationId(ldapUserFederation.id()) - * .ldapGroupsDn("dc=example,dc=org") * .groupNameLdapAttribute("cn") * .groupObjectClasses("groupOfNames") + * .ldapGroupsDn("dc=example,dc=org") + * .ldapUserFederationId(ldapUserFederation.id()) + * .memberofLdapAttribute("memberOf") * .membershipAttributeType("DN") * .membershipLdapAttribute("member") * .membershipUserLdapAttribute("cn") - * .memberofLdapAttribute("memberOf") + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The following arguments are supported: * - * Example: + * - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + * - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `ldap_groups_dn` - (Required) The LDAP DN where groups can be found. + * - `group_name_ldap_attribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. + * - `group_object_classes` - (Required) Array of strings representing the object classes for the group. Must contain at least one. + * - `preserve_group_inheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. + * - `ignore_missing_groups` - (Optional) When `true`, missing groups in the hierarchy will be ignored. + * - `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings. + * - `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. + * - `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. + * - `groups_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * - `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`. + * - `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + * - `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. + * - `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. + * - `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: * */ @ResourceType(type="keycloak:ldap/groupMapper:GroupMapper") public class GroupMapper extends com.pulumi.resources.CustomResource { - /** - * When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - */ @Export(name="dropNonExistingGroupsDuringSync", refs={Boolean.class}, tree="[0]") private Output dropNonExistingGroupsDuringSync; - /** - * @return When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - */ public Output> dropNonExistingGroupsDuringSync() { return Codegen.optional(this.dropNonExistingGroupsDuringSync); } - /** - * The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - */ @Export(name="groupNameLdapAttribute", refs={String.class}, tree="[0]") private Output groupNameLdapAttribute; - /** - * @return The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - */ public Output groupNameLdapAttribute() { return this.groupNameLdapAttribute; } - /** - * List of strings representing the object classes for the group. Must contain at least one. - * - */ @Export(name="groupObjectClasses", refs={List.class,String.class}, tree="[0,1]") private Output> groupObjectClasses; - /** - * @return List of strings representing the object classes for the group. Must contain at least one. - * - */ public Output> groupObjectClasses() { return this.groupObjectClasses; } - /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - */ @Export(name="groupsLdapFilter", refs={String.class}, tree="[0]") private Output groupsLdapFilter; - /** - * @return When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - */ public Output> groupsLdapFilter() { return Codegen.optional(this.groupsLdapFilter); } - /** - * Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - */ @Export(name="groupsPath", refs={String.class}, tree="[0]") private Output groupsPath; - /** - * @return Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - */ public Output groupsPath() { return this.groupsPath; } - /** - * When `true`, missing groups in the hierarchy will be ignored. - * - */ @Export(name="ignoreMissingGroups", refs={Boolean.class}, tree="[0]") private Output ignoreMissingGroups; - /** - * @return When `true`, missing groups in the hierarchy will be ignored. - * - */ public Output> ignoreMissingGroups() { return Codegen.optional(this.ignoreMissingGroups); } - /** - * The LDAP DN where groups can be found. - * - */ @Export(name="ldapGroupsDn", refs={String.class}, tree="[0]") private Output ldapGroupsDn; - /** - * @return The LDAP DN where groups can be found. - * - */ public Output ldapGroupsDn() { return this.ldapGroupsDn; } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Export(name="ldapUserFederationId", refs={String.class}, tree="[0]") private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { return this.ldapUserFederationId; } - /** - * Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - */ @Export(name="mappedGroupAttributes", refs={List.class,String.class}, tree="[0,1]") private Output> mappedGroupAttributes; - /** - * @return Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - */ public Output>> mappedGroupAttributes() { return Codegen.optional(this.mappedGroupAttributes); } - /** - * Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - */ @Export(name="memberofLdapAttribute", refs={String.class}, tree="[0]") private Output memberofLdapAttribute; - /** - * @return Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - */ public Output> memberofLdapAttribute() { return Codegen.optional(this.memberofLdapAttribute); } - /** - * Can be one of `DN` or `UID`. Defaults to `DN`. - * - */ @Export(name="membershipAttributeType", refs={String.class}, tree="[0]") private Output membershipAttributeType; - /** - * @return Can be one of `DN` or `UID`. Defaults to `DN`. - * - */ public Output> membershipAttributeType() { return Codegen.optional(this.membershipAttributeType); } - /** - * The name of the LDAP attribute that is used for membership mappings. - * - */ @Export(name="membershipLdapAttribute", refs={String.class}, tree="[0]") private Output membershipLdapAttribute; - /** - * @return The name of the LDAP attribute that is used for membership mappings. - * - */ public Output membershipLdapAttribute() { return this.membershipLdapAttribute; } - /** - * The name of the LDAP attribute on a user that is used for membership mappings. - * - */ @Export(name="membershipUserLdapAttribute", refs={String.class}, tree="[0]") private Output membershipUserLdapAttribute; - /** - * @return The name of the LDAP attribute on a user that is used for membership mappings. - * - */ public Output membershipUserLdapAttribute() { return this.membershipUserLdapAttribute; } - /** - * Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - */ @Export(name="mode", refs={String.class}, tree="[0]") private Output mode; - /** - * @return Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - */ public Output> mode() { return Codegen.optional(this.mode); } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Output name() { return this.name; } - /** - * When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - */ @Export(name="preserveGroupInheritance", refs={Boolean.class}, tree="[0]") private Output preserveGroupInheritance; - /** - * @return When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - */ public Output> preserveGroupInheritance() { return Codegen.optional(this.preserveGroupInheritance); } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { return this.realmId; } - /** - * Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - */ @Export(name="userRolesRetrieveStrategy", refs={String.class}, tree="[0]") private Output userRolesRetrieveStrategy; - /** - * @return Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - */ public Output> userRolesRetrieveStrategy() { return Codegen.optional(this.userRolesRetrieveStrategy); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapperArgs.java index 92736c04..a4d4a6a3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapperArgs.java @@ -18,272 +18,152 @@ public final class GroupMapperArgs extends com.pulumi.resources.ResourceArgs { public static final GroupMapperArgs Empty = new GroupMapperArgs(); - /** - * When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - */ @Import(name="dropNonExistingGroupsDuringSync") private @Nullable Output dropNonExistingGroupsDuringSync; - /** - * @return When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - */ public Optional> dropNonExistingGroupsDuringSync() { return Optional.ofNullable(this.dropNonExistingGroupsDuringSync); } - /** - * The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - */ @Import(name="groupNameLdapAttribute", required=true) private Output groupNameLdapAttribute; - /** - * @return The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - */ public Output groupNameLdapAttribute() { return this.groupNameLdapAttribute; } - /** - * List of strings representing the object classes for the group. Must contain at least one. - * - */ @Import(name="groupObjectClasses", required=true) private Output> groupObjectClasses; - /** - * @return List of strings representing the object classes for the group. Must contain at least one. - * - */ public Output> groupObjectClasses() { return this.groupObjectClasses; } - /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - */ @Import(name="groupsLdapFilter") private @Nullable Output groupsLdapFilter; - /** - * @return When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - */ public Optional> groupsLdapFilter() { return Optional.ofNullable(this.groupsLdapFilter); } - /** - * Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - */ @Import(name="groupsPath") private @Nullable Output groupsPath; - /** - * @return Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - */ public Optional> groupsPath() { return Optional.ofNullable(this.groupsPath); } - /** - * When `true`, missing groups in the hierarchy will be ignored. - * - */ @Import(name="ignoreMissingGroups") private @Nullable Output ignoreMissingGroups; - /** - * @return When `true`, missing groups in the hierarchy will be ignored. - * - */ public Optional> ignoreMissingGroups() { return Optional.ofNullable(this.ignoreMissingGroups); } - /** - * The LDAP DN where groups can be found. - * - */ @Import(name="ldapGroupsDn", required=true) private Output ldapGroupsDn; - /** - * @return The LDAP DN where groups can be found. - * - */ public Output ldapGroupsDn() { return this.ldapGroupsDn; } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId", required=true) private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { return this.ldapUserFederationId; } - /** - * Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - */ @Import(name="mappedGroupAttributes") private @Nullable Output> mappedGroupAttributes; - /** - * @return Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - */ public Optional>> mappedGroupAttributes() { return Optional.ofNullable(this.mappedGroupAttributes); } - /** - * Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - */ @Import(name="memberofLdapAttribute") private @Nullable Output memberofLdapAttribute; - /** - * @return Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - */ public Optional> memberofLdapAttribute() { return Optional.ofNullable(this.memberofLdapAttribute); } - /** - * Can be one of `DN` or `UID`. Defaults to `DN`. - * - */ @Import(name="membershipAttributeType") private @Nullable Output membershipAttributeType; - /** - * @return Can be one of `DN` or `UID`. Defaults to `DN`. - * - */ public Optional> membershipAttributeType() { return Optional.ofNullable(this.membershipAttributeType); } - /** - * The name of the LDAP attribute that is used for membership mappings. - * - */ @Import(name="membershipLdapAttribute", required=true) private Output membershipLdapAttribute; - /** - * @return The name of the LDAP attribute that is used for membership mappings. - * - */ public Output membershipLdapAttribute() { return this.membershipLdapAttribute; } - /** - * The name of the LDAP attribute on a user that is used for membership mappings. - * - */ @Import(name="membershipUserLdapAttribute", required=true) private Output membershipUserLdapAttribute; - /** - * @return The name of the LDAP attribute on a user that is used for membership mappings. - * - */ public Output membershipUserLdapAttribute() { return this.membershipUserLdapAttribute; } - /** - * Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - */ @Import(name="mode") private @Nullable Output mode; - /** - * @return Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - */ public Optional> mode() { return Optional.ofNullable(this.mode); } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - */ @Import(name="preserveGroupInheritance") private @Nullable Output preserveGroupInheritance; - /** - * @return When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - */ public Optional> preserveGroupInheritance() { return Optional.ofNullable(this.preserveGroupInheritance); } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { return this.realmId; } - /** - * Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - */ @Import(name="userRolesRetrieveStrategy") private @Nullable Output userRolesRetrieveStrategy; - /** - * @return Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - */ public Optional> userRolesRetrieveStrategy() { return Optional.ofNullable(this.userRolesRetrieveStrategy); } @@ -329,165 +209,75 @@ public Builder(GroupMapperArgs defaults) { $ = new GroupMapperArgs(Objects.requireNonNull(defaults)); } - /** - * @param dropNonExistingGroupsDuringSync When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - * @return builder - * - */ public Builder dropNonExistingGroupsDuringSync(@Nullable Output dropNonExistingGroupsDuringSync) { $.dropNonExistingGroupsDuringSync = dropNonExistingGroupsDuringSync; return this; } - /** - * @param dropNonExistingGroupsDuringSync When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - * @return builder - * - */ public Builder dropNonExistingGroupsDuringSync(Boolean dropNonExistingGroupsDuringSync) { return dropNonExistingGroupsDuringSync(Output.of(dropNonExistingGroupsDuringSync)); } - /** - * @param groupNameLdapAttribute The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - * @return builder - * - */ public Builder groupNameLdapAttribute(Output groupNameLdapAttribute) { $.groupNameLdapAttribute = groupNameLdapAttribute; return this; } - /** - * @param groupNameLdapAttribute The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - * @return builder - * - */ public Builder groupNameLdapAttribute(String groupNameLdapAttribute) { return groupNameLdapAttribute(Output.of(groupNameLdapAttribute)); } - /** - * @param groupObjectClasses List of strings representing the object classes for the group. Must contain at least one. - * - * @return builder - * - */ public Builder groupObjectClasses(Output> groupObjectClasses) { $.groupObjectClasses = groupObjectClasses; return this; } - /** - * @param groupObjectClasses List of strings representing the object classes for the group. Must contain at least one. - * - * @return builder - * - */ public Builder groupObjectClasses(List groupObjectClasses) { return groupObjectClasses(Output.of(groupObjectClasses)); } - /** - * @param groupObjectClasses List of strings representing the object classes for the group. Must contain at least one. - * - * @return builder - * - */ public Builder groupObjectClasses(String... groupObjectClasses) { return groupObjectClasses(List.of(groupObjectClasses)); } - /** - * @param groupsLdapFilter When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - * @return builder - * - */ public Builder groupsLdapFilter(@Nullable Output groupsLdapFilter) { $.groupsLdapFilter = groupsLdapFilter; return this; } - /** - * @param groupsLdapFilter When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - * @return builder - * - */ public Builder groupsLdapFilter(String groupsLdapFilter) { return groupsLdapFilter(Output.of(groupsLdapFilter)); } - /** - * @param groupsPath Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - * @return builder - * - */ public Builder groupsPath(@Nullable Output groupsPath) { $.groupsPath = groupsPath; return this; } - /** - * @param groupsPath Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - * @return builder - * - */ public Builder groupsPath(String groupsPath) { return groupsPath(Output.of(groupsPath)); } - /** - * @param ignoreMissingGroups When `true`, missing groups in the hierarchy will be ignored. - * - * @return builder - * - */ public Builder ignoreMissingGroups(@Nullable Output ignoreMissingGroups) { $.ignoreMissingGroups = ignoreMissingGroups; return this; } - /** - * @param ignoreMissingGroups When `true`, missing groups in the hierarchy will be ignored. - * - * @return builder - * - */ public Builder ignoreMissingGroups(Boolean ignoreMissingGroups) { return ignoreMissingGroups(Output.of(ignoreMissingGroups)); } - /** - * @param ldapGroupsDn The LDAP DN where groups can be found. - * - * @return builder - * - */ public Builder ldapGroupsDn(Output ldapGroupsDn) { $.ldapGroupsDn = ldapGroupsDn; return this; } - /** - * @param ldapGroupsDn The LDAP DN where groups can be found. - * - * @return builder - * - */ public Builder ldapGroupsDn(String ldapGroupsDn) { return ldapGroupsDn(Output.of(ldapGroupsDn)); } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -498,7 +288,7 @@ public Builder ldapUserFederationId(Output ldapUserFederationId) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -507,144 +297,66 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { return ldapUserFederationId(Output.of(ldapUserFederationId)); } - /** - * @param mappedGroupAttributes Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - * @return builder - * - */ public Builder mappedGroupAttributes(@Nullable Output> mappedGroupAttributes) { $.mappedGroupAttributes = mappedGroupAttributes; return this; } - /** - * @param mappedGroupAttributes Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - * @return builder - * - */ public Builder mappedGroupAttributes(List mappedGroupAttributes) { return mappedGroupAttributes(Output.of(mappedGroupAttributes)); } - /** - * @param mappedGroupAttributes Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - * @return builder - * - */ public Builder mappedGroupAttributes(String... mappedGroupAttributes) { return mappedGroupAttributes(List.of(mappedGroupAttributes)); } - /** - * @param memberofLdapAttribute Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - * @return builder - * - */ public Builder memberofLdapAttribute(@Nullable Output memberofLdapAttribute) { $.memberofLdapAttribute = memberofLdapAttribute; return this; } - /** - * @param memberofLdapAttribute Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - * @return builder - * - */ public Builder memberofLdapAttribute(String memberofLdapAttribute) { return memberofLdapAttribute(Output.of(memberofLdapAttribute)); } - /** - * @param membershipAttributeType Can be one of `DN` or `UID`. Defaults to `DN`. - * - * @return builder - * - */ public Builder membershipAttributeType(@Nullable Output membershipAttributeType) { $.membershipAttributeType = membershipAttributeType; return this; } - /** - * @param membershipAttributeType Can be one of `DN` or `UID`. Defaults to `DN`. - * - * @return builder - * - */ public Builder membershipAttributeType(String membershipAttributeType) { return membershipAttributeType(Output.of(membershipAttributeType)); } - /** - * @param membershipLdapAttribute The name of the LDAP attribute that is used for membership mappings. - * - * @return builder - * - */ public Builder membershipLdapAttribute(Output membershipLdapAttribute) { $.membershipLdapAttribute = membershipLdapAttribute; return this; } - /** - * @param membershipLdapAttribute The name of the LDAP attribute that is used for membership mappings. - * - * @return builder - * - */ public Builder membershipLdapAttribute(String membershipLdapAttribute) { return membershipLdapAttribute(Output.of(membershipLdapAttribute)); } - /** - * @param membershipUserLdapAttribute The name of the LDAP attribute on a user that is used for membership mappings. - * - * @return builder - * - */ public Builder membershipUserLdapAttribute(Output membershipUserLdapAttribute) { $.membershipUserLdapAttribute = membershipUserLdapAttribute; return this; } - /** - * @param membershipUserLdapAttribute The name of the LDAP attribute on a user that is used for membership mappings. - * - * @return builder - * - */ public Builder membershipUserLdapAttribute(String membershipUserLdapAttribute) { return membershipUserLdapAttribute(Output.of(membershipUserLdapAttribute)); } - /** - * @param mode Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - * @return builder - * - */ public Builder mode(@Nullable Output mode) { $.mode = mode; return this; } - /** - * @param mode Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - * @return builder - * - */ public Builder mode(String mode) { return mode(Output.of(mode)); } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -655,7 +367,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -664,29 +376,17 @@ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param preserveGroupInheritance When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - * @return builder - * - */ public Builder preserveGroupInheritance(@Nullable Output preserveGroupInheritance) { $.preserveGroupInheritance = preserveGroupInheritance; return this; } - /** - * @param preserveGroupInheritance When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - * @return builder - * - */ public Builder preserveGroupInheritance(Boolean preserveGroupInheritance) { return preserveGroupInheritance(Output.of(preserveGroupInheritance)); } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -697,7 +397,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -706,23 +406,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param userRolesRetrieveStrategy Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - * @return builder - * - */ public Builder userRolesRetrieveStrategy(@Nullable Output userRolesRetrieveStrategy) { $.userRolesRetrieveStrategy = userRolesRetrieveStrategy; return this; } - /** - * @param userRolesRetrieveStrategy Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - * @return builder - * - */ public Builder userRolesRetrieveStrategy(String userRolesRetrieveStrategy) { return userRolesRetrieveStrategy(Output.of(userRolesRetrieveStrategy)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedAttributeMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedAttributeMapper.java index 782e09a6..98b528d6 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedAttributeMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedAttributeMapper.java @@ -21,6 +21,8 @@ * **NOTE**: This mapper only works when the `sync_registrations` attribute on the `keycloak.ldap.UserFederation` resource is set to `true`. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -76,16 +78,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedGroupMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedGroupMapper.java index 579271fc..402ba298 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedGroupMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedGroupMapper.java @@ -19,6 +19,8 @@ * The LDAP hardcoded group mapper will grant a specified Keycloak group to each Keycloak user linked with LDAP. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -78,16 +80,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapper.java index 08b128c6..01a430c1 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapper.java @@ -14,73 +14,13 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP. + * ## # keycloak.ldap.HardcodedRoleMapper * - * The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. + * This mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. * - * ## Example Usage - * ### Realm Role) - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.ldap.UserFederation; - * import com.pulumi.keycloak.ldap.UserFederationArgs; - * import com.pulumi.keycloak.Role; - * import com.pulumi.keycloak.RoleArgs; - * import com.pulumi.keycloak.ldap.HardcodedRoleMapper; - * import com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); + * ### Example Usage * - * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .realmId(realm.id()) - * .usernameLdapAttribute("cn") - * .rdnLdapAttribute("cn") - * .uuidLdapAttribute("entryDN") - * .userObjectClasses( - * "simpleSecurityObject", - * "organizationalRole") - * .connectionUrl("ldap://openldap") - * .usersDn("dc=example,dc=org") - * .bindDn("cn=admin,dc=example,dc=org") - * .bindCredential("admin") - * .build()); - * - * var realmAdminRole = new Role("realmAdminRole", RoleArgs.builder() - * .realmId(realm.id()) - * .description("My Realm Role") - * .build()); - * - * var assignAdminRoleToAllUsers = new HardcodedRoleMapper("assignAdminRoleToAllUsers", HardcodedRoleMapperArgs.builder() - * .realmId(realm.id()) - * .ldapUserFederationId(ldapUserFederation.id()) - * .role(realmAdminRole.name()) - * .build()); - * - * } - * } - * ``` - * ### Client Role) + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -91,10 +31,6 @@ * import com.pulumi.keycloak.RealmArgs; * import com.pulumi.keycloak.ldap.UserFederation; * import com.pulumi.keycloak.ldap.UserFederationArgs; - * import com.pulumi.keycloak.openid.OpenidFunctions; - * import com.pulumi.keycloak.openid.inputs.GetClientArgs; - * import com.pulumi.keycloak.KeycloakFunctions; - * import com.pulumi.keycloak.inputs.GetRoleArgs; * import com.pulumi.keycloak.ldap.HardcodedRoleMapper; * import com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs; * import java.util.List; @@ -111,7 +47,7 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") + * .realm("test") * .enabled(true) * .build()); * @@ -129,99 +65,86 @@ * .bindCredential("admin") * .build()); * - * final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder() - * .realmId(realm.id()) - * .clientId("realm-management") - * .build()); - * - * final var createClient = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .realmId(realm.id()) - * .clientId(realmManagement.applyValue(getClientResult -> getClientResult).applyValue(realmManagement -> realmManagement.applyValue(getClientResult -> getClientResult.id()))) - * .name("create-client") - * .build()); - * * var assignAdminRoleToAllUsers = new HardcodedRoleMapper("assignAdminRoleToAllUsers", HardcodedRoleMapperArgs.builder() * .realmId(realm.id()) * .ldapUserFederationId(ldapUserFederation.id()) - * .role(Output.tuple(realmManagement.applyValue(getClientResult -> getClientResult), createClient.applyValue(getRoleResult -> getRoleResult)).applyValue(values -> { - * var realmManagement = values.t1; - * var createClient = values.t2; - * return String.format("%s.%s", realmManagement.applyValue(getClientResult -> getClientResult.clientId()),createClient.applyValue(getRoleResult -> getRoleResult.name())); - * })) + * .role("admin") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The following arguments are supported: * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + * - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `role` - (Required) The role which should be assigned to the users. * - * Example: + * ### Import * - * bash - * - * ```sh - * $ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: * */ @ResourceType(type="keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper") public class HardcodedRoleMapper extends com.pulumi.resources.CustomResource { /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Export(name="ldapUserFederationId", refs={String.class}, tree="[0]") private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { return this.ldapUserFederationId; } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Output name() { return this.name; } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { return this.realmId; } /** - * The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * Role to grant to user. * */ @Export(name="role", refs={String.class}, tree="[0]") private Output role; /** - * @return The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * @return Role to grant to user. * */ public Output role() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapperArgs.java index 9c305379..3e60e2e3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapperArgs.java @@ -17,14 +17,14 @@ public final class HardcodedRoleMapperArgs extends com.pulumi.resources.Resource public static final HardcodedRoleMapperArgs Empty = new HardcodedRoleMapperArgs(); /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId", required=true) private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { @@ -32,14 +32,14 @@ public Output ldapUserFederationId() { } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { @@ -47,14 +47,14 @@ public Optional> name() { } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { @@ -62,14 +62,14 @@ public Output realmId() { } /** - * The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * Role to grant to user. * */ @Import(name="role", required=true) private Output role; /** - * @return The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * @return Role to grant to user. * */ public Output role() { @@ -104,7 +104,7 @@ public Builder(HardcodedRoleMapperArgs defaults) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -115,7 +115,7 @@ public Builder ldapUserFederationId(Output ldapUserFederationId) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -125,7 +125,7 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -136,7 +136,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -146,7 +146,7 @@ public Builder name(String name) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -157,7 +157,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -167,7 +167,7 @@ public Builder realmId(String realmId) { } /** - * @param role The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * @param role Role to grant to user. * * @return builder * @@ -178,7 +178,7 @@ public Builder role(Output role) { } /** - * @param role The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * @param role Role to grant to user. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadLdsUserAccountControlMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadLdsUserAccountControlMapper.java index 2dbebb57..488f9012 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadLdsUserAccountControlMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadLdsUserAccountControlMapper.java @@ -23,6 +23,8 @@ * or disabled accounts. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -76,16 +78,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapper.java index 9e2e2d7e..e7f3d6a4 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapper.java @@ -16,6 +16,8 @@ import javax.annotation.Nullable; /** + * ## # keycloak.ldap.MsadUserAccountControlMapper + * * Allows for creating and managing MSAD user account control mappers for Keycloak * users federated via LDAP. * @@ -24,7 +26,9 @@ * AD user state to Keycloak in order to enforce settings like expired passwords * or disabled accounts. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -51,102 +55,96 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("test") * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .realmId(realm.id()) - * .usernameLdapAttribute("cn") + * .bindCredential("admin") + * .bindDn("cn=admin,dc=example,dc=org") + * .connectionUrl("ldap://my-ad-server") * .rdnLdapAttribute("cn") - * .uuidLdapAttribute("objectGUID") + * .realmId(realm.id()) * .userObjectClasses( * "person", * "organizationalPerson", * "user") - * .connectionUrl("ldap://my-ad-server") + * .usernameLdapAttribute("cn") * .usersDn("dc=example,dc=org") - * .bindDn("cn=admin,dc=example,dc=org") - * .bindCredential("admin") + * .uuidLdapAttribute("objectGUID") * .build()); * * var msadUserAccountControlMapper = new MsadUserAccountControlMapper("msadUserAccountControlMapper", MsadUserAccountControlMapperArgs.builder() - * .realmId(realm.id()) * .ldapUserFederationId(ldapUserFederation.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The following arguments are supported: * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + * - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `ldap_password_policy_hints_enabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. * - * Example: + * ### Import * - * bash - * - * ```sh - * $ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: * */ @ResourceType(type="keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper") public class MsadUserAccountControlMapper extends com.pulumi.resources.CustomResource { - /** - * When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - */ @Export(name="ldapPasswordPolicyHintsEnabled", refs={Boolean.class}, tree="[0]") private Output ldapPasswordPolicyHintsEnabled; - /** - * @return When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - */ public Output> ldapPasswordPolicyHintsEnabled() { return Codegen.optional(this.ldapPasswordPolicyHintsEnabled); } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Export(name="ldapUserFederationId", refs={String.class}, tree="[0]") private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { return this.ldapUserFederationId; } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Output name() { return this.name; } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapperArgs.java index 9533fc4f..02fed747 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapperArgs.java @@ -17,30 +17,22 @@ public final class MsadUserAccountControlMapperArgs extends com.pulumi.resources public static final MsadUserAccountControlMapperArgs Empty = new MsadUserAccountControlMapperArgs(); - /** - * When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - */ @Import(name="ldapPasswordPolicyHintsEnabled") private @Nullable Output ldapPasswordPolicyHintsEnabled; - /** - * @return When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - */ public Optional> ldapPasswordPolicyHintsEnabled() { return Optional.ofNullable(this.ldapPasswordPolicyHintsEnabled); } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId", required=true) private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { @@ -48,14 +40,14 @@ public Output ldapUserFederationId() { } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { @@ -63,14 +55,14 @@ public Optional> name() { } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { @@ -104,29 +96,17 @@ public Builder(MsadUserAccountControlMapperArgs defaults) { $ = new MsadUserAccountControlMapperArgs(Objects.requireNonNull(defaults)); } - /** - * @param ldapPasswordPolicyHintsEnabled When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - * @return builder - * - */ public Builder ldapPasswordPolicyHintsEnabled(@Nullable Output ldapPasswordPolicyHintsEnabled) { $.ldapPasswordPolicyHintsEnabled = ldapPasswordPolicyHintsEnabled; return this; } - /** - * @param ldapPasswordPolicyHintsEnabled When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - * @return builder - * - */ public Builder ldapPasswordPolicyHintsEnabled(Boolean ldapPasswordPolicyHintsEnabled) { return ldapPasswordPolicyHintsEnabled(Output.of(ldapPasswordPolicyHintsEnabled)); } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -137,7 +117,7 @@ public Builder ldapUserFederationId(Output ldapUserFederationId) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -147,7 +127,7 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -158,7 +138,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -168,7 +148,7 @@ public Builder name(String name) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -179,7 +159,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java index 041644c2..946ec5f7 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java @@ -22,6 +22,8 @@ * The LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -82,16 +84,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java index 4e1c58be..c0711077 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java @@ -16,13 +16,17 @@ import javax.annotation.Nullable; /** + * ## # keycloak.ldap.UserAttributeMapper + * * Allows for creating and managing user attribute mappers for Keycloak users * federated via LDAP. * * The LDAP user attribute mapper can be used to map a single LDAP attribute * to an attribute on the Keycloak user model. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -49,187 +53,193 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("test") * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .realmId(realm.id()) - * .usernameLdapAttribute("cn") + * .bindCredential("admin") + * .bindDn("cn=admin,dc=example,dc=org") + * .connectionUrl("ldap://openldap") * .rdnLdapAttribute("cn") - * .uuidLdapAttribute("entryDN") + * .realmId(realm.id()) * .userObjectClasses( * "simpleSecurityObject", * "organizationalRole") - * .connectionUrl("ldap://openldap") + * .usernameLdapAttribute("cn") * .usersDn("dc=example,dc=org") - * .bindDn("cn=admin,dc=example,dc=org") - * .bindCredential("admin") + * .uuidLdapAttribute("entryDN") * .build()); * * var ldapUserAttributeMapper = new UserAttributeMapper("ldapUserAttributeMapper", UserAttributeMapperArgs.builder() - * .realmId(realm.id()) + * .ldapAttribute("bar") * .ldapUserFederationId(ldapUserFederation.id()) + * .realmId(realm.id()) * .userModelAttribute("foo") - * .ldapAttribute("bar") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import - * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * ### Argument Reference * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The following arguments are supported: * - * Example: + * - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + * - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `user_model_attribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into. + * - `ldap_attribute` - (Required) Name of the mapped attribute on the LDAP object. + * - `read_only` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * - `always_read_value_from_ldap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * - `is_mandatory_in_ldap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: * */ @ResourceType(type="keycloak:ldap/userAttributeMapper:UserAttributeMapper") public class UserAttributeMapper extends com.pulumi.resources.CustomResource { /** - * When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * When true, the value fetched from LDAP will override the value stored in Keycloak. * */ @Export(name="alwaysReadValueFromLdap", refs={Boolean.class}, tree="[0]") private Output alwaysReadValueFromLdap; /** - * @return When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * @return When true, the value fetched from LDAP will override the value stored in Keycloak. * */ public Output> alwaysReadValueFromLdap() { return Codegen.optional(this.alwaysReadValueFromLdap); } /** - * Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * */ @Export(name="attributeDefaultValue", refs={String.class}, tree="[0]") private Output attributeDefaultValue; /** - * @return Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * @return Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * */ public Output> attributeDefaultValue() { return Codegen.optional(this.attributeDefaultValue); } /** - * Should be true for binary LDAP attributes. + * Should be true for binary LDAP attributes * */ @Export(name="isBinaryAttribute", refs={Boolean.class}, tree="[0]") private Output isBinaryAttribute; /** - * @return Should be true for binary LDAP attributes. + * @return Should be true for binary LDAP attributes * */ public Output> isBinaryAttribute() { return Codegen.optional(this.isBinaryAttribute); } /** - * When `true`, this attribute must exist in LDAP. Defaults to `false`. + * When true, this attribute must exist in LDAP. * */ @Export(name="isMandatoryInLdap", refs={Boolean.class}, tree="[0]") private Output isMandatoryInLdap; /** - * @return When `true`, this attribute must exist in LDAP. Defaults to `false`. + * @return When true, this attribute must exist in LDAP. * */ public Output> isMandatoryInLdap() { return Codegen.optional(this.isMandatoryInLdap); } /** - * Name of the mapped attribute on the LDAP object. + * Name of the mapped attribute on LDAP object. * */ @Export(name="ldapAttribute", refs={String.class}, tree="[0]") private Output ldapAttribute; /** - * @return Name of the mapped attribute on the LDAP object. + * @return Name of the mapped attribute on LDAP object. * */ public Output ldapAttribute() { return this.ldapAttribute; } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Export(name="ldapUserFederationId", refs={String.class}, tree="[0]") private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { return this.ldapUserFederationId; } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Output name() { return this.name; } /** - * When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * */ @Export(name="readOnly", refs={Boolean.class}, tree="[0]") private Output readOnly; /** - * @return When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * @return When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * */ public Output> readOnly() { return Codegen.optional(this.readOnly); } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { return this.realmId; } /** - * Name of the user property or attribute you want to map the LDAP attribute into. + * Name of the UserModel property or attribute you want to map the LDAP attribute into. * */ @Export(name="userModelAttribute", refs={String.class}, tree="[0]") private Output userModelAttribute; /** - * @return Name of the user property or attribute you want to map the LDAP attribute into. + * @return Name of the UserModel property or attribute you want to map the LDAP attribute into. * */ public Output userModelAttribute() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapperArgs.java index c23f9ad5..6d802629 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapperArgs.java @@ -18,14 +18,14 @@ public final class UserAttributeMapperArgs extends com.pulumi.resources.Resource public static final UserAttributeMapperArgs Empty = new UserAttributeMapperArgs(); /** - * When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * When true, the value fetched from LDAP will override the value stored in Keycloak. * */ @Import(name="alwaysReadValueFromLdap") private @Nullable Output alwaysReadValueFromLdap; /** - * @return When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * @return When true, the value fetched from LDAP will override the value stored in Keycloak. * */ public Optional> alwaysReadValueFromLdap() { @@ -33,14 +33,14 @@ public Optional> alwaysReadValueFromLdap() { } /** - * Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * */ @Import(name="attributeDefaultValue") private @Nullable Output attributeDefaultValue; /** - * @return Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * @return Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * */ public Optional> attributeDefaultValue() { @@ -48,14 +48,14 @@ public Optional> attributeDefaultValue() { } /** - * Should be true for binary LDAP attributes. + * Should be true for binary LDAP attributes * */ @Import(name="isBinaryAttribute") private @Nullable Output isBinaryAttribute; /** - * @return Should be true for binary LDAP attributes. + * @return Should be true for binary LDAP attributes * */ public Optional> isBinaryAttribute() { @@ -63,14 +63,14 @@ public Optional> isBinaryAttribute() { } /** - * When `true`, this attribute must exist in LDAP. Defaults to `false`. + * When true, this attribute must exist in LDAP. * */ @Import(name="isMandatoryInLdap") private @Nullable Output isMandatoryInLdap; /** - * @return When `true`, this attribute must exist in LDAP. Defaults to `false`. + * @return When true, this attribute must exist in LDAP. * */ public Optional> isMandatoryInLdap() { @@ -78,14 +78,14 @@ public Optional> isMandatoryInLdap() { } /** - * Name of the mapped attribute on the LDAP object. + * Name of the mapped attribute on LDAP object. * */ @Import(name="ldapAttribute", required=true) private Output ldapAttribute; /** - * @return Name of the mapped attribute on the LDAP object. + * @return Name of the mapped attribute on LDAP object. * */ public Output ldapAttribute() { @@ -93,14 +93,14 @@ public Output ldapAttribute() { } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId", required=true) private Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Output ldapUserFederationId() { @@ -108,14 +108,14 @@ public Output ldapUserFederationId() { } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { @@ -123,14 +123,14 @@ public Optional> name() { } /** - * When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * */ @Import(name="readOnly") private @Nullable Output readOnly; /** - * @return When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * @return When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * */ public Optional> readOnly() { @@ -138,14 +138,14 @@ public Optional> readOnly() { } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Output realmId() { @@ -153,14 +153,14 @@ public Output realmId() { } /** - * Name of the user property or attribute you want to map the LDAP attribute into. + * Name of the UserModel property or attribute you want to map the LDAP attribute into. * */ @Import(name="userModelAttribute", required=true) private Output userModelAttribute; /** - * @return Name of the user property or attribute you want to map the LDAP attribute into. + * @return Name of the UserModel property or attribute you want to map the LDAP attribute into. * */ public Output userModelAttribute() { @@ -201,7 +201,7 @@ public Builder(UserAttributeMapperArgs defaults) { } /** - * @param alwaysReadValueFromLdap When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * @param alwaysReadValueFromLdap When true, the value fetched from LDAP will override the value stored in Keycloak. * * @return builder * @@ -212,7 +212,7 @@ public Builder alwaysReadValueFromLdap(@Nullable Output alwaysReadValue } /** - * @param alwaysReadValueFromLdap When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * @param alwaysReadValueFromLdap When true, the value fetched from LDAP will override the value stored in Keycloak. * * @return builder * @@ -222,7 +222,7 @@ public Builder alwaysReadValueFromLdap(Boolean alwaysReadValueFromLdap) { } /** - * @param attributeDefaultValue Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * @param attributeDefaultValue Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * * @return builder * @@ -233,7 +233,7 @@ public Builder attributeDefaultValue(@Nullable Output attributeDefaultVa } /** - * @param attributeDefaultValue Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * @param attributeDefaultValue Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * * @return builder * @@ -243,7 +243,7 @@ public Builder attributeDefaultValue(String attributeDefaultValue) { } /** - * @param isBinaryAttribute Should be true for binary LDAP attributes. + * @param isBinaryAttribute Should be true for binary LDAP attributes * * @return builder * @@ -254,7 +254,7 @@ public Builder isBinaryAttribute(@Nullable Output isBinaryAttribute) { } /** - * @param isBinaryAttribute Should be true for binary LDAP attributes. + * @param isBinaryAttribute Should be true for binary LDAP attributes * * @return builder * @@ -264,7 +264,7 @@ public Builder isBinaryAttribute(Boolean isBinaryAttribute) { } /** - * @param isMandatoryInLdap When `true`, this attribute must exist in LDAP. Defaults to `false`. + * @param isMandatoryInLdap When true, this attribute must exist in LDAP. * * @return builder * @@ -275,7 +275,7 @@ public Builder isMandatoryInLdap(@Nullable Output isMandatoryInLdap) { } /** - * @param isMandatoryInLdap When `true`, this attribute must exist in LDAP. Defaults to `false`. + * @param isMandatoryInLdap When true, this attribute must exist in LDAP. * * @return builder * @@ -285,7 +285,7 @@ public Builder isMandatoryInLdap(Boolean isMandatoryInLdap) { } /** - * @param ldapAttribute Name of the mapped attribute on the LDAP object. + * @param ldapAttribute Name of the mapped attribute on LDAP object. * * @return builder * @@ -296,7 +296,7 @@ public Builder ldapAttribute(Output ldapAttribute) { } /** - * @param ldapAttribute Name of the mapped attribute on the LDAP object. + * @param ldapAttribute Name of the mapped attribute on LDAP object. * * @return builder * @@ -306,7 +306,7 @@ public Builder ldapAttribute(String ldapAttribute) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -317,7 +317,7 @@ public Builder ldapUserFederationId(Output ldapUserFederationId) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -327,7 +327,7 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -338,7 +338,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -348,7 +348,7 @@ public Builder name(String name) { } /** - * @param readOnly When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * @param readOnly When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * * @return builder * @@ -359,7 +359,7 @@ public Builder readOnly(@Nullable Output readOnly) { } /** - * @param readOnly When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * @param readOnly When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * * @return builder * @@ -369,7 +369,7 @@ public Builder readOnly(Boolean readOnly) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -380,7 +380,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -390,7 +390,7 @@ public Builder realmId(String realmId) { } /** - * @param userModelAttribute Name of the user property or attribute you want to map the LDAP attribute into. + * @param userModelAttribute Name of the UserModel property or attribute you want to map the LDAP attribute into. * * @return builder * @@ -401,7 +401,7 @@ public Builder userModelAttribute(Output userModelAttribute) { } /** - * @param userModelAttribute Name of the user property or attribute you want to map the LDAP attribute into. + * @param userModelAttribute Name of the UserModel property or attribute you want to map the LDAP attribute into. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederation.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederation.java index 2429f782..42fd10e1 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederation.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederation.java @@ -20,6 +20,8 @@ import javax.annotation.Nullable; /** + * ## # keycloak.ldap.UserFederation + * * Allows for creating and managing LDAP user federation providers within Keycloak. * * Keycloak can use an LDAP user federation provider to federate users to Keycloak @@ -27,7 +29,9 @@ * will exist within the realm and will be able to log in to clients. Federated * users can have their attributes defined using mappers. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -38,7 +42,6 @@ * import com.pulumi.keycloak.RealmArgs; * import com.pulumi.keycloak.ldap.UserFederation; * import com.pulumi.keycloak.ldap.UserFederationArgs; - * import com.pulumi.keycloak.ldap.inputs.UserFederationKerberosArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -53,130 +56,158 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("test") * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .realmId(realm.id()) + * .bindCredential("admin") + * .bindDn("cn=admin,dc=example,dc=org") + * .connectionTimeout("5s") + * .connectionUrl("ldap://openldap") * .enabled(true) - * .usernameLdapAttribute("cn") * .rdnLdapAttribute("cn") - * .uuidLdapAttribute("entryDN") + * .readTimeout("10s") + * .realmId(realm.id()) * .userObjectClasses( * "simpleSecurityObject", * "organizationalRole") - * .connectionUrl("ldap://openldap") + * .usernameLdapAttribute("cn") * .usersDn("dc=example,dc=org") - * .bindDn("cn=admin,dc=example,dc=org") - * .bindCredential("admin") - * .connectionTimeout("5s") - * .readTimeout("10s") - * .kerberos(UserFederationKerberosArgs.builder() - * .kerberosRealm("FOO.LOCAL") - * .serverPrincipal("HTTP/host.foo.com@FOO.LOCAL") - * .keyTab("/etc/host.keytab") - * .build()) + * .uuidLdapAttribute("entryDN") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. + * The following arguments are supported: * - * The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: + * - `realm_id` - (Required) The realm that this provider will provide user federation for. + * - `name` - (Required) Display name of the provider when displayed in the console. + * - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * - `import_enabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * - `edit_mode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * - `sync_registrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * - `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`. + * - `username_ldap_attribute` - (Required) Name of the LDAP attribute to use as the Keycloak username. + * - `rdn_ldap_attribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name. + * - `uuid_ldap_attribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. + * - `user_object_classes` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * - `connection_url` - (Required) Connection URL to the LDAP server. + * - `users_dn` - (Required) Full DN of LDAP tree where your users are. + * - `bind_dn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * - `bind_credential` - (Optional) Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * - `custom_user_search_filter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * - `search_scope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`: + * - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`. + * - `SUBTREE`: Search entire LDAP subtree. + * - `validate_password_policy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it. + * - `use_truststore_spi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: + * - `ALWAYS` - Always use the truststore SPI for LDAP connections. + * - `NEVER` - Never use the truststore SPI for LDAP connections. + * - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol. + * - `connection_timeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * - `read_timeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * - `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * - `batch_size_for_sync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`. + * - `full_sync_period` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. + * - `changed_sync_period` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * - `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - * ``` + * LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. + * The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: * */ @ResourceType(type="keycloak:ldap/userFederation:UserFederation") public class UserFederation extends com.pulumi.resources.CustomResource { /** - * The number of users to sync within a single transaction. Defaults to `1000`. + * The number of users to sync within a single transaction. * */ @Export(name="batchSizeForSync", refs={Integer.class}, tree="[0]") private Output batchSizeForSync; /** - * @return The number of users to sync within a single transaction. Defaults to `1000`. + * @return The number of users to sync within a single transaction. * */ public Output> batchSizeForSync() { return Codegen.optional(this.batchSizeForSync); } /** - * Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * Password of LDAP admin. * */ @Export(name="bindCredential", refs={String.class}, tree="[0]") private Output bindCredential; /** - * @return Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * @return Password of LDAP admin. * */ public Output> bindCredential() { return Codegen.optional(this.bindCredential); } /** - * DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * DN of LDAP admin, which will be used by Keycloak to access LDAP server. * */ @Export(name="bindDn", refs={String.class}, tree="[0]") private Output bindDn; /** - * @return DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * @return DN of LDAP admin, which will be used by Keycloak to access LDAP server. * */ public Output> bindDn() { return Codegen.optional(this.bindDn); } /** - * A block containing the cache settings. + * Settings regarding cache policy for this realm. * */ @Export(name="cache", refs={UserFederationCache.class}, tree="[0]") private Output cache; /** - * @return A block containing the cache settings. + * @return Settings regarding cache policy for this realm. * */ public Output> cache() { return Codegen.optional(this.cache); } /** - * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * */ @Export(name="changedSyncPeriod", refs={Integer.class}, tree="[0]") private Output changedSyncPeriod; /** - * @return How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * @return How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * */ public Output> changedSyncPeriod() { return Codegen.optional(this.changedSyncPeriod); } /** - * LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP connection timeout (duration string) * */ @Export(name="connectionTimeout", refs={String.class}, tree="[0]") private Output connectionTimeout; /** - * @return LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @return LDAP connection timeout (duration string) * */ public Output> connectionTimeout() { @@ -197,56 +228,58 @@ public Output connectionUrl() { return this.connectionUrl; } /** - * Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * */ @Export(name="customUserSearchFilter", refs={String.class}, tree="[0]") private Output customUserSearchFilter; /** - * @return Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * @return Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * */ public Output> customUserSearchFilter() { return Codegen.optional(this.customUserSearchFilter); } /** - * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * */ @Export(name="deleteDefaultMappers", refs={Boolean.class}, tree="[0]") private Output deleteDefaultMappers; /** - * @return When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * @return When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * */ public Output> deleteDefaultMappers() { return Codegen.optional(this.deleteDefaultMappers); } /** - * Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * */ @Export(name="editMode", refs={String.class}, tree="[0]") private Output editMode; /** - * @return Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * @return READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * */ public Output> editMode() { return Codegen.optional(this.editMode); } /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. * */ @Export(name="enabled", refs={Boolean.class}, tree="[0]") private Output enabled; /** - * @return When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @return When false, this provider will not be used when performing queries for users. * */ public Output> enabled() { @@ -267,28 +300,28 @@ public Output> fullSyncPeriod() { return Codegen.optional(this.fullSyncPeriod); } /** - * When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * When true, LDAP users will be imported into the Keycloak database. * */ @Export(name="importEnabled", refs={Boolean.class}, tree="[0]") private Output importEnabled; /** - * @return When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * @return When true, LDAP users will be imported into the Keycloak database. * */ public Output> importEnabled() { return Codegen.optional(this.importEnabled); } /** - * A block containing the kerberos settings. + * Settings regarding kerberos authentication for this realm. * */ @Export(name="kerberos", refs={UserFederationKerberos.class}, tree="[0]") private Output kerberos; /** - * @return A block containing the kerberos settings. + * @return Settings regarding kerberos authentication for this realm. * */ public Output> kerberos() { @@ -309,28 +342,28 @@ public Output name() { return this.name; } /** - * When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * When true, Keycloak assumes the LDAP server supports pagination. * */ @Export(name="pagination", refs={Boolean.class}, tree="[0]") private Output pagination; /** - * @return When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * @return When true, Keycloak assumes the LDAP server supports pagination. * */ public Output> pagination() { return Codegen.optional(this.pagination); } /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. * */ @Export(name="priority", refs={Integer.class}, tree="[0]") private Output priority; /** - * @return Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @return Priority of this provider when looking up users. Lower values are first. * */ public Output> priority() { @@ -351,70 +384,70 @@ public Output rdnLdapAttribute() { return this.rdnLdapAttribute; } /** - * LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP read timeout (duration string) * */ @Export(name="readTimeout", refs={String.class}, tree="[0]") private Output readTimeout; /** - * @return LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @return LDAP read timeout (duration string) * */ public Output> readTimeout() { return Codegen.optional(this.readTimeout); } /** - * The realm that this provider will provide user federation for. + * The realm this provider will provide user federation for. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm that this provider will provide user federation for. + * @return The realm this provider will provide user federation for. * */ public Output realmId() { return this.realmId; } /** - * Can be one of `ONE_LEVEL` or `SUBTREE`: + * ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * */ @Export(name="searchScope", refs={String.class}, tree="[0]") private Output searchScope; /** - * @return Can be one of `ONE_LEVEL` or `SUBTREE`: + * @return ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * */ public Output> searchScope() { return Codegen.optional(this.searchScope); } /** - * When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * */ @Export(name="startTls", refs={Boolean.class}, tree="[0]") private Output startTls; /** - * @return When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * @return When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * */ public Output> startTls() { return Codegen.optional(this.startTls); } /** - * When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * When true, newly created users will be synced back to LDAP. * */ @Export(name="syncRegistrations", refs={Boolean.class}, tree="[0]") private Output syncRegistrations; /** - * @return When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * @return When true, newly created users will be synced back to LDAP. * */ public Output> syncRegistrations() { @@ -448,29 +481,21 @@ public Output> trustEmail() { public Output> usePasswordModifyExtendedOp() { return Codegen.optional(this.usePasswordModifyExtendedOp); } - /** - * Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - */ @Export(name="useTruststoreSpi", refs={String.class}, tree="[0]") private Output useTruststoreSpi; - /** - * @return Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - */ public Output> useTruststoreSpi() { return Codegen.optional(this.useTruststoreSpi); } /** - * Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * All values of LDAP objectClass attribute for users in LDAP. * */ @Export(name="userObjectClasses", refs={List.class,String.class}, tree="[0,1]") private Output> userObjectClasses; /** - * @return Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @return All values of LDAP objectClass attribute for users in LDAP. * */ public Output> userObjectClasses() { @@ -519,28 +544,28 @@ public Output uuidLdapAttribute() { return this.uuidLdapAttribute; } /** - * When `true`, Keycloak will validate passwords using the realm policy before updating it. + * When true, Keycloak will validate passwords using the realm policy before updating it. * */ @Export(name="validatePasswordPolicy", refs={Boolean.class}, tree="[0]") private Output validatePasswordPolicy; /** - * @return When `true`, Keycloak will validate passwords using the realm policy before updating it. + * @return When true, Keycloak will validate passwords using the realm policy before updating it. * */ public Output> validatePasswordPolicy() { return Codegen.optional(this.validatePasswordPolicy); } /** - * Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * */ @Export(name="vendor", refs={String.class}, tree="[0]") private Output vendor; /** - * @return Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * @return LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * */ public Output> vendor() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederationArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederationArgs.java index 3f865abd..7003b8c2 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederationArgs.java @@ -22,14 +22,14 @@ public final class UserFederationArgs extends com.pulumi.resources.ResourceArgs public static final UserFederationArgs Empty = new UserFederationArgs(); /** - * The number of users to sync within a single transaction. Defaults to `1000`. + * The number of users to sync within a single transaction. * */ @Import(name="batchSizeForSync") private @Nullable Output batchSizeForSync; /** - * @return The number of users to sync within a single transaction. Defaults to `1000`. + * @return The number of users to sync within a single transaction. * */ public Optional> batchSizeForSync() { @@ -37,14 +37,14 @@ public Optional> batchSizeForSync() { } /** - * Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * Password of LDAP admin. * */ @Import(name="bindCredential") private @Nullable Output bindCredential; /** - * @return Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * @return Password of LDAP admin. * */ public Optional> bindCredential() { @@ -52,14 +52,14 @@ public Optional> bindCredential() { } /** - * DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * DN of LDAP admin, which will be used by Keycloak to access LDAP server. * */ @Import(name="bindDn") private @Nullable Output bindDn; /** - * @return DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * @return DN of LDAP admin, which will be used by Keycloak to access LDAP server. * */ public Optional> bindDn() { @@ -67,14 +67,14 @@ public Optional> bindDn() { } /** - * A block containing the cache settings. + * Settings regarding cache policy for this realm. * */ @Import(name="cache") private @Nullable Output cache; /** - * @return A block containing the cache settings. + * @return Settings regarding cache policy for this realm. * */ public Optional> cache() { @@ -82,14 +82,16 @@ public Optional> cache() { } /** - * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * */ @Import(name="changedSyncPeriod") private @Nullable Output changedSyncPeriod; /** - * @return How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * @return How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * */ public Optional> changedSyncPeriod() { @@ -97,14 +99,14 @@ public Optional> changedSyncPeriod() { } /** - * LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP connection timeout (duration string) * */ @Import(name="connectionTimeout") private @Nullable Output connectionTimeout; /** - * @return LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @return LDAP connection timeout (duration string) * */ public Optional> connectionTimeout() { @@ -127,14 +129,14 @@ public Output connectionUrl() { } /** - * Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * */ @Import(name="customUserSearchFilter") private @Nullable Output customUserSearchFilter; /** - * @return Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * @return Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * */ public Optional> customUserSearchFilter() { @@ -142,14 +144,16 @@ public Optional> customUserSearchFilter() { } /** - * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * */ @Import(name="deleteDefaultMappers") private @Nullable Output deleteDefaultMappers; /** - * @return When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * @return When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * */ public Optional> deleteDefaultMappers() { @@ -157,14 +161,14 @@ public Optional> deleteDefaultMappers() { } /** - * Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * */ @Import(name="editMode") private @Nullable Output editMode; /** - * @return Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * @return READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * */ public Optional> editMode() { @@ -172,14 +176,14 @@ public Optional> editMode() { } /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. * */ @Import(name="enabled") private @Nullable Output enabled; /** - * @return When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @return When false, this provider will not be used when performing queries for users. * */ public Optional> enabled() { @@ -202,14 +206,14 @@ public Optional> fullSyncPeriod() { } /** - * When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * When true, LDAP users will be imported into the Keycloak database. * */ @Import(name="importEnabled") private @Nullable Output importEnabled; /** - * @return When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * @return When true, LDAP users will be imported into the Keycloak database. * */ public Optional> importEnabled() { @@ -217,14 +221,14 @@ public Optional> importEnabled() { } /** - * A block containing the kerberos settings. + * Settings regarding kerberos authentication for this realm. * */ @Import(name="kerberos") private @Nullable Output kerberos; /** - * @return A block containing the kerberos settings. + * @return Settings regarding kerberos authentication for this realm. * */ public Optional> kerberos() { @@ -247,14 +251,14 @@ public Optional> name() { } /** - * When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * When true, Keycloak assumes the LDAP server supports pagination. * */ @Import(name="pagination") private @Nullable Output pagination; /** - * @return When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * @return When true, Keycloak assumes the LDAP server supports pagination. * */ public Optional> pagination() { @@ -262,14 +266,14 @@ public Optional> pagination() { } /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. * */ @Import(name="priority") private @Nullable Output priority; /** - * @return Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @return Priority of this provider when looking up users. Lower values are first. * */ public Optional> priority() { @@ -292,14 +296,14 @@ public Output rdnLdapAttribute() { } /** - * LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP read timeout (duration string) * */ @Import(name="readTimeout") private @Nullable Output readTimeout; /** - * @return LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @return LDAP read timeout (duration string) * */ public Optional> readTimeout() { @@ -307,14 +311,14 @@ public Optional> readTimeout() { } /** - * The realm that this provider will provide user federation for. + * The realm this provider will provide user federation for. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm that this provider will provide user federation for. + * @return The realm this provider will provide user federation for. * */ public Output realmId() { @@ -322,14 +326,14 @@ public Output realmId() { } /** - * Can be one of `ONE_LEVEL` or `SUBTREE`: + * ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * */ @Import(name="searchScope") private @Nullable Output searchScope; /** - * @return Can be one of `ONE_LEVEL` or `SUBTREE`: + * @return ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * */ public Optional> searchScope() { @@ -337,14 +341,14 @@ public Optional> searchScope() { } /** - * When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * */ @Import(name="startTls") private @Nullable Output startTls; /** - * @return When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * @return When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * */ public Optional> startTls() { @@ -352,14 +356,14 @@ public Optional> startTls() { } /** - * When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * When true, newly created users will be synced back to LDAP. * */ @Import(name="syncRegistrations") private @Nullable Output syncRegistrations; /** - * @return When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * @return When true, newly created users will be synced back to LDAP. * */ public Optional> syncRegistrations() { @@ -396,30 +400,22 @@ public Optional> usePasswordModifyExtendedOp() { return Optional.ofNullable(this.usePasswordModifyExtendedOp); } - /** - * Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - */ @Import(name="useTruststoreSpi") private @Nullable Output useTruststoreSpi; - /** - * @return Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - */ public Optional> useTruststoreSpi() { return Optional.ofNullable(this.useTruststoreSpi); } /** - * Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * All values of LDAP objectClass attribute for users in LDAP. * */ @Import(name="userObjectClasses", required=true) private Output> userObjectClasses; /** - * @return Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @return All values of LDAP objectClass attribute for users in LDAP. * */ public Output> userObjectClasses() { @@ -472,14 +468,14 @@ public Output uuidLdapAttribute() { } /** - * When `true`, Keycloak will validate passwords using the realm policy before updating it. + * When true, Keycloak will validate passwords using the realm policy before updating it. * */ @Import(name="validatePasswordPolicy") private @Nullable Output validatePasswordPolicy; /** - * @return When `true`, Keycloak will validate passwords using the realm policy before updating it. + * @return When true, Keycloak will validate passwords using the realm policy before updating it. * */ public Optional> validatePasswordPolicy() { @@ -487,14 +483,14 @@ public Optional> validatePasswordPolicy() { } /** - * Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * */ @Import(name="vendor") private @Nullable Output vendor; /** - * @return Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * @return LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * */ public Optional> vendor() { @@ -557,7 +553,7 @@ public Builder(UserFederationArgs defaults) { } /** - * @param batchSizeForSync The number of users to sync within a single transaction. Defaults to `1000`. + * @param batchSizeForSync The number of users to sync within a single transaction. * * @return builder * @@ -568,7 +564,7 @@ public Builder batchSizeForSync(@Nullable Output batchSizeForSync) { } /** - * @param batchSizeForSync The number of users to sync within a single transaction. Defaults to `1000`. + * @param batchSizeForSync The number of users to sync within a single transaction. * * @return builder * @@ -578,7 +574,7 @@ public Builder batchSizeForSync(Integer batchSizeForSync) { } /** - * @param bindCredential Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * @param bindCredential Password of LDAP admin. * * @return builder * @@ -589,7 +585,7 @@ public Builder bindCredential(@Nullable Output bindCredential) { } /** - * @param bindCredential Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * @param bindCredential Password of LDAP admin. * * @return builder * @@ -599,7 +595,7 @@ public Builder bindCredential(String bindCredential) { } /** - * @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. * * @return builder * @@ -610,7 +606,7 @@ public Builder bindDn(@Nullable Output bindDn) { } /** - * @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. * * @return builder * @@ -620,7 +616,7 @@ public Builder bindDn(String bindDn) { } /** - * @param cache A block containing the cache settings. + * @param cache Settings regarding cache policy for this realm. * * @return builder * @@ -631,7 +627,7 @@ public Builder cache(@Nullable Output cache) { } /** - * @param cache A block containing the cache settings. + * @param cache Settings regarding cache policy for this realm. * * @return builder * @@ -641,7 +637,8 @@ public Builder cache(UserFederationCacheArgs cache) { } /** - * @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * * @return builder * @@ -652,7 +649,8 @@ public Builder changedSyncPeriod(@Nullable Output changedSyncPeriod) { } /** - * @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * * @return builder * @@ -662,7 +660,7 @@ public Builder changedSyncPeriod(Integer changedSyncPeriod) { } /** - * @param connectionTimeout LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @param connectionTimeout LDAP connection timeout (duration string) * * @return builder * @@ -673,7 +671,7 @@ public Builder connectionTimeout(@Nullable Output connectionTimeout) { } /** - * @param connectionTimeout LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @param connectionTimeout LDAP connection timeout (duration string) * * @return builder * @@ -704,7 +702,7 @@ public Builder connectionUrl(String connectionUrl) { } /** - * @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * * @return builder * @@ -715,7 +713,7 @@ public Builder customUserSearchFilter(@Nullable Output customUserSearchF } /** - * @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * * @return builder * @@ -725,7 +723,8 @@ public Builder customUserSearchFilter(String customUserSearchFilter) { } /** - * @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * * @return builder * @@ -736,7 +735,8 @@ public Builder deleteDefaultMappers(@Nullable Output deleteDefaultMappe } /** - * @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * * @return builder * @@ -746,7 +746,7 @@ public Builder deleteDefaultMappers(Boolean deleteDefaultMappers) { } /** - * @param editMode Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * @param editMode READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * * @return builder * @@ -757,7 +757,7 @@ public Builder editMode(@Nullable Output editMode) { } /** - * @param editMode Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * @param editMode READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * * @return builder * @@ -767,7 +767,7 @@ public Builder editMode(String editMode) { } /** - * @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @param enabled When false, this provider will not be used when performing queries for users. * * @return builder * @@ -778,7 +778,7 @@ public Builder enabled(@Nullable Output enabled) { } /** - * @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @param enabled When false, this provider will not be used when performing queries for users. * * @return builder * @@ -809,7 +809,7 @@ public Builder fullSyncPeriod(Integer fullSyncPeriod) { } /** - * @param importEnabled When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * @param importEnabled When true, LDAP users will be imported into the Keycloak database. * * @return builder * @@ -820,7 +820,7 @@ public Builder importEnabled(@Nullable Output importEnabled) { } /** - * @param importEnabled When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * @param importEnabled When true, LDAP users will be imported into the Keycloak database. * * @return builder * @@ -830,7 +830,7 @@ public Builder importEnabled(Boolean importEnabled) { } /** - * @param kerberos A block containing the kerberos settings. + * @param kerberos Settings regarding kerberos authentication for this realm. * * @return builder * @@ -841,7 +841,7 @@ public Builder kerberos(@Nullable Output kerberos) { } /** - * @param kerberos A block containing the kerberos settings. + * @param kerberos Settings regarding kerberos authentication for this realm. * * @return builder * @@ -872,7 +872,7 @@ public Builder name(String name) { } /** - * @param pagination When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * @param pagination When true, Keycloak assumes the LDAP server supports pagination. * * @return builder * @@ -883,7 +883,7 @@ public Builder pagination(@Nullable Output pagination) { } /** - * @param pagination When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * @param pagination When true, Keycloak assumes the LDAP server supports pagination. * * @return builder * @@ -893,7 +893,7 @@ public Builder pagination(Boolean pagination) { } /** - * @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @param priority Priority of this provider when looking up users. Lower values are first. * * @return builder * @@ -904,7 +904,7 @@ public Builder priority(@Nullable Output priority) { } /** - * @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @param priority Priority of this provider when looking up users. Lower values are first. * * @return builder * @@ -935,7 +935,7 @@ public Builder rdnLdapAttribute(String rdnLdapAttribute) { } /** - * @param readTimeout LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @param readTimeout LDAP read timeout (duration string) * * @return builder * @@ -946,7 +946,7 @@ public Builder readTimeout(@Nullable Output readTimeout) { } /** - * @param readTimeout LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @param readTimeout LDAP read timeout (duration string) * * @return builder * @@ -956,7 +956,7 @@ public Builder readTimeout(String readTimeout) { } /** - * @param realmId The realm that this provider will provide user federation for. + * @param realmId The realm this provider will provide user federation for. * * @return builder * @@ -967,7 +967,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm that this provider will provide user federation for. + * @param realmId The realm this provider will provide user federation for. * * @return builder * @@ -977,7 +977,7 @@ public Builder realmId(String realmId) { } /** - * @param searchScope Can be one of `ONE_LEVEL` or `SUBTREE`: + * @param searchScope ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * * @return builder * @@ -988,7 +988,7 @@ public Builder searchScope(@Nullable Output searchScope) { } /** - * @param searchScope Can be one of `ONE_LEVEL` or `SUBTREE`: + * @param searchScope ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * * @return builder * @@ -998,7 +998,7 @@ public Builder searchScope(String searchScope) { } /** - * @param startTls When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * @param startTls When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * * @return builder * @@ -1009,7 +1009,7 @@ public Builder startTls(@Nullable Output startTls) { } /** - * @param startTls When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * @param startTls When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * * @return builder * @@ -1019,7 +1019,7 @@ public Builder startTls(Boolean startTls) { } /** - * @param syncRegistrations When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * @param syncRegistrations When true, newly created users will be synced back to LDAP. * * @return builder * @@ -1030,7 +1030,7 @@ public Builder syncRegistrations(@Nullable Output syncRegistrations) { } /** - * @param syncRegistrations When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * @param syncRegistrations When true, newly created users will be synced back to LDAP. * * @return builder * @@ -1081,29 +1081,17 @@ public Builder usePasswordModifyExtendedOp(Boolean usePasswordModifyExtendedOp) return usePasswordModifyExtendedOp(Output.of(usePasswordModifyExtendedOp)); } - /** - * @param useTruststoreSpi Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - * @return builder - * - */ public Builder useTruststoreSpi(@Nullable Output useTruststoreSpi) { $.useTruststoreSpi = useTruststoreSpi; return this; } - /** - * @param useTruststoreSpi Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - * @return builder - * - */ public Builder useTruststoreSpi(String useTruststoreSpi) { return useTruststoreSpi(Output.of(useTruststoreSpi)); } /** - * @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @param userObjectClasses All values of LDAP objectClass attribute for users in LDAP. * * @return builder * @@ -1114,7 +1102,7 @@ public Builder userObjectClasses(Output> userObjectClasses) { } /** - * @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @param userObjectClasses All values of LDAP objectClass attribute for users in LDAP. * * @return builder * @@ -1124,7 +1112,7 @@ public Builder userObjectClasses(List userObjectClasses) { } /** - * @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @param userObjectClasses All values of LDAP objectClass attribute for users in LDAP. * * @return builder * @@ -1197,7 +1185,7 @@ public Builder uuidLdapAttribute(String uuidLdapAttribute) { } /** - * @param validatePasswordPolicy When `true`, Keycloak will validate passwords using the realm policy before updating it. + * @param validatePasswordPolicy When true, Keycloak will validate passwords using the realm policy before updating it. * * @return builder * @@ -1208,7 +1196,7 @@ public Builder validatePasswordPolicy(@Nullable Output validatePassword } /** - * @param validatePasswordPolicy When `true`, Keycloak will validate passwords using the realm policy before updating it. + * @param validatePasswordPolicy When true, Keycloak will validate passwords using the realm policy before updating it. * * @return builder * @@ -1218,7 +1206,7 @@ public Builder validatePasswordPolicy(Boolean validatePasswordPolicy) { } /** - * @param vendor Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * @param vendor LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * * @return builder * @@ -1229,7 +1217,7 @@ public Builder vendor(@Nullable Output vendor) { } /** - * @param vendor Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * @param vendor LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/FullNameMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/FullNameMapperState.java index 6de57790..fbf0daca 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/FullNameMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/FullNameMapperState.java @@ -16,30 +16,22 @@ public final class FullNameMapperState extends com.pulumi.resources.ResourceArgs public static final FullNameMapperState Empty = new FullNameMapperState(); - /** - * The name of the LDAP attribute containing the user's full name. - * - */ @Import(name="ldapFullNameAttribute") private @Nullable Output ldapFullNameAttribute; - /** - * @return The name of the LDAP attribute containing the user's full name. - * - */ public Optional> ldapFullNameAttribute() { return Optional.ofNullable(this.ldapFullNameAttribute); } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId") private @Nullable Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Optional> ldapUserFederationId() { @@ -47,61 +39,45 @@ public Optional> ldapUserFederationId() { } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - */ @Import(name="readOnly") private @Nullable Output readOnly; - /** - * @return When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - */ public Optional> readOnly() { return Optional.ofNullable(this.readOnly); } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - */ @Import(name="writeOnly") private @Nullable Output writeOnly; - /** - * @return When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - */ public Optional> writeOnly() { return Optional.ofNullable(this.writeOnly); } @@ -135,29 +111,17 @@ public Builder(FullNameMapperState defaults) { $ = new FullNameMapperState(Objects.requireNonNull(defaults)); } - /** - * @param ldapFullNameAttribute The name of the LDAP attribute containing the user's full name. - * - * @return builder - * - */ public Builder ldapFullNameAttribute(@Nullable Output ldapFullNameAttribute) { $.ldapFullNameAttribute = ldapFullNameAttribute; return this; } - /** - * @param ldapFullNameAttribute The name of the LDAP attribute containing the user's full name. - * - * @return builder - * - */ public Builder ldapFullNameAttribute(String ldapFullNameAttribute) { return ldapFullNameAttribute(Output.of(ldapFullNameAttribute)); } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -168,7 +132,7 @@ public Builder ldapUserFederationId(@Nullable Output ldapUserFederationI } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -178,7 +142,7 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -189,7 +153,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -198,29 +162,17 @@ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param readOnly When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - * @return builder - * - */ public Builder readOnly(@Nullable Output readOnly) { $.readOnly = readOnly; return this; } - /** - * @param readOnly When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - * - * @return builder - * - */ public Builder readOnly(Boolean readOnly) { return readOnly(Output.of(readOnly)); } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -231,7 +183,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -240,23 +192,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param writeOnly When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - * @return builder - * - */ public Builder writeOnly(@Nullable Output writeOnly) { $.writeOnly = writeOnly; return this; } - /** - * @param writeOnly When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - * - * @return builder - * - */ public Builder writeOnly(Boolean writeOnly) { return writeOnly(Output.of(writeOnly)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/GroupMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/GroupMapperState.java index 94ed461f..a86a45f0 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/GroupMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/GroupMapperState.java @@ -17,272 +17,152 @@ public final class GroupMapperState extends com.pulumi.resources.ResourceArgs { public static final GroupMapperState Empty = new GroupMapperState(); - /** - * When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - */ @Import(name="dropNonExistingGroupsDuringSync") private @Nullable Output dropNonExistingGroupsDuringSync; - /** - * @return When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - */ public Optional> dropNonExistingGroupsDuringSync() { return Optional.ofNullable(this.dropNonExistingGroupsDuringSync); } - /** - * The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - */ @Import(name="groupNameLdapAttribute") private @Nullable Output groupNameLdapAttribute; - /** - * @return The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - */ public Optional> groupNameLdapAttribute() { return Optional.ofNullable(this.groupNameLdapAttribute); } - /** - * List of strings representing the object classes for the group. Must contain at least one. - * - */ @Import(name="groupObjectClasses") private @Nullable Output> groupObjectClasses; - /** - * @return List of strings representing the object classes for the group. Must contain at least one. - * - */ public Optional>> groupObjectClasses() { return Optional.ofNullable(this.groupObjectClasses); } - /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - */ @Import(name="groupsLdapFilter") private @Nullable Output groupsLdapFilter; - /** - * @return When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - */ public Optional> groupsLdapFilter() { return Optional.ofNullable(this.groupsLdapFilter); } - /** - * Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - */ @Import(name="groupsPath") private @Nullable Output groupsPath; - /** - * @return Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - */ public Optional> groupsPath() { return Optional.ofNullable(this.groupsPath); } - /** - * When `true`, missing groups in the hierarchy will be ignored. - * - */ @Import(name="ignoreMissingGroups") private @Nullable Output ignoreMissingGroups; - /** - * @return When `true`, missing groups in the hierarchy will be ignored. - * - */ public Optional> ignoreMissingGroups() { return Optional.ofNullable(this.ignoreMissingGroups); } - /** - * The LDAP DN where groups can be found. - * - */ @Import(name="ldapGroupsDn") private @Nullable Output ldapGroupsDn; - /** - * @return The LDAP DN where groups can be found. - * - */ public Optional> ldapGroupsDn() { return Optional.ofNullable(this.ldapGroupsDn); } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId") private @Nullable Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Optional> ldapUserFederationId() { return Optional.ofNullable(this.ldapUserFederationId); } - /** - * Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - */ @Import(name="mappedGroupAttributes") private @Nullable Output> mappedGroupAttributes; - /** - * @return Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - */ public Optional>> mappedGroupAttributes() { return Optional.ofNullable(this.mappedGroupAttributes); } - /** - * Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - */ @Import(name="memberofLdapAttribute") private @Nullable Output memberofLdapAttribute; - /** - * @return Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - */ public Optional> memberofLdapAttribute() { return Optional.ofNullable(this.memberofLdapAttribute); } - /** - * Can be one of `DN` or `UID`. Defaults to `DN`. - * - */ @Import(name="membershipAttributeType") private @Nullable Output membershipAttributeType; - /** - * @return Can be one of `DN` or `UID`. Defaults to `DN`. - * - */ public Optional> membershipAttributeType() { return Optional.ofNullable(this.membershipAttributeType); } - /** - * The name of the LDAP attribute that is used for membership mappings. - * - */ @Import(name="membershipLdapAttribute") private @Nullable Output membershipLdapAttribute; - /** - * @return The name of the LDAP attribute that is used for membership mappings. - * - */ public Optional> membershipLdapAttribute() { return Optional.ofNullable(this.membershipLdapAttribute); } - /** - * The name of the LDAP attribute on a user that is used for membership mappings. - * - */ @Import(name="membershipUserLdapAttribute") private @Nullable Output membershipUserLdapAttribute; - /** - * @return The name of the LDAP attribute on a user that is used for membership mappings. - * - */ public Optional> membershipUserLdapAttribute() { return Optional.ofNullable(this.membershipUserLdapAttribute); } - /** - * Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - */ @Import(name="mode") private @Nullable Output mode; - /** - * @return Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - */ public Optional> mode() { return Optional.ofNullable(this.mode); } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - */ @Import(name="preserveGroupInheritance") private @Nullable Output preserveGroupInheritance; - /** - * @return When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - */ public Optional> preserveGroupInheritance() { return Optional.ofNullable(this.preserveGroupInheritance); } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - */ @Import(name="userRolesRetrieveStrategy") private @Nullable Output userRolesRetrieveStrategy; - /** - * @return Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - */ public Optional> userRolesRetrieveStrategy() { return Optional.ofNullable(this.userRolesRetrieveStrategy); } @@ -328,165 +208,75 @@ public Builder(GroupMapperState defaults) { $ = new GroupMapperState(Objects.requireNonNull(defaults)); } - /** - * @param dropNonExistingGroupsDuringSync When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - * @return builder - * - */ public Builder dropNonExistingGroupsDuringSync(@Nullable Output dropNonExistingGroupsDuringSync) { $.dropNonExistingGroupsDuringSync = dropNonExistingGroupsDuringSync; return this; } - /** - * @param dropNonExistingGroupsDuringSync When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - * - * @return builder - * - */ public Builder dropNonExistingGroupsDuringSync(Boolean dropNonExistingGroupsDuringSync) { return dropNonExistingGroupsDuringSync(Output.of(dropNonExistingGroupsDuringSync)); } - /** - * @param groupNameLdapAttribute The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - * @return builder - * - */ public Builder groupNameLdapAttribute(@Nullable Output groupNameLdapAttribute) { $.groupNameLdapAttribute = groupNameLdapAttribute; return this; } - /** - * @param groupNameLdapAttribute The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - * - * @return builder - * - */ public Builder groupNameLdapAttribute(String groupNameLdapAttribute) { return groupNameLdapAttribute(Output.of(groupNameLdapAttribute)); } - /** - * @param groupObjectClasses List of strings representing the object classes for the group. Must contain at least one. - * - * @return builder - * - */ public Builder groupObjectClasses(@Nullable Output> groupObjectClasses) { $.groupObjectClasses = groupObjectClasses; return this; } - /** - * @param groupObjectClasses List of strings representing the object classes for the group. Must contain at least one. - * - * @return builder - * - */ public Builder groupObjectClasses(List groupObjectClasses) { return groupObjectClasses(Output.of(groupObjectClasses)); } - /** - * @param groupObjectClasses List of strings representing the object classes for the group. Must contain at least one. - * - * @return builder - * - */ public Builder groupObjectClasses(String... groupObjectClasses) { return groupObjectClasses(List.of(groupObjectClasses)); } - /** - * @param groupsLdapFilter When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - * @return builder - * - */ public Builder groupsLdapFilter(@Nullable Output groupsLdapFilter) { $.groupsLdapFilter = groupsLdapFilter; return this; } - /** - * @param groupsLdapFilter When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - * - * @return builder - * - */ public Builder groupsLdapFilter(String groupsLdapFilter) { return groupsLdapFilter(Output.of(groupsLdapFilter)); } - /** - * @param groupsPath Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - * @return builder - * - */ public Builder groupsPath(@Nullable Output groupsPath) { $.groupsPath = groupsPath; return this; } - /** - * @param groupsPath Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - * - * @return builder - * - */ public Builder groupsPath(String groupsPath) { return groupsPath(Output.of(groupsPath)); } - /** - * @param ignoreMissingGroups When `true`, missing groups in the hierarchy will be ignored. - * - * @return builder - * - */ public Builder ignoreMissingGroups(@Nullable Output ignoreMissingGroups) { $.ignoreMissingGroups = ignoreMissingGroups; return this; } - /** - * @param ignoreMissingGroups When `true`, missing groups in the hierarchy will be ignored. - * - * @return builder - * - */ public Builder ignoreMissingGroups(Boolean ignoreMissingGroups) { return ignoreMissingGroups(Output.of(ignoreMissingGroups)); } - /** - * @param ldapGroupsDn The LDAP DN where groups can be found. - * - * @return builder - * - */ public Builder ldapGroupsDn(@Nullable Output ldapGroupsDn) { $.ldapGroupsDn = ldapGroupsDn; return this; } - /** - * @param ldapGroupsDn The LDAP DN where groups can be found. - * - * @return builder - * - */ public Builder ldapGroupsDn(String ldapGroupsDn) { return ldapGroupsDn(Output.of(ldapGroupsDn)); } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -497,7 +287,7 @@ public Builder ldapUserFederationId(@Nullable Output ldapUserFederationI } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -506,144 +296,66 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { return ldapUserFederationId(Output.of(ldapUserFederationId)); } - /** - * @param mappedGroupAttributes Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - * @return builder - * - */ public Builder mappedGroupAttributes(@Nullable Output> mappedGroupAttributes) { $.mappedGroupAttributes = mappedGroupAttributes; return this; } - /** - * @param mappedGroupAttributes Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - * @return builder - * - */ public Builder mappedGroupAttributes(List mappedGroupAttributes) { return mappedGroupAttributes(Output.of(mappedGroupAttributes)); } - /** - * @param mappedGroupAttributes Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - * - * @return builder - * - */ public Builder mappedGroupAttributes(String... mappedGroupAttributes) { return mappedGroupAttributes(List.of(mappedGroupAttributes)); } - /** - * @param memberofLdapAttribute Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - * @return builder - * - */ public Builder memberofLdapAttribute(@Nullable Output memberofLdapAttribute) { $.memberofLdapAttribute = memberofLdapAttribute; return this; } - /** - * @param memberofLdapAttribute Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - * - * @return builder - * - */ public Builder memberofLdapAttribute(String memberofLdapAttribute) { return memberofLdapAttribute(Output.of(memberofLdapAttribute)); } - /** - * @param membershipAttributeType Can be one of `DN` or `UID`. Defaults to `DN`. - * - * @return builder - * - */ public Builder membershipAttributeType(@Nullable Output membershipAttributeType) { $.membershipAttributeType = membershipAttributeType; return this; } - /** - * @param membershipAttributeType Can be one of `DN` or `UID`. Defaults to `DN`. - * - * @return builder - * - */ public Builder membershipAttributeType(String membershipAttributeType) { return membershipAttributeType(Output.of(membershipAttributeType)); } - /** - * @param membershipLdapAttribute The name of the LDAP attribute that is used for membership mappings. - * - * @return builder - * - */ public Builder membershipLdapAttribute(@Nullable Output membershipLdapAttribute) { $.membershipLdapAttribute = membershipLdapAttribute; return this; } - /** - * @param membershipLdapAttribute The name of the LDAP attribute that is used for membership mappings. - * - * @return builder - * - */ public Builder membershipLdapAttribute(String membershipLdapAttribute) { return membershipLdapAttribute(Output.of(membershipLdapAttribute)); } - /** - * @param membershipUserLdapAttribute The name of the LDAP attribute on a user that is used for membership mappings. - * - * @return builder - * - */ public Builder membershipUserLdapAttribute(@Nullable Output membershipUserLdapAttribute) { $.membershipUserLdapAttribute = membershipUserLdapAttribute; return this; } - /** - * @param membershipUserLdapAttribute The name of the LDAP attribute on a user that is used for membership mappings. - * - * @return builder - * - */ public Builder membershipUserLdapAttribute(String membershipUserLdapAttribute) { return membershipUserLdapAttribute(Output.of(membershipUserLdapAttribute)); } - /** - * @param mode Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - * @return builder - * - */ public Builder mode(@Nullable Output mode) { $.mode = mode; return this; } - /** - * @param mode Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - * - * @return builder - * - */ public Builder mode(String mode) { return mode(Output.of(mode)); } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -654,7 +366,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -663,29 +375,17 @@ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param preserveGroupInheritance When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - * @return builder - * - */ public Builder preserveGroupInheritance(@Nullable Output preserveGroupInheritance) { $.preserveGroupInheritance = preserveGroupInheritance; return this; } - /** - * @param preserveGroupInheritance When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - * - * @return builder - * - */ public Builder preserveGroupInheritance(Boolean preserveGroupInheritance) { return preserveGroupInheritance(Output.of(preserveGroupInheritance)); } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -696,7 +396,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -705,23 +405,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param userRolesRetrieveStrategy Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - * @return builder - * - */ public Builder userRolesRetrieveStrategy(@Nullable Output userRolesRetrieveStrategy) { $.userRolesRetrieveStrategy = userRolesRetrieveStrategy; return this; } - /** - * @param userRolesRetrieveStrategy Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - * - * @return builder - * - */ public Builder userRolesRetrieveStrategy(String userRolesRetrieveStrategy) { return userRolesRetrieveStrategy(Output.of(userRolesRetrieveStrategy)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/HardcodedRoleMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/HardcodedRoleMapperState.java index b4c48632..155933fe 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/HardcodedRoleMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/HardcodedRoleMapperState.java @@ -16,14 +16,14 @@ public final class HardcodedRoleMapperState extends com.pulumi.resources.Resourc public static final HardcodedRoleMapperState Empty = new HardcodedRoleMapperState(); /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId") private @Nullable Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Optional> ldapUserFederationId() { @@ -31,14 +31,14 @@ public Optional> ldapUserFederationId() { } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { @@ -46,14 +46,14 @@ public Optional> name() { } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Optional> realmId() { @@ -61,14 +61,14 @@ public Optional> realmId() { } /** - * The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * Role to grant to user. * */ @Import(name="role") private @Nullable Output role; /** - * @return The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * @return Role to grant to user. * */ public Optional> role() { @@ -103,7 +103,7 @@ public Builder(HardcodedRoleMapperState defaults) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -114,7 +114,7 @@ public Builder ldapUserFederationId(@Nullable Output ldapUserFederationI } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -124,7 +124,7 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -135,7 +135,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -145,7 +145,7 @@ public Builder name(String name) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -156,7 +156,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -166,7 +166,7 @@ public Builder realmId(String realmId) { } /** - * @param role The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * @param role Role to grant to user. * * @return builder * @@ -177,7 +177,7 @@ public Builder role(@Nullable Output role) { } /** - * @param role The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * @param role Role to grant to user. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/MsadUserAccountControlMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/MsadUserAccountControlMapperState.java index 37f76da5..dbcae593 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/MsadUserAccountControlMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/MsadUserAccountControlMapperState.java @@ -16,30 +16,22 @@ public final class MsadUserAccountControlMapperState extends com.pulumi.resource public static final MsadUserAccountControlMapperState Empty = new MsadUserAccountControlMapperState(); - /** - * When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - */ @Import(name="ldapPasswordPolicyHintsEnabled") private @Nullable Output ldapPasswordPolicyHintsEnabled; - /** - * @return When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - */ public Optional> ldapPasswordPolicyHintsEnabled() { return Optional.ofNullable(this.ldapPasswordPolicyHintsEnabled); } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId") private @Nullable Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Optional> ldapUserFederationId() { @@ -47,14 +39,14 @@ public Optional> ldapUserFederationId() { } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { @@ -62,14 +54,14 @@ public Optional> name() { } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Optional> realmId() { @@ -103,29 +95,17 @@ public Builder(MsadUserAccountControlMapperState defaults) { $ = new MsadUserAccountControlMapperState(Objects.requireNonNull(defaults)); } - /** - * @param ldapPasswordPolicyHintsEnabled When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - * @return builder - * - */ public Builder ldapPasswordPolicyHintsEnabled(@Nullable Output ldapPasswordPolicyHintsEnabled) { $.ldapPasswordPolicyHintsEnabled = ldapPasswordPolicyHintsEnabled; return this; } - /** - * @param ldapPasswordPolicyHintsEnabled When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - * - * @return builder - * - */ public Builder ldapPasswordPolicyHintsEnabled(Boolean ldapPasswordPolicyHintsEnabled) { return ldapPasswordPolicyHintsEnabled(Output.of(ldapPasswordPolicyHintsEnabled)); } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -136,7 +116,7 @@ public Builder ldapUserFederationId(@Nullable Output ldapUserFederationI } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -146,7 +126,7 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -157,7 +137,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -167,7 +147,7 @@ public Builder name(String name) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -178,7 +158,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserAttributeMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserAttributeMapperState.java index 83d72111..d95ac367 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserAttributeMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserAttributeMapperState.java @@ -17,14 +17,14 @@ public final class UserAttributeMapperState extends com.pulumi.resources.Resourc public static final UserAttributeMapperState Empty = new UserAttributeMapperState(); /** - * When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * When true, the value fetched from LDAP will override the value stored in Keycloak. * */ @Import(name="alwaysReadValueFromLdap") private @Nullable Output alwaysReadValueFromLdap; /** - * @return When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * @return When true, the value fetched from LDAP will override the value stored in Keycloak. * */ public Optional> alwaysReadValueFromLdap() { @@ -32,14 +32,14 @@ public Optional> alwaysReadValueFromLdap() { } /** - * Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * */ @Import(name="attributeDefaultValue") private @Nullable Output attributeDefaultValue; /** - * @return Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * @return Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * */ public Optional> attributeDefaultValue() { @@ -47,14 +47,14 @@ public Optional> attributeDefaultValue() { } /** - * Should be true for binary LDAP attributes. + * Should be true for binary LDAP attributes * */ @Import(name="isBinaryAttribute") private @Nullable Output isBinaryAttribute; /** - * @return Should be true for binary LDAP attributes. + * @return Should be true for binary LDAP attributes * */ public Optional> isBinaryAttribute() { @@ -62,14 +62,14 @@ public Optional> isBinaryAttribute() { } /** - * When `true`, this attribute must exist in LDAP. Defaults to `false`. + * When true, this attribute must exist in LDAP. * */ @Import(name="isMandatoryInLdap") private @Nullable Output isMandatoryInLdap; /** - * @return When `true`, this attribute must exist in LDAP. Defaults to `false`. + * @return When true, this attribute must exist in LDAP. * */ public Optional> isMandatoryInLdap() { @@ -77,14 +77,14 @@ public Optional> isMandatoryInLdap() { } /** - * Name of the mapped attribute on the LDAP object. + * Name of the mapped attribute on LDAP object. * */ @Import(name="ldapAttribute") private @Nullable Output ldapAttribute; /** - * @return Name of the mapped attribute on the LDAP object. + * @return Name of the mapped attribute on LDAP object. * */ public Optional> ldapAttribute() { @@ -92,14 +92,14 @@ public Optional> ldapAttribute() { } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. * */ @Import(name="ldapUserFederationId") private @Nullable Output ldapUserFederationId; /** - * @return The ID of the LDAP user federation provider to attach this mapper to. + * @return The ldap user federation provider to attach this mapper to. * */ public Optional> ldapUserFederationId() { @@ -107,14 +107,14 @@ public Optional> ldapUserFederationId() { } /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. * */ @Import(name="name") private @Nullable Output name; /** - * @return Display name of this mapper when displayed in the console. + * @return Display name of the mapper when displayed in the console. * */ public Optional> name() { @@ -122,14 +122,14 @@ public Optional> name() { } /** - * When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * */ @Import(name="readOnly") private @Nullable Output readOnly; /** - * @return When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * @return When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * */ public Optional> readOnly() { @@ -137,14 +137,14 @@ public Optional> readOnly() { } /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm that this LDAP mapper will exist in. + * @return The realm in which the ldap user federation provider exists. * */ public Optional> realmId() { @@ -152,14 +152,14 @@ public Optional> realmId() { } /** - * Name of the user property or attribute you want to map the LDAP attribute into. + * Name of the UserModel property or attribute you want to map the LDAP attribute into. * */ @Import(name="userModelAttribute") private @Nullable Output userModelAttribute; /** - * @return Name of the user property or attribute you want to map the LDAP attribute into. + * @return Name of the UserModel property or attribute you want to map the LDAP attribute into. * */ public Optional> userModelAttribute() { @@ -200,7 +200,7 @@ public Builder(UserAttributeMapperState defaults) { } /** - * @param alwaysReadValueFromLdap When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * @param alwaysReadValueFromLdap When true, the value fetched from LDAP will override the value stored in Keycloak. * * @return builder * @@ -211,7 +211,7 @@ public Builder alwaysReadValueFromLdap(@Nullable Output alwaysReadValue } /** - * @param alwaysReadValueFromLdap When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * @param alwaysReadValueFromLdap When true, the value fetched from LDAP will override the value stored in Keycloak. * * @return builder * @@ -221,7 +221,7 @@ public Builder alwaysReadValueFromLdap(Boolean alwaysReadValueFromLdap) { } /** - * @param attributeDefaultValue Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * @param attributeDefaultValue Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * * @return builder * @@ -232,7 +232,7 @@ public Builder attributeDefaultValue(@Nullable Output attributeDefaultVa } /** - * @param attributeDefaultValue Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + * @param attributeDefaultValue Default value to set in LDAP if is_mandatory_in_ldap and the value is empty * * @return builder * @@ -242,7 +242,7 @@ public Builder attributeDefaultValue(String attributeDefaultValue) { } /** - * @param isBinaryAttribute Should be true for binary LDAP attributes. + * @param isBinaryAttribute Should be true for binary LDAP attributes * * @return builder * @@ -253,7 +253,7 @@ public Builder isBinaryAttribute(@Nullable Output isBinaryAttribute) { } /** - * @param isBinaryAttribute Should be true for binary LDAP attributes. + * @param isBinaryAttribute Should be true for binary LDAP attributes * * @return builder * @@ -263,7 +263,7 @@ public Builder isBinaryAttribute(Boolean isBinaryAttribute) { } /** - * @param isMandatoryInLdap When `true`, this attribute must exist in LDAP. Defaults to `false`. + * @param isMandatoryInLdap When true, this attribute must exist in LDAP. * * @return builder * @@ -274,7 +274,7 @@ public Builder isMandatoryInLdap(@Nullable Output isMandatoryInLdap) { } /** - * @param isMandatoryInLdap When `true`, this attribute must exist in LDAP. Defaults to `false`. + * @param isMandatoryInLdap When true, this attribute must exist in LDAP. * * @return builder * @@ -284,7 +284,7 @@ public Builder isMandatoryInLdap(Boolean isMandatoryInLdap) { } /** - * @param ldapAttribute Name of the mapped attribute on the LDAP object. + * @param ldapAttribute Name of the mapped attribute on LDAP object. * * @return builder * @@ -295,7 +295,7 @@ public Builder ldapAttribute(@Nullable Output ldapAttribute) { } /** - * @param ldapAttribute Name of the mapped attribute on the LDAP object. + * @param ldapAttribute Name of the mapped attribute on LDAP object. * * @return builder * @@ -305,7 +305,7 @@ public Builder ldapAttribute(String ldapAttribute) { } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -316,7 +316,7 @@ public Builder ldapUserFederationId(@Nullable Output ldapUserFederationI } /** - * @param ldapUserFederationId The ID of the LDAP user federation provider to attach this mapper to. + * @param ldapUserFederationId The ldap user federation provider to attach this mapper to. * * @return builder * @@ -326,7 +326,7 @@ public Builder ldapUserFederationId(String ldapUserFederationId) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -337,7 +337,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name Display name of this mapper when displayed in the console. + * @param name Display name of the mapper when displayed in the console. * * @return builder * @@ -347,7 +347,7 @@ public Builder name(String name) { } /** - * @param readOnly When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * @param readOnly When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * * @return builder * @@ -358,7 +358,7 @@ public Builder readOnly(@Nullable Output readOnly) { } /** - * @param readOnly When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * @param readOnly When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. * * @return builder * @@ -368,7 +368,7 @@ public Builder readOnly(Boolean readOnly) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -379,7 +379,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm that this LDAP mapper will exist in. + * @param realmId The realm in which the ldap user federation provider exists. * * @return builder * @@ -389,7 +389,7 @@ public Builder realmId(String realmId) { } /** - * @param userModelAttribute Name of the user property or attribute you want to map the LDAP attribute into. + * @param userModelAttribute Name of the UserModel property or attribute you want to map the LDAP attribute into. * * @return builder * @@ -400,7 +400,7 @@ public Builder userModelAttribute(@Nullable Output userModelAttribute) { } /** - * @param userModelAttribute Name of the user property or attribute you want to map the LDAP attribute into. + * @param userModelAttribute Name of the UserModel property or attribute you want to map the LDAP attribute into. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationCacheArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationCacheArgs.java index ada4a894..e315a09a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationCacheArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationCacheArgs.java @@ -17,14 +17,14 @@ public final class UserFederationCacheArgs extends com.pulumi.resources.Resource public static final UserFederationCacheArgs Empty = new UserFederationCacheArgs(); /** - * Day of the week the entry will become invalid on + * Day of the week the entry will become invalid on. * */ @Import(name="evictionDay") private @Nullable Output evictionDay; /** - * @return Day of the week the entry will become invalid on + * @return Day of the week the entry will become invalid on. * */ public Optional> evictionDay() { @@ -76,17 +76,9 @@ public Optional> maxLifespan() { return Optional.ofNullable(this.maxLifespan); } - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ @Import(name="policy") private @Nullable Output policy; - /** - * @return Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ public Optional> policy() { return Optional.ofNullable(this.policy); } @@ -120,7 +112,7 @@ public Builder(UserFederationCacheArgs defaults) { } /** - * @param evictionDay Day of the week the entry will become invalid on + * @param evictionDay Day of the week the entry will become invalid on. * * @return builder * @@ -131,7 +123,7 @@ public Builder evictionDay(@Nullable Output evictionDay) { } /** - * @param evictionDay Day of the week the entry will become invalid on + * @param evictionDay Day of the week the entry will become invalid on. * * @return builder * @@ -203,23 +195,11 @@ public Builder maxLifespan(String maxLifespan) { return maxLifespan(Output.of(maxLifespan)); } - /** - * @param policy Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - * @return builder - * - */ public Builder policy(@Nullable Output policy) { $.policy = policy; return this; } - /** - * @param policy Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - * @return builder - * - */ public Builder policy(String policy) { return policy(Output.of(policy)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationKerberosArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationKerberosArgs.java index 70a01420..80ff3ea3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationKerberosArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationKerberosArgs.java @@ -18,14 +18,14 @@ public final class UserFederationKerberosArgs extends com.pulumi.resources.Resou public static final UserFederationKerberosArgs Empty = new UserFederationKerberosArgs(); /** - * The name of the kerberos realm, e.g. FOO.LOCAL. + * The name of the kerberos realm, e.g. FOO.LOCAL * */ @Import(name="kerberosRealm", required=true) private Output kerberosRealm; /** - * @return The name of the kerberos realm, e.g. FOO.LOCAL. + * @return The name of the kerberos realm, e.g. FOO.LOCAL * */ public Output kerberosRealm() { @@ -105,7 +105,7 @@ public Builder(UserFederationKerberosArgs defaults) { } /** - * @param kerberosRealm The name of the kerberos realm, e.g. FOO.LOCAL. + * @param kerberosRealm The name of the kerberos realm, e.g. FOO.LOCAL * * @return builder * @@ -116,7 +116,7 @@ public Builder kerberosRealm(Output kerberosRealm) { } /** - * @param kerberosRealm The name of the kerberos realm, e.g. FOO.LOCAL. + * @param kerberosRealm The name of the kerberos realm, e.g. FOO.LOCAL * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationState.java index 77bfc2d8..41dbf961 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserFederationState.java @@ -21,14 +21,14 @@ public final class UserFederationState extends com.pulumi.resources.ResourceArgs public static final UserFederationState Empty = new UserFederationState(); /** - * The number of users to sync within a single transaction. Defaults to `1000`. + * The number of users to sync within a single transaction. * */ @Import(name="batchSizeForSync") private @Nullable Output batchSizeForSync; /** - * @return The number of users to sync within a single transaction. Defaults to `1000`. + * @return The number of users to sync within a single transaction. * */ public Optional> batchSizeForSync() { @@ -36,14 +36,14 @@ public Optional> batchSizeForSync() { } /** - * Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * Password of LDAP admin. * */ @Import(name="bindCredential") private @Nullable Output bindCredential; /** - * @return Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * @return Password of LDAP admin. * */ public Optional> bindCredential() { @@ -51,14 +51,14 @@ public Optional> bindCredential() { } /** - * DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * DN of LDAP admin, which will be used by Keycloak to access LDAP server. * */ @Import(name="bindDn") private @Nullable Output bindDn; /** - * @return DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * @return DN of LDAP admin, which will be used by Keycloak to access LDAP server. * */ public Optional> bindDn() { @@ -66,14 +66,14 @@ public Optional> bindDn() { } /** - * A block containing the cache settings. + * Settings regarding cache policy for this realm. * */ @Import(name="cache") private @Nullable Output cache; /** - * @return A block containing the cache settings. + * @return Settings regarding cache policy for this realm. * */ public Optional> cache() { @@ -81,14 +81,16 @@ public Optional> cache() { } /** - * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * */ @Import(name="changedSyncPeriod") private @Nullable Output changedSyncPeriod; /** - * @return How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * @return How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * */ public Optional> changedSyncPeriod() { @@ -96,14 +98,14 @@ public Optional> changedSyncPeriod() { } /** - * LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP connection timeout (duration string) * */ @Import(name="connectionTimeout") private @Nullable Output connectionTimeout; /** - * @return LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @return LDAP connection timeout (duration string) * */ public Optional> connectionTimeout() { @@ -126,14 +128,14 @@ public Optional> connectionUrl() { } /** - * Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * */ @Import(name="customUserSearchFilter") private @Nullable Output customUserSearchFilter; /** - * @return Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * @return Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * */ public Optional> customUserSearchFilter() { @@ -141,14 +143,16 @@ public Optional> customUserSearchFilter() { } /** - * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * */ @Import(name="deleteDefaultMappers") private @Nullable Output deleteDefaultMappers; /** - * @return When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * @return When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * */ public Optional> deleteDefaultMappers() { @@ -156,14 +160,14 @@ public Optional> deleteDefaultMappers() { } /** - * Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * */ @Import(name="editMode") private @Nullable Output editMode; /** - * @return Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * @return READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * */ public Optional> editMode() { @@ -171,14 +175,14 @@ public Optional> editMode() { } /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. * */ @Import(name="enabled") private @Nullable Output enabled; /** - * @return When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @return When false, this provider will not be used when performing queries for users. * */ public Optional> enabled() { @@ -201,14 +205,14 @@ public Optional> fullSyncPeriod() { } /** - * When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * When true, LDAP users will be imported into the Keycloak database. * */ @Import(name="importEnabled") private @Nullable Output importEnabled; /** - * @return When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * @return When true, LDAP users will be imported into the Keycloak database. * */ public Optional> importEnabled() { @@ -216,14 +220,14 @@ public Optional> importEnabled() { } /** - * A block containing the kerberos settings. + * Settings regarding kerberos authentication for this realm. * */ @Import(name="kerberos") private @Nullable Output kerberos; /** - * @return A block containing the kerberos settings. + * @return Settings regarding kerberos authentication for this realm. * */ public Optional> kerberos() { @@ -246,14 +250,14 @@ public Optional> name() { } /** - * When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * When true, Keycloak assumes the LDAP server supports pagination. * */ @Import(name="pagination") private @Nullable Output pagination; /** - * @return When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * @return When true, Keycloak assumes the LDAP server supports pagination. * */ public Optional> pagination() { @@ -261,14 +265,14 @@ public Optional> pagination() { } /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. * */ @Import(name="priority") private @Nullable Output priority; /** - * @return Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @return Priority of this provider when looking up users. Lower values are first. * */ public Optional> priority() { @@ -291,14 +295,14 @@ public Optional> rdnLdapAttribute() { } /** - * LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP read timeout (duration string) * */ @Import(name="readTimeout") private @Nullable Output readTimeout; /** - * @return LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @return LDAP read timeout (duration string) * */ public Optional> readTimeout() { @@ -306,14 +310,14 @@ public Optional> readTimeout() { } /** - * The realm that this provider will provide user federation for. + * The realm this provider will provide user federation for. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm that this provider will provide user federation for. + * @return The realm this provider will provide user federation for. * */ public Optional> realmId() { @@ -321,14 +325,14 @@ public Optional> realmId() { } /** - * Can be one of `ONE_LEVEL` or `SUBTREE`: + * ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * */ @Import(name="searchScope") private @Nullable Output searchScope; /** - * @return Can be one of `ONE_LEVEL` or `SUBTREE`: + * @return ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * */ public Optional> searchScope() { @@ -336,14 +340,14 @@ public Optional> searchScope() { } /** - * When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * */ @Import(name="startTls") private @Nullable Output startTls; /** - * @return When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * @return When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * */ public Optional> startTls() { @@ -351,14 +355,14 @@ public Optional> startTls() { } /** - * When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * When true, newly created users will be synced back to LDAP. * */ @Import(name="syncRegistrations") private @Nullable Output syncRegistrations; /** - * @return When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * @return When true, newly created users will be synced back to LDAP. * */ public Optional> syncRegistrations() { @@ -395,30 +399,22 @@ public Optional> usePasswordModifyExtendedOp() { return Optional.ofNullable(this.usePasswordModifyExtendedOp); } - /** - * Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - */ @Import(name="useTruststoreSpi") private @Nullable Output useTruststoreSpi; - /** - * @return Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - */ public Optional> useTruststoreSpi() { return Optional.ofNullable(this.useTruststoreSpi); } /** - * Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * All values of LDAP objectClass attribute for users in LDAP. * */ @Import(name="userObjectClasses") private @Nullable Output> userObjectClasses; /** - * @return Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @return All values of LDAP objectClass attribute for users in LDAP. * */ public Optional>> userObjectClasses() { @@ -471,14 +467,14 @@ public Optional> uuidLdapAttribute() { } /** - * When `true`, Keycloak will validate passwords using the realm policy before updating it. + * When true, Keycloak will validate passwords using the realm policy before updating it. * */ @Import(name="validatePasswordPolicy") private @Nullable Output validatePasswordPolicy; /** - * @return When `true`, Keycloak will validate passwords using the realm policy before updating it. + * @return When true, Keycloak will validate passwords using the realm policy before updating it. * */ public Optional> validatePasswordPolicy() { @@ -486,14 +482,14 @@ public Optional> validatePasswordPolicy() { } /** - * Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * */ @Import(name="vendor") private @Nullable Output vendor; /** - * @return Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * @return LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * */ public Optional> vendor() { @@ -556,7 +552,7 @@ public Builder(UserFederationState defaults) { } /** - * @param batchSizeForSync The number of users to sync within a single transaction. Defaults to `1000`. + * @param batchSizeForSync The number of users to sync within a single transaction. * * @return builder * @@ -567,7 +563,7 @@ public Builder batchSizeForSync(@Nullable Output batchSizeForSync) { } /** - * @param batchSizeForSync The number of users to sync within a single transaction. Defaults to `1000`. + * @param batchSizeForSync The number of users to sync within a single transaction. * * @return builder * @@ -577,7 +573,7 @@ public Builder batchSizeForSync(Integer batchSizeForSync) { } /** - * @param bindCredential Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * @param bindCredential Password of LDAP admin. * * @return builder * @@ -588,7 +584,7 @@ public Builder bindCredential(@Nullable Output bindCredential) { } /** - * @param bindCredential Password of LDAP admin. This attribute must be set if `bind_dn` is set. + * @param bindCredential Password of LDAP admin. * * @return builder * @@ -598,7 +594,7 @@ public Builder bindCredential(String bindCredential) { } /** - * @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. * * @return builder * @@ -609,7 +605,7 @@ public Builder bindDn(@Nullable Output bindDn) { } /** - * @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + * @param bindDn DN of LDAP admin, which will be used by Keycloak to access LDAP server. * * @return builder * @@ -619,7 +615,7 @@ public Builder bindDn(String bindDn) { } /** - * @param cache A block containing the cache settings. + * @param cache Settings regarding cache policy for this realm. * * @return builder * @@ -630,7 +626,7 @@ public Builder cache(@Nullable Output cache) { } /** - * @param cache A block containing the cache settings. + * @param cache Settings regarding cache policy for this realm. * * @return builder * @@ -640,7 +636,8 @@ public Builder cache(UserFederationCacheArgs cache) { } /** - * @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * * @return builder * @@ -651,7 +648,8 @@ public Builder changedSyncPeriod(@Nullable Output changedSyncPeriod) { } /** - * @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * @param changedSyncPeriod How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. * * @return builder * @@ -661,7 +659,7 @@ public Builder changedSyncPeriod(Integer changedSyncPeriod) { } /** - * @param connectionTimeout LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @param connectionTimeout LDAP connection timeout (duration string) * * @return builder * @@ -672,7 +670,7 @@ public Builder connectionTimeout(@Nullable Output connectionTimeout) { } /** - * @param connectionTimeout LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @param connectionTimeout LDAP connection timeout (duration string) * * @return builder * @@ -703,7 +701,7 @@ public Builder connectionUrl(String connectionUrl) { } /** - * @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * * @return builder * @@ -714,7 +712,7 @@ public Builder customUserSearchFilter(@Nullable Output customUserSearchF } /** - * @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * @param customUserSearchFilter Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. * * @return builder * @@ -724,7 +722,8 @@ public Builder customUserSearchFilter(String customUserSearchFilter) { } /** - * @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * * @return builder * @@ -735,7 +734,8 @@ public Builder deleteDefaultMappers(@Nullable Output deleteDefaultMappe } /** - * @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * @param deleteDefaultMappers When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. * * @return builder * @@ -745,7 +745,7 @@ public Builder deleteDefaultMappers(Boolean deleteDefaultMappers) { } /** - * @param editMode Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * @param editMode READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * * @return builder * @@ -756,7 +756,7 @@ public Builder editMode(@Nullable Output editMode) { } /** - * @param editMode Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * @param editMode READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. * * @return builder * @@ -766,7 +766,7 @@ public Builder editMode(String editMode) { } /** - * @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @param enabled When false, this provider will not be used when performing queries for users. * * @return builder * @@ -777,7 +777,7 @@ public Builder enabled(@Nullable Output enabled) { } /** - * @param enabled When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * @param enabled When false, this provider will not be used when performing queries for users. * * @return builder * @@ -808,7 +808,7 @@ public Builder fullSyncPeriod(Integer fullSyncPeriod) { } /** - * @param importEnabled When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * @param importEnabled When true, LDAP users will be imported into the Keycloak database. * * @return builder * @@ -819,7 +819,7 @@ public Builder importEnabled(@Nullable Output importEnabled) { } /** - * @param importEnabled When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * @param importEnabled When true, LDAP users will be imported into the Keycloak database. * * @return builder * @@ -829,7 +829,7 @@ public Builder importEnabled(Boolean importEnabled) { } /** - * @param kerberos A block containing the kerberos settings. + * @param kerberos Settings regarding kerberos authentication for this realm. * * @return builder * @@ -840,7 +840,7 @@ public Builder kerberos(@Nullable Output kerberos) { } /** - * @param kerberos A block containing the kerberos settings. + * @param kerberos Settings regarding kerberos authentication for this realm. * * @return builder * @@ -871,7 +871,7 @@ public Builder name(String name) { } /** - * @param pagination When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * @param pagination When true, Keycloak assumes the LDAP server supports pagination. * * @return builder * @@ -882,7 +882,7 @@ public Builder pagination(@Nullable Output pagination) { } /** - * @param pagination When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * @param pagination When true, Keycloak assumes the LDAP server supports pagination. * * @return builder * @@ -892,7 +892,7 @@ public Builder pagination(Boolean pagination) { } /** - * @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @param priority Priority of this provider when looking up users. Lower values are first. * * @return builder * @@ -903,7 +903,7 @@ public Builder priority(@Nullable Output priority) { } /** - * @param priority Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * @param priority Priority of this provider when looking up users. Lower values are first. * * @return builder * @@ -934,7 +934,7 @@ public Builder rdnLdapAttribute(String rdnLdapAttribute) { } /** - * @param readTimeout LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @param readTimeout LDAP read timeout (duration string) * * @return builder * @@ -945,7 +945,7 @@ public Builder readTimeout(@Nullable Output readTimeout) { } /** - * @param readTimeout LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * @param readTimeout LDAP read timeout (duration string) * * @return builder * @@ -955,7 +955,7 @@ public Builder readTimeout(String readTimeout) { } /** - * @param realmId The realm that this provider will provide user federation for. + * @param realmId The realm this provider will provide user federation for. * * @return builder * @@ -966,7 +966,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm that this provider will provide user federation for. + * @param realmId The realm this provider will provide user federation for. * * @return builder * @@ -976,7 +976,7 @@ public Builder realmId(String realmId) { } /** - * @param searchScope Can be one of `ONE_LEVEL` or `SUBTREE`: + * @param searchScope ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * * @return builder * @@ -987,7 +987,7 @@ public Builder searchScope(@Nullable Output searchScope) { } /** - * @param searchScope Can be one of `ONE_LEVEL` or `SUBTREE`: + * @param searchScope ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. * * @return builder * @@ -997,7 +997,7 @@ public Builder searchScope(String searchScope) { } /** - * @param startTls When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * @param startTls When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * * @return builder * @@ -1008,7 +1008,7 @@ public Builder startTls(@Nullable Output startTls) { } /** - * @param startTls When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * @param startTls When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. * * @return builder * @@ -1018,7 +1018,7 @@ public Builder startTls(Boolean startTls) { } /** - * @param syncRegistrations When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * @param syncRegistrations When true, newly created users will be synced back to LDAP. * * @return builder * @@ -1029,7 +1029,7 @@ public Builder syncRegistrations(@Nullable Output syncRegistrations) { } /** - * @param syncRegistrations When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * @param syncRegistrations When true, newly created users will be synced back to LDAP. * * @return builder * @@ -1080,29 +1080,17 @@ public Builder usePasswordModifyExtendedOp(Boolean usePasswordModifyExtendedOp) return usePasswordModifyExtendedOp(Output.of(usePasswordModifyExtendedOp)); } - /** - * @param useTruststoreSpi Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - * @return builder - * - */ public Builder useTruststoreSpi(@Nullable Output useTruststoreSpi) { $.useTruststoreSpi = useTruststoreSpi; return this; } - /** - * @param useTruststoreSpi Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - * - * @return builder - * - */ public Builder useTruststoreSpi(String useTruststoreSpi) { return useTruststoreSpi(Output.of(useTruststoreSpi)); } /** - * @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @param userObjectClasses All values of LDAP objectClass attribute for users in LDAP. * * @return builder * @@ -1113,7 +1101,7 @@ public Builder userObjectClasses(@Nullable Output> userObjectClasse } /** - * @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @param userObjectClasses All values of LDAP objectClass attribute for users in LDAP. * * @return builder * @@ -1123,7 +1111,7 @@ public Builder userObjectClasses(List userObjectClasses) { } /** - * @param userObjectClasses Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * @param userObjectClasses All values of LDAP objectClass attribute for users in LDAP. * * @return builder * @@ -1196,7 +1184,7 @@ public Builder uuidLdapAttribute(String uuidLdapAttribute) { } /** - * @param validatePasswordPolicy When `true`, Keycloak will validate passwords using the realm policy before updating it. + * @param validatePasswordPolicy When true, Keycloak will validate passwords using the realm policy before updating it. * * @return builder * @@ -1207,7 +1195,7 @@ public Builder validatePasswordPolicy(@Nullable Output validatePassword } /** - * @param validatePasswordPolicy When `true`, Keycloak will validate passwords using the realm policy before updating it. + * @param validatePasswordPolicy When true, Keycloak will validate passwords using the realm policy before updating it. * * @return builder * @@ -1217,7 +1205,7 @@ public Builder validatePasswordPolicy(Boolean validatePasswordPolicy) { } /** - * @param vendor Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * @param vendor LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * * @return builder * @@ -1228,7 +1216,7 @@ public Builder vendor(@Nullable Output vendor) { } /** - * @param vendor Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * @param vendor LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/outputs/UserFederationCache.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/outputs/UserFederationCache.java index 3089acb6..d95e9688 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/outputs/UserFederationCache.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/outputs/UserFederationCache.java @@ -13,7 +13,7 @@ @CustomType public final class UserFederationCache { /** - * @return Day of the week the entry will become invalid on + * @return Day of the week the entry will become invalid on. * */ private @Nullable Integer evictionDay; @@ -32,15 +32,11 @@ public final class UserFederationCache { * */ private @Nullable String maxLifespan; - /** - * @return Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ private @Nullable String policy; private UserFederationCache() {} /** - * @return Day of the week the entry will become invalid on + * @return Day of the week the entry will become invalid on. * */ public Optional evictionDay() { @@ -67,10 +63,6 @@ public Optional evictionMinute() { public Optional maxLifespan() { return Optional.ofNullable(this.maxLifespan); } - /** - * @return Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - * - */ public Optional policy() { return Optional.ofNullable(this.policy); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/outputs/UserFederationKerberos.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/outputs/UserFederationKerberos.java index b6541c71..1b8a8790 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/outputs/UserFederationKerberos.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/outputs/UserFederationKerberos.java @@ -14,7 +14,7 @@ @CustomType public final class UserFederationKerberos { /** - * @return The name of the kerberos realm, e.g. FOO.LOCAL. + * @return The name of the kerberos realm, e.g. FOO.LOCAL * */ private String kerberosRealm; @@ -36,7 +36,7 @@ public final class UserFederationKerberos { private UserFederationKerberos() {} /** - * @return The name of the kerberos realm, e.g. FOO.LOCAL. + * @return The name of the kerberos realm, e.g. FOO.LOCAL * */ public String kerberosRealm() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java index abbc0fc6..fd5df89a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java @@ -24,6 +24,8 @@ * OIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -65,14 +67,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Google Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProvider.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProvider.java index d8e4ad51..b887cb6e 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProvider.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProvider.java @@ -24,6 +24,8 @@ * OIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -65,14 +67,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java index 9eda1226..eb82380b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java @@ -16,13 +16,18 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing audience protocol mappers within Keycloak. + * ## # keycloak.openid.AudienceProtocolMapper * - * Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom - * string, or it can be mapped to the ID of a pre-existing client. + * Allows for creating and managing audience protocol mappers within + * Keycloak. This mapper was added in Keycloak v4.6.0.Final. * - * ## Example Usage - * ### Client) + * Audience protocol mappers allow you add audiences to the `aud` claim + * within issued tokens. The audience can be a custom string, or it can be + * mapped to the ID of a pre-existing client. + * + * ### Example Usage (Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -49,28 +54,32 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .enabled(true) + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientId(openidClient.id()) * .includedCustomAudience("foo") + * .realmId(realm.id()) * .build()); * * } * } * ``` - * ### Client Scope) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -97,8 +106,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -106,145 +115,147 @@ * .build()); * * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientScopeId(clientScope.id()) * .includedCustomAudience("foo") + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `included_client_audience` - (Required if `included_custom_audience` is not specified) A client ID to include within the token's `aud` claim. + * - `included_custom_audience` - (Required if `included_client_audience` is not specified) A custom audience to include within the token's `aud` claim. + * - `add_to_id_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * - `add_to_access_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper") public class AudienceProtocolMapper extends com.pulumi.resources.CustomResource { /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the access token. * */ @Export(name="addToAccessToken", refs={Boolean.class}, tree="[0]") private Output addToAccessToken; /** - * @return Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @return Indicates if this claim should be added to the access token. * */ public Output> addToAccessToken() { return Codegen.optional(this.addToAccessToken); } /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the id token. * */ @Export(name="addToIdToken", refs={Boolean.class}, tree="[0]") private Output addToIdToken; /** - * @return Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @return Indicates if this claim should be added to the id token. * */ public Output> addToIdToken() { return Codegen.optional(this.addToIdToken); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { return Codegen.optional(this.clientId); } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } /** - * A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ @Export(name="includedClientAudience", refs={String.class}, tree="[0]") private Output includedClientAudience; /** - * @return A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @return A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ public Output> includedClientAudience() { return Codegen.optional(this.includedClientAudience); } /** - * A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ @Export(name="includedCustomAudience", refs={String.class}, tree="[0]") private Output includedCustomAudience; /** - * @return A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @return A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ public Output> includedCustomAudience() { return Codegen.optional(this.includedCustomAudience); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapperArgs.java index 176dce94..0282f4b8 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapperArgs.java @@ -18,14 +18,14 @@ public final class AudienceProtocolMapperArgs extends com.pulumi.resources.Resou public static final AudienceProtocolMapperArgs Empty = new AudienceProtocolMapperArgs(); /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @return Indicates if this claim should be added to the access token. * */ public Optional> addToAccessToken() { @@ -33,14 +33,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @return Indicates if this claim should be added to the id token. * */ public Optional> addToIdToken() { @@ -48,14 +48,14 @@ public Optional> addToIdToken() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -63,14 +63,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -78,14 +78,14 @@ public Optional> clientScopeId() { } /** - * A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ @Import(name="includedClientAudience") private @Nullable Output includedClientAudience; /** - * @return A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @return A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ public Optional> includedClientAudience() { @@ -93,14 +93,14 @@ public Optional> includedClientAudience() { } /** - * A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ @Import(name="includedCustomAudience") private @Nullable Output includedCustomAudience; /** - * @return A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @return A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ public Optional> includedCustomAudience() { @@ -108,14 +108,14 @@ public Optional> includedCustomAudience() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -123,14 +123,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { @@ -169,7 +169,7 @@ public Builder(AudienceProtocolMapperArgs defaults) { } /** - * @param addToAccessToken Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @param addToAccessToken Indicates if this claim should be added to the access token. * * @return builder * @@ -180,7 +180,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @param addToAccessToken Indicates if this claim should be added to the access token. * * @return builder * @@ -190,7 +190,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @param addToIdToken Indicates if this claim should be added to the id token. * * @return builder * @@ -201,7 +201,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @param addToIdToken Indicates if this claim should be added to the id token. * * @return builder * @@ -211,7 +211,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -222,7 +222,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -232,7 +232,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -243,7 +243,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -253,7 +253,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param includedClientAudience A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @param includedClientAudience A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * * @return builder * @@ -264,7 +264,7 @@ public Builder includedClientAudience(@Nullable Output includedClientAud } /** - * @param includedClientAudience A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @param includedClientAudience A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * * @return builder * @@ -274,7 +274,7 @@ public Builder includedClientAudience(String includedClientAudience) { } /** - * @param includedCustomAudience A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @param includedCustomAudience A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * * @return builder * @@ -285,7 +285,7 @@ public Builder includedCustomAudience(@Nullable Output includedCustomAud } /** - * @param includedCustomAudience A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @param includedCustomAudience A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * * @return builder * @@ -295,7 +295,7 @@ public Builder includedCustomAudience(String includedCustomAudience) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -306,7 +306,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -316,7 +316,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -327,7 +327,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMapper.java index 78c6500d..54391a86 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMapper.java @@ -24,7 +24,10 @@ * [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. * * ## Example Usage + * * ### Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -71,7 +74,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -114,18 +121,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMappter.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMappter.java index fa2f6292..f5bd5d3a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMappter.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMappter.java @@ -22,7 +22,10 @@ * [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. * * ## Example Usage + * * ### Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -69,7 +72,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -112,18 +119,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java index 0a7d4fc0..86fa5d32 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java @@ -21,13 +21,17 @@ import javax.annotation.Nullable; /** + * ## # keycloak.openid.Client + * * Allows for creating and managing Keycloak clients that use the OpenID Connect protocol. * * Clients are entities that can use Keycloak for user authentication. Typically, * clients are applications that redirect users to Keycloak for authentication * in order to take advantage of Keycloak's user sessions for SSO. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -52,371 +56,204 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .clientId("test-client") * .enabled(true) - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") - * .loginTheme("keycloak") - * .extraConfig(Map.ofEntries( - * Map.entry("key1", "value1"), - * Map.entry("key2", "value2") - * )) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + * - `realm_id` - (Required) The realm this client is attached to. + * - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + * - `name` - (Optional) The display name of this client in the GUI. + * - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + * - `description` - (Optional) The description of this client in the GUI. + * - `access_type` - (Required) Specifies the type of client, which can be one of the following: + * - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating. + * This client should be used for applications using the Authorization Code or Client Credentials grant flows. + * - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect + * URIs for security. This client should be used for applications using the Implicit grant flow. + * - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests. + * - `client_secret` - (Optional) The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and + * should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute. + * - `standard_flow_enabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. + * - `implicit_flow_enabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. + * - `direct_access_grants_enabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. + * - `service_accounts_enabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. + * - `valid_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple + * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` + * is set to `true`. + * - `web_origins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins. + * - `admin_url` - (Optional) URL to the admin interface of the client. + * - `base_url` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client. + * - `pkce_code_challenge_method` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. + * - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token. * - * Example: + * ### Attributes Reference * - * bash + * In addition to the arguments listed above, the following computed attributes are exported: * - * ```sh - * $ pulumi import keycloak:openid/client:Client openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - * ``` + * - `service_account_user_id` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. + * + * ### Import + * + * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + * + * Example: * */ @ResourceType(type="keycloak:openid/client:Client") public class Client extends com.pulumi.resources.CustomResource { - /** - * The amount of time in seconds before an access token expires. This will override the default for the realm. - * - */ @Export(name="accessTokenLifespan", refs={String.class}, tree="[0]") private Output accessTokenLifespan; - /** - * @return The amount of time in seconds before an access token expires. This will override the default for the realm. - * - */ public Output accessTokenLifespan() { return this.accessTokenLifespan; } - /** - * Specifies the type of client, which can be one of the following: - * - */ @Export(name="accessType", refs={String.class}, tree="[0]") private Output accessType; - /** - * @return Specifies the type of client, which can be one of the following: - * - */ public Output accessType() { return this.accessType; } - /** - * URL to the admin interface of the client. - * - */ @Export(name="adminUrl", refs={String.class}, tree="[0]") private Output adminUrl; - /** - * @return URL to the admin interface of the client. - * - */ public Output adminUrl() { return this.adminUrl; } - /** - * Override realm authentication flow bindings - * - */ @Export(name="authenticationFlowBindingOverrides", refs={ClientAuthenticationFlowBindingOverrides.class}, tree="[0]") private Output authenticationFlowBindingOverrides; - /** - * @return Override realm authentication flow bindings - * - */ public Output> authenticationFlowBindingOverrides() { return Codegen.optional(this.authenticationFlowBindingOverrides); } - /** - * When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - */ @Export(name="authorization", refs={ClientAuthorization.class}, tree="[0]") private Output authorization; - /** - * @return When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - */ public Output> authorization() { return Codegen.optional(this.authorization); } - /** - * Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - */ @Export(name="backchannelLogoutRevokeOfflineSessions", refs={Boolean.class}, tree="[0]") private Output backchannelLogoutRevokeOfflineSessions; - /** - * @return Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - */ public Output> backchannelLogoutRevokeOfflineSessions() { return Codegen.optional(this.backchannelLogoutRevokeOfflineSessions); } - /** - * When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - */ @Export(name="backchannelLogoutSessionRequired", refs={Boolean.class}, tree="[0]") private Output backchannelLogoutSessionRequired; - /** - * @return When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - */ public Output> backchannelLogoutSessionRequired() { return Codegen.optional(this.backchannelLogoutSessionRequired); } - /** - * The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - */ @Export(name="backchannelLogoutUrl", refs={String.class}, tree="[0]") private Output backchannelLogoutUrl; - /** - * @return The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - */ public Output> backchannelLogoutUrl() { return Codegen.optional(this.backchannelLogoutUrl); } - /** - * Default URL to use when the auth server needs to redirect or link back to the client. - * - */ @Export(name="baseUrl", refs={String.class}, tree="[0]") private Output baseUrl; - /** - * @return Default URL to use when the auth server needs to redirect or link back to the client. - * - */ public Output baseUrl() { return this.baseUrl; } - /** - * Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - */ @Export(name="clientAuthenticatorType", refs={String.class}, tree="[0]") private Output clientAuthenticatorType; - /** - * @return Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - */ public Output> clientAuthenticatorType() { return Codegen.optional(this.clientAuthenticatorType); } - /** - * The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; - /** - * @return The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - */ public Output clientId() { return this.clientId; } - /** - * Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - */ @Export(name="clientOfflineSessionIdleTimeout", refs={String.class}, tree="[0]") private Output clientOfflineSessionIdleTimeout; - /** - * @return Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - */ public Output clientOfflineSessionIdleTimeout() { return this.clientOfflineSessionIdleTimeout; } - /** - * Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - */ @Export(name="clientOfflineSessionMaxLifespan", refs={String.class}, tree="[0]") private Output clientOfflineSessionMaxLifespan; - /** - * @return Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - */ public Output clientOfflineSessionMaxLifespan() { return this.clientOfflineSessionMaxLifespan; } - /** - * The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - */ @Export(name="clientSecret", refs={String.class}, tree="[0]") private Output clientSecret; - /** - * @return The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - */ public Output clientSecret() { return this.clientSecret; } - /** - * Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - */ @Export(name="clientSessionIdleTimeout", refs={String.class}, tree="[0]") private Output clientSessionIdleTimeout; - /** - * @return Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - */ public Output clientSessionIdleTimeout() { return this.clientSessionIdleTimeout; } - /** - * Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - */ @Export(name="clientSessionMaxLifespan", refs={String.class}, tree="[0]") private Output clientSessionMaxLifespan; - /** - * @return Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - */ public Output clientSessionMaxLifespan() { return this.clientSessionMaxLifespan; } - /** - * When `true`, users have to consent to client access. Defaults to `false`. - * - */ @Export(name="consentRequired", refs={Boolean.class}, tree="[0]") private Output consentRequired; - /** - * @return When `true`, users have to consent to client access. Defaults to `false`. - * - */ public Output consentRequired() { return this.consentRequired; } - /** - * The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - */ @Export(name="consentScreenText", refs={String.class}, tree="[0]") private Output consentScreenText; - /** - * @return The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - */ public Output consentScreenText() { return this.consentScreenText; } - /** - * The description of this client in the GUI. - * - */ @Export(name="description", refs={String.class}, tree="[0]") private Output description; - /** - * @return The description of this client in the GUI. - * - */ public Output description() { return this.description; } - /** - * When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - */ @Export(name="directAccessGrantsEnabled", refs={Boolean.class}, tree="[0]") private Output directAccessGrantsEnabled; - /** - * @return When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - */ public Output directAccessGrantsEnabled() { return this.directAccessGrantsEnabled; } - /** - * When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - */ @Export(name="displayOnConsentScreen", refs={Boolean.class}, tree="[0]") private Output displayOnConsentScreen; - /** - * @return When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - */ public Output displayOnConsentScreen() { return this.displayOnConsentScreen; } - /** - * When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ @Export(name="enabled", refs={Boolean.class}, tree="[0]") private Output enabled; - /** - * @return When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ public Output> enabled() { return Codegen.optional(this.enabled); } - /** - * When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - */ @Export(name="excludeSessionStateFromAuthResponse", refs={Boolean.class}, tree="[0]") private Output excludeSessionStateFromAuthResponse; - /** - * @return When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - */ public Output excludeSessionStateFromAuthResponse() { return this.excludeSessionStateFromAuthResponse; } @@ -426,315 +263,135 @@ public Output excludeSessionStateFromAuthResponse() { public Output>> extraConfig() { return Codegen.optional(this.extraConfig); } - /** - * When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - */ @Export(name="frontchannelLogoutEnabled", refs={Boolean.class}, tree="[0]") private Output frontchannelLogoutEnabled; - /** - * @return When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - */ public Output frontchannelLogoutEnabled() { return this.frontchannelLogoutEnabled; } - /** - * The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - */ @Export(name="frontchannelLogoutUrl", refs={String.class}, tree="[0]") private Output frontchannelLogoutUrl; - /** - * @return The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - */ public Output> frontchannelLogoutUrl() { return Codegen.optional(this.frontchannelLogoutUrl); } - /** - * Allow to include all roles mappings in the access token. - * - */ @Export(name="fullScopeAllowed", refs={Boolean.class}, tree="[0]") private Output fullScopeAllowed; - /** - * @return Allow to include all roles mappings in the access token. - * - */ public Output> fullScopeAllowed() { return Codegen.optional(this.fullScopeAllowed); } - /** - * When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - */ @Export(name="implicitFlowEnabled", refs={Boolean.class}, tree="[0]") private Output implicitFlowEnabled; - /** - * @return When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - */ public Output implicitFlowEnabled() { return this.implicitFlowEnabled; } - /** - * When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - */ @Export(name="import", refs={Boolean.class}, tree="[0]") private Output import_; - /** - * @return When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - */ public Output> import_() { return Codegen.optional(this.import_); } - /** - * The client login theme. This will override the default theme for the realm. - * - */ @Export(name="loginTheme", refs={String.class}, tree="[0]") private Output loginTheme; - /** - * @return The client login theme. This will override the default theme for the realm. - * - */ public Output> loginTheme() { return Codegen.optional(this.loginTheme); } - /** - * The display name of this client in the GUI. - * - */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; - /** - * @return The display name of this client in the GUI. - * - */ public Output name() { return this.name; } - /** - * Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - */ @Export(name="oauth2DeviceAuthorizationGrantEnabled", refs={Boolean.class}, tree="[0]") private Output oauth2DeviceAuthorizationGrantEnabled; - /** - * @return Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - */ public Output> oauth2DeviceAuthorizationGrantEnabled() { return Codegen.optional(this.oauth2DeviceAuthorizationGrantEnabled); } - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - */ @Export(name="oauth2DeviceCodeLifespan", refs={String.class}, tree="[0]") private Output oauth2DeviceCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the device code flow before it expires. - * - */ public Output> oauth2DeviceCodeLifespan() { return Codegen.optional(this.oauth2DeviceCodeLifespan); } - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ @Export(name="oauth2DevicePollingInterval", refs={String.class}, tree="[0]") private Output oauth2DevicePollingInterval; - /** - * @return The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ public Output> oauth2DevicePollingInterval() { return Codegen.optional(this.oauth2DevicePollingInterval); } - /** - * The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - */ @Export(name="pkceCodeChallengeMethod", refs={String.class}, tree="[0]") private Output pkceCodeChallengeMethod; - /** - * @return The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - */ public Output> pkceCodeChallengeMethod() { return Codegen.optional(this.pkceCodeChallengeMethod); } - /** - * The realm this client is attached to. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this client is attached to. - * - */ public Output realmId() { return this.realmId; } - /** - * (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - * - */ @Export(name="resourceServerId", refs={String.class}, tree="[0]") private Output resourceServerId; - /** - * @return (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - * - */ public Output resourceServerId() { return this.resourceServerId; } - /** - * When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - */ @Export(name="rootUrl", refs={String.class}, tree="[0]") private Output rootUrl; - /** - * @return When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - */ public Output rootUrl() { return this.rootUrl; } - /** - * (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - * - */ @Export(name="serviceAccountUserId", refs={String.class}, tree="[0]") private Output serviceAccountUserId; - /** - * @return (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - * - */ public Output serviceAccountUserId() { return this.serviceAccountUserId; } - /** - * When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - */ @Export(name="serviceAccountsEnabled", refs={Boolean.class}, tree="[0]") private Output serviceAccountsEnabled; - /** - * @return When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - */ public Output serviceAccountsEnabled() { return this.serviceAccountsEnabled; } - /** - * When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - */ @Export(name="standardFlowEnabled", refs={Boolean.class}, tree="[0]") private Output standardFlowEnabled; - /** - * @return When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - */ public Output standardFlowEnabled() { return this.standardFlowEnabled; } - /** - * If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - */ @Export(name="useRefreshTokens", refs={Boolean.class}, tree="[0]") private Output useRefreshTokens; - /** - * @return If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - */ public Output> useRefreshTokens() { return Codegen.optional(this.useRefreshTokens); } - /** - * If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - */ @Export(name="useRefreshTokensClientCredentials", refs={Boolean.class}, tree="[0]") private Output useRefreshTokensClientCredentials; - /** - * @return If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - */ public Output> useRefreshTokensClientCredentials() { return Codegen.optional(this.useRefreshTokensClientCredentials); } - /** - * A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - */ @Export(name="validPostLogoutRedirectUris", refs={List.class,String.class}, tree="[0,1]") private Output> validPostLogoutRedirectUris; - /** - * @return A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - */ public Output> validPostLogoutRedirectUris() { return this.validPostLogoutRedirectUris; } - /** - * A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - */ @Export(name="validRedirectUris", refs={List.class,String.class}, tree="[0,1]") private Output> validRedirectUris; - /** - * @return A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - */ public Output> validRedirectUris() { return this.validRedirectUris; } - /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - */ @Export(name="webOrigins", refs={List.class,String.class}, tree="[0,1]") private Output> webOrigins; - /** - * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - */ public Output> webOrigins() { return this.webOrigins; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientArgs.java index 36a5056f..495f47fa 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientArgs.java @@ -22,355 +22,163 @@ public final class ClientArgs extends com.pulumi.resources.ResourceArgs { public static final ClientArgs Empty = new ClientArgs(); - /** - * The amount of time in seconds before an access token expires. This will override the default for the realm. - * - */ @Import(name="accessTokenLifespan") private @Nullable Output accessTokenLifespan; - /** - * @return The amount of time in seconds before an access token expires. This will override the default for the realm. - * - */ public Optional> accessTokenLifespan() { return Optional.ofNullable(this.accessTokenLifespan); } - /** - * Specifies the type of client, which can be one of the following: - * - */ @Import(name="accessType", required=true) private Output accessType; - /** - * @return Specifies the type of client, which can be one of the following: - * - */ public Output accessType() { return this.accessType; } - /** - * URL to the admin interface of the client. - * - */ @Import(name="adminUrl") private @Nullable Output adminUrl; - /** - * @return URL to the admin interface of the client. - * - */ public Optional> adminUrl() { return Optional.ofNullable(this.adminUrl); } - /** - * Override realm authentication flow bindings - * - */ @Import(name="authenticationFlowBindingOverrides") private @Nullable Output authenticationFlowBindingOverrides; - /** - * @return Override realm authentication flow bindings - * - */ public Optional> authenticationFlowBindingOverrides() { return Optional.ofNullable(this.authenticationFlowBindingOverrides); } - /** - * When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - */ @Import(name="authorization") private @Nullable Output authorization; - /** - * @return When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - */ public Optional> authorization() { return Optional.ofNullable(this.authorization); } - /** - * Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - */ @Import(name="backchannelLogoutRevokeOfflineSessions") private @Nullable Output backchannelLogoutRevokeOfflineSessions; - /** - * @return Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - */ public Optional> backchannelLogoutRevokeOfflineSessions() { return Optional.ofNullable(this.backchannelLogoutRevokeOfflineSessions); } - /** - * When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - */ @Import(name="backchannelLogoutSessionRequired") private @Nullable Output backchannelLogoutSessionRequired; - /** - * @return When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - */ public Optional> backchannelLogoutSessionRequired() { return Optional.ofNullable(this.backchannelLogoutSessionRequired); } - /** - * The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - */ @Import(name="backchannelLogoutUrl") private @Nullable Output backchannelLogoutUrl; - /** - * @return The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - */ public Optional> backchannelLogoutUrl() { return Optional.ofNullable(this.backchannelLogoutUrl); } - /** - * Default URL to use when the auth server needs to redirect or link back to the client. - * - */ @Import(name="baseUrl") private @Nullable Output baseUrl; - /** - * @return Default URL to use when the auth server needs to redirect or link back to the client. - * - */ public Optional> baseUrl() { return Optional.ofNullable(this.baseUrl); } - /** - * Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - */ @Import(name="clientAuthenticatorType") private @Nullable Output clientAuthenticatorType; - /** - * @return Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - */ public Optional> clientAuthenticatorType() { return Optional.ofNullable(this.clientAuthenticatorType); } - /** - * The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - */ @Import(name="clientId", required=true) private Output clientId; - /** - * @return The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - */ public Output clientId() { return this.clientId; } - /** - * Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - */ @Import(name="clientOfflineSessionIdleTimeout") private @Nullable Output clientOfflineSessionIdleTimeout; - /** - * @return Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - */ public Optional> clientOfflineSessionIdleTimeout() { return Optional.ofNullable(this.clientOfflineSessionIdleTimeout); } - /** - * Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - */ @Import(name="clientOfflineSessionMaxLifespan") private @Nullable Output clientOfflineSessionMaxLifespan; - /** - * @return Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - */ public Optional> clientOfflineSessionMaxLifespan() { return Optional.ofNullable(this.clientOfflineSessionMaxLifespan); } - /** - * The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - */ @Import(name="clientSecret") private @Nullable Output clientSecret; - /** - * @return The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - */ public Optional> clientSecret() { return Optional.ofNullable(this.clientSecret); } - /** - * Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - */ @Import(name="clientSessionIdleTimeout") private @Nullable Output clientSessionIdleTimeout; - /** - * @return Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - */ public Optional> clientSessionIdleTimeout() { return Optional.ofNullable(this.clientSessionIdleTimeout); } - /** - * Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - */ @Import(name="clientSessionMaxLifespan") private @Nullable Output clientSessionMaxLifespan; - /** - * @return Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - */ public Optional> clientSessionMaxLifespan() { return Optional.ofNullable(this.clientSessionMaxLifespan); } - /** - * When `true`, users have to consent to client access. Defaults to `false`. - * - */ @Import(name="consentRequired") private @Nullable Output consentRequired; - /** - * @return When `true`, users have to consent to client access. Defaults to `false`. - * - */ public Optional> consentRequired() { return Optional.ofNullable(this.consentRequired); } - /** - * The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - */ @Import(name="consentScreenText") private @Nullable Output consentScreenText; - /** - * @return The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - */ public Optional> consentScreenText() { return Optional.ofNullable(this.consentScreenText); } - /** - * The description of this client in the GUI. - * - */ @Import(name="description") private @Nullable Output description; - /** - * @return The description of this client in the GUI. - * - */ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - */ @Import(name="directAccessGrantsEnabled") private @Nullable Output directAccessGrantsEnabled; - /** - * @return When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - */ public Optional> directAccessGrantsEnabled() { return Optional.ofNullable(this.directAccessGrantsEnabled); } - /** - * When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - */ @Import(name="displayOnConsentScreen") private @Nullable Output displayOnConsentScreen; - /** - * @return When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - */ public Optional> displayOnConsentScreen() { return Optional.ofNullable(this.displayOnConsentScreen); } - /** - * When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ @Import(name="enabled") private @Nullable Output enabled; - /** - * @return When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ public Optional> enabled() { return Optional.ofNullable(this.enabled); } - /** - * When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - */ @Import(name="excludeSessionStateFromAuthResponse") private @Nullable Output excludeSessionStateFromAuthResponse; - /** - * @return When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - */ public Optional> excludeSessionStateFromAuthResponse() { return Optional.ofNullable(this.excludeSessionStateFromAuthResponse); } @@ -382,306 +190,142 @@ public Optional>> extraConfig() { return Optional.ofNullable(this.extraConfig); } - /** - * When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - */ @Import(name="frontchannelLogoutEnabled") private @Nullable Output frontchannelLogoutEnabled; - /** - * @return When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - */ public Optional> frontchannelLogoutEnabled() { return Optional.ofNullable(this.frontchannelLogoutEnabled); } - /** - * The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - */ @Import(name="frontchannelLogoutUrl") private @Nullable Output frontchannelLogoutUrl; - /** - * @return The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - */ public Optional> frontchannelLogoutUrl() { return Optional.ofNullable(this.frontchannelLogoutUrl); } - /** - * Allow to include all roles mappings in the access token. - * - */ @Import(name="fullScopeAllowed") private @Nullable Output fullScopeAllowed; - /** - * @return Allow to include all roles mappings in the access token. - * - */ public Optional> fullScopeAllowed() { return Optional.ofNullable(this.fullScopeAllowed); } - /** - * When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - */ @Import(name="implicitFlowEnabled") private @Nullable Output implicitFlowEnabled; - /** - * @return When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - */ public Optional> implicitFlowEnabled() { return Optional.ofNullable(this.implicitFlowEnabled); } - /** - * When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - */ @Import(name="import") private @Nullable Output import_; - /** - * @return When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - */ public Optional> import_() { return Optional.ofNullable(this.import_); } - /** - * The client login theme. This will override the default theme for the realm. - * - */ @Import(name="loginTheme") private @Nullable Output loginTheme; - /** - * @return The client login theme. This will override the default theme for the realm. - * - */ public Optional> loginTheme() { return Optional.ofNullable(this.loginTheme); } - /** - * The display name of this client in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this client in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - */ @Import(name="oauth2DeviceAuthorizationGrantEnabled") private @Nullable Output oauth2DeviceAuthorizationGrantEnabled; - /** - * @return Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - */ public Optional> oauth2DeviceAuthorizationGrantEnabled() { return Optional.ofNullable(this.oauth2DeviceAuthorizationGrantEnabled); } - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - */ @Import(name="oauth2DeviceCodeLifespan") private @Nullable Output oauth2DeviceCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the device code flow before it expires. - * - */ public Optional> oauth2DeviceCodeLifespan() { return Optional.ofNullable(this.oauth2DeviceCodeLifespan); } - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ @Import(name="oauth2DevicePollingInterval") private @Nullable Output oauth2DevicePollingInterval; - /** - * @return The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ public Optional> oauth2DevicePollingInterval() { return Optional.ofNullable(this.oauth2DevicePollingInterval); } - /** - * The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - */ @Import(name="pkceCodeChallengeMethod") private @Nullable Output pkceCodeChallengeMethod; - /** - * @return The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - */ public Optional> pkceCodeChallengeMethod() { return Optional.ofNullable(this.pkceCodeChallengeMethod); } - /** - * The realm this client is attached to. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this client is attached to. - * - */ public Output realmId() { return this.realmId; } - /** - * When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - */ @Import(name="rootUrl") private @Nullable Output rootUrl; - /** - * @return When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - */ public Optional> rootUrl() { return Optional.ofNullable(this.rootUrl); } - /** - * When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - */ @Import(name="serviceAccountsEnabled") private @Nullable Output serviceAccountsEnabled; - /** - * @return When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - */ public Optional> serviceAccountsEnabled() { return Optional.ofNullable(this.serviceAccountsEnabled); } - /** - * When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - */ @Import(name="standardFlowEnabled") private @Nullable Output standardFlowEnabled; - /** - * @return When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - */ public Optional> standardFlowEnabled() { return Optional.ofNullable(this.standardFlowEnabled); } - /** - * If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - */ @Import(name="useRefreshTokens") private @Nullable Output useRefreshTokens; - /** - * @return If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - */ public Optional> useRefreshTokens() { return Optional.ofNullable(this.useRefreshTokens); } - /** - * If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - */ @Import(name="useRefreshTokensClientCredentials") private @Nullable Output useRefreshTokensClientCredentials; - /** - * @return If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - */ public Optional> useRefreshTokensClientCredentials() { return Optional.ofNullable(this.useRefreshTokensClientCredentials); } - /** - * A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - */ @Import(name="validPostLogoutRedirectUris") private @Nullable Output> validPostLogoutRedirectUris; - /** - * @return A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - */ public Optional>> validPostLogoutRedirectUris() { return Optional.ofNullable(this.validPostLogoutRedirectUris); } - /** - * A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - */ @Import(name="validRedirectUris") private @Nullable Output> validRedirectUris; - /** - * @return A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - */ public Optional>> validRedirectUris() { return Optional.ofNullable(this.validRedirectUris); } - /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - */ @Import(name="webOrigins") private @Nullable Output> webOrigins; - /** - * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - */ public Optional>> webOrigins() { return Optional.ofNullable(this.webOrigins); } @@ -753,493 +397,209 @@ public Builder(ClientArgs defaults) { $ = new ClientArgs(Objects.requireNonNull(defaults)); } - /** - * @param accessTokenLifespan The amount of time in seconds before an access token expires. This will override the default for the realm. - * - * @return builder - * - */ public Builder accessTokenLifespan(@Nullable Output accessTokenLifespan) { $.accessTokenLifespan = accessTokenLifespan; return this; } - /** - * @param accessTokenLifespan The amount of time in seconds before an access token expires. This will override the default for the realm. - * - * @return builder - * - */ public Builder accessTokenLifespan(String accessTokenLifespan) { return accessTokenLifespan(Output.of(accessTokenLifespan)); } - /** - * @param accessType Specifies the type of client, which can be one of the following: - * - * @return builder - * - */ public Builder accessType(Output accessType) { $.accessType = accessType; return this; } - /** - * @param accessType Specifies the type of client, which can be one of the following: - * - * @return builder - * - */ public Builder accessType(String accessType) { return accessType(Output.of(accessType)); } - /** - * @param adminUrl URL to the admin interface of the client. - * - * @return builder - * - */ public Builder adminUrl(@Nullable Output adminUrl) { $.adminUrl = adminUrl; return this; } - /** - * @param adminUrl URL to the admin interface of the client. - * - * @return builder - * - */ public Builder adminUrl(String adminUrl) { return adminUrl(Output.of(adminUrl)); } - /** - * @param authenticationFlowBindingOverrides Override realm authentication flow bindings - * - * @return builder - * - */ public Builder authenticationFlowBindingOverrides(@Nullable Output authenticationFlowBindingOverrides) { $.authenticationFlowBindingOverrides = authenticationFlowBindingOverrides; return this; } - /** - * @param authenticationFlowBindingOverrides Override realm authentication flow bindings - * - * @return builder - * - */ public Builder authenticationFlowBindingOverrides(ClientAuthenticationFlowBindingOverridesArgs authenticationFlowBindingOverrides) { return authenticationFlowBindingOverrides(Output.of(authenticationFlowBindingOverrides)); } - /** - * @param authorization When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - * @return builder - * - */ public Builder authorization(@Nullable Output authorization) { $.authorization = authorization; return this; } - /** - * @param authorization When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - * @return builder - * - */ public Builder authorization(ClientAuthorizationArgs authorization) { return authorization(Output.of(authorization)); } - /** - * @param backchannelLogoutRevokeOfflineSessions Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - * @return builder - * - */ public Builder backchannelLogoutRevokeOfflineSessions(@Nullable Output backchannelLogoutRevokeOfflineSessions) { $.backchannelLogoutRevokeOfflineSessions = backchannelLogoutRevokeOfflineSessions; return this; } - /** - * @param backchannelLogoutRevokeOfflineSessions Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - * @return builder - * - */ public Builder backchannelLogoutRevokeOfflineSessions(Boolean backchannelLogoutRevokeOfflineSessions) { return backchannelLogoutRevokeOfflineSessions(Output.of(backchannelLogoutRevokeOfflineSessions)); } - /** - * @param backchannelLogoutSessionRequired When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - * @return builder - * - */ public Builder backchannelLogoutSessionRequired(@Nullable Output backchannelLogoutSessionRequired) { $.backchannelLogoutSessionRequired = backchannelLogoutSessionRequired; return this; } - /** - * @param backchannelLogoutSessionRequired When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - * @return builder - * - */ public Builder backchannelLogoutSessionRequired(Boolean backchannelLogoutSessionRequired) { return backchannelLogoutSessionRequired(Output.of(backchannelLogoutSessionRequired)); } - /** - * @param backchannelLogoutUrl The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - * @return builder - * - */ public Builder backchannelLogoutUrl(@Nullable Output backchannelLogoutUrl) { $.backchannelLogoutUrl = backchannelLogoutUrl; return this; } - /** - * @param backchannelLogoutUrl The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - * @return builder - * - */ public Builder backchannelLogoutUrl(String backchannelLogoutUrl) { return backchannelLogoutUrl(Output.of(backchannelLogoutUrl)); } - /** - * @param baseUrl Default URL to use when the auth server needs to redirect or link back to the client. - * - * @return builder - * - */ public Builder baseUrl(@Nullable Output baseUrl) { $.baseUrl = baseUrl; return this; } - /** - * @param baseUrl Default URL to use when the auth server needs to redirect or link back to the client. - * - * @return builder - * - */ public Builder baseUrl(String baseUrl) { return baseUrl(Output.of(baseUrl)); } - /** - * @param clientAuthenticatorType Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - * @return builder - * - */ public Builder clientAuthenticatorType(@Nullable Output clientAuthenticatorType) { $.clientAuthenticatorType = clientAuthenticatorType; return this; } - /** - * @param clientAuthenticatorType Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - * @return builder - * - */ public Builder clientAuthenticatorType(String clientAuthenticatorType) { return clientAuthenticatorType(Output.of(clientAuthenticatorType)); } - /** - * @param clientId The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - * @return builder - * - */ public Builder clientId(Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param clientOfflineSessionIdleTimeout Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - * @return builder - * - */ public Builder clientOfflineSessionIdleTimeout(@Nullable Output clientOfflineSessionIdleTimeout) { $.clientOfflineSessionIdleTimeout = clientOfflineSessionIdleTimeout; return this; } - /** - * @param clientOfflineSessionIdleTimeout Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - * @return builder - * - */ public Builder clientOfflineSessionIdleTimeout(String clientOfflineSessionIdleTimeout) { return clientOfflineSessionIdleTimeout(Output.of(clientOfflineSessionIdleTimeout)); } - /** - * @param clientOfflineSessionMaxLifespan Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - * @return builder - * - */ public Builder clientOfflineSessionMaxLifespan(@Nullable Output clientOfflineSessionMaxLifespan) { $.clientOfflineSessionMaxLifespan = clientOfflineSessionMaxLifespan; return this; } - /** - * @param clientOfflineSessionMaxLifespan Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - * @return builder - * - */ public Builder clientOfflineSessionMaxLifespan(String clientOfflineSessionMaxLifespan) { return clientOfflineSessionMaxLifespan(Output.of(clientOfflineSessionMaxLifespan)); } - /** - * @param clientSecret The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - * @return builder - * - */ public Builder clientSecret(@Nullable Output clientSecret) { $.clientSecret = clientSecret; return this; } - /** - * @param clientSecret The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - * @return builder - * - */ public Builder clientSecret(String clientSecret) { return clientSecret(Output.of(clientSecret)); } - /** - * @param clientSessionIdleTimeout Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - * @return builder - * - */ public Builder clientSessionIdleTimeout(@Nullable Output clientSessionIdleTimeout) { $.clientSessionIdleTimeout = clientSessionIdleTimeout; return this; } - /** - * @param clientSessionIdleTimeout Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - * @return builder - * - */ public Builder clientSessionIdleTimeout(String clientSessionIdleTimeout) { return clientSessionIdleTimeout(Output.of(clientSessionIdleTimeout)); } - /** - * @param clientSessionMaxLifespan Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - * @return builder - * - */ public Builder clientSessionMaxLifespan(@Nullable Output clientSessionMaxLifespan) { $.clientSessionMaxLifespan = clientSessionMaxLifespan; return this; } - /** - * @param clientSessionMaxLifespan Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - * @return builder - * - */ public Builder clientSessionMaxLifespan(String clientSessionMaxLifespan) { return clientSessionMaxLifespan(Output.of(clientSessionMaxLifespan)); } - /** - * @param consentRequired When `true`, users have to consent to client access. Defaults to `false`. - * - * @return builder - * - */ public Builder consentRequired(@Nullable Output consentRequired) { $.consentRequired = consentRequired; return this; } - /** - * @param consentRequired When `true`, users have to consent to client access. Defaults to `false`. - * - * @return builder - * - */ public Builder consentRequired(Boolean consentRequired) { return consentRequired(Output.of(consentRequired)); } - /** - * @param consentScreenText The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - * @return builder - * - */ public Builder consentScreenText(@Nullable Output consentScreenText) { $.consentScreenText = consentScreenText; return this; } - /** - * @param consentScreenText The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - * @return builder - * - */ public Builder consentScreenText(String consentScreenText) { return consentScreenText(Output.of(consentScreenText)); } - /** - * @param description The description of this client in the GUI. - * - * @return builder - * - */ public Builder description(@Nullable Output description) { $.description = description; return this; } - /** - * @param description The description of this client in the GUI. - * - * @return builder - * - */ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param directAccessGrantsEnabled When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder directAccessGrantsEnabled(@Nullable Output directAccessGrantsEnabled) { $.directAccessGrantsEnabled = directAccessGrantsEnabled; return this; } - /** - * @param directAccessGrantsEnabled When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder directAccessGrantsEnabled(Boolean directAccessGrantsEnabled) { return directAccessGrantsEnabled(Output.of(directAccessGrantsEnabled)); } - /** - * @param displayOnConsentScreen When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - * @return builder - * - */ public Builder displayOnConsentScreen(@Nullable Output displayOnConsentScreen) { $.displayOnConsentScreen = displayOnConsentScreen; return this; } - /** - * @param displayOnConsentScreen When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - * @return builder - * - */ public Builder displayOnConsentScreen(Boolean displayOnConsentScreen) { return displayOnConsentScreen(Output.of(displayOnConsentScreen)); } - /** - * @param enabled When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(@Nullable Output enabled) { $.enabled = enabled; return this; } - /** - * @param enabled When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(Boolean enabled) { return enabled(Output.of(enabled)); } - /** - * @param excludeSessionStateFromAuthResponse When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - * @return builder - * - */ public Builder excludeSessionStateFromAuthResponse(@Nullable Output excludeSessionStateFromAuthResponse) { $.excludeSessionStateFromAuthResponse = excludeSessionStateFromAuthResponse; return this; } - /** - * @param excludeSessionStateFromAuthResponse When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - * @return builder - * - */ public Builder excludeSessionStateFromAuthResponse(Boolean excludeSessionStateFromAuthResponse) { return excludeSessionStateFromAuthResponse(Output.of(excludeSessionStateFromAuthResponse)); } @@ -1253,458 +613,194 @@ public Builder extraConfig(Map extraConfig) { return extraConfig(Output.of(extraConfig)); } - /** - * @param frontchannelLogoutEnabled When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - * @return builder - * - */ public Builder frontchannelLogoutEnabled(@Nullable Output frontchannelLogoutEnabled) { $.frontchannelLogoutEnabled = frontchannelLogoutEnabled; return this; } - /** - * @param frontchannelLogoutEnabled When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - * @return builder - * - */ public Builder frontchannelLogoutEnabled(Boolean frontchannelLogoutEnabled) { return frontchannelLogoutEnabled(Output.of(frontchannelLogoutEnabled)); } - /** - * @param frontchannelLogoutUrl The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - * @return builder - * - */ public Builder frontchannelLogoutUrl(@Nullable Output frontchannelLogoutUrl) { $.frontchannelLogoutUrl = frontchannelLogoutUrl; return this; } - /** - * @param frontchannelLogoutUrl The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - * @return builder - * - */ public Builder frontchannelLogoutUrl(String frontchannelLogoutUrl) { return frontchannelLogoutUrl(Output.of(frontchannelLogoutUrl)); } - /** - * @param fullScopeAllowed Allow to include all roles mappings in the access token. - * - * @return builder - * - */ public Builder fullScopeAllowed(@Nullable Output fullScopeAllowed) { $.fullScopeAllowed = fullScopeAllowed; return this; } - /** - * @param fullScopeAllowed Allow to include all roles mappings in the access token. - * - * @return builder - * - */ public Builder fullScopeAllowed(Boolean fullScopeAllowed) { return fullScopeAllowed(Output.of(fullScopeAllowed)); } - /** - * @param implicitFlowEnabled When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder implicitFlowEnabled(@Nullable Output implicitFlowEnabled) { $.implicitFlowEnabled = implicitFlowEnabled; return this; } - /** - * @param implicitFlowEnabled When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder implicitFlowEnabled(Boolean implicitFlowEnabled) { return implicitFlowEnabled(Output.of(implicitFlowEnabled)); } - /** - * @param import_ When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - * @return builder - * - */ public Builder import_(@Nullable Output import_) { $.import_ = import_; return this; } - /** - * @param import_ When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - * @return builder - * - */ public Builder import_(Boolean import_) { return import_(Output.of(import_)); } - /** - * @param loginTheme The client login theme. This will override the default theme for the realm. - * - * @return builder - * - */ public Builder loginTheme(@Nullable Output loginTheme) { $.loginTheme = loginTheme; return this; } - /** - * @param loginTheme The client login theme. This will override the default theme for the realm. - * - * @return builder - * - */ public Builder loginTheme(String loginTheme) { return loginTheme(Output.of(loginTheme)); } - /** - * @param name The display name of this client in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this client in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param oauth2DeviceAuthorizationGrantEnabled Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - * @return builder - * - */ public Builder oauth2DeviceAuthorizationGrantEnabled(@Nullable Output oauth2DeviceAuthorizationGrantEnabled) { $.oauth2DeviceAuthorizationGrantEnabled = oauth2DeviceAuthorizationGrantEnabled; return this; } - /** - * @param oauth2DeviceAuthorizationGrantEnabled Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - * @return builder - * - */ public Builder oauth2DeviceAuthorizationGrantEnabled(Boolean oauth2DeviceAuthorizationGrantEnabled) { return oauth2DeviceAuthorizationGrantEnabled(Output.of(oauth2DeviceAuthorizationGrantEnabled)); } - /** - * @param oauth2DeviceCodeLifespan The maximum amount of time a client has to finish the device code flow before it expires. - * - * @return builder - * - */ public Builder oauth2DeviceCodeLifespan(@Nullable Output oauth2DeviceCodeLifespan) { $.oauth2DeviceCodeLifespan = oauth2DeviceCodeLifespan; return this; } - /** - * @param oauth2DeviceCodeLifespan The maximum amount of time a client has to finish the device code flow before it expires. - * - * @return builder - * - */ public Builder oauth2DeviceCodeLifespan(String oauth2DeviceCodeLifespan) { return oauth2DeviceCodeLifespan(Output.of(oauth2DeviceCodeLifespan)); } - /** - * @param oauth2DevicePollingInterval The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - * @return builder - * - */ public Builder oauth2DevicePollingInterval(@Nullable Output oauth2DevicePollingInterval) { $.oauth2DevicePollingInterval = oauth2DevicePollingInterval; return this; } - /** - * @param oauth2DevicePollingInterval The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - * @return builder - * - */ public Builder oauth2DevicePollingInterval(String oauth2DevicePollingInterval) { return oauth2DevicePollingInterval(Output.of(oauth2DevicePollingInterval)); } - /** - * @param pkceCodeChallengeMethod The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - * @return builder - * - */ public Builder pkceCodeChallengeMethod(@Nullable Output pkceCodeChallengeMethod) { $.pkceCodeChallengeMethod = pkceCodeChallengeMethod; return this; } - /** - * @param pkceCodeChallengeMethod The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - * @return builder - * - */ public Builder pkceCodeChallengeMethod(String pkceCodeChallengeMethod) { return pkceCodeChallengeMethod(Output.of(pkceCodeChallengeMethod)); } - /** - * @param realmId The realm this client is attached to. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client is attached to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param rootUrl When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - * @return builder - * - */ public Builder rootUrl(@Nullable Output rootUrl) { $.rootUrl = rootUrl; return this; } - /** - * @param rootUrl When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - * @return builder - * - */ public Builder rootUrl(String rootUrl) { return rootUrl(Output.of(rootUrl)); } - /** - * @param serviceAccountsEnabled When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder serviceAccountsEnabled(@Nullable Output serviceAccountsEnabled) { $.serviceAccountsEnabled = serviceAccountsEnabled; return this; } - /** - * @param serviceAccountsEnabled When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder serviceAccountsEnabled(Boolean serviceAccountsEnabled) { return serviceAccountsEnabled(Output.of(serviceAccountsEnabled)); } - /** - * @param standardFlowEnabled When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder standardFlowEnabled(@Nullable Output standardFlowEnabled) { $.standardFlowEnabled = standardFlowEnabled; return this; } - /** - * @param standardFlowEnabled When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder standardFlowEnabled(Boolean standardFlowEnabled) { return standardFlowEnabled(Output.of(standardFlowEnabled)); } - /** - * @param useRefreshTokens If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - * @return builder - * - */ public Builder useRefreshTokens(@Nullable Output useRefreshTokens) { $.useRefreshTokens = useRefreshTokens; return this; } - /** - * @param useRefreshTokens If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - * @return builder - * - */ public Builder useRefreshTokens(Boolean useRefreshTokens) { return useRefreshTokens(Output.of(useRefreshTokens)); } - /** - * @param useRefreshTokensClientCredentials If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - * @return builder - * - */ public Builder useRefreshTokensClientCredentials(@Nullable Output useRefreshTokensClientCredentials) { $.useRefreshTokensClientCredentials = useRefreshTokensClientCredentials; return this; } - /** - * @param useRefreshTokensClientCredentials If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - * @return builder - * - */ public Builder useRefreshTokensClientCredentials(Boolean useRefreshTokensClientCredentials) { return useRefreshTokensClientCredentials(Output.of(useRefreshTokensClientCredentials)); } - /** - * @param validPostLogoutRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - * @return builder - * - */ public Builder validPostLogoutRedirectUris(@Nullable Output> validPostLogoutRedirectUris) { $.validPostLogoutRedirectUris = validPostLogoutRedirectUris; return this; } - /** - * @param validPostLogoutRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - * @return builder - * - */ public Builder validPostLogoutRedirectUris(List validPostLogoutRedirectUris) { return validPostLogoutRedirectUris(Output.of(validPostLogoutRedirectUris)); } - /** - * @param validPostLogoutRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - * @return builder - * - */ public Builder validPostLogoutRedirectUris(String... validPostLogoutRedirectUris) { return validPostLogoutRedirectUris(List.of(validPostLogoutRedirectUris)); } - /** - * @param validRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - * @return builder - * - */ public Builder validRedirectUris(@Nullable Output> validRedirectUris) { $.validRedirectUris = validRedirectUris; return this; } - /** - * @param validRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - * @return builder - * - */ public Builder validRedirectUris(List validRedirectUris) { return validRedirectUris(Output.of(validRedirectUris)); } - /** - * @param validRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - * @return builder - * - */ public Builder validRedirectUris(String... validRedirectUris) { return validRedirectUris(List.of(validRedirectUris)); } - /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - * @return builder - * - */ public Builder webOrigins(@Nullable Output> webOrigins) { $.webOrigins = webOrigins; return this; } - /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - * @return builder - * - */ public Builder webOrigins(List webOrigins) { return webOrigins(Output.of(webOrigins)); } - /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - * @return builder - * - */ public Builder webOrigins(String... webOrigins) { return webOrigins(List.of(webOrigins)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientAuthorizationPermission.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientAuthorizationPermission.java index e03393a2..4d5e2901 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientAuthorizationPermission.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientAuthorizationPermission.java @@ -22,9 +22,9 @@ * * Client authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopes.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopes.java index 880cf791..8bb35ce0 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopes.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopes.java @@ -16,6 +16,8 @@ /** * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -44,14 +46,14 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var client = new Client("client", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("test-client") * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .realmId(realm.id()) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -59,7 +61,6 @@ * .build()); * * var clientDefaultScopes = new ClientDefaultScopes("clientDefaultScopes", ClientDefaultScopesArgs.builder() - * .realmId(realm.id()) * .clientId(client.id()) * .defaultScopes( * "profile", @@ -67,60 +68,45 @@ * "roles", * "web-origins", * clientScope.name()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * This resource does not support import. Instead of importing, feel free to create this resource + * The following arguments are supported: * - * as if it did not already exist on the server. + * - `realm_id` - (Required) The realm this client and scopes exists in. + * - `client_id` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. + * - `default_scopes` - (Required) An array of client scope names to attach to this client. + * + * ### Import + * + * This resource does not support import. Instead of importing, feel free to create this resource + * as if it did not already exist on the server. * */ @ResourceType(type="keycloak:openid/clientDefaultScopes:ClientDefaultScopes") public class ClientDefaultScopes extends com.pulumi.resources.CustomResource { - /** - * The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; - /** - * @return The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ public Output clientId() { return this.clientId; } - /** - * An array of client scope names to attach to this client. - * - */ @Export(name="defaultScopes", refs={List.class,String.class}, tree="[0,1]") private Output> defaultScopes; - /** - * @return An array of client scope names to attach to this client. - * - */ public Output> defaultScopes() { return this.defaultScopes; } - /** - * The realm this client and scopes exists in. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this client and scopes exists in. - * - */ public Output realmId() { return this.realmId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopesArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopesArgs.java index 627e0580..0739808f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopesArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopesArgs.java @@ -15,47 +15,23 @@ public final class ClientDefaultScopesArgs extends com.pulumi.resources.Resource public static final ClientDefaultScopesArgs Empty = new ClientDefaultScopesArgs(); - /** - * The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ @Import(name="clientId", required=true) private Output clientId; - /** - * @return The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ public Output clientId() { return this.clientId; } - /** - * An array of client scope names to attach to this client. - * - */ @Import(name="defaultScopes", required=true) private Output> defaultScopes; - /** - * @return An array of client scope names to attach to this client. - * - */ public Output> defaultScopes() { return this.defaultScopes; } - /** - * The realm this client and scopes exists in. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this client and scopes exists in. - * - */ public Output realmId() { return this.realmId; } @@ -86,75 +62,33 @@ public Builder(ClientDefaultScopesArgs defaults) { $ = new ClientDefaultScopesArgs(Objects.requireNonNull(defaults)); } - /** - * @param clientId The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - * @return builder - * - */ public Builder clientId(Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param defaultScopes An array of client scope names to attach to this client. - * - * @return builder - * - */ public Builder defaultScopes(Output> defaultScopes) { $.defaultScopes = defaultScopes; return this; } - /** - * @param defaultScopes An array of client scope names to attach to this client. - * - * @return builder - * - */ public Builder defaultScopes(List defaultScopes) { return defaultScopes(Output.of(defaultScopes)); } - /** - * @param defaultScopes An array of client scope names to attach to this client. - * - * @return builder - * - */ public Builder defaultScopes(String... defaultScopes) { return defaultScopes(List.of(defaultScopes)); } - /** - * @param realmId The realm this client and scopes exists in. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client and scopes exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopes.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopes.java index 90a00c44..213d904a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopes.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopes.java @@ -16,6 +16,8 @@ /** * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -44,14 +46,14 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var client = new Client("client", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("test-client") * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .realmId(realm.id()) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -59,68 +61,51 @@ * .build()); * * var clientOptionalScopes = new ClientOptionalScopes("clientOptionalScopes", ClientOptionalScopesArgs.builder() - * .realmId(realm.id()) * .clientId(client.id()) * .optionalScopes( * "address", * "phone", * "offline_access", - * "microprofile-jwt", * clientScope.name()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * This resource does not support import. Instead of importing, feel free to create this resource + * The following arguments are supported: * - * as if it did not already exist on the server. + * - `realm_id` - (Required) The realm this client and scopes exists in. + * - `client_id` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. + * - `optional_scopes` - (Required) An array of client scope names to attach to this client as optional scopes. + * + * ### Import + * + * This resource does not support import. Instead of importing, feel free to create this resource + * as if it did not already exist on the server. * */ @ResourceType(type="keycloak:openid/clientOptionalScopes:ClientOptionalScopes") public class ClientOptionalScopes extends com.pulumi.resources.CustomResource { - /** - * The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; - /** - * @return The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ public Output clientId() { return this.clientId; } - /** - * An array of client scope names to attach to this client as optional scopes. - * - */ @Export(name="optionalScopes", refs={List.class,String.class}, tree="[0,1]") private Output> optionalScopes; - /** - * @return An array of client scope names to attach to this client as optional scopes. - * - */ public Output> optionalScopes() { return this.optionalScopes; } - /** - * The realm this client and scopes exists in. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this client and scopes exists in. - * - */ public Output realmId() { return this.realmId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopesArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopesArgs.java index 70f6795a..3328ac9a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopesArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopesArgs.java @@ -15,47 +15,23 @@ public final class ClientOptionalScopesArgs extends com.pulumi.resources.Resourc public static final ClientOptionalScopesArgs Empty = new ClientOptionalScopesArgs(); - /** - * The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ @Import(name="clientId", required=true) private Output clientId; - /** - * @return The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ public Output clientId() { return this.clientId; } - /** - * An array of client scope names to attach to this client as optional scopes. - * - */ @Import(name="optionalScopes", required=true) private Output> optionalScopes; - /** - * @return An array of client scope names to attach to this client as optional scopes. - * - */ public Output> optionalScopes() { return this.optionalScopes; } - /** - * The realm this client and scopes exists in. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this client and scopes exists in. - * - */ public Output realmId() { return this.realmId; } @@ -86,75 +62,33 @@ public Builder(ClientOptionalScopesArgs defaults) { $ = new ClientOptionalScopesArgs(Objects.requireNonNull(defaults)); } - /** - * @param clientId The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - * @return builder - * - */ public Builder clientId(Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param optionalScopes An array of client scope names to attach to this client as optional scopes. - * - * @return builder - * - */ public Builder optionalScopes(Output> optionalScopes) { $.optionalScopes = optionalScopes; return this; } - /** - * @param optionalScopes An array of client scope names to attach to this client as optional scopes. - * - * @return builder - * - */ public Builder optionalScopes(List optionalScopes) { return optionalScopes(Output.of(optionalScopes)); } - /** - * @param optionalScopes An array of client scope names to attach to this client as optional scopes. - * - * @return builder - * - */ public Builder optionalScopes(String... optionalScopes) { return optionalScopes(List.of(optionalScopes)); } - /** - * @param realmId The realm this client and scopes exists in. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client and scopes exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientPolicy.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientPolicy.java index 4f1bf836..1d117471 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientPolicy.java @@ -21,6 +21,8 @@ * ## Example Usage * * In this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `keycloak.openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -83,6 +85,7 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * */ @ResourceType(type="keycloak:openid/clientPolicy:ClientPolicy") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScope.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScope.java index e7364fba..4ea4392a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScope.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScope.java @@ -17,12 +17,18 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol. + * ## # keycloak.openid.ClientScope * - * Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also - * be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 `scope` parameter. + * Allows for creating and managing Keycloak client scopes that can be attached to + * clients that use the OpenID Connect protocol. * - * ## Example Usage + * Client Scopes can be used to share common protocol and role mappings between multiple + * clients within a realm. They can also be used by clients to conditionally request + * claims or roles for a user based on the OAuth 2.0 `scope` parameter. + * + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -47,119 +53,74 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClientScope = new ClientScope("openidClientScope", ClientScopeArgs.builder() - * .realmId(realm.id()) * .description("When requested, this scope will map a user's group memberships to a claim") - * .includeInTokenScope(true) - * .guiOrder(1) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + * - `realm_id` - (Required) The realm this client scope belongs to. + * - `name` - (Required) The display name of this client scope in the GUI. + * - `description` - (Optional) The description of this client scope in the GUI. + * - `consent_screen_text` - (Optional) When set, a consent screen will be displayed to users + * authenticating to clients with this scope attached. The consent screen will display the string + * value of this attribute. * - * Example: + * ### Import * - * bash + * Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + * assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. * - * ```sh - * $ pulumi import keycloak:openid/clientScope:ClientScope openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/clientScope:ClientScope") public class ClientScope extends com.pulumi.resources.CustomResource { - /** - * When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - */ @Export(name="consentScreenText", refs={String.class}, tree="[0]") private Output consentScreenText; - /** - * @return When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - */ public Output> consentScreenText() { return Codegen.optional(this.consentScreenText); } - /** - * The description of this client scope in the GUI. - * - */ @Export(name="description", refs={String.class}, tree="[0]") private Output description; - /** - * @return The description of this client scope in the GUI. - * - */ public Output> description() { return Codegen.optional(this.description); } - /** - * Specify order of the client scope in GUI (such as in Consent page) as integer. - * - */ @Export(name="guiOrder", refs={Integer.class}, tree="[0]") private Output guiOrder; - /** - * @return Specify order of the client scope in GUI (such as in Consent page) as integer. - * - */ public Output> guiOrder() { return Codegen.optional(this.guiOrder); } - /** - * When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - */ @Export(name="includeInTokenScope", refs={Boolean.class}, tree="[0]") private Output includeInTokenScope; - /** - * @return When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - */ public Output> includeInTokenScope() { return Codegen.optional(this.includeInTokenScope); } - /** - * The display name of this client scope in the GUI. - * - */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; - /** - * @return The display name of this client scope in the GUI. - * - */ public Output name() { return this.name; } - /** - * The realm this client scope belongs to. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this client scope belongs to. - * - */ public Output realmId() { return this.realmId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScopeArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScopeArgs.java index 4a04427d..bfded08a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScopeArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScopeArgs.java @@ -18,92 +18,44 @@ public final class ClientScopeArgs extends com.pulumi.resources.ResourceArgs { public static final ClientScopeArgs Empty = new ClientScopeArgs(); - /** - * When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - */ @Import(name="consentScreenText") private @Nullable Output consentScreenText; - /** - * @return When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - */ public Optional> consentScreenText() { return Optional.ofNullable(this.consentScreenText); } - /** - * The description of this client scope in the GUI. - * - */ @Import(name="description") private @Nullable Output description; - /** - * @return The description of this client scope in the GUI. - * - */ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * Specify order of the client scope in GUI (such as in Consent page) as integer. - * - */ @Import(name="guiOrder") private @Nullable Output guiOrder; - /** - * @return Specify order of the client scope in GUI (such as in Consent page) as integer. - * - */ public Optional> guiOrder() { return Optional.ofNullable(this.guiOrder); } - /** - * When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - */ @Import(name="includeInTokenScope") private @Nullable Output includeInTokenScope; - /** - * @return When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - */ public Optional> includeInTokenScope() { return Optional.ofNullable(this.includeInTokenScope); } - /** - * The display name of this client scope in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this client scope in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The realm this client scope belongs to. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this client scope belongs to. - * - */ public Output realmId() { return this.realmId; } @@ -137,128 +89,56 @@ public Builder(ClientScopeArgs defaults) { $ = new ClientScopeArgs(Objects.requireNonNull(defaults)); } - /** - * @param consentScreenText When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - * @return builder - * - */ public Builder consentScreenText(@Nullable Output consentScreenText) { $.consentScreenText = consentScreenText; return this; } - /** - * @param consentScreenText When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - * @return builder - * - */ public Builder consentScreenText(String consentScreenText) { return consentScreenText(Output.of(consentScreenText)); } - /** - * @param description The description of this client scope in the GUI. - * - * @return builder - * - */ public Builder description(@Nullable Output description) { $.description = description; return this; } - /** - * @param description The description of this client scope in the GUI. - * - * @return builder - * - */ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param guiOrder Specify order of the client scope in GUI (such as in Consent page) as integer. - * - * @return builder - * - */ public Builder guiOrder(@Nullable Output guiOrder) { $.guiOrder = guiOrder; return this; } - /** - * @param guiOrder Specify order of the client scope in GUI (such as in Consent page) as integer. - * - * @return builder - * - */ public Builder guiOrder(Integer guiOrder) { return guiOrder(Output.of(guiOrder)); } - /** - * @param includeInTokenScope When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - * @return builder - * - */ public Builder includeInTokenScope(@Nullable Output includeInTokenScope) { $.includeInTokenScope = includeInTokenScope; return this; } - /** - * @param includeInTokenScope When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - * @return builder - * - */ public Builder includeInTokenScope(Boolean includeInTokenScope) { return includeInTokenScope(Output.of(includeInTokenScope)); } - /** - * @param name The display name of this client scope in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this client scope in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this client scope belongs to. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client scope belongs to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRealmRole.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRealmRole.java index 6b97ef48..e38f2a9c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRealmRole.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRealmRole.java @@ -21,6 +21,8 @@ * resource. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -71,14 +73,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRole.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRole.java index 177bcf08..7b2a8a5d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRole.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRole.java @@ -21,6 +21,8 @@ * resource. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -78,14 +80,15 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapper.java index d97b2ab1..3b16dd95 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapper.java @@ -16,15 +16,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing full name protocol mappers within Keycloak. + * ## # keycloak.openid.FullNameProtocolMapper * - * Full name protocol mappers allow you to map a user's first and last name to the OpenID Connect `name` claim in a token. + * Allows for creating and managing full name protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * Full name protocol mappers allow you to map a user's first and last name + * to the OpenID Connect `name` claim in a token. Protocol mappers can be defined + * for a single client, or they can be defined for a client scope which can + * be shared between multiple different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -51,27 +55,31 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .enabled(true) + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var fullNameMapper = new FullNameProtocolMapper("fullNameMapper", FullNameProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientId(openidClient.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` - * ### Client Scope) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -98,8 +106,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -107,130 +115,107 @@ * .build()); * * var fullNameMapper = new FullNameProtocolMapper("fullNameMapper", FullNameProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientScopeId(clientScope.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `add_to_id_token` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. + * - `add_to_access_token` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. + * - `add_to_userinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` - * - * ```sh - * $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper") public class FullNameProtocolMapper extends com.pulumi.resources.CustomResource { - /** - * Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - */ @Export(name="addToAccessToken", refs={Boolean.class}, tree="[0]") private Output addToAccessToken; - /** - * @return Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - */ public Output> addToAccessToken() { return Codegen.optional(this.addToAccessToken); } - /** - * Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - */ @Export(name="addToIdToken", refs={Boolean.class}, tree="[0]") private Output addToIdToken; - /** - * @return Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - */ public Output> addToIdToken() { return Codegen.optional(this.addToIdToken); } - /** - * Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ @Export(name="addToUserinfo", refs={Boolean.class}, tree="[0]") private Output addToUserinfo; - /** - * @return Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ public Output> addToUserinfo() { return Codegen.optional(this.addToUserinfo); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { return Codegen.optional(this.clientId); } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapperArgs.java index 3545f9d6..3293347d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapperArgs.java @@ -17,60 +17,36 @@ public final class FullNameProtocolMapperArgs extends com.pulumi.resources.Resou public static final FullNameProtocolMapperArgs Empty = new FullNameProtocolMapperArgs(); - /** - * Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; - /** - * @return Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - */ public Optional> addToAccessToken() { return Optional.ofNullable(this.addToAccessToken); } - /** - * Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; - /** - * @return Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - */ public Optional> addToIdToken() { return Optional.ofNullable(this.addToIdToken); } - /** - * Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; - /** - * @return Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -78,14 +54,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -93,14 +69,14 @@ public Optional> clientScopeId() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -108,14 +84,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { @@ -152,71 +128,35 @@ public Builder(FullNameProtocolMapperArgs defaults) { $ = new FullNameProtocolMapperArgs(Objects.requireNonNull(defaults)); } - /** - * @param addToAccessToken Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToAccessToken(@Nullable Output addToAccessToken) { $.addToAccessToken = addToAccessToken; return this; } - /** - * @param addToAccessToken Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToAccessToken(Boolean addToAccessToken) { return addToAccessToken(Output.of(addToAccessToken)); } - /** - * @param addToIdToken Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToIdToken(@Nullable Output addToIdToken) { $.addToIdToken = addToIdToken; return this; } - /** - * @param addToIdToken Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToIdToken(Boolean addToIdToken) { return addToIdToken(Output.of(addToIdToken)); } - /** - * @param addToUserinfo Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - * @return builder - * - */ public Builder addToUserinfo(@Nullable Output addToUserinfo) { $.addToUserinfo = addToUserinfo; return this; } - /** - * @param addToUserinfo Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - * @return builder - * - */ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -227,7 +167,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -237,7 +177,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -248,7 +188,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -258,7 +198,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -269,7 +209,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -279,7 +219,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -290,7 +230,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapper.java index 596a0168..a9c9b3a3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapper.java @@ -16,15 +16,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing group membership protocol mappers within Keycloak. + * ## # keycloak.openid.GroupMembershipProtocolMapper * - * Group membership protocol mappers allow you to map a user's group memberships to a claim in a token. + * Allows for creating and managing group membership protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * Group membership protocol mappers allow you to map a user's group memberships + * to a claim in a token. Protocol mappers can be defined for a single client, + * or they can be defined for a client scope which can be shared between multiple + * different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -51,28 +55,32 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .enabled(true) + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var groupMembershipMapper = new GroupMembershipProtocolMapper("groupMembershipMapper", GroupMembershipProtocolMapperArgs.builder() - * .realmId(realm.id()) - * .clientId(openidClient.id()) * .claimName("groups") + * .clientId(openidClient.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` - * ### Client Scope) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -99,8 +107,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -108,159 +116,122 @@ * .build()); * * var groupMembershipMapper = new GroupMembershipProtocolMapper("groupMembershipMapper", GroupMembershipProtocolMapperArgs.builder() - * .realmId(realm.id()) - * .clientScopeId(clientScope.id()) * .claimName("groups") + * .clientScopeId(clientScope.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import - * - * Protocol mappers can be imported using one of the following formats: - * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * ### Argument Reference * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * Example: + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `claim_name` - (Required) The name of the claim to insert into a token. + * - `full_path` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`. + * - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper") public class GroupMembershipProtocolMapper extends com.pulumi.resources.CustomResource { - /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - */ @Export(name="addToAccessToken", refs={Boolean.class}, tree="[0]") private Output addToAccessToken; - /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - */ public Output> addToAccessToken() { return Codegen.optional(this.addToAccessToken); } - /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - */ @Export(name="addToIdToken", refs={Boolean.class}, tree="[0]") private Output addToIdToken; - /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - */ public Output> addToIdToken() { return Codegen.optional(this.addToIdToken); } - /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ @Export(name="addToUserinfo", refs={Boolean.class}, tree="[0]") private Output addToUserinfo; - /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ public Output> addToUserinfo() { return Codegen.optional(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Export(name="claimName", refs={String.class}, tree="[0]") private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { return Codegen.optional(this.clientId); } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } - /** - * Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - */ @Export(name="fullPath", refs={Boolean.class}, tree="[0]") private Output fullPath; - /** - * @return Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - */ public Output> fullPath() { return Codegen.optional(this.fullPath); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapperArgs.java index e4b68021..70b9239d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapperArgs.java @@ -17,75 +17,43 @@ public final class GroupMembershipProtocolMapperArgs extends com.pulumi.resource public static final GroupMembershipProtocolMapperArgs Empty = new GroupMembershipProtocolMapperArgs(); - /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; - /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - */ public Optional> addToAccessToken() { return Optional.ofNullable(this.addToAccessToken); } - /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; - /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - */ public Optional> addToIdToken() { return Optional.ofNullable(this.addToIdToken); } - /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; - /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName", required=true) private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -93,44 +61,36 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { return Optional.ofNullable(this.clientScopeId); } - /** - * Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - */ @Import(name="fullPath") private @Nullable Output fullPath; - /** - * @return Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - */ public Optional> fullPath() { return Optional.ofNullable(this.fullPath); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -138,14 +98,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { @@ -184,92 +144,44 @@ public Builder(GroupMembershipProtocolMapperArgs defaults) { $ = new GroupMembershipProtocolMapperArgs(Objects.requireNonNull(defaults)); } - /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToAccessToken(@Nullable Output addToAccessToken) { $.addToAccessToken = addToAccessToken; return this; } - /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToAccessToken(Boolean addToAccessToken) { return addToAccessToken(Output.of(addToAccessToken)); } - /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToIdToken(@Nullable Output addToIdToken) { $.addToIdToken = addToIdToken; return this; } - /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToIdToken(Boolean addToIdToken) { return addToIdToken(Output.of(addToIdToken)); } - /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - * @return builder - * - */ public Builder addToUserinfo(@Nullable Output addToUserinfo) { $.addToUserinfo = addToUserinfo; return this; } - /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - * @return builder - * - */ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -280,7 +192,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -290,7 +202,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -301,7 +213,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -310,29 +222,17 @@ public Builder clientScopeId(String clientScopeId) { return clientScopeId(Output.of(clientScopeId)); } - /** - * @param fullPath Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - * @return builder - * - */ public Builder fullPath(@Nullable Output fullPath) { $.fullPath = fullPath; return this; } - /** - * @param fullPath Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - * @return builder - * - */ public Builder fullPath(Boolean fullPath) { return fullPath(Output.of(fullPath)); } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -343,7 +243,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -353,7 +253,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -364,7 +264,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapper.java index 6d4acd42..1acbbbbd 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapper.java @@ -16,15 +16,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing hardcoded claim protocol mappers within Keycloak. + * ## # keycloak.openid.HardcodedClaimProtocolMapper * - * Hardcoded claim protocol mappers allow you to define a claim with a hardcoded value. + * Allows for creating and managing hardcoded claim protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * Hardcoded claim protocol mappers allow you to define a claim with a hardcoded + * value. Protocol mappers can be defined for a single client, or they can + * be defined for a client scope which can be shared between multiple different + * clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -51,29 +55,33 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .enabled(true) + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var hardcodedClaimMapper = new HardcodedClaimProtocolMapper("hardcodedClaimMapper", HardcodedClaimProtocolMapperArgs.builder() - * .realmId(realm.id()) - * .clientId(openidClient.id()) * .claimName("foo") * .claimValue("bar") + * .clientId(openidClient.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` - * ### Client Scope) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -100,8 +108,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -109,174 +117,162 @@ * .build()); * * var hardcodedClaimMapper = new HardcodedClaimProtocolMapper("hardcodedClaimMapper", HardcodedClaimProtocolMapperArgs.builder() - * .realmId(realm.id()) - * .clientScopeId(clientScope.id()) * .claimName("foo") * .claimValue("bar") + * .clientScopeId(clientScope.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `claim_name` - (Required) The name of the claim to insert into a token. + * - `claim_value` - (Required) The hardcoded value of the claim. + * - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + * - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` - * - * ```sh - * $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper") public class HardcodedClaimProtocolMapper extends com.pulumi.resources.CustomResource { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Export(name="addToAccessToken", refs={Boolean.class}, tree="[0]") private Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Output> addToAccessToken() { return Codegen.optional(this.addToAccessToken); } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Export(name="addToIdToken", refs={Boolean.class}, tree="[0]") private Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Output> addToIdToken() { return Codegen.optional(this.addToIdToken); } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Export(name="addToUserinfo", refs={Boolean.class}, tree="[0]") private Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Output> addToUserinfo() { return Codegen.optional(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Export(name="claimName", refs={String.class}, tree="[0]") private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } - /** - * The hardcoded value of the claim. - * - */ @Export(name="claimValue", refs={String.class}, tree="[0]") private Output claimValue; - /** - * @return The hardcoded value of the claim. - * - */ public Output claimValue() { return this.claimValue; } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Export(name="claimValueType", refs={String.class}, tree="[0]") private Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Output> claimValueType() { return Codegen.optional(this.claimValueType); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { return Codegen.optional(this.clientId); } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapperArgs.java index 8601fb0c..5e9a969f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapperArgs.java @@ -18,14 +18,14 @@ public final class HardcodedClaimProtocolMapperArgs extends com.pulumi.resources public static final HardcodedClaimProtocolMapperArgs Empty = new HardcodedClaimProtocolMapperArgs(); /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Optional> addToAccessToken() { @@ -33,14 +33,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Optional> addToIdToken() { @@ -48,59 +48,43 @@ public Optional> addToIdToken() { } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName", required=true) private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } - /** - * The hardcoded value of the claim. - * - */ @Import(name="claimValue", required=true) private Output claimValue; - /** - * @return The hardcoded value of the claim. - * - */ public Output claimValue() { return this.claimValue; } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Import(name="claimValueType") private @Nullable Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Optional> claimValueType() { @@ -108,14 +92,14 @@ public Optional> claimValueType() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -123,14 +107,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -138,14 +122,14 @@ public Optional> clientScopeId() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -153,14 +137,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { @@ -201,7 +185,7 @@ public Builder(HardcodedClaimProtocolMapperArgs defaults) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -212,7 +196,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -222,7 +206,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -233,7 +217,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -243,7 +227,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -254,7 +238,7 @@ public Builder addToUserinfo(@Nullable Output addToUserinfo) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -263,50 +247,26 @@ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } - /** - * @param claimValue The hardcoded value of the claim. - * - * @return builder - * - */ public Builder claimValue(Output claimValue) { $.claimValue = claimValue; return this; } - /** - * @param claimValue The hardcoded value of the claim. - * - * @return builder - * - */ public Builder claimValue(String claimValue) { return claimValue(Output.of(claimValue)); } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -317,7 +277,7 @@ public Builder claimValueType(@Nullable Output claimValueType) { } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -327,7 +287,7 @@ public Builder claimValueType(String claimValueType) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -338,7 +298,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -348,7 +308,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -359,7 +319,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -369,7 +329,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -380,7 +340,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -390,7 +350,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -401,7 +361,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapper.java index a34f44bd..4e4d9e2c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapper.java @@ -15,15 +15,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing hardcoded role protocol mappers within Keycloak. + * ## # keycloak.openid.HardcodedRoleProtocolMapper * - * Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. + * Allows for creating and managing hardcoded role protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * Hardcoded role protocol mappers allow you to specify a single role to + * always map to an access token for a client. Protocol mappers can be + * defined for a single client, or they can be defined for a client scope + * which can be shared between multiple different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -52,8 +56,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var role = new Role("role", RoleArgs.builder() @@ -61,23 +65,27 @@ * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .enabled(true) + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var hardcodedRoleMapper = new HardcodedRoleProtocolMapper("hardcodedRoleMapper", HardcodedRoleProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientId(openidClient.id()) + * .realmId(realm.id()) * .roleId(role.id()) * .build()); * * } * } * ``` - * ### Client Scope) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -106,8 +114,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var role = new Role("role", RoleArgs.builder() @@ -119,105 +127,97 @@ * .build()); * * var hardcodedRoleMapper = new HardcodedRoleProtocolMapper("hardcodedRoleMapper", HardcodedRoleProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientScopeId(clientScope.id()) + * .realmId(realm.id()) * .roleId(role.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import - * - * Protocol mappers can be imported using one of the following formats: - * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * ### Argument Reference * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * Example: + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the + * GUI. + * - `role_id` - (Required) The ID of the role to map to an access token. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper") public class HardcodedRoleProtocolMapper extends com.pulumi.resources.CustomResource { /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { return Codegen.optional(this.clientId); } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { return this.realmId; } - /** - * The ID of the role to map to an access token. - * - */ @Export(name="roleId", refs={String.class}, tree="[0]") private Output roleId; - /** - * @return The ID of the role to map to an access token. - * - */ public Output roleId() { return this.roleId; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapperArgs.java index 4cc7de07..e8fcbbd5 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapperArgs.java @@ -17,14 +17,14 @@ public final class HardcodedRoleProtocolMapperArgs extends com.pulumi.resources. public static final HardcodedRoleProtocolMapperArgs Empty = new HardcodedRoleProtocolMapperArgs(); /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -32,14 +32,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -47,14 +47,14 @@ public Optional> clientScopeId() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -62,31 +62,23 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { return this.realmId; } - /** - * The ID of the role to map to an access token. - * - */ @Import(name="roleId", required=true) private Output roleId; - /** - * @return The ID of the role to map to an access token. - * - */ public Output roleId() { return this.roleId; } @@ -120,7 +112,7 @@ public Builder(HardcodedRoleProtocolMapperArgs defaults) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -131,7 +123,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -141,7 +133,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -152,7 +144,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -162,7 +154,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -173,7 +165,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -183,7 +175,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -194,7 +186,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -203,23 +195,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param roleId The ID of the role to map to an access token. - * - * @return builder - * - */ public Builder roleId(Output roleId) { $.roleId = roleId; return this; } - /** - * @param roleId The ID of the role to map to an access token. - * - * @return builder - * - */ public Builder roleId(String roleId) { return roleId(Output.of(roleId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/OpenidFunctions.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/OpenidFunctions.java index ed93195a..24638885 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/OpenidFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/OpenidFunctions.java @@ -24,9 +24,13 @@ public final class OpenidFunctions { /** + * ## # keycloak.openid.Client data source + * * This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -64,15 +68,31 @@ public final class OpenidFunctions { * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm id. + * - `client_id` - (Required) The client id. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.openid.Client` resource for details on the exported attributes. * */ public static Output getClient(GetClientArgs args) { return getClient(args, InvokeOptions.Empty); } /** + * ## # keycloak.openid.Client data source + * * This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -110,15 +130,31 @@ public static Output getClient(GetClientArgs args) { * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm id. + * - `client_id` - (Required) The client id. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.openid.Client` resource for details on the exported attributes. * */ public static CompletableFuture getClientPlain(GetClientPlainArgs args) { return getClientPlain(args, InvokeOptions.Empty); } /** + * ## # keycloak.openid.Client data source + * * This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -156,15 +192,31 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm id. + * - `client_id` - (Required) The client id. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.openid.Client` resource for details on the exported attributes. * */ public static Output getClient(GetClientArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("keycloak:openid/getClient:getClient", TypeShape.of(GetClientResult.class), args, Utilities.withVersion(options)); } /** + * ## # keycloak.openid.Client data source + * * This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. * - * ## Example Usage + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -202,6 +254,18 @@ public static Output getClient(GetClientArgs args, InvokeOption * } * } * ``` + * <!--End PulumiCodeChooser --> + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm_id` - (Required) The realm id. + * - `client_id` - (Required) The client id. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.openid.Client` resource for details on the exported attributes. * */ public static CompletableFuture getClientPlain(GetClientPlainArgs args, InvokeOptions options) { @@ -215,6 +279,8 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * In this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default * permission for this client called "Default Permission". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data * source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -283,6 +349,7 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientAuthorizationPolicy(GetClientAuthorizationPolicyArgs args) { @@ -296,6 +363,8 @@ public static Output getClientAuthorizationP * In this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default * permission for this client called "Default Permission". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data * source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -364,6 +433,7 @@ public static Output getClientAuthorizationP * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientAuthorizationPolicyPlain(GetClientAuthorizationPolicyPlainArgs args) { @@ -377,6 +447,8 @@ public static CompletableFuture getClientAut * In this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default * permission for this client called "Default Permission". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data * source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -445,6 +517,7 @@ public static CompletableFuture getClientAut * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientAuthorizationPolicy(GetClientAuthorizationPolicyArgs args, InvokeOptions options) { @@ -458,6 +531,8 @@ public static Output getClientAuthorizationP * In this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default * permission for this client called "Default Permission". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data * source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -526,6 +601,7 @@ public static Output getClientAuthorizationP * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientAuthorizationPolicyPlain(GetClientAuthorizationPolicyPlainArgs args, InvokeOptions options) { @@ -535,6 +611,8 @@ public static CompletableFuture getClientAut * This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -572,6 +650,7 @@ public static CompletableFuture getClientAut * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientScope(GetClientScopeArgs args) { @@ -581,6 +660,8 @@ public static Output getClientScope(GetClientScopeArgs arg * This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -618,6 +699,7 @@ public static Output getClientScope(GetClientScopeArgs arg * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientScopePlain(GetClientScopePlainArgs args) { @@ -627,6 +709,8 @@ public static CompletableFuture getClientScopePlain(GetCli * This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -664,6 +748,7 @@ public static CompletableFuture getClientScopePlain(GetCli * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientScope(GetClientScopeArgs args, InvokeOptions options) { @@ -673,6 +758,8 @@ public static Output getClientScope(GetClientScopeArgs arg * This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -710,6 +797,7 @@ public static Output getClientScope(GetClientScopeArgs arg * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientScopePlain(GetClientScopePlainArgs args, InvokeOptions options) { @@ -724,6 +812,8 @@ public static CompletableFuture getClientScopePlain(GetCli * In this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user * that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this * user, using the `keycloak.UserRoles` resource. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -784,6 +874,7 @@ public static CompletableFuture getClientScopePlain(GetCli * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientServiceAccountUser(GetClientServiceAccountUserArgs args) { @@ -798,6 +889,8 @@ public static Output getClientServiceAccountU * In this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user * that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this * user, using the `keycloak.UserRoles` resource. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -858,6 +951,7 @@ public static Output getClientServiceAccountU * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientServiceAccountUserPlain(GetClientServiceAccountUserPlainArgs args) { @@ -872,6 +966,8 @@ public static CompletableFuture getClientServ * In this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user * that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this * user, using the `keycloak.UserRoles` resource. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -932,6 +1028,7 @@ public static CompletableFuture getClientServ * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientServiceAccountUser(GetClientServiceAccountUserArgs args, InvokeOptions options) { @@ -946,6 +1043,8 @@ public static Output getClientServiceAccountU * In this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user * that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this * user, using the `keycloak.UserRoles` resource. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -1006,6 +1105,7 @@ public static Output getClientServiceAccountU * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientServiceAccountUserPlain(GetClientServiceAccountUserPlainArgs args, InvokeOptions options) { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ScriptProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ScriptProtocolMapper.java index cff7e713..a17589ac 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ScriptProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ScriptProtocolMapper.java @@ -26,7 +26,10 @@ * > Support for this protocol mapper was removed in Keycloak 18. * * ## Example Usage + * * ### Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -75,7 +78,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -120,18 +127,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapper.java index 5f15f6f9..7d4d55ec 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapper.java @@ -16,15 +16,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing user attribute protocol mappers within Keycloak. + * ## # keycloak.openid.UserAttributeProtocolMapper * - * User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. + * Allows for creating and managing user attribute protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * User attribute protocol mappers allow you to map custom attributes defined + * for a user within Keycloak to a claim in a token. Protocol mappers can be + * defined for a single client, or they can be defined for a client scope which + * can be shared between multiple different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -51,29 +55,33 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .enabled(true) + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var userAttributeMapper = new UserAttributeProtocolMapper("userAttributeMapper", UserAttributeProtocolMapperArgs.builder() - * .realmId(realm.id()) + * .claimName("bar") * .clientId(openidClient.id()) + * .realmId(realm.id()) * .userAttribute("foo") - * .claimName("bar") * .build()); * * } * } * ``` - * ### Client Scope) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -100,8 +108,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -109,204 +117,193 @@ * .build()); * * var userAttributeMapper = new UserAttributeProtocolMapper("userAttributeMapper", UserAttributeProtocolMapperArgs.builder() - * .realmId(realm.id()) + * .claimName("bar") * .clientScopeId(clientScope.id()) + * .realmId(realm.id()) * .userAttribute("foo") - * .claimName("bar") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `user_attribute` - (Required) The custom user attribute to map a claim for. + * - `claim_name` - (Required) The name of the claim to insert into a token. + * - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + * - `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * - `add_to_id_token` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * - `add_to_access_token` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * - `add_to_userinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` - * - * ```sh - * $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper") public class UserAttributeProtocolMapper extends com.pulumi.resources.CustomResource { /** - * Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Export(name="addToAccessToken", refs={Boolean.class}, tree="[0]") private Output addToAccessToken; /** - * @return Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Output> addToAccessToken() { return Codegen.optional(this.addToAccessToken); } /** - * Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Export(name="addToIdToken", refs={Boolean.class}, tree="[0]") private Output addToIdToken; /** - * @return Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Output> addToIdToken() { return Codegen.optional(this.addToIdToken); } /** - * Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Export(name="addToUserinfo", refs={Boolean.class}, tree="[0]") private Output addToUserinfo; /** - * @return Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Output> addToUserinfo() { return Codegen.optional(this.addToUserinfo); } /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates if attribute values should be aggregated within the group attributes * */ @Export(name="aggregateAttributes", refs={Boolean.class}, tree="[0]") private Output aggregateAttributes; /** - * @return Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @return Indicates if attribute values should be aggregated within the group attributes * */ public Output> aggregateAttributes() { return Codegen.optional(this.aggregateAttributes); } - /** - * The name of the claim to insert into a token. - * - */ @Export(name="claimName", refs={String.class}, tree="[0]") private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Export(name="claimValueType", refs={String.class}, tree="[0]") private Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Output> claimValueType() { return Codegen.optional(this.claimValueType); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { return Codegen.optional(this.clientId); } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. * */ @Export(name="multivalued", refs={Boolean.class}, tree="[0]") private Output multivalued; /** - * @return Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @return Indicates whether this attribute is a single value or an array of values. * */ public Output> multivalued() { return Codegen.optional(this.multivalued); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { return this.realmId; } - /** - * The custom user attribute to map a claim for. - * - */ @Export(name="userAttribute", refs={String.class}, tree="[0]") private Output userAttribute; - /** - * @return The custom user attribute to map a claim for. - * - */ public Output userAttribute() { return this.userAttribute; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapperArgs.java index 6d1bb712..827697c7 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapperArgs.java @@ -18,14 +18,14 @@ public final class UserAttributeProtocolMapperArgs extends com.pulumi.resources. public static final UserAttributeProtocolMapperArgs Empty = new UserAttributeProtocolMapperArgs(); /** - * Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Optional> addToAccessToken() { @@ -33,14 +33,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Optional> addToIdToken() { @@ -48,14 +48,14 @@ public Optional> addToIdToken() { } /** - * Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; /** - * @return Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Optional> addToUserinfo() { @@ -63,44 +63,36 @@ public Optional> addToUserinfo() { } /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates if attribute values should be aggregated within the group attributes * */ @Import(name="aggregateAttributes") private @Nullable Output aggregateAttributes; /** - * @return Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @return Indicates if attribute values should be aggregated within the group attributes * */ public Optional> aggregateAttributes() { return Optional.ofNullable(this.aggregateAttributes); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName", required=true) private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Import(name="claimValueType") private @Nullable Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Optional> claimValueType() { @@ -108,14 +100,14 @@ public Optional> claimValueType() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -123,14 +115,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -138,14 +130,14 @@ public Optional> clientScopeId() { } /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. * */ @Import(name="multivalued") private @Nullable Output multivalued; /** - * @return Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @return Indicates whether this attribute is a single value or an array of values. * */ public Optional> multivalued() { @@ -153,14 +145,14 @@ public Optional> multivalued() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -168,31 +160,23 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { return this.realmId; } - /** - * The custom user attribute to map a claim for. - * - */ @Import(name="userAttribute", required=true) private Output userAttribute; - /** - * @return The custom user attribute to map a claim for. - * - */ public Output userAttribute() { return this.userAttribute; } @@ -233,7 +217,7 @@ public Builder(UserAttributeProtocolMapperArgs defaults) { } /** - * @param addToAccessToken Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -244,7 +228,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -254,7 +238,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -265,7 +249,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -275,7 +259,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param addToUserinfo Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -286,7 +270,7 @@ public Builder addToUserinfo(@Nullable Output addToUserinfo) { } /** - * @param addToUserinfo Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -296,7 +280,7 @@ public Builder addToUserinfo(Boolean addToUserinfo) { } /** - * @param aggregateAttributes Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @param aggregateAttributes Indicates if attribute values should be aggregated within the group attributes * * @return builder * @@ -307,7 +291,7 @@ public Builder aggregateAttributes(@Nullable Output aggregateAttributes } /** - * @param aggregateAttributes Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @param aggregateAttributes Indicates if attribute values should be aggregated within the group attributes * * @return builder * @@ -316,29 +300,17 @@ public Builder aggregateAttributes(Boolean aggregateAttributes) { return aggregateAttributes(Output.of(aggregateAttributes)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -349,7 +321,7 @@ public Builder claimValueType(@Nullable Output claimValueType) { } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -359,7 +331,7 @@ public Builder claimValueType(String claimValueType) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -370,7 +342,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -380,7 +352,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -391,7 +363,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -401,7 +373,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param multivalued Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @param multivalued Indicates whether this attribute is a single value or an array of values. * * @return builder * @@ -412,7 +384,7 @@ public Builder multivalued(@Nullable Output multivalued) { } /** - * @param multivalued Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @param multivalued Indicates whether this attribute is a single value or an array of values. * * @return builder * @@ -422,7 +394,7 @@ public Builder multivalued(Boolean multivalued) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -433,7 +405,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -443,7 +415,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -454,7 +426,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -463,23 +435,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param userAttribute The custom user attribute to map a claim for. - * - * @return builder - * - */ public Builder userAttribute(Output userAttribute) { $.userAttribute = userAttribute; return this; } - /** - * @param userAttribute The custom user attribute to map a claim for. - * - * @return builder - * - */ public Builder userAttribute(String userAttribute) { return userAttribute(Output.of(userAttribute)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserClientRoleProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserClientRoleProtocolMapper.java index 1e805a83..b683218a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserClientRoleProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserClientRoleProtocolMapper.java @@ -24,7 +24,10 @@ * multiple different clients. * * ## Example Usage + * * ### Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -72,7 +75,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -116,18 +123,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java index 3cdcb1d4..17c9d422 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java @@ -16,16 +16,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing user property protocol mappers within Keycloak. + * ## # keycloak.openid.UserPropertyProtocolMapper * - * User property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in - * a token. + * Allows for creating and managing user property protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * User property protocol mappers allow you to map built in properties defined + * on the Keycloak user interface to a claim in a token. Protocol mappers can be + * defined for a single client, or they can be defined for a client scope which + * can be shared between multiple different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -52,29 +55,33 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .enabled(true) + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var userPropertyMapper = new UserPropertyProtocolMapper("userPropertyMapper", UserPropertyProtocolMapperArgs.builder() - * .realmId(realm.id()) + * .claimName("email") * .clientId(openidClient.id()) + * .realmId(realm.id()) * .userProperty("email") - * .claimName("email") * .build()); * * } * } * ``` - * ### Client Scope) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -101,8 +108,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -110,176 +117,164 @@ * .build()); * * var userPropertyMapper = new UserPropertyProtocolMapper("userPropertyMapper", UserPropertyProtocolMapperArgs.builder() - * .realmId(realm.id()) + * .claimName("email") * .clientScopeId(clientScope.id()) + * .realmId(realm.id()) * .userProperty("email") - * .claimName("email") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `user_property` - (Required) The built in user property (such as email) to map a claim for. + * - `claim_name` - (Required) The name of the claim to insert into a token. + * - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + * - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` - * - * ```sh - * $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper") public class UserPropertyProtocolMapper extends com.pulumi.resources.CustomResource { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the property should be a claim in the access token. * */ @Export(name="addToAccessToken", refs={Boolean.class}, tree="[0]") private Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the property should be a claim in the access token. * */ public Output> addToAccessToken() { return Codegen.optional(this.addToAccessToken); } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the property should be a claim in the id token. * */ @Export(name="addToIdToken", refs={Boolean.class}, tree="[0]") private Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the property should be a claim in the id token. * */ public Output> addToIdToken() { return Codegen.optional(this.addToIdToken); } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the property should appear in the userinfo response body. * */ @Export(name="addToUserinfo", refs={Boolean.class}, tree="[0]") private Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the property should appear in the userinfo response body. * */ public Output> addToUserinfo() { return Codegen.optional(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Export(name="claimName", refs={String.class}, tree="[0]") private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Export(name="claimValueType", refs={String.class}, tree="[0]") private Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Output> claimValueType() { return Codegen.optional(this.claimValueType); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { return Codegen.optional(this.clientId); } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { return this.realmId; } - /** - * The built in user property (such as email) to map a claim for. - * - */ @Export(name="userProperty", refs={String.class}, tree="[0]") private Output userProperty; - /** - * @return The built in user property (such as email) to map a claim for. - * - */ public Output userProperty() { return this.userProperty; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapperArgs.java index b3fa6ace..d8dff641 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapperArgs.java @@ -18,14 +18,14 @@ public final class UserPropertyProtocolMapperArgs extends com.pulumi.resources.R public static final UserPropertyProtocolMapperArgs Empty = new UserPropertyProtocolMapperArgs(); /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the property should be a claim in the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the property should be a claim in the access token. * */ public Optional> addToAccessToken() { @@ -33,14 +33,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the property should be a claim in the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the property should be a claim in the id token. * */ public Optional> addToIdToken() { @@ -48,44 +48,36 @@ public Optional> addToIdToken() { } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the property should appear in the userinfo response body. * */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the property should appear in the userinfo response body. * */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName", required=true) private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Import(name="claimValueType") private @Nullable Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Optional> claimValueType() { @@ -93,14 +85,14 @@ public Optional> claimValueType() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -108,14 +100,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -123,14 +115,14 @@ public Optional> clientScopeId() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -138,31 +130,23 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { return this.realmId; } - /** - * The built in user property (such as email) to map a claim for. - * - */ @Import(name="userProperty", required=true) private Output userProperty; - /** - * @return The built in user property (such as email) to map a claim for. - * - */ public Output userProperty() { return this.userProperty; } @@ -201,7 +185,7 @@ public Builder(UserPropertyProtocolMapperArgs defaults) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the property should be a claim in the access token. * * @return builder * @@ -212,7 +196,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the property should be a claim in the access token. * * @return builder * @@ -222,7 +206,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the property should be a claim in the id token. * * @return builder * @@ -233,7 +217,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the property should be a claim in the id token. * * @return builder * @@ -243,7 +227,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the property should appear in the userinfo response body. * * @return builder * @@ -254,7 +238,7 @@ public Builder addToUserinfo(@Nullable Output addToUserinfo) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the property should appear in the userinfo response body. * * @return builder * @@ -263,29 +247,17 @@ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -296,7 +268,7 @@ public Builder claimValueType(@Nullable Output claimValueType) { } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -306,7 +278,7 @@ public Builder claimValueType(String claimValueType) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -317,7 +289,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -327,7 +299,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -338,7 +310,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -348,7 +320,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -359,7 +331,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -369,7 +341,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -380,7 +352,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -389,23 +361,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param userProperty The built in user property (such as email) to map a claim for. - * - * @return builder - * - */ public Builder userProperty(Output userProperty) { $.userProperty = userProperty; return this; } - /** - * @param userProperty The built in user property (such as email) to map a claim for. - * - * @return builder - * - */ public Builder userProperty(String userProperty) { return userProperty(Output.of(userProperty)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapper.java index ef697e54..4c96295e 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapper.java @@ -16,15 +16,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing user realm role protocol mappers within Keycloak. + * ## # keycloak.openid.UserRealmRoleProtocolMapper + * + * Allows for creating and managing user realm role protocol mappers within + * Keycloak. * * User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + * Protocol mappers can be defined for a single client, or they can + * be defined for a client scope which can be shared between multiple different + * clients. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * ### Example Usage (Client) * - * ## Example Usage - * ### Client) + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -51,28 +55,32 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("client") - * .enabled(true) * .accessType("CONFIDENTIAL") + * .clientId("test-client") + * .enabled(true) + * .realmId(realm.id()) * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var userRealmRoleMapper = new UserRealmRoleProtocolMapper("userRealmRoleMapper", UserRealmRoleProtocolMapperArgs.builder() - * .realmId(realm.id()) - * .clientId(openidClient.id()) * .claimName("foo") + * .clientId(openidClient.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` - * ### Client Scope) + * <!--End PulumiCodeChooser --> + * + * ### Example Usage (Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -99,8 +107,8 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() @@ -108,187 +116,184 @@ * .build()); * * var userRealmRoleMapper = new UserRealmRoleProtocolMapper("userRealmRoleMapper", UserRealmRoleProtocolMapperArgs.builder() - * .realmId(realm.id()) - * .clientScopeId(clientScope.id()) * .claimName("foo") + * .clientScopeId(clientScope.id()) + * .realmId(realm.id()) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import - * - * Protocol mappers can be imported using one of the following formats: + * ### Argument Reference * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `claim_name` - (Required) The name of the claim to insert into a token. + * - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + * - `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`. + * - `realm_role_prefix` - (Optional) A prefix for each Realm Role. + * - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. * - * Example: + * ### Import * - * bash + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` - * - * ```sh - * $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper") public class UserRealmRoleProtocolMapper extends com.pulumi.resources.CustomResource { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Export(name="addToAccessToken", refs={Boolean.class}, tree="[0]") private Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Output> addToAccessToken() { return Codegen.optional(this.addToAccessToken); } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Export(name="addToIdToken", refs={Boolean.class}, tree="[0]") private Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Output> addToIdToken() { return Codegen.optional(this.addToIdToken); } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Export(name="addToUserinfo", refs={Boolean.class}, tree="[0]") private Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Output> addToUserinfo() { return Codegen.optional(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Export(name="claimName", refs={String.class}, tree="[0]") private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Export(name="claimValueType", refs={String.class}, tree="[0]") private Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Output> claimValueType() { return Codegen.optional(this.claimValueType); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Output> clientId() { return Codegen.optional(this.clientId); } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } /** - * Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. * */ @Export(name="multivalued", refs={Boolean.class}, tree="[0]") private Output multivalued; /** - * @return Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * @return Indicates whether this attribute is a single value or an array of values. * */ public Output> multivalued() { return Codegen.optional(this.multivalued); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Output name() { return this.name; } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { return this.realmId; } /** - * A prefix for each Realm Role. + * Prefix that will be added to each realm role. * */ @Export(name="realmRolePrefix", refs={String.class}, tree="[0]") private Output realmRolePrefix; /** - * @return A prefix for each Realm Role. + * @return Prefix that will be added to each realm role. * */ public Output> realmRolePrefix() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapperArgs.java index 51a5cf0a..1cd94b81 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapperArgs.java @@ -18,14 +18,14 @@ public final class UserRealmRoleProtocolMapperArgs extends com.pulumi.resources. public static final UserRealmRoleProtocolMapperArgs Empty = new UserRealmRoleProtocolMapperArgs(); /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Optional> addToAccessToken() { @@ -33,14 +33,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Optional> addToIdToken() { @@ -48,44 +48,36 @@ public Optional> addToIdToken() { } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName", required=true) private Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Output claimName() { return this.claimName; } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Import(name="claimValueType") private @Nullable Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Optional> claimValueType() { @@ -93,14 +85,14 @@ public Optional> claimValueType() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -108,14 +100,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -123,14 +115,14 @@ public Optional> clientScopeId() { } /** - * Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. * */ @Import(name="multivalued") private @Nullable Output multivalued; /** - * @return Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * @return Indicates whether this attribute is a single value or an array of values. * */ public Optional> multivalued() { @@ -138,14 +130,14 @@ public Optional> multivalued() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -153,14 +145,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId", required=true) private Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Output realmId() { @@ -168,14 +160,14 @@ public Output realmId() { } /** - * A prefix for each Realm Role. + * Prefix that will be added to each realm role. * */ @Import(name="realmRolePrefix") private @Nullable Output realmRolePrefix; /** - * @return A prefix for each Realm Role. + * @return Prefix that will be added to each realm role. * */ public Optional> realmRolePrefix() { @@ -217,7 +209,7 @@ public Builder(UserRealmRoleProtocolMapperArgs defaults) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -228,7 +220,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -238,7 +230,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -249,7 +241,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -259,7 +251,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -270,7 +262,7 @@ public Builder addToUserinfo(@Nullable Output addToUserinfo) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -279,29 +271,17 @@ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -312,7 +292,7 @@ public Builder claimValueType(@Nullable Output claimValueType) { } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -322,7 +302,7 @@ public Builder claimValueType(String claimValueType) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -333,7 +313,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -343,7 +323,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -354,7 +334,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -364,7 +344,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param multivalued Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * @param multivalued Indicates whether this attribute is a single value or an array of values. * * @return builder * @@ -375,7 +355,7 @@ public Builder multivalued(@Nullable Output multivalued) { } /** - * @param multivalued Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * @param multivalued Indicates whether this attribute is a single value or an array of values. * * @return builder * @@ -385,7 +365,7 @@ public Builder multivalued(Boolean multivalued) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -396,7 +376,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -406,7 +386,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -417,7 +397,7 @@ public Builder realmId(Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -427,7 +407,7 @@ public Builder realmId(String realmId) { } /** - * @param realmRolePrefix A prefix for each Realm Role. + * @param realmRolePrefix Prefix that will be added to each realm role. * * @return builder * @@ -438,7 +418,7 @@ public Builder realmRolePrefix(@Nullable Output realmRolePrefix) { } /** - * @param realmRolePrefix A prefix for each Realm Role. + * @param realmRolePrefix Prefix that will be added to each realm role. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java index b9778eb8..0e1e8dec 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java @@ -24,7 +24,10 @@ * multiple different clients. * * ## Example Usage + * * ### Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -74,7 +77,11 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> + * * ### Client Scope) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -120,18 +127,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/AudienceProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/AudienceProtocolMapperState.java index cb1f87f1..b47fd6f4 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/AudienceProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/AudienceProtocolMapperState.java @@ -17,14 +17,14 @@ public final class AudienceProtocolMapperState extends com.pulumi.resources.Reso public static final AudienceProtocolMapperState Empty = new AudienceProtocolMapperState(); /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @return Indicates if this claim should be added to the access token. * */ public Optional> addToAccessToken() { @@ -32,14 +32,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @return Indicates if this claim should be added to the id token. * */ public Optional> addToIdToken() { @@ -47,14 +47,14 @@ public Optional> addToIdToken() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -62,14 +62,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -77,14 +77,14 @@ public Optional> clientScopeId() { } /** - * A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ @Import(name="includedClientAudience") private @Nullable Output includedClientAudience; /** - * @return A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @return A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ public Optional> includedClientAudience() { @@ -92,14 +92,14 @@ public Optional> includedClientAudience() { } /** - * A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ @Import(name="includedCustomAudience") private @Nullable Output includedCustomAudience; /** - * @return A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @return A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * */ public Optional> includedCustomAudience() { @@ -107,14 +107,14 @@ public Optional> includedCustomAudience() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -122,14 +122,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { @@ -168,7 +168,7 @@ public Builder(AudienceProtocolMapperState defaults) { } /** - * @param addToAccessToken Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @param addToAccessToken Indicates if this claim should be added to the access token. * * @return builder * @@ -179,7 +179,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @param addToAccessToken Indicates if this claim should be added to the access token. * * @return builder * @@ -189,7 +189,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @param addToIdToken Indicates if this claim should be added to the id token. * * @return builder * @@ -200,7 +200,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * @param addToIdToken Indicates if this claim should be added to the id token. * * @return builder * @@ -210,7 +210,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -221,7 +221,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -231,7 +231,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -242,7 +242,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -252,7 +252,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param includedClientAudience A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @param includedClientAudience A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * * @return builder * @@ -263,7 +263,7 @@ public Builder includedClientAudience(@Nullable Output includedClientAud } /** - * @param includedClientAudience A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @param includedClientAudience A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience * * @return builder * @@ -273,7 +273,7 @@ public Builder includedClientAudience(String includedClientAudience) { } /** - * @param includedCustomAudience A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @param includedCustomAudience A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * * @return builder * @@ -284,7 +284,7 @@ public Builder includedCustomAudience(@Nullable Output includedCustomAud } /** - * @param includedCustomAudience A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + * @param includedCustomAudience A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience * * @return builder * @@ -294,7 +294,7 @@ public Builder includedCustomAudience(String includedCustomAudience) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -305,7 +305,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -315,7 +315,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -326,7 +326,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientAuthenticationFlowBindingOverridesArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientAuthenticationFlowBindingOverridesArgs.java index 3913ab6d..0935aa54 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientAuthenticationFlowBindingOverridesArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientAuthenticationFlowBindingOverridesArgs.java @@ -15,32 +15,16 @@ public final class ClientAuthenticationFlowBindingOverridesArgs extends com.pulu public static final ClientAuthenticationFlowBindingOverridesArgs Empty = new ClientAuthenticationFlowBindingOverridesArgs(); - /** - * Browser flow id, (flow needs to exist) - * - */ @Import(name="browserId") private @Nullable Output browserId; - /** - * @return Browser flow id, (flow needs to exist) - * - */ public Optional> browserId() { return Optional.ofNullable(this.browserId); } - /** - * Direct grant flow id (flow needs to exist) - * - */ @Import(name="directGrantId") private @Nullable Output directGrantId; - /** - * @return Direct grant flow id (flow needs to exist) - * - */ public Optional> directGrantId() { return Optional.ofNullable(this.directGrantId); } @@ -70,44 +54,20 @@ public Builder(ClientAuthenticationFlowBindingOverridesArgs defaults) { $ = new ClientAuthenticationFlowBindingOverridesArgs(Objects.requireNonNull(defaults)); } - /** - * @param browserId Browser flow id, (flow needs to exist) - * - * @return builder - * - */ public Builder browserId(@Nullable Output browserId) { $.browserId = browserId; return this; } - /** - * @param browserId Browser flow id, (flow needs to exist) - * - * @return builder - * - */ public Builder browserId(String browserId) { return browserId(Output.of(browserId)); } - /** - * @param directGrantId Direct grant flow id (flow needs to exist) - * - * @return builder - * - */ public Builder directGrantId(@Nullable Output directGrantId) { $.directGrantId = directGrantId; return this; } - /** - * @param directGrantId Direct grant flow id (flow needs to exist) - * - * @return builder - * - */ public Builder directGrantId(String directGrantId) { return directGrantId(Output.of(directGrantId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientAuthorizationArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientAuthorizationArgs.java index a9d13853..f584a151 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientAuthorizationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientAuthorizationArgs.java @@ -17,62 +17,30 @@ public final class ClientAuthorizationArgs extends com.pulumi.resources.Resource public static final ClientAuthorizationArgs Empty = new ClientAuthorizationArgs(); - /** - * When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - * - */ @Import(name="allowRemoteResourceManagement") private @Nullable Output allowRemoteResourceManagement; - /** - * @return When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - * - */ public Optional> allowRemoteResourceManagement() { return Optional.ofNullable(this.allowRemoteResourceManagement); } - /** - * Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - * - */ @Import(name="decisionStrategy") private @Nullable Output decisionStrategy; - /** - * @return Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - * - */ public Optional> decisionStrategy() { return Optional.ofNullable(this.decisionStrategy); } - /** - * When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - * - */ @Import(name="keepDefaults") private @Nullable Output keepDefaults; - /** - * @return When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - * - */ public Optional> keepDefaults() { return Optional.ofNullable(this.keepDefaults); } - /** - * Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - * - */ @Import(name="policyEnforcementMode", required=true) private Output policyEnforcementMode; - /** - * @return Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - * - */ public Output policyEnforcementMode() { return this.policyEnforcementMode; } @@ -104,86 +72,38 @@ public Builder(ClientAuthorizationArgs defaults) { $ = new ClientAuthorizationArgs(Objects.requireNonNull(defaults)); } - /** - * @param allowRemoteResourceManagement When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - * - * @return builder - * - */ public Builder allowRemoteResourceManagement(@Nullable Output allowRemoteResourceManagement) { $.allowRemoteResourceManagement = allowRemoteResourceManagement; return this; } - /** - * @param allowRemoteResourceManagement When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - * - * @return builder - * - */ public Builder allowRemoteResourceManagement(Boolean allowRemoteResourceManagement) { return allowRemoteResourceManagement(Output.of(allowRemoteResourceManagement)); } - /** - * @param decisionStrategy Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - * - * @return builder - * - */ public Builder decisionStrategy(@Nullable Output decisionStrategy) { $.decisionStrategy = decisionStrategy; return this; } - /** - * @param decisionStrategy Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - * - * @return builder - * - */ public Builder decisionStrategy(String decisionStrategy) { return decisionStrategy(Output.of(decisionStrategy)); } - /** - * @param keepDefaults When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - * - * @return builder - * - */ public Builder keepDefaults(@Nullable Output keepDefaults) { $.keepDefaults = keepDefaults; return this; } - /** - * @param keepDefaults When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - * - * @return builder - * - */ public Builder keepDefaults(Boolean keepDefaults) { return keepDefaults(Output.of(keepDefaults)); } - /** - * @param policyEnforcementMode Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - * - * @return builder - * - */ public Builder policyEnforcementMode(Output policyEnforcementMode) { $.policyEnforcementMode = policyEnforcementMode; return this; } - /** - * @param policyEnforcementMode Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - * - * @return builder - * - */ public Builder policyEnforcementMode(String policyEnforcementMode) { return policyEnforcementMode(Output.of(policyEnforcementMode)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientDefaultScopesState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientDefaultScopesState.java index eb64c596..b8e00334 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientDefaultScopesState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientDefaultScopesState.java @@ -16,47 +16,23 @@ public final class ClientDefaultScopesState extends com.pulumi.resources.Resourc public static final ClientDefaultScopesState Empty = new ClientDefaultScopesState(); - /** - * The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * An array of client scope names to attach to this client. - * - */ @Import(name="defaultScopes") private @Nullable Output> defaultScopes; - /** - * @return An array of client scope names to attach to this client. - * - */ public Optional>> defaultScopes() { return Optional.ofNullable(this.defaultScopes); } - /** - * The realm this client and scopes exists in. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this client and scopes exists in. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } @@ -87,75 +63,33 @@ public Builder(ClientDefaultScopesState defaults) { $ = new ClientDefaultScopesState(Objects.requireNonNull(defaults)); } - /** - * @param clientId The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param defaultScopes An array of client scope names to attach to this client. - * - * @return builder - * - */ public Builder defaultScopes(@Nullable Output> defaultScopes) { $.defaultScopes = defaultScopes; return this; } - /** - * @param defaultScopes An array of client scope names to attach to this client. - * - * @return builder - * - */ public Builder defaultScopes(List defaultScopes) { return defaultScopes(Output.of(defaultScopes)); } - /** - * @param defaultScopes An array of client scope names to attach to this client. - * - * @return builder - * - */ public Builder defaultScopes(String... defaultScopes) { return defaultScopes(List.of(defaultScopes)); } - /** - * @param realmId The realm this client and scopes exists in. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client and scopes exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientOptionalScopesState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientOptionalScopesState.java index 2fd783a6..b769d2ce 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientOptionalScopesState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientOptionalScopesState.java @@ -16,47 +16,23 @@ public final class ClientOptionalScopesState extends com.pulumi.resources.Resour public static final ClientOptionalScopesState Empty = new ClientOptionalScopesState(); - /** - * The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * An array of client scope names to attach to this client as optional scopes. - * - */ @Import(name="optionalScopes") private @Nullable Output> optionalScopes; - /** - * @return An array of client scope names to attach to this client as optional scopes. - * - */ public Optional>> optionalScopes() { return Optional.ofNullable(this.optionalScopes); } - /** - * The realm this client and scopes exists in. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this client and scopes exists in. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } @@ -87,75 +63,33 @@ public Builder(ClientOptionalScopesState defaults) { $ = new ClientOptionalScopesState(Objects.requireNonNull(defaults)); } - /** - * @param clientId The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param optionalScopes An array of client scope names to attach to this client as optional scopes. - * - * @return builder - * - */ public Builder optionalScopes(@Nullable Output> optionalScopes) { $.optionalScopes = optionalScopes; return this; } - /** - * @param optionalScopes An array of client scope names to attach to this client as optional scopes. - * - * @return builder - * - */ public Builder optionalScopes(List optionalScopes) { return optionalScopes(Output.of(optionalScopes)); } - /** - * @param optionalScopes An array of client scope names to attach to this client as optional scopes. - * - * @return builder - * - */ public Builder optionalScopes(String... optionalScopes) { return optionalScopes(List.of(optionalScopes)); } - /** - * @param realmId The realm this client and scopes exists in. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client and scopes exists in. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientScopeState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientScopeState.java index f11fec55..8a34e9ba 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientScopeState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientScopeState.java @@ -17,92 +17,44 @@ public final class ClientScopeState extends com.pulumi.resources.ResourceArgs { public static final ClientScopeState Empty = new ClientScopeState(); - /** - * When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - */ @Import(name="consentScreenText") private @Nullable Output consentScreenText; - /** - * @return When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - */ public Optional> consentScreenText() { return Optional.ofNullable(this.consentScreenText); } - /** - * The description of this client scope in the GUI. - * - */ @Import(name="description") private @Nullable Output description; - /** - * @return The description of this client scope in the GUI. - * - */ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * Specify order of the client scope in GUI (such as in Consent page) as integer. - * - */ @Import(name="guiOrder") private @Nullable Output guiOrder; - /** - * @return Specify order of the client scope in GUI (such as in Consent page) as integer. - * - */ public Optional> guiOrder() { return Optional.ofNullable(this.guiOrder); } - /** - * When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - */ @Import(name="includeInTokenScope") private @Nullable Output includeInTokenScope; - /** - * @return When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - */ public Optional> includeInTokenScope() { return Optional.ofNullable(this.includeInTokenScope); } - /** - * The display name of this client scope in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this client scope in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The realm this client scope belongs to. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this client scope belongs to. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } @@ -136,128 +88,56 @@ public Builder(ClientScopeState defaults) { $ = new ClientScopeState(Objects.requireNonNull(defaults)); } - /** - * @param consentScreenText When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - * @return builder - * - */ public Builder consentScreenText(@Nullable Output consentScreenText) { $.consentScreenText = consentScreenText; return this; } - /** - * @param consentScreenText When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - * - * @return builder - * - */ public Builder consentScreenText(String consentScreenText) { return consentScreenText(Output.of(consentScreenText)); } - /** - * @param description The description of this client scope in the GUI. - * - * @return builder - * - */ public Builder description(@Nullable Output description) { $.description = description; return this; } - /** - * @param description The description of this client scope in the GUI. - * - * @return builder - * - */ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param guiOrder Specify order of the client scope in GUI (such as in Consent page) as integer. - * - * @return builder - * - */ public Builder guiOrder(@Nullable Output guiOrder) { $.guiOrder = guiOrder; return this; } - /** - * @param guiOrder Specify order of the client scope in GUI (such as in Consent page) as integer. - * - * @return builder - * - */ public Builder guiOrder(Integer guiOrder) { return guiOrder(Output.of(guiOrder)); } - /** - * @param includeInTokenScope When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - * @return builder - * - */ public Builder includeInTokenScope(@Nullable Output includeInTokenScope) { $.includeInTokenScope = includeInTokenScope; return this; } - /** - * @param includeInTokenScope When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - * - * @return builder - * - */ public Builder includeInTokenScope(Boolean includeInTokenScope) { return includeInTokenScope(Output.of(includeInTokenScope)); } - /** - * @param name The display name of this client scope in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this client scope in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this client scope belongs to. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client scope belongs to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientState.java index 4b24ffc6..6bfa8267 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientState.java @@ -21,355 +21,163 @@ public final class ClientState extends com.pulumi.resources.ResourceArgs { public static final ClientState Empty = new ClientState(); - /** - * The amount of time in seconds before an access token expires. This will override the default for the realm. - * - */ @Import(name="accessTokenLifespan") private @Nullable Output accessTokenLifespan; - /** - * @return The amount of time in seconds before an access token expires. This will override the default for the realm. - * - */ public Optional> accessTokenLifespan() { return Optional.ofNullable(this.accessTokenLifespan); } - /** - * Specifies the type of client, which can be one of the following: - * - */ @Import(name="accessType") private @Nullable Output accessType; - /** - * @return Specifies the type of client, which can be one of the following: - * - */ public Optional> accessType() { return Optional.ofNullable(this.accessType); } - /** - * URL to the admin interface of the client. - * - */ @Import(name="adminUrl") private @Nullable Output adminUrl; - /** - * @return URL to the admin interface of the client. - * - */ public Optional> adminUrl() { return Optional.ofNullable(this.adminUrl); } - /** - * Override realm authentication flow bindings - * - */ @Import(name="authenticationFlowBindingOverrides") private @Nullable Output authenticationFlowBindingOverrides; - /** - * @return Override realm authentication flow bindings - * - */ public Optional> authenticationFlowBindingOverrides() { return Optional.ofNullable(this.authenticationFlowBindingOverrides); } - /** - * When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - */ @Import(name="authorization") private @Nullable Output authorization; - /** - * @return When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - */ public Optional> authorization() { return Optional.ofNullable(this.authorization); } - /** - * Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - */ @Import(name="backchannelLogoutRevokeOfflineSessions") private @Nullable Output backchannelLogoutRevokeOfflineSessions; - /** - * @return Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - */ public Optional> backchannelLogoutRevokeOfflineSessions() { return Optional.ofNullable(this.backchannelLogoutRevokeOfflineSessions); } - /** - * When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - */ @Import(name="backchannelLogoutSessionRequired") private @Nullable Output backchannelLogoutSessionRequired; - /** - * @return When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - */ public Optional> backchannelLogoutSessionRequired() { return Optional.ofNullable(this.backchannelLogoutSessionRequired); } - /** - * The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - */ @Import(name="backchannelLogoutUrl") private @Nullable Output backchannelLogoutUrl; - /** - * @return The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - */ public Optional> backchannelLogoutUrl() { return Optional.ofNullable(this.backchannelLogoutUrl); } - /** - * Default URL to use when the auth server needs to redirect or link back to the client. - * - */ @Import(name="baseUrl") private @Nullable Output baseUrl; - /** - * @return Default URL to use when the auth server needs to redirect or link back to the client. - * - */ public Optional> baseUrl() { return Optional.ofNullable(this.baseUrl); } - /** - * Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - */ @Import(name="clientAuthenticatorType") private @Nullable Output clientAuthenticatorType; - /** - * @return Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - */ public Optional> clientAuthenticatorType() { return Optional.ofNullable(this.clientAuthenticatorType); } - /** - * The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - */ @Import(name="clientOfflineSessionIdleTimeout") private @Nullable Output clientOfflineSessionIdleTimeout; - /** - * @return Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - */ public Optional> clientOfflineSessionIdleTimeout() { return Optional.ofNullable(this.clientOfflineSessionIdleTimeout); } - /** - * Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - */ @Import(name="clientOfflineSessionMaxLifespan") private @Nullable Output clientOfflineSessionMaxLifespan; - /** - * @return Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - */ public Optional> clientOfflineSessionMaxLifespan() { return Optional.ofNullable(this.clientOfflineSessionMaxLifespan); } - /** - * The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - */ @Import(name="clientSecret") private @Nullable Output clientSecret; - /** - * @return The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - */ public Optional> clientSecret() { return Optional.ofNullable(this.clientSecret); } - /** - * Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - */ @Import(name="clientSessionIdleTimeout") private @Nullable Output clientSessionIdleTimeout; - /** - * @return Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - */ public Optional> clientSessionIdleTimeout() { return Optional.ofNullable(this.clientSessionIdleTimeout); } - /** - * Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - */ @Import(name="clientSessionMaxLifespan") private @Nullable Output clientSessionMaxLifespan; - /** - * @return Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - */ public Optional> clientSessionMaxLifespan() { return Optional.ofNullable(this.clientSessionMaxLifespan); } - /** - * When `true`, users have to consent to client access. Defaults to `false`. - * - */ @Import(name="consentRequired") private @Nullable Output consentRequired; - /** - * @return When `true`, users have to consent to client access. Defaults to `false`. - * - */ public Optional> consentRequired() { return Optional.ofNullable(this.consentRequired); } - /** - * The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - */ @Import(name="consentScreenText") private @Nullable Output consentScreenText; - /** - * @return The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - */ public Optional> consentScreenText() { return Optional.ofNullable(this.consentScreenText); } - /** - * The description of this client in the GUI. - * - */ @Import(name="description") private @Nullable Output description; - /** - * @return The description of this client in the GUI. - * - */ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - */ @Import(name="directAccessGrantsEnabled") private @Nullable Output directAccessGrantsEnabled; - /** - * @return When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - */ public Optional> directAccessGrantsEnabled() { return Optional.ofNullable(this.directAccessGrantsEnabled); } - /** - * When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - */ @Import(name="displayOnConsentScreen") private @Nullable Output displayOnConsentScreen; - /** - * @return When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - */ public Optional> displayOnConsentScreen() { return Optional.ofNullable(this.displayOnConsentScreen); } - /** - * When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ @Import(name="enabled") private @Nullable Output enabled; - /** - * @return When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ public Optional> enabled() { return Optional.ofNullable(this.enabled); } - /** - * When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - */ @Import(name="excludeSessionStateFromAuthResponse") private @Nullable Output excludeSessionStateFromAuthResponse; - /** - * @return When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - */ public Optional> excludeSessionStateFromAuthResponse() { return Optional.ofNullable(this.excludeSessionStateFromAuthResponse); } @@ -381,336 +189,156 @@ public Optional>> extraConfig() { return Optional.ofNullable(this.extraConfig); } - /** - * When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - */ @Import(name="frontchannelLogoutEnabled") private @Nullable Output frontchannelLogoutEnabled; - /** - * @return When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - */ public Optional> frontchannelLogoutEnabled() { return Optional.ofNullable(this.frontchannelLogoutEnabled); } - /** - * The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - */ @Import(name="frontchannelLogoutUrl") private @Nullable Output frontchannelLogoutUrl; - /** - * @return The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - */ public Optional> frontchannelLogoutUrl() { return Optional.ofNullable(this.frontchannelLogoutUrl); } - /** - * Allow to include all roles mappings in the access token. - * - */ @Import(name="fullScopeAllowed") private @Nullable Output fullScopeAllowed; - /** - * @return Allow to include all roles mappings in the access token. - * - */ public Optional> fullScopeAllowed() { return Optional.ofNullable(this.fullScopeAllowed); } - /** - * When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - */ @Import(name="implicitFlowEnabled") private @Nullable Output implicitFlowEnabled; - /** - * @return When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - */ public Optional> implicitFlowEnabled() { return Optional.ofNullable(this.implicitFlowEnabled); } - /** - * When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - */ @Import(name="import") private @Nullable Output import_; - /** - * @return When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - */ public Optional> import_() { return Optional.ofNullable(this.import_); } - /** - * The client login theme. This will override the default theme for the realm. - * - */ @Import(name="loginTheme") private @Nullable Output loginTheme; - /** - * @return The client login theme. This will override the default theme for the realm. - * - */ public Optional> loginTheme() { return Optional.ofNullable(this.loginTheme); } - /** - * The display name of this client in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this client in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - */ @Import(name="oauth2DeviceAuthorizationGrantEnabled") private @Nullable Output oauth2DeviceAuthorizationGrantEnabled; - /** - * @return Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - */ public Optional> oauth2DeviceAuthorizationGrantEnabled() { return Optional.ofNullable(this.oauth2DeviceAuthorizationGrantEnabled); } - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - */ @Import(name="oauth2DeviceCodeLifespan") private @Nullable Output oauth2DeviceCodeLifespan; - /** - * @return The maximum amount of time a client has to finish the device code flow before it expires. - * - */ public Optional> oauth2DeviceCodeLifespan() { return Optional.ofNullable(this.oauth2DeviceCodeLifespan); } - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ @Import(name="oauth2DevicePollingInterval") private @Nullable Output oauth2DevicePollingInterval; - /** - * @return The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - */ public Optional> oauth2DevicePollingInterval() { return Optional.ofNullable(this.oauth2DevicePollingInterval); } - /** - * The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - */ @Import(name="pkceCodeChallengeMethod") private @Nullable Output pkceCodeChallengeMethod; - /** - * @return The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - */ public Optional> pkceCodeChallengeMethod() { return Optional.ofNullable(this.pkceCodeChallengeMethod); } - /** - * The realm this client is attached to. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this client is attached to. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - * - */ @Import(name="resourceServerId") private @Nullable Output resourceServerId; - /** - * @return (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - * - */ public Optional> resourceServerId() { return Optional.ofNullable(this.resourceServerId); } - /** - * When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - */ @Import(name="rootUrl") private @Nullable Output rootUrl; - /** - * @return When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - */ public Optional> rootUrl() { return Optional.ofNullable(this.rootUrl); } - /** - * (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - * - */ @Import(name="serviceAccountUserId") private @Nullable Output serviceAccountUserId; - /** - * @return (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - * - */ public Optional> serviceAccountUserId() { return Optional.ofNullable(this.serviceAccountUserId); } - /** - * When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - */ @Import(name="serviceAccountsEnabled") private @Nullable Output serviceAccountsEnabled; - /** - * @return When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - */ public Optional> serviceAccountsEnabled() { return Optional.ofNullable(this.serviceAccountsEnabled); } - /** - * When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - */ @Import(name="standardFlowEnabled") private @Nullable Output standardFlowEnabled; - /** - * @return When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - */ public Optional> standardFlowEnabled() { return Optional.ofNullable(this.standardFlowEnabled); } - /** - * If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - */ @Import(name="useRefreshTokens") private @Nullable Output useRefreshTokens; - /** - * @return If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - */ public Optional> useRefreshTokens() { return Optional.ofNullable(this.useRefreshTokens); } - /** - * If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - */ @Import(name="useRefreshTokensClientCredentials") private @Nullable Output useRefreshTokensClientCredentials; - /** - * @return If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - */ public Optional> useRefreshTokensClientCredentials() { return Optional.ofNullable(this.useRefreshTokensClientCredentials); } - /** - * A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - */ @Import(name="validPostLogoutRedirectUris") private @Nullable Output> validPostLogoutRedirectUris; - /** - * @return A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - */ public Optional>> validPostLogoutRedirectUris() { return Optional.ofNullable(this.validPostLogoutRedirectUris); } - /** - * A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - */ @Import(name="validRedirectUris") private @Nullable Output> validRedirectUris; - /** - * @return A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - */ public Optional>> validRedirectUris() { return Optional.ofNullable(this.validRedirectUris); } - /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - */ @Import(name="webOrigins") private @Nullable Output> webOrigins; - /** - * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - */ public Optional>> webOrigins() { return Optional.ofNullable(this.webOrigins); } @@ -784,493 +412,209 @@ public Builder(ClientState defaults) { $ = new ClientState(Objects.requireNonNull(defaults)); } - /** - * @param accessTokenLifespan The amount of time in seconds before an access token expires. This will override the default for the realm. - * - * @return builder - * - */ public Builder accessTokenLifespan(@Nullable Output accessTokenLifespan) { $.accessTokenLifespan = accessTokenLifespan; return this; } - /** - * @param accessTokenLifespan The amount of time in seconds before an access token expires. This will override the default for the realm. - * - * @return builder - * - */ public Builder accessTokenLifespan(String accessTokenLifespan) { return accessTokenLifespan(Output.of(accessTokenLifespan)); } - /** - * @param accessType Specifies the type of client, which can be one of the following: - * - * @return builder - * - */ public Builder accessType(@Nullable Output accessType) { $.accessType = accessType; return this; } - /** - * @param accessType Specifies the type of client, which can be one of the following: - * - * @return builder - * - */ public Builder accessType(String accessType) { return accessType(Output.of(accessType)); } - /** - * @param adminUrl URL to the admin interface of the client. - * - * @return builder - * - */ public Builder adminUrl(@Nullable Output adminUrl) { $.adminUrl = adminUrl; return this; } - /** - * @param adminUrl URL to the admin interface of the client. - * - * @return builder - * - */ public Builder adminUrl(String adminUrl) { return adminUrl(Output.of(adminUrl)); } - /** - * @param authenticationFlowBindingOverrides Override realm authentication flow bindings - * - * @return builder - * - */ public Builder authenticationFlowBindingOverrides(@Nullable Output authenticationFlowBindingOverrides) { $.authenticationFlowBindingOverrides = authenticationFlowBindingOverrides; return this; } - /** - * @param authenticationFlowBindingOverrides Override realm authentication flow bindings - * - * @return builder - * - */ public Builder authenticationFlowBindingOverrides(ClientAuthenticationFlowBindingOverridesArgs authenticationFlowBindingOverrides) { return authenticationFlowBindingOverrides(Output.of(authenticationFlowBindingOverrides)); } - /** - * @param authorization When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - * @return builder - * - */ public Builder authorization(@Nullable Output authorization) { $.authorization = authorization; return this; } - /** - * @param authorization When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - * - * @return builder - * - */ public Builder authorization(ClientAuthorizationArgs authorization) { return authorization(Output.of(authorization)); } - /** - * @param backchannelLogoutRevokeOfflineSessions Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - * @return builder - * - */ public Builder backchannelLogoutRevokeOfflineSessions(@Nullable Output backchannelLogoutRevokeOfflineSessions) { $.backchannelLogoutRevokeOfflineSessions = backchannelLogoutRevokeOfflineSessions; return this; } - /** - * @param backchannelLogoutRevokeOfflineSessions Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - * - * @return builder - * - */ public Builder backchannelLogoutRevokeOfflineSessions(Boolean backchannelLogoutRevokeOfflineSessions) { return backchannelLogoutRevokeOfflineSessions(Output.of(backchannelLogoutRevokeOfflineSessions)); } - /** - * @param backchannelLogoutSessionRequired When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - * @return builder - * - */ public Builder backchannelLogoutSessionRequired(@Nullable Output backchannelLogoutSessionRequired) { $.backchannelLogoutSessionRequired = backchannelLogoutSessionRequired; return this; } - /** - * @param backchannelLogoutSessionRequired When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - * - * @return builder - * - */ public Builder backchannelLogoutSessionRequired(Boolean backchannelLogoutSessionRequired) { return backchannelLogoutSessionRequired(Output.of(backchannelLogoutSessionRequired)); } - /** - * @param backchannelLogoutUrl The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - * @return builder - * - */ public Builder backchannelLogoutUrl(@Nullable Output backchannelLogoutUrl) { $.backchannelLogoutUrl = backchannelLogoutUrl; return this; } - /** - * @param backchannelLogoutUrl The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - * - * @return builder - * - */ public Builder backchannelLogoutUrl(String backchannelLogoutUrl) { return backchannelLogoutUrl(Output.of(backchannelLogoutUrl)); } - /** - * @param baseUrl Default URL to use when the auth server needs to redirect or link back to the client. - * - * @return builder - * - */ public Builder baseUrl(@Nullable Output baseUrl) { $.baseUrl = baseUrl; return this; } - /** - * @param baseUrl Default URL to use when the auth server needs to redirect or link back to the client. - * - * @return builder - * - */ public Builder baseUrl(String baseUrl) { return baseUrl(Output.of(baseUrl)); } - /** - * @param clientAuthenticatorType Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - * @return builder - * - */ public Builder clientAuthenticatorType(@Nullable Output clientAuthenticatorType) { $.clientAuthenticatorType = clientAuthenticatorType; return this; } - /** - * @param clientAuthenticatorType Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = <subjectDn>` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = <alg>` - * - * @return builder - * - */ public Builder clientAuthenticatorType(String clientAuthenticatorType) { return clientAuthenticatorType(Output.of(clientAuthenticatorType)); } - /** - * @param clientId The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The Client ID for this client, referenced in the URI during authentication and in issued tokens. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param clientOfflineSessionIdleTimeout Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - * @return builder - * - */ public Builder clientOfflineSessionIdleTimeout(@Nullable Output clientOfflineSessionIdleTimeout) { $.clientOfflineSessionIdleTimeout = clientOfflineSessionIdleTimeout; return this; } - /** - * @param clientOfflineSessionIdleTimeout Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - * - * @return builder - * - */ public Builder clientOfflineSessionIdleTimeout(String clientOfflineSessionIdleTimeout) { return clientOfflineSessionIdleTimeout(Output.of(clientOfflineSessionIdleTimeout)); } - /** - * @param clientOfflineSessionMaxLifespan Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - * @return builder - * - */ public Builder clientOfflineSessionMaxLifespan(@Nullable Output clientOfflineSessionMaxLifespan) { $.clientOfflineSessionMaxLifespan = clientOfflineSessionMaxLifespan; return this; } - /** - * @param clientOfflineSessionMaxLifespan Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - * - * @return builder - * - */ public Builder clientOfflineSessionMaxLifespan(String clientOfflineSessionMaxLifespan) { return clientOfflineSessionMaxLifespan(Output.of(clientOfflineSessionMaxLifespan)); } - /** - * @param clientSecret The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - * @return builder - * - */ public Builder clientSecret(@Nullable Output clientSecret) { $.clientSecret = clientSecret; return this; } - /** - * @param clientSecret The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - * - * @return builder - * - */ public Builder clientSecret(String clientSecret) { return clientSecret(Output.of(clientSecret)); } - /** - * @param clientSessionIdleTimeout Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - * @return builder - * - */ public Builder clientSessionIdleTimeout(@Nullable Output clientSessionIdleTimeout) { $.clientSessionIdleTimeout = clientSessionIdleTimeout; return this; } - /** - * @param clientSessionIdleTimeout Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - * - * @return builder - * - */ public Builder clientSessionIdleTimeout(String clientSessionIdleTimeout) { return clientSessionIdleTimeout(Output.of(clientSessionIdleTimeout)); } - /** - * @param clientSessionMaxLifespan Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - * @return builder - * - */ public Builder clientSessionMaxLifespan(@Nullable Output clientSessionMaxLifespan) { $.clientSessionMaxLifespan = clientSessionMaxLifespan; return this; } - /** - * @param clientSessionMaxLifespan Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - * - * @return builder - * - */ public Builder clientSessionMaxLifespan(String clientSessionMaxLifespan) { return clientSessionMaxLifespan(Output.of(clientSessionMaxLifespan)); } - /** - * @param consentRequired When `true`, users have to consent to client access. Defaults to `false`. - * - * @return builder - * - */ public Builder consentRequired(@Nullable Output consentRequired) { $.consentRequired = consentRequired; return this; } - /** - * @param consentRequired When `true`, users have to consent to client access. Defaults to `false`. - * - * @return builder - * - */ public Builder consentRequired(Boolean consentRequired) { return consentRequired(Output.of(consentRequired)); } - /** - * @param consentScreenText The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - * @return builder - * - */ public Builder consentScreenText(@Nullable Output consentScreenText) { $.consentScreenText = consentScreenText; return this; } - /** - * @param consentScreenText The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - * - * @return builder - * - */ public Builder consentScreenText(String consentScreenText) { return consentScreenText(Output.of(consentScreenText)); } - /** - * @param description The description of this client in the GUI. - * - * @return builder - * - */ public Builder description(@Nullable Output description) { $.description = description; return this; } - /** - * @param description The description of this client in the GUI. - * - * @return builder - * - */ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param directAccessGrantsEnabled When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder directAccessGrantsEnabled(@Nullable Output directAccessGrantsEnabled) { $.directAccessGrantsEnabled = directAccessGrantsEnabled; return this; } - /** - * @param directAccessGrantsEnabled When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder directAccessGrantsEnabled(Boolean directAccessGrantsEnabled) { return directAccessGrantsEnabled(Output.of(directAccessGrantsEnabled)); } - /** - * @param displayOnConsentScreen When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - * @return builder - * - */ public Builder displayOnConsentScreen(@Nullable Output displayOnConsentScreen) { $.displayOnConsentScreen = displayOnConsentScreen; return this; } - /** - * @param displayOnConsentScreen When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - * - * @return builder - * - */ public Builder displayOnConsentScreen(Boolean displayOnConsentScreen) { return displayOnConsentScreen(Output.of(displayOnConsentScreen)); } - /** - * @param enabled When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(@Nullable Output enabled) { $.enabled = enabled; return this; } - /** - * @param enabled When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(Boolean enabled) { return enabled(Output.of(enabled)); } - /** - * @param excludeSessionStateFromAuthResponse When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - * @return builder - * - */ public Builder excludeSessionStateFromAuthResponse(@Nullable Output excludeSessionStateFromAuthResponse) { $.excludeSessionStateFromAuthResponse = excludeSessionStateFromAuthResponse; return this; } - /** - * @param excludeSessionStateFromAuthResponse When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - * - * @return builder - * - */ public Builder excludeSessionStateFromAuthResponse(Boolean excludeSessionStateFromAuthResponse) { return excludeSessionStateFromAuthResponse(Output.of(excludeSessionStateFromAuthResponse)); } @@ -1284,500 +628,212 @@ public Builder extraConfig(Map extraConfig) { return extraConfig(Output.of(extraConfig)); } - /** - * @param frontchannelLogoutEnabled When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - * @return builder - * - */ public Builder frontchannelLogoutEnabled(@Nullable Output frontchannelLogoutEnabled) { $.frontchannelLogoutEnabled = frontchannelLogoutEnabled; return this; } - /** - * @param frontchannelLogoutEnabled When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - * - * @return builder - * - */ public Builder frontchannelLogoutEnabled(Boolean frontchannelLogoutEnabled) { return frontchannelLogoutEnabled(Output.of(frontchannelLogoutEnabled)); } - /** - * @param frontchannelLogoutUrl The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - * @return builder - * - */ public Builder frontchannelLogoutUrl(@Nullable Output frontchannelLogoutUrl) { $.frontchannelLogoutUrl = frontchannelLogoutUrl; return this; } - /** - * @param frontchannelLogoutUrl The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - * - * @return builder - * - */ public Builder frontchannelLogoutUrl(String frontchannelLogoutUrl) { return frontchannelLogoutUrl(Output.of(frontchannelLogoutUrl)); } - /** - * @param fullScopeAllowed Allow to include all roles mappings in the access token. - * - * @return builder - * - */ public Builder fullScopeAllowed(@Nullable Output fullScopeAllowed) { $.fullScopeAllowed = fullScopeAllowed; return this; } - /** - * @param fullScopeAllowed Allow to include all roles mappings in the access token. - * - * @return builder - * - */ public Builder fullScopeAllowed(Boolean fullScopeAllowed) { return fullScopeAllowed(Output.of(fullScopeAllowed)); } - /** - * @param implicitFlowEnabled When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder implicitFlowEnabled(@Nullable Output implicitFlowEnabled) { $.implicitFlowEnabled = implicitFlowEnabled; return this; } - /** - * @param implicitFlowEnabled When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder implicitFlowEnabled(Boolean implicitFlowEnabled) { return implicitFlowEnabled(Output.of(implicitFlowEnabled)); } - /** - * @param import_ When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - * @return builder - * - */ public Builder import_(@Nullable Output import_) { $.import_ = import_; return this; } - /** - * @param import_ When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - * - * @return builder - * - */ public Builder import_(Boolean import_) { return import_(Output.of(import_)); } - /** - * @param loginTheme The client login theme. This will override the default theme for the realm. - * - * @return builder - * - */ public Builder loginTheme(@Nullable Output loginTheme) { $.loginTheme = loginTheme; return this; } - /** - * @param loginTheme The client login theme. This will override the default theme for the realm. - * - * @return builder - * - */ public Builder loginTheme(String loginTheme) { return loginTheme(Output.of(loginTheme)); } - /** - * @param name The display name of this client in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this client in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param oauth2DeviceAuthorizationGrantEnabled Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - * @return builder - * - */ public Builder oauth2DeviceAuthorizationGrantEnabled(@Nullable Output oauth2DeviceAuthorizationGrantEnabled) { $.oauth2DeviceAuthorizationGrantEnabled = oauth2DeviceAuthorizationGrantEnabled; return this; } - /** - * @param oauth2DeviceAuthorizationGrantEnabled Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - * - * @return builder - * - */ public Builder oauth2DeviceAuthorizationGrantEnabled(Boolean oauth2DeviceAuthorizationGrantEnabled) { return oauth2DeviceAuthorizationGrantEnabled(Output.of(oauth2DeviceAuthorizationGrantEnabled)); } - /** - * @param oauth2DeviceCodeLifespan The maximum amount of time a client has to finish the device code flow before it expires. - * - * @return builder - * - */ public Builder oauth2DeviceCodeLifespan(@Nullable Output oauth2DeviceCodeLifespan) { $.oauth2DeviceCodeLifespan = oauth2DeviceCodeLifespan; return this; } - /** - * @param oauth2DeviceCodeLifespan The maximum amount of time a client has to finish the device code flow before it expires. - * - * @return builder - * - */ public Builder oauth2DeviceCodeLifespan(String oauth2DeviceCodeLifespan) { return oauth2DeviceCodeLifespan(Output.of(oauth2DeviceCodeLifespan)); } - /** - * @param oauth2DevicePollingInterval The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - * @return builder - * - */ public Builder oauth2DevicePollingInterval(@Nullable Output oauth2DevicePollingInterval) { $.oauth2DevicePollingInterval = oauth2DevicePollingInterval; return this; } - /** - * @param oauth2DevicePollingInterval The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - * - * @return builder - * - */ public Builder oauth2DevicePollingInterval(String oauth2DevicePollingInterval) { return oauth2DevicePollingInterval(Output.of(oauth2DevicePollingInterval)); } - /** - * @param pkceCodeChallengeMethod The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - * @return builder - * - */ public Builder pkceCodeChallengeMethod(@Nullable Output pkceCodeChallengeMethod) { $.pkceCodeChallengeMethod = pkceCodeChallengeMethod; return this; } - /** - * @param pkceCodeChallengeMethod The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - * - * @return builder - * - */ public Builder pkceCodeChallengeMethod(String pkceCodeChallengeMethod) { return pkceCodeChallengeMethod(Output.of(pkceCodeChallengeMethod)); } - /** - * @param realmId The realm this client is attached to. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client is attached to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param resourceServerId (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - * - * @return builder - * - */ public Builder resourceServerId(@Nullable Output resourceServerId) { $.resourceServerId = resourceServerId; return this; } - /** - * @param resourceServerId (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - * - * @return builder - * - */ public Builder resourceServerId(String resourceServerId) { return resourceServerId(Output.of(resourceServerId)); } - /** - * @param rootUrl When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - * @return builder - * - */ public Builder rootUrl(@Nullable Output rootUrl) { $.rootUrl = rootUrl; return this; } - /** - * @param rootUrl When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - * - * @return builder - * - */ public Builder rootUrl(String rootUrl) { return rootUrl(Output.of(rootUrl)); } - /** - * @param serviceAccountUserId (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - * - * @return builder - * - */ public Builder serviceAccountUserId(@Nullable Output serviceAccountUserId) { $.serviceAccountUserId = serviceAccountUserId; return this; } - /** - * @param serviceAccountUserId (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - * - * @return builder - * - */ public Builder serviceAccountUserId(String serviceAccountUserId) { return serviceAccountUserId(Output.of(serviceAccountUserId)); } - /** - * @param serviceAccountsEnabled When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder serviceAccountsEnabled(@Nullable Output serviceAccountsEnabled) { $.serviceAccountsEnabled = serviceAccountsEnabled; return this; } - /** - * @param serviceAccountsEnabled When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder serviceAccountsEnabled(Boolean serviceAccountsEnabled) { return serviceAccountsEnabled(Output.of(serviceAccountsEnabled)); } - /** - * @param standardFlowEnabled When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder standardFlowEnabled(@Nullable Output standardFlowEnabled) { $.standardFlowEnabled = standardFlowEnabled; return this; } - /** - * @param standardFlowEnabled When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - * - * @return builder - * - */ public Builder standardFlowEnabled(Boolean standardFlowEnabled) { return standardFlowEnabled(Output.of(standardFlowEnabled)); } - /** - * @param useRefreshTokens If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - * @return builder - * - */ public Builder useRefreshTokens(@Nullable Output useRefreshTokens) { $.useRefreshTokens = useRefreshTokens; return this; } - /** - * @param useRefreshTokens If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - * - * @return builder - * - */ public Builder useRefreshTokens(Boolean useRefreshTokens) { return useRefreshTokens(Output.of(useRefreshTokens)); } - /** - * @param useRefreshTokensClientCredentials If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - * @return builder - * - */ public Builder useRefreshTokensClientCredentials(@Nullable Output useRefreshTokensClientCredentials) { $.useRefreshTokensClientCredentials = useRefreshTokensClientCredentials; return this; } - /** - * @param useRefreshTokensClientCredentials If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - * - * @return builder - * - */ public Builder useRefreshTokensClientCredentials(Boolean useRefreshTokensClientCredentials) { return useRefreshTokensClientCredentials(Output.of(useRefreshTokensClientCredentials)); } - /** - * @param validPostLogoutRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - * @return builder - * - */ public Builder validPostLogoutRedirectUris(@Nullable Output> validPostLogoutRedirectUris) { $.validPostLogoutRedirectUris = validPostLogoutRedirectUris; return this; } - /** - * @param validPostLogoutRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - * @return builder - * - */ public Builder validPostLogoutRedirectUris(List validPostLogoutRedirectUris) { return validPostLogoutRedirectUris(Output.of(validPostLogoutRedirectUris)); } - /** - * @param validPostLogoutRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful logout. - * - * @return builder - * - */ public Builder validPostLogoutRedirectUris(String... validPostLogoutRedirectUris) { return validPostLogoutRedirectUris(List.of(validPostLogoutRedirectUris)); } - /** - * @param validRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - * @return builder - * - */ public Builder validRedirectUris(@Nullable Output> validRedirectUris) { $.validRedirectUris = validRedirectUris; return this; } - /** - * @param validRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - * @return builder - * - */ public Builder validRedirectUris(List validRedirectUris) { return validRedirectUris(Output.of(validRedirectUris)); } - /** - * @param validRedirectUris A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - * is set to `true`. - * - * @return builder - * - */ public Builder validRedirectUris(String... validRedirectUris) { return validRedirectUris(List.of(validRedirectUris)); } - /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - * @return builder - * - */ public Builder webOrigins(@Nullable Output> webOrigins) { $.webOrigins = webOrigins; return this; } - /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - * @return builder - * - */ public Builder webOrigins(List webOrigins) { return webOrigins(Output.of(webOrigins)); } - /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - * - * @return builder - * - */ public Builder webOrigins(String... webOrigins) { return webOrigins(List.of(webOrigins)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/FullNameProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/FullNameProtocolMapperState.java index 9a795784..60924624 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/FullNameProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/FullNameProtocolMapperState.java @@ -16,60 +16,36 @@ public final class FullNameProtocolMapperState extends com.pulumi.resources.Reso public static final FullNameProtocolMapperState Empty = new FullNameProtocolMapperState(); - /** - * Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; - /** - * @return Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - */ public Optional> addToAccessToken() { return Optional.ofNullable(this.addToAccessToken); } - /** - * Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; - /** - * @return Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - */ public Optional> addToIdToken() { return Optional.ofNullable(this.addToIdToken); } - /** - * Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; - /** - * @return Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -77,14 +53,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -92,14 +68,14 @@ public Optional> clientScopeId() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -107,14 +83,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { @@ -151,71 +127,35 @@ public Builder(FullNameProtocolMapperState defaults) { $ = new FullNameProtocolMapperState(Objects.requireNonNull(defaults)); } - /** - * @param addToAccessToken Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToAccessToken(@Nullable Output addToAccessToken) { $.addToAccessToken = addToAccessToken; return this; } - /** - * @param addToAccessToken Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToAccessToken(Boolean addToAccessToken) { return addToAccessToken(Output.of(addToAccessToken)); } - /** - * @param addToIdToken Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToIdToken(@Nullable Output addToIdToken) { $.addToIdToken = addToIdToken; return this; } - /** - * @param addToIdToken Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToIdToken(Boolean addToIdToken) { return addToIdToken(Output.of(addToIdToken)); } - /** - * @param addToUserinfo Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - * @return builder - * - */ public Builder addToUserinfo(@Nullable Output addToUserinfo) { $.addToUserinfo = addToUserinfo; return this; } - /** - * @param addToUserinfo Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - * - * @return builder - * - */ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -226,7 +166,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -236,7 +176,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -247,7 +187,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -257,7 +197,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -268,7 +208,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -278,7 +218,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -289,7 +229,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GetClientArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GetClientArgs.java index b072d018..f096d8a8 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GetClientArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GetClientArgs.java @@ -19,17 +19,9 @@ public final class GetClientArgs extends com.pulumi.resources.InvokeArgs { public static final GetClientArgs Empty = new GetClientArgs(); - /** - * The client id (not its unique ID). - * - */ @Import(name="clientId", required=true) private Output clientId; - /** - * @return The client id (not its unique ID). - * - */ public Output clientId() { return this.clientId; } @@ -76,17 +68,9 @@ public Optional> oauth2DevicePollingInterval() { return Optional.ofNullable(this.oauth2DevicePollingInterval); } - /** - * The realm id. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm id. - * - */ public Output realmId() { return this.realmId; } @@ -122,23 +106,11 @@ public Builder(GetClientArgs defaults) { $ = new GetClientArgs(Objects.requireNonNull(defaults)); } - /** - * @param clientId The client id (not its unique ID). - * - * @return builder - * - */ public Builder clientId(Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The client id (not its unique ID). - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } @@ -197,23 +169,11 @@ public Builder oauth2DevicePollingInterval(String oauth2DevicePollingInterval) { return oauth2DevicePollingInterval(Output.of(oauth2DevicePollingInterval)); } - /** - * @param realmId The realm id. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm id. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GetClientPlainArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GetClientPlainArgs.java index 293e9618..a950a514 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GetClientPlainArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GetClientPlainArgs.java @@ -18,17 +18,9 @@ public final class GetClientPlainArgs extends com.pulumi.resources.InvokeArgs { public static final GetClientPlainArgs Empty = new GetClientPlainArgs(); - /** - * The client id (not its unique ID). - * - */ @Import(name="clientId", required=true) private String clientId; - /** - * @return The client id (not its unique ID). - * - */ public String clientId() { return this.clientId; } @@ -75,17 +67,9 @@ public Optional oauth2DevicePollingInterval() { return Optional.ofNullable(this.oauth2DevicePollingInterval); } - /** - * The realm id. - * - */ @Import(name="realmId", required=true) private String realmId; - /** - * @return The realm id. - * - */ public String realmId() { return this.realmId; } @@ -121,12 +105,6 @@ public Builder(GetClientPlainArgs defaults) { $ = new GetClientPlainArgs(Objects.requireNonNull(defaults)); } - /** - * @param clientId The client id (not its unique ID). - * - * @return builder - * - */ public Builder clientId(String clientId) { $.clientId = clientId; return this; @@ -162,12 +140,6 @@ public Builder oauth2DevicePollingInterval(@Nullable String oauth2DevicePollingI return this; } - /** - * @param realmId The realm id. - * - * @return builder - * - */ public Builder realmId(String realmId) { $.realmId = realmId; return this; diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GroupMembershipProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GroupMembershipProtocolMapperState.java index f9a3e548..14a1a5c1 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GroupMembershipProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/GroupMembershipProtocolMapperState.java @@ -16,75 +16,43 @@ public final class GroupMembershipProtocolMapperState extends com.pulumi.resourc public static final GroupMembershipProtocolMapperState Empty = new GroupMembershipProtocolMapperState(); - /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; - /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - */ public Optional> addToAccessToken() { return Optional.ofNullable(this.addToAccessToken); } - /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; - /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - */ public Optional> addToIdToken() { return Optional.ofNullable(this.addToIdToken); } - /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; - /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName") private @Nullable Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Optional> claimName() { return Optional.ofNullable(this.claimName); } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -92,44 +60,36 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { return Optional.ofNullable(this.clientScopeId); } - /** - * Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - */ @Import(name="fullPath") private @Nullable Output fullPath; - /** - * @return Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - */ public Optional> fullPath() { return Optional.ofNullable(this.fullPath); } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -137,14 +97,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { @@ -183,92 +143,44 @@ public Builder(GroupMembershipProtocolMapperState defaults) { $ = new GroupMembershipProtocolMapperState(Objects.requireNonNull(defaults)); } - /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToAccessToken(@Nullable Output addToAccessToken) { $.addToAccessToken = addToAccessToken; return this; } - /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToAccessToken(Boolean addToAccessToken) { return addToAccessToken(Output.of(addToAccessToken)); } - /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToIdToken(@Nullable Output addToIdToken) { $.addToIdToken = addToIdToken; return this; } - /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. - * - * @return builder - * - */ public Builder addToIdToken(Boolean addToIdToken) { return addToIdToken(Output.of(addToIdToken)); } - /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - * @return builder - * - */ public Builder addToUserinfo(@Nullable Output addToUserinfo) { $.addToUserinfo = addToUserinfo; return this; } - /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - * - * @return builder - * - */ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(@Nullable Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -279,7 +191,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -289,7 +201,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -300,7 +212,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -309,29 +221,17 @@ public Builder clientScopeId(String clientScopeId) { return clientScopeId(Output.of(clientScopeId)); } - /** - * @param fullPath Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - * @return builder - * - */ public Builder fullPath(@Nullable Output fullPath) { $.fullPath = fullPath; return this; } - /** - * @param fullPath Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - * - * @return builder - * - */ public Builder fullPath(Boolean fullPath) { return fullPath(Output.of(fullPath)); } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -342,7 +242,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -352,7 +252,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -363,7 +263,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/HardcodedClaimProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/HardcodedClaimProtocolMapperState.java index 49774631..06823d00 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/HardcodedClaimProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/HardcodedClaimProtocolMapperState.java @@ -17,14 +17,14 @@ public final class HardcodedClaimProtocolMapperState extends com.pulumi.resource public static final HardcodedClaimProtocolMapperState Empty = new HardcodedClaimProtocolMapperState(); /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Optional> addToAccessToken() { @@ -32,14 +32,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Optional> addToIdToken() { @@ -47,59 +47,43 @@ public Optional> addToIdToken() { } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName") private @Nullable Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Optional> claimName() { return Optional.ofNullable(this.claimName); } - /** - * The hardcoded value of the claim. - * - */ @Import(name="claimValue") private @Nullable Output claimValue; - /** - * @return The hardcoded value of the claim. - * - */ public Optional> claimValue() { return Optional.ofNullable(this.claimValue); } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Import(name="claimValueType") private @Nullable Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Optional> claimValueType() { @@ -107,14 +91,14 @@ public Optional> claimValueType() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -122,14 +106,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -137,14 +121,14 @@ public Optional> clientScopeId() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -152,14 +136,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { @@ -200,7 +184,7 @@ public Builder(HardcodedClaimProtocolMapperState defaults) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -211,7 +195,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -221,7 +205,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -232,7 +216,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -242,7 +226,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -253,7 +237,7 @@ public Builder addToUserinfo(@Nullable Output addToUserinfo) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -262,50 +246,26 @@ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(@Nullable Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } - /** - * @param claimValue The hardcoded value of the claim. - * - * @return builder - * - */ public Builder claimValue(@Nullable Output claimValue) { $.claimValue = claimValue; return this; } - /** - * @param claimValue The hardcoded value of the claim. - * - * @return builder - * - */ public Builder claimValue(String claimValue) { return claimValue(Output.of(claimValue)); } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -316,7 +276,7 @@ public Builder claimValueType(@Nullable Output claimValueType) { } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -326,7 +286,7 @@ public Builder claimValueType(String claimValueType) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -337,7 +297,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -347,7 +307,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -358,7 +318,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -368,7 +328,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -379,7 +339,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -389,7 +349,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -400,7 +360,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/HardcodedRoleProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/HardcodedRoleProtocolMapperState.java index 5ea791d7..3fb63899 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/HardcodedRoleProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/HardcodedRoleProtocolMapperState.java @@ -16,14 +16,14 @@ public final class HardcodedRoleProtocolMapperState extends com.pulumi.resources public static final HardcodedRoleProtocolMapperState Empty = new HardcodedRoleProtocolMapperState(); /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -31,14 +31,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -46,14 +46,14 @@ public Optional> clientScopeId() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -61,31 +61,23 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * The ID of the role to map to an access token. - * - */ @Import(name="roleId") private @Nullable Output roleId; - /** - * @return The ID of the role to map to an access token. - * - */ public Optional> roleId() { return Optional.ofNullable(this.roleId); } @@ -119,7 +111,7 @@ public Builder(HardcodedRoleProtocolMapperState defaults) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -130,7 +122,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -140,7 +132,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -151,7 +143,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -161,7 +153,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -172,7 +164,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -182,7 +174,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -193,7 +185,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -202,23 +194,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param roleId The ID of the role to map to an access token. - * - * @return builder - * - */ public Builder roleId(@Nullable Output roleId) { $.roleId = roleId; return this; } - /** - * @param roleId The ID of the role to map to an access token. - * - * @return builder - * - */ public Builder roleId(String roleId) { return roleId(Output.of(roleId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserAttributeProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserAttributeProtocolMapperState.java index f441032a..6ee98001 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserAttributeProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserAttributeProtocolMapperState.java @@ -17,14 +17,14 @@ public final class UserAttributeProtocolMapperState extends com.pulumi.resources public static final UserAttributeProtocolMapperState Empty = new UserAttributeProtocolMapperState(); /** - * Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Optional> addToAccessToken() { @@ -32,14 +32,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Optional> addToIdToken() { @@ -47,14 +47,14 @@ public Optional> addToIdToken() { } /** - * Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; /** - * @return Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Optional> addToUserinfo() { @@ -62,44 +62,36 @@ public Optional> addToUserinfo() { } /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates if attribute values should be aggregated within the group attributes * */ @Import(name="aggregateAttributes") private @Nullable Output aggregateAttributes; /** - * @return Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @return Indicates if attribute values should be aggregated within the group attributes * */ public Optional> aggregateAttributes() { return Optional.ofNullable(this.aggregateAttributes); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName") private @Nullable Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Optional> claimName() { return Optional.ofNullable(this.claimName); } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Import(name="claimValueType") private @Nullable Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Optional> claimValueType() { @@ -107,14 +99,14 @@ public Optional> claimValueType() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -122,14 +114,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -137,14 +129,14 @@ public Optional> clientScopeId() { } /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. * */ @Import(name="multivalued") private @Nullable Output multivalued; /** - * @return Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @return Indicates whether this attribute is a single value or an array of values. * */ public Optional> multivalued() { @@ -152,14 +144,14 @@ public Optional> multivalued() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -167,31 +159,23 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * The custom user attribute to map a claim for. - * - */ @Import(name="userAttribute") private @Nullable Output userAttribute; - /** - * @return The custom user attribute to map a claim for. - * - */ public Optional> userAttribute() { return Optional.ofNullable(this.userAttribute); } @@ -232,7 +216,7 @@ public Builder(UserAttributeProtocolMapperState defaults) { } /** - * @param addToAccessToken Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -243,7 +227,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -253,7 +237,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -264,7 +248,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -274,7 +258,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param addToUserinfo Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -285,7 +269,7 @@ public Builder addToUserinfo(@Nullable Output addToUserinfo) { } /** - * @param addToUserinfo Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -295,7 +279,7 @@ public Builder addToUserinfo(Boolean addToUserinfo) { } /** - * @param aggregateAttributes Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @param aggregateAttributes Indicates if attribute values should be aggregated within the group attributes * * @return builder * @@ -306,7 +290,7 @@ public Builder aggregateAttributes(@Nullable Output aggregateAttributes } /** - * @param aggregateAttributes Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @param aggregateAttributes Indicates if attribute values should be aggregated within the group attributes * * @return builder * @@ -315,29 +299,17 @@ public Builder aggregateAttributes(Boolean aggregateAttributes) { return aggregateAttributes(Output.of(aggregateAttributes)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(@Nullable Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -348,7 +320,7 @@ public Builder claimValueType(@Nullable Output claimValueType) { } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -358,7 +330,7 @@ public Builder claimValueType(String claimValueType) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -369,7 +341,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -379,7 +351,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -390,7 +362,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -400,7 +372,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param multivalued Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @param multivalued Indicates whether this attribute is a single value or an array of values. * * @return builder * @@ -411,7 +383,7 @@ public Builder multivalued(@Nullable Output multivalued) { } /** - * @param multivalued Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * @param multivalued Indicates whether this attribute is a single value or an array of values. * * @return builder * @@ -421,7 +393,7 @@ public Builder multivalued(Boolean multivalued) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -432,7 +404,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -442,7 +414,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -453,7 +425,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -462,23 +434,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param userAttribute The custom user attribute to map a claim for. - * - * @return builder - * - */ public Builder userAttribute(@Nullable Output userAttribute) { $.userAttribute = userAttribute; return this; } - /** - * @param userAttribute The custom user attribute to map a claim for. - * - * @return builder - * - */ public Builder userAttribute(String userAttribute) { return userAttribute(Output.of(userAttribute)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserPropertyProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserPropertyProtocolMapperState.java index 8ad253ce..a489adb1 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserPropertyProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserPropertyProtocolMapperState.java @@ -17,14 +17,14 @@ public final class UserPropertyProtocolMapperState extends com.pulumi.resources. public static final UserPropertyProtocolMapperState Empty = new UserPropertyProtocolMapperState(); /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the property should be a claim in the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the property should be a claim in the access token. * */ public Optional> addToAccessToken() { @@ -32,14 +32,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the property should be a claim in the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the property should be a claim in the id token. * */ public Optional> addToIdToken() { @@ -47,44 +47,36 @@ public Optional> addToIdToken() { } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the property should appear in the userinfo response body. * */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the property should appear in the userinfo response body. * */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName") private @Nullable Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Optional> claimName() { return Optional.ofNullable(this.claimName); } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Import(name="claimValueType") private @Nullable Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Optional> claimValueType() { @@ -92,14 +84,14 @@ public Optional> claimValueType() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -107,14 +99,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -122,14 +114,14 @@ public Optional> clientScopeId() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -137,31 +129,23 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * The built in user property (such as email) to map a claim for. - * - */ @Import(name="userProperty") private @Nullable Output userProperty; - /** - * @return The built in user property (such as email) to map a claim for. - * - */ public Optional> userProperty() { return Optional.ofNullable(this.userProperty); } @@ -200,7 +184,7 @@ public Builder(UserPropertyProtocolMapperState defaults) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the property should be a claim in the access token. * * @return builder * @@ -211,7 +195,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the property should be a claim in the access token. * * @return builder * @@ -221,7 +205,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the property should be a claim in the id token. * * @return builder * @@ -232,7 +216,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the property should be a claim in the id token. * * @return builder * @@ -242,7 +226,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the property should appear in the userinfo response body. * * @return builder * @@ -253,7 +237,7 @@ public Builder addToUserinfo(@Nullable Output addToUserinfo) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the property should appear in the userinfo response body. * * @return builder * @@ -262,29 +246,17 @@ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(@Nullable Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -295,7 +267,7 @@ public Builder claimValueType(@Nullable Output claimValueType) { } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -305,7 +277,7 @@ public Builder claimValueType(String claimValueType) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -316,7 +288,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -326,7 +298,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -337,7 +309,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -347,7 +319,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -358,7 +330,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -368,7 +340,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -379,7 +351,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -388,23 +360,11 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param userProperty The built in user property (such as email) to map a claim for. - * - * @return builder - * - */ public Builder userProperty(@Nullable Output userProperty) { $.userProperty = userProperty; return this; } - /** - * @param userProperty The built in user property (such as email) to map a claim for. - * - * @return builder - * - */ public Builder userProperty(String userProperty) { return userProperty(Output.of(userProperty)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserRealmRoleProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserRealmRoleProtocolMapperState.java index 59d87e23..f6a701c3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserRealmRoleProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserRealmRoleProtocolMapperState.java @@ -17,14 +17,14 @@ public final class UserRealmRoleProtocolMapperState extends com.pulumi.resources public static final UserRealmRoleProtocolMapperState Empty = new UserRealmRoleProtocolMapperState(); /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. * */ @Import(name="addToAccessToken") private @Nullable Output addToAccessToken; /** - * @return Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the access token. * */ public Optional> addToAccessToken() { @@ -32,14 +32,14 @@ public Optional> addToAccessToken() { } /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. * */ @Import(name="addToIdToken") private @Nullable Output addToIdToken; /** - * @return Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @return Indicates if the attribute should be a claim in the id token. * */ public Optional> addToIdToken() { @@ -47,44 +47,36 @@ public Optional> addToIdToken() { } /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. * */ @Import(name="addToUserinfo") private @Nullable Output addToUserinfo; /** - * @return Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @return Indicates if the attribute should appear in the userinfo response body. * */ public Optional> addToUserinfo() { return Optional.ofNullable(this.addToUserinfo); } - /** - * The name of the claim to insert into a token. - * - */ @Import(name="claimName") private @Nullable Output claimName; - /** - * @return The name of the claim to insert into a token. - * - */ public Optional> claimName() { return Optional.ofNullable(this.claimName); } /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. * */ @Import(name="claimValueType") private @Nullable Output claimValueType; /** - * @return The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @return Claim type used when serializing tokens. * */ public Optional> claimValueType() { @@ -92,14 +84,14 @@ public Optional> claimValueType() { } /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ @Import(name="clientId") private @Nullable Output clientId; /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client. Cannot be used at the same time as client_scope_id. * */ public Optional> clientId() { @@ -107,14 +99,14 @@ public Optional> clientId() { } /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. * */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @return The mapper's associated client scope. Cannot be used at the same time as client_id. * */ public Optional> clientScopeId() { @@ -122,14 +114,14 @@ public Optional> clientScopeId() { } /** - * Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. * */ @Import(name="multivalued") private @Nullable Output multivalued; /** - * @return Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * @return Indicates whether this attribute is a single value or an array of values. * */ public Optional> multivalued() { @@ -137,14 +129,14 @@ public Optional> multivalued() { } /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. * */ @Import(name="name") private @Nullable Output name; /** - * @return The display name of this protocol mapper in the GUI. + * @return A human-friendly name that will appear in the Keycloak console. * */ public Optional> name() { @@ -152,14 +144,14 @@ public Optional> name() { } /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. * */ @Import(name="realmId") private @Nullable Output realmId; /** - * @return The realm this protocol mapper exists within. + * @return The realm id where the associated client or client scope exists. * */ public Optional> realmId() { @@ -167,14 +159,14 @@ public Optional> realmId() { } /** - * A prefix for each Realm Role. + * Prefix that will be added to each realm role. * */ @Import(name="realmRolePrefix") private @Nullable Output realmRolePrefix; /** - * @return A prefix for each Realm Role. + * @return Prefix that will be added to each realm role. * */ public Optional> realmRolePrefix() { @@ -216,7 +208,7 @@ public Builder(UserRealmRoleProtocolMapperState defaults) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -227,7 +219,7 @@ public Builder addToAccessToken(@Nullable Output addToAccessToken) { } /** - * @param addToAccessToken Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * @param addToAccessToken Indicates if the attribute should be a claim in the access token. * * @return builder * @@ -237,7 +229,7 @@ public Builder addToAccessToken(Boolean addToAccessToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -248,7 +240,7 @@ public Builder addToIdToken(@Nullable Output addToIdToken) { } /** - * @param addToIdToken Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * @param addToIdToken Indicates if the attribute should be a claim in the id token. * * @return builder * @@ -258,7 +250,7 @@ public Builder addToIdToken(Boolean addToIdToken) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -269,7 +261,7 @@ public Builder addToUserinfo(@Nullable Output addToUserinfo) { } /** - * @param addToUserinfo Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * @param addToUserinfo Indicates if the attribute should appear in the userinfo response body. * * @return builder * @@ -278,29 +270,17 @@ public Builder addToUserinfo(Boolean addToUserinfo) { return addToUserinfo(Output.of(addToUserinfo)); } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(@Nullable Output claimName) { $.claimName = claimName; return this; } - /** - * @param claimName The name of the claim to insert into a token. - * - * @return builder - * - */ public Builder claimName(String claimName) { return claimName(Output.of(claimName)); } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -311,7 +291,7 @@ public Builder claimValueType(@Nullable Output claimValueType) { } /** - * @param claimValueType The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * @param claimValueType Claim type used when serializing tokens. * * @return builder * @@ -321,7 +301,7 @@ public Builder claimValueType(String claimValueType) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -332,7 +312,7 @@ public Builder clientId(@Nullable Output clientId) { } /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientId The mapper's associated client. Cannot be used at the same time as client_scope_id. * * @return builder * @@ -342,7 +322,7 @@ public Builder clientId(String clientId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -353,7 +333,7 @@ public Builder clientScopeId(@Nullable Output clientScopeId) { } /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + * @param clientScopeId The mapper's associated client scope. Cannot be used at the same time as client_id. * * @return builder * @@ -363,7 +343,7 @@ public Builder clientScopeId(String clientScopeId) { } /** - * @param multivalued Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * @param multivalued Indicates whether this attribute is a single value or an array of values. * * @return builder * @@ -374,7 +354,7 @@ public Builder multivalued(@Nullable Output multivalued) { } /** - * @param multivalued Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * @param multivalued Indicates whether this attribute is a single value or an array of values. * * @return builder * @@ -384,7 +364,7 @@ public Builder multivalued(Boolean multivalued) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -395,7 +375,7 @@ public Builder name(@Nullable Output name) { } /** - * @param name The display name of this protocol mapper in the GUI. + * @param name A human-friendly name that will appear in the Keycloak console. * * @return builder * @@ -405,7 +385,7 @@ public Builder name(String name) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -416,7 +396,7 @@ public Builder realmId(@Nullable Output realmId) { } /** - * @param realmId The realm this protocol mapper exists within. + * @param realmId The realm id where the associated client or client scope exists. * * @return builder * @@ -426,7 +406,7 @@ public Builder realmId(String realmId) { } /** - * @param realmRolePrefix A prefix for each Realm Role. + * @param realmRolePrefix Prefix that will be added to each realm role. * * @return builder * @@ -437,7 +417,7 @@ public Builder realmRolePrefix(@Nullable Output realmRolePrefix) { } /** - * @param realmRolePrefix A prefix for each Realm Role. + * @param realmRolePrefix Prefix that will be added to each realm role. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/outputs/ClientAuthenticationFlowBindingOverrides.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/outputs/ClientAuthenticationFlowBindingOverrides.java index d959cb65..0cf71a45 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/outputs/ClientAuthenticationFlowBindingOverrides.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/outputs/ClientAuthenticationFlowBindingOverrides.java @@ -11,29 +11,13 @@ @CustomType public final class ClientAuthenticationFlowBindingOverrides { - /** - * @return Browser flow id, (flow needs to exist) - * - */ private @Nullable String browserId; - /** - * @return Direct grant flow id (flow needs to exist) - * - */ private @Nullable String directGrantId; private ClientAuthenticationFlowBindingOverrides() {} - /** - * @return Browser flow id, (flow needs to exist) - * - */ public Optional browserId() { return Optional.ofNullable(this.browserId); } - /** - * @return Direct grant flow id (flow needs to exist) - * - */ public Optional directGrantId() { return Optional.ofNullable(this.directGrantId); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/outputs/ClientAuthorization.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/outputs/ClientAuthorization.java index 20de5486..c47bdcaf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/outputs/ClientAuthorization.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/outputs/ClientAuthorization.java @@ -13,53 +13,21 @@ @CustomType public final class ClientAuthorization { - /** - * @return When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - * - */ private @Nullable Boolean allowRemoteResourceManagement; - /** - * @return Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - * - */ private @Nullable String decisionStrategy; - /** - * @return When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - * - */ private @Nullable Boolean keepDefaults; - /** - * @return Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - * - */ private String policyEnforcementMode; private ClientAuthorization() {} - /** - * @return When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - * - */ public Optional allowRemoteResourceManagement() { return Optional.ofNullable(this.allowRemoteResourceManagement); } - /** - * @return Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - * - */ public Optional decisionStrategy() { return Optional.ofNullable(this.decisionStrategy); } - /** - * @return When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - * - */ public Optional keepDefaults() { return Optional.ofNullable(this.keepDefaults); } - /** - * @return Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - * - */ public String policyEnforcementMode() { return this.policyEnforcementMode; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRealmKeysKey.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRealmKeysKey.java index 2b083df5..81552caf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRealmKeysKey.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRealmKeysKey.java @@ -11,101 +11,37 @@ @CustomType public final class GetRealmKeysKey { - /** - * @return Key algorithm (string) - * - */ private String algorithm; - /** - * @return Key certificate (string) - * - */ private String certificate; - /** - * @return Key ID (string) - * - */ private String kid; - /** - * @return Key provider ID (string) - * - */ private String providerId; - /** - * @return Key provider priority (int64) - * - */ private Integer providerPriority; - /** - * @return Key public key (string) - * - */ private String publicKey; - /** - * @return When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - */ private String status; - /** - * @return Key type (string) - * - */ private String type; private GetRealmKeysKey() {} - /** - * @return Key algorithm (string) - * - */ public String algorithm() { return this.algorithm; } - /** - * @return Key certificate (string) - * - */ public String certificate() { return this.certificate; } - /** - * @return Key ID (string) - * - */ public String kid() { return this.kid; } - /** - * @return Key provider ID (string) - * - */ public String providerId() { return this.providerId; } - /** - * @return Key provider priority (int64) - * - */ public Integer providerPriority() { return this.providerPriority; } - /** - * @return Key public key (string) - * - */ public String publicKey() { return this.publicKey; } - /** - * @return When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - * - */ public String status() { return this.status; } - /** - * @return Key type (string) - * - */ public String type() { return this.type; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRealmKeysResult.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRealmKeysResult.java index 20e588ca..c2a2d8a4 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRealmKeysResult.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRealmKeysResult.java @@ -19,16 +19,8 @@ public final class GetRealmKeysResult { * */ private String id; - /** - * @return (Computed) A list of keys that match the filter criteria. Each key has the following attributes: - * - */ private List keys; private String realmId; - /** - * @return Key status (string) - * - */ private @Nullable List statuses; private GetRealmKeysResult() {} @@ -42,20 +34,12 @@ public List algorithms() { public String id() { return this.id; } - /** - * @return (Computed) A list of keys that match the filter criteria. Each key has the following attributes: - * - */ public List keys() { return this.keys; } public String realmId() { return this.realmId; } - /** - * @return Key status (string) - * - */ public List statuses() { return this.statuses == null ? List.of() : this.statuses; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRoleResult.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRoleResult.java index 6d3b8523..532339ce 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRoleResult.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetRoleResult.java @@ -18,10 +18,6 @@ public final class GetRoleResult { private Map attributes; private @Nullable String clientId; private List compositeRoles; - /** - * @return (Computed) The description of the role. - * - */ private String description; /** * @return The provider-assigned unique ID for this managed resource. @@ -41,10 +37,6 @@ public Optional clientId() { public List compositeRoles() { return this.compositeRoles; } - /** - * @return (Computed) The description of the role. - * - */ public String description() { return this.description; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmInternationalization.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmInternationalization.java index e3e8efcd..f15c4baf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmInternationalization.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmInternationalization.java @@ -11,29 +11,13 @@ @CustomType public final class RealmInternationalization { - /** - * @return The locale to use by default. This locale code must be present within the `supported_locales` list. - * - */ private String defaultLocale; - /** - * @return A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - * - */ private List supportedLocales; private RealmInternationalization() {} - /** - * @return The locale to use by default. This locale code must be present within the `supported_locales` list. - * - */ public String defaultLocale() { return this.defaultLocale; } - /** - * @return A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - * - */ public List supportedLocales() { return this.supportedLocales; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmOtpPolicy.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmOtpPolicy.java index 362c13f2..30d34134 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmOtpPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmOtpPolicy.java @@ -13,74 +13,42 @@ @CustomType public final class RealmOtpPolicy { /** - * @return What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + * @return What hashing algorithm should be used to generate the OTP. * */ private @Nullable String algorithm; - /** - * @return How many digits the OTP have. Defaults to `6`. - * - */ private @Nullable Integer digits; - /** - * @return What should the initial counter value be. Defaults to `2`. - * - */ private @Nullable Integer initialCounter; - /** - * @return How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - * - */ private @Nullable Integer lookAheadWindow; - /** - * @return How many seconds should an OTP token be valid. Defaults to `30`. - * - */ private @Nullable Integer period; /** - * @return One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + * @return OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password * */ private @Nullable String type; private RealmOtpPolicy() {} /** - * @return What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + * @return What hashing algorithm should be used to generate the OTP. * */ public Optional algorithm() { return Optional.ofNullable(this.algorithm); } - /** - * @return How many digits the OTP have. Defaults to `6`. - * - */ public Optional digits() { return Optional.ofNullable(this.digits); } - /** - * @return What should the initial counter value be. Defaults to `2`. - * - */ public Optional initialCounter() { return Optional.ofNullable(this.initialCounter); } - /** - * @return How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - * - */ public Optional lookAheadWindow() { return Optional.ofNullable(this.lookAheadWindow); } - /** - * @return How many seconds should an OTP token be valid. Defaults to `30`. - * - */ public Optional period() { return Optional.ofNullable(this.period); } /** - * @return One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + * @return OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password * */ public Optional type() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSecurityDefensesBruteForceDetection.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSecurityDefensesBruteForceDetection.java index 9cf20d7d..3af35deb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSecurityDefensesBruteForceDetection.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSecurityDefensesBruteForceDetection.java @@ -12,83 +12,33 @@ @CustomType public final class RealmSecurityDefensesBruteForceDetection { - /** - * @return When will failure count be reset? - * - */ private @Nullable Integer failureResetTimeSeconds; private @Nullable Integer maxFailureWaitSeconds; - /** - * @return How many failures before wait is triggered. - * - */ private @Nullable Integer maxLoginFailures; - /** - * @return How long to wait after a quick login failure. - * - ` max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - * - */ private @Nullable Integer minimumQuickLoginWaitSeconds; - /** - * @return When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - * - */ private @Nullable Boolean permanentLockout; - /** - * @return Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - * - */ private @Nullable Integer quickLoginCheckMilliSeconds; - /** - * @return This represents the amount of time a user should be locked out when the login failure threshold has been met. - * - */ private @Nullable Integer waitIncrementSeconds; private RealmSecurityDefensesBruteForceDetection() {} - /** - * @return When will failure count be reset? - * - */ public Optional failureResetTimeSeconds() { return Optional.ofNullable(this.failureResetTimeSeconds); } public Optional maxFailureWaitSeconds() { return Optional.ofNullable(this.maxFailureWaitSeconds); } - /** - * @return How many failures before wait is triggered. - * - */ public Optional maxLoginFailures() { return Optional.ofNullable(this.maxLoginFailures); } - /** - * @return How long to wait after a quick login failure. - * - ` max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - * - */ public Optional minimumQuickLoginWaitSeconds() { return Optional.ofNullable(this.minimumQuickLoginWaitSeconds); } - /** - * @return When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - * - */ public Optional permanentLockout() { return Optional.ofNullable(this.permanentLockout); } - /** - * @return Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - * - */ public Optional quickLoginCheckMilliSeconds() { return Optional.ofNullable(this.quickLoginCheckMilliSeconds); } - /** - * @return This represents the amount of time a user should be locked out when the login failure threshold has been met. - * - */ public Optional waitIncrementSeconds() { return Optional.ofNullable(this.waitIncrementSeconds); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSecurityDefensesHeaders.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSecurityDefensesHeaders.java index e170b713..9164d31f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSecurityDefensesHeaders.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSecurityDefensesHeaders.java @@ -11,101 +11,37 @@ @CustomType public final class RealmSecurityDefensesHeaders { - /** - * @return Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - * - */ private @Nullable String contentSecurityPolicy; - /** - * @return Used for testing Content Security Policies. - * - */ private @Nullable String contentSecurityPolicyReportOnly; - /** - * @return The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - * - */ private @Nullable String referrerPolicy; - /** - * @return The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - * - */ private @Nullable String strictTransportSecurity; - /** - * @return Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - * - */ private @Nullable String xContentTypeOptions; - /** - * @return Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - * - */ private @Nullable String xFrameOptions; - /** - * @return Prevent pages from appearing in search engines. - * - */ private @Nullable String xRobotsTag; - /** - * @return This header configures the Cross-site scripting (XSS) filter in your browser. - * - */ private @Nullable String xXssProtection; private RealmSecurityDefensesHeaders() {} - /** - * @return Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - * - */ public Optional contentSecurityPolicy() { return Optional.ofNullable(this.contentSecurityPolicy); } - /** - * @return Used for testing Content Security Policies. - * - */ public Optional contentSecurityPolicyReportOnly() { return Optional.ofNullable(this.contentSecurityPolicyReportOnly); } - /** - * @return The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - * - */ public Optional referrerPolicy() { return Optional.ofNullable(this.referrerPolicy); } - /** - * @return The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - * - */ public Optional strictTransportSecurity() { return Optional.ofNullable(this.strictTransportSecurity); } - /** - * @return Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - * - */ public Optional xContentTypeOptions() { return Optional.ofNullable(this.xContentTypeOptions); } - /** - * @return Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - * - */ public Optional xFrameOptions() { return Optional.ofNullable(this.xFrameOptions); } - /** - * @return Prevent pages from appearing in search engines. - * - */ public Optional xRobotsTag() { return Optional.ofNullable(this.xRobotsTag); } - /** - * @return This header configures the Cross-site scripting (XSS) filter in your browser. - * - */ public Optional xXssProtection() { return Optional.ofNullable(this.xXssProtection); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSmtpServer.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSmtpServer.java index 7319a46b..5c921116 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSmtpServer.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSmtpServer.java @@ -14,125 +14,45 @@ @CustomType public final class RealmSmtpServer { - /** - * @return Enables authentication to the SMTP server. This block supports the following arguments: - * - */ private @Nullable RealmSmtpServerAuth auth; - /** - * @return The email address uses for bounces. - * - */ private @Nullable String envelopeFrom; - /** - * @return The email address for the sender. - * - */ private String from; - /** - * @return The display name of the sender email address. - * - */ private @Nullable String fromDisplayName; - /** - * @return The host of the SMTP server. - * - */ private String host; - /** - * @return The port of the SMTP server (defaults to 25). - * - */ private @Nullable String port; - /** - * @return The "reply to" email address. - * - */ private @Nullable String replyTo; - /** - * @return The display name of the "reply to" email address. - * - */ private @Nullable String replyToDisplayName; - /** - * @return When `true`, enables SSL. Defaults to `false`. - * - */ private @Nullable Boolean ssl; - /** - * @return When `true`, enables StartTLS. Defaults to `false`. - * - */ private @Nullable Boolean starttls; private RealmSmtpServer() {} - /** - * @return Enables authentication to the SMTP server. This block supports the following arguments: - * - */ public Optional auth() { return Optional.ofNullable(this.auth); } - /** - * @return The email address uses for bounces. - * - */ public Optional envelopeFrom() { return Optional.ofNullable(this.envelopeFrom); } - /** - * @return The email address for the sender. - * - */ public String from() { return this.from; } - /** - * @return The display name of the sender email address. - * - */ public Optional fromDisplayName() { return Optional.ofNullable(this.fromDisplayName); } - /** - * @return The host of the SMTP server. - * - */ public String host() { return this.host; } - /** - * @return The port of the SMTP server (defaults to 25). - * - */ public Optional port() { return Optional.ofNullable(this.port); } - /** - * @return The "reply to" email address. - * - */ public Optional replyTo() { return Optional.ofNullable(this.replyTo); } - /** - * @return The display name of the "reply to" email address. - * - */ public Optional replyToDisplayName() { return Optional.ofNullable(this.replyToDisplayName); } - /** - * @return When `true`, enables SSL. Defaults to `false`. - * - */ public Optional ssl() { return Optional.ofNullable(this.ssl); } - /** - * @return When `true`, enables StartTLS. Defaults to `false`. - * - */ public Optional starttls() { return Optional.ofNullable(this.starttls); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSmtpServerAuth.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSmtpServerAuth.java index eaf7a4d5..3e653fb3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSmtpServerAuth.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmSmtpServerAuth.java @@ -10,29 +10,13 @@ @CustomType public final class RealmSmtpServerAuth { - /** - * @return The SMTP server password. - * - */ private String password; - /** - * @return The SMTP server username. - * - */ private String username; private RealmSmtpServerAuth() {} - /** - * @return The SMTP server password. - * - */ public String password() { return this.password; } - /** - * @return The SMTP server username. - * - */ public String username() { return this.username; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPasswordlessPolicy.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPasswordlessPolicy.java index 65fae695..25a7cf81 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPasswordlessPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPasswordlessPolicy.java @@ -14,123 +14,83 @@ @CustomType public final class RealmWebAuthnPasswordlessPolicy { - /** - * @return A set of AAGUIDs for which an authenticator can be registered. - * - */ private @Nullable List acceptableAaguids; /** - * @return The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @return Either none, indirect or direct * */ private @Nullable String attestationConveyancePreference; /** - * @return The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @return Either platform or cross-platform * */ private @Nullable String authenticatorAttachment; - /** - * @return When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - */ private @Nullable Boolean avoidSameAuthenticatorRegister; - /** - * @return The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - */ private @Nullable Integer createTimeout; - /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - */ private @Nullable String relyingPartyEntityName; - /** - * @return The WebAuthn relying party ID. - * - */ private @Nullable String relyingPartyId; /** - * @return Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @return Either Yes or No * */ private @Nullable String requireResidentKey; /** - * @return A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @return Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * */ private @Nullable List signatureAlgorithms; /** - * @return Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @return Either required, preferred or discouraged * */ private @Nullable String userVerificationRequirement; private RealmWebAuthnPasswordlessPolicy() {} - /** - * @return A set of AAGUIDs for which an authenticator can be registered. - * - */ public List acceptableAaguids() { return this.acceptableAaguids == null ? List.of() : this.acceptableAaguids; } /** - * @return The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @return Either none, indirect or direct * */ public Optional attestationConveyancePreference() { return Optional.ofNullable(this.attestationConveyancePreference); } /** - * @return The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @return Either platform or cross-platform * */ public Optional authenticatorAttachment() { return Optional.ofNullable(this.authenticatorAttachment); } - /** - * @return When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - */ public Optional avoidSameAuthenticatorRegister() { return Optional.ofNullable(this.avoidSameAuthenticatorRegister); } - /** - * @return The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - */ public Optional createTimeout() { return Optional.ofNullable(this.createTimeout); } - /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - */ public Optional relyingPartyEntityName() { return Optional.ofNullable(this.relyingPartyEntityName); } - /** - * @return The WebAuthn relying party ID. - * - */ public Optional relyingPartyId() { return Optional.ofNullable(this.relyingPartyId); } /** - * @return Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @return Either Yes or No * */ public Optional requireResidentKey() { return Optional.ofNullable(this.requireResidentKey); } /** - * @return A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @return Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * */ public List signatureAlgorithms() { return this.signatureAlgorithms == null ? List.of() : this.signatureAlgorithms; } /** - * @return Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @return Either required, preferred or discouraged * */ public Optional userVerificationRequirement() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPolicy.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPolicy.java index 8d1fe228..a93c4efb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPolicy.java @@ -14,123 +14,83 @@ @CustomType public final class RealmWebAuthnPolicy { - /** - * @return A set of AAGUIDs for which an authenticator can be registered. - * - */ private @Nullable List acceptableAaguids; /** - * @return The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @return Either none, indirect or direct * */ private @Nullable String attestationConveyancePreference; /** - * @return The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @return Either platform or cross-platform * */ private @Nullable String authenticatorAttachment; - /** - * @return When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - */ private @Nullable Boolean avoidSameAuthenticatorRegister; - /** - * @return The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - */ private @Nullable Integer createTimeout; - /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - */ private @Nullable String relyingPartyEntityName; - /** - * @return The WebAuthn relying party ID. - * - */ private @Nullable String relyingPartyId; /** - * @return Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @return Either Yes or No * */ private @Nullable String requireResidentKey; /** - * @return A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @return Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * */ private @Nullable List signatureAlgorithms; /** - * @return Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @return Either required, preferred or discouraged * */ private @Nullable String userVerificationRequirement; private RealmWebAuthnPolicy() {} - /** - * @return A set of AAGUIDs for which an authenticator can be registered. - * - */ public List acceptableAaguids() { return this.acceptableAaguids == null ? List.of() : this.acceptableAaguids; } /** - * @return The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * @return Either none, indirect or direct * */ public Optional attestationConveyancePreference() { return Optional.ofNullable(this.attestationConveyancePreference); } /** - * @return The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * @return Either platform or cross-platform * */ public Optional authenticatorAttachment() { return Optional.ofNullable(this.authenticatorAttachment); } - /** - * @return When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - * - */ public Optional avoidSameAuthenticatorRegister() { return Optional.ofNullable(this.avoidSameAuthenticatorRegister); } - /** - * @return The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - * - */ public Optional createTimeout() { return Optional.ofNullable(this.createTimeout); } - /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - * - */ public Optional relyingPartyEntityName() { return Optional.ofNullable(this.relyingPartyEntityName); } - /** - * @return The WebAuthn relying party ID. - * - */ public Optional relyingPartyId() { return Optional.ofNullable(this.relyingPartyId); } /** - * @return Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * @return Either Yes or No * */ public Optional requireResidentKey() { return Optional.ofNullable(this.requireResidentKey); } /** - * @return A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * @return Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing * */ public List signatureAlgorithms() { return this.signatureAlgorithms == null ? List.of() : this.signatureAlgorithms; } /** - * @return Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * @return Either required, preferred or discouraged * */ public Optional userVerificationRequirement() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserFederatedIdentity.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserFederatedIdentity.java index cce00e48..e27c4f57 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserFederatedIdentity.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserFederatedIdentity.java @@ -10,41 +10,17 @@ @CustomType public final class UserFederatedIdentity { - /** - * @return The name of the identity provider - * - */ private String identityProvider; - /** - * @return The ID of the user defined in the identity provider - * - */ private String userId; - /** - * @return The user name of the user defined in the identity provider - * - */ private String userName; private UserFederatedIdentity() {} - /** - * @return The name of the identity provider - * - */ public String identityProvider() { return this.identityProvider; } - /** - * @return The ID of the user defined in the identity provider - * - */ public String userId() { return this.userId; } - /** - * @return The user name of the user defined in the identity provider - * - */ public String userName() { return this.userName; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserInitialPassword.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserInitialPassword.java index 2b377ede..866abaf3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserInitialPassword.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserInitialPassword.java @@ -13,29 +13,13 @@ @CustomType public final class UserInitialPassword { - /** - * @return If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - * - */ private @Nullable Boolean temporary; - /** - * @return The initial password. - * - */ private String value; private UserInitialPassword() {} - /** - * @return If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - * - */ public Optional temporary() { return Optional.ofNullable(this.temporary); } - /** - * @return The initial password. - * - */ public String value() { return this.value; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/Client.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/Client.java index 12b9ab4b..5494472c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/Client.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/Client.java @@ -20,12 +20,17 @@ import javax.annotation.Nullable; /** + * ## # keycloak.saml.Client + * * Allows for creating and managing Keycloak clients that use the SAML protocol. * - * Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users - * to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. + * Clients are entities that can use Keycloak for user authentication. Typically, + * clients are applications that redirect users to Keycloak for authentication + * in order to take advantage of Keycloak's user sessions for SSO. + * + * ### Example Usage * - * ## Example Usage + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -50,16 +55,16 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var samlClient = new Client("samlClient", ClientArgs.builder() + * .clientId("test-saml-client") + * .includeAuthnStatement(true) * .realmId(realm.id()) - * .clientId("saml-client") - * .signDocuments(false) * .signAssertions(true) - * .includeAuthnStatement(true) + * .signDocuments(false) * .signingCertificate(Files.readString(Paths.get("saml-cert.pem"))) * .signingPrivateKey(Files.readString(Paths.get("saml-key.pem"))) * .build()); @@ -67,189 +72,117 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + * - `realm_id` - (Required) The realm this client is attached to. + * - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + * - `name` - (Optional) The display name of this client in the GUI. + * - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + * - `description` - (Optional) The description of this client in the GUI. + * - `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. + * - `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. + * - `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. + * - `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. + * - `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. + * - `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. + * - `name_id_format` - (Optional) Sets the Name ID format for the subject. + * - `root_url` - (Optional) When specified, this value is prepended to all relative URLs. + * - `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. + * - `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. + * - `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests. + * - `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. + * - `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. + * - `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. + * - `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. + * - `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). + * - `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). + * - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. + * - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. + * - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token * - * Example: + * ### Import * - * bash + * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. * - * ```sh - * $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - * ``` + * Example: * */ @ResourceType(type="keycloak:saml/client:Client") public class Client extends com.pulumi.resources.CustomResource { - /** - * SAML POST Binding URL for the client's assertion consumer service (login responses). - * - */ @Export(name="assertionConsumerPostUrl", refs={String.class}, tree="[0]") private Output assertionConsumerPostUrl; - /** - * @return SAML POST Binding URL for the client's assertion consumer service (login responses). - * - */ public Output> assertionConsumerPostUrl() { return Codegen.optional(this.assertionConsumerPostUrl); } - /** - * SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - */ @Export(name="assertionConsumerRedirectUrl", refs={String.class}, tree="[0]") private Output assertionConsumerRedirectUrl; - /** - * @return SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - */ public Output> assertionConsumerRedirectUrl() { return Codegen.optional(this.assertionConsumerRedirectUrl); } - /** - * Override realm authentication flow bindings - * - */ @Export(name="authenticationFlowBindingOverrides", refs={ClientAuthenticationFlowBindingOverrides.class}, tree="[0]") private Output authenticationFlowBindingOverrides; - /** - * @return Override realm authentication flow bindings - * - */ public Output> authenticationFlowBindingOverrides() { return Codegen.optional(this.authenticationFlowBindingOverrides); } - /** - * When specified, this URL will be used whenever Keycloak needs to link to this client. - * - */ @Export(name="baseUrl", refs={String.class}, tree="[0]") private Output baseUrl; - /** - * @return When specified, this URL will be used whenever Keycloak needs to link to this client. - * - */ public Output> baseUrl() { return Codegen.optional(this.baseUrl); } - /** - * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - */ @Export(name="canonicalizationMethod", refs={String.class}, tree="[0]") private Output canonicalizationMethod; - /** - * @return The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - */ public Output> canonicalizationMethod() { return Codegen.optional(this.canonicalizationMethod); } - /** - * The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; - /** - * @return The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - */ public Output clientId() { return this.clientId; } - /** - * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - */ @Export(name="clientSignatureRequired", refs={Boolean.class}, tree="[0]") private Output clientSignatureRequired; - /** - * @return When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - */ public Output> clientSignatureRequired() { return Codegen.optional(this.clientSignatureRequired); } - /** - * The description of this client in the GUI. - * - */ @Export(name="description", refs={String.class}, tree="[0]") private Output description; - /** - * @return The description of this client in the GUI. - * - */ public Output> description() { return Codegen.optional(this.description); } - /** - * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ @Export(name="enabled", refs={Boolean.class}, tree="[0]") private Output enabled; - /** - * @return When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ public Output> enabled() { return Codegen.optional(this.enabled); } - /** - * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - */ @Export(name="encryptAssertions", refs={Boolean.class}, tree="[0]") private Output encryptAssertions; - /** - * @return When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - */ public Output> encryptAssertions() { return Codegen.optional(this.encryptAssertions); } - /** - * If assertions for the client are encrypted, this certificate will be used for encryption. - * - */ @Export(name="encryptionCertificate", refs={String.class}, tree="[0]") private Output encryptionCertificate; - /** - * @return If assertions for the client are encrypted, this certificate will be used for encryption. - * - */ public Output encryptionCertificate() { return this.encryptionCertificate; } - /** - * (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - * - */ @Export(name="encryptionCertificateSha1", refs={String.class}, tree="[0]") private Output encryptionCertificateSha1; - /** - * @return (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - * - */ public Output encryptionCertificateSha1() { return this.encryptionCertificateSha1; } @@ -259,339 +192,147 @@ public Output encryptionCertificateSha1() { public Output>> extraConfig() { return Codegen.optional(this.extraConfig); } - /** - * Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - */ @Export(name="forceNameIdFormat", refs={Boolean.class}, tree="[0]") private Output forceNameIdFormat; - /** - * @return Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - */ public Output> forceNameIdFormat() { return Codegen.optional(this.forceNameIdFormat); } - /** - * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - */ @Export(name="forcePostBinding", refs={Boolean.class}, tree="[0]") private Output forcePostBinding; - /** - * @return When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - */ public Output> forcePostBinding() { return Codegen.optional(this.forcePostBinding); } - /** - * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - */ @Export(name="frontChannelLogout", refs={Boolean.class}, tree="[0]") private Output frontChannelLogout; - /** - * @return When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - */ public Output> frontChannelLogout() { return Codegen.optional(this.frontChannelLogout); } - /** - * Allow to include all roles mappings in the access token - * - */ @Export(name="fullScopeAllowed", refs={Boolean.class}, tree="[0]") private Output fullScopeAllowed; - /** - * @return Allow to include all roles mappings in the access token - * - */ public Output> fullScopeAllowed() { return Codegen.optional(this.fullScopeAllowed); } - /** - * Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - */ @Export(name="idpInitiatedSsoRelayState", refs={String.class}, tree="[0]") private Output idpInitiatedSsoRelayState; - /** - * @return Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - */ public Output> idpInitiatedSsoRelayState() { return Codegen.optional(this.idpInitiatedSsoRelayState); } - /** - * URL fragment name to reference client when you want to do IDP Initiated SSO. - * - */ @Export(name="idpInitiatedSsoUrlName", refs={String.class}, tree="[0]") private Output idpInitiatedSsoUrlName; - /** - * @return URL fragment name to reference client when you want to do IDP Initiated SSO. - * - */ public Output> idpInitiatedSsoUrlName() { return Codegen.optional(this.idpInitiatedSsoUrlName); } - /** - * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - */ @Export(name="includeAuthnStatement", refs={Boolean.class}, tree="[0]") private Output includeAuthnStatement; - /** - * @return When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - */ public Output> includeAuthnStatement() { return Codegen.optional(this.includeAuthnStatement); } - /** - * The login theme of this client. - * - */ @Export(name="loginTheme", refs={String.class}, tree="[0]") private Output loginTheme; - /** - * @return The login theme of this client. - * - */ public Output> loginTheme() { return Codegen.optional(this.loginTheme); } - /** - * SAML POST Binding URL for the client's single logout service. - * - */ @Export(name="logoutServicePostBindingUrl", refs={String.class}, tree="[0]") private Output logoutServicePostBindingUrl; - /** - * @return SAML POST Binding URL for the client's single logout service. - * - */ public Output> logoutServicePostBindingUrl() { return Codegen.optional(this.logoutServicePostBindingUrl); } - /** - * SAML Redirect Binding URL for the client's single logout service. - * - */ @Export(name="logoutServiceRedirectBindingUrl", refs={String.class}, tree="[0]") private Output logoutServiceRedirectBindingUrl; - /** - * @return SAML Redirect Binding URL for the client's single logout service. - * - */ public Output> logoutServiceRedirectBindingUrl() { return Codegen.optional(this.logoutServiceRedirectBindingUrl); } - /** - * When specified, this URL will be used for all SAML requests. - * - */ @Export(name="masterSamlProcessingUrl", refs={String.class}, tree="[0]") private Output masterSamlProcessingUrl; - /** - * @return When specified, this URL will be used for all SAML requests. - * - */ public Output> masterSamlProcessingUrl() { return Codegen.optional(this.masterSamlProcessingUrl); } - /** - * The display name of this client in the GUI. - * - */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; - /** - * @return The display name of this client in the GUI. - * - */ public Output name() { return this.name; } - /** - * Sets the Name ID format for the subject. - * - */ @Export(name="nameIdFormat", refs={String.class}, tree="[0]") private Output nameIdFormat; - /** - * @return Sets the Name ID format for the subject. - * - */ public Output nameIdFormat() { return this.nameIdFormat; } - /** - * The realm this client is attached to. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this client is attached to. - * - */ public Output realmId() { return this.realmId; } - /** - * When specified, this value is prepended to all relative URLs. - * - */ @Export(name="rootUrl", refs={String.class}, tree="[0]") private Output rootUrl; - /** - * @return When specified, this value is prepended to all relative URLs. - * - */ public Output> rootUrl() { return Codegen.optional(this.rootUrl); } - /** - * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - */ @Export(name="signAssertions", refs={Boolean.class}, tree="[0]") private Output signAssertions; - /** - * @return When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - */ public Output> signAssertions() { return Codegen.optional(this.signAssertions); } - /** - * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - */ @Export(name="signDocuments", refs={Boolean.class}, tree="[0]") private Output signDocuments; - /** - * @return When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - */ public Output> signDocuments() { return Codegen.optional(this.signDocuments); } - /** - * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - */ @Export(name="signatureAlgorithm", refs={String.class}, tree="[0]") private Output signatureAlgorithm; - /** - * @return The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - */ public Output> signatureAlgorithm() { return Codegen.optional(this.signatureAlgorithm); } - /** - * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - */ @Export(name="signatureKeyName", refs={String.class}, tree="[0]") private Output signatureKeyName; - /** - * @return The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - */ public Output> signatureKeyName() { return Codegen.optional(this.signatureKeyName); } - /** - * If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - */ @Export(name="signingCertificate", refs={String.class}, tree="[0]") private Output signingCertificate; - /** - * @return If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - */ public Output signingCertificate() { return this.signingCertificate; } - /** - * (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - * - */ @Export(name="signingCertificateSha1", refs={String.class}, tree="[0]") private Output signingCertificateSha1; - /** - * @return (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - * - */ public Output signingCertificateSha1() { return this.signingCertificateSha1; } - /** - * If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - */ @Export(name="signingPrivateKey", refs={String.class}, tree="[0]") private Output signingPrivateKey; - /** - * @return If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - */ public Output signingPrivateKey() { return this.signingPrivateKey; } - /** - * (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - * - */ @Export(name="signingPrivateKeySha1", refs={String.class}, tree="[0]") private Output signingPrivateKeySha1; - /** - * @return (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - * - */ public Output signingPrivateKeySha1() { return this.signingPrivateKeySha1; } - /** - * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - */ @Export(name="validRedirectUris", refs={List.class,String.class}, tree="[0,1]") private Output> validRedirectUris; - /** - * @return When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - */ public Output>> validRedirectUris() { return Codegen.optional(this.validRedirectUris); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientArgs.java index 6eba2706..d675a52c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientArgs.java @@ -21,167 +21,79 @@ public final class ClientArgs extends com.pulumi.resources.ResourceArgs { public static final ClientArgs Empty = new ClientArgs(); - /** - * SAML POST Binding URL for the client's assertion consumer service (login responses). - * - */ @Import(name="assertionConsumerPostUrl") private @Nullable Output assertionConsumerPostUrl; - /** - * @return SAML POST Binding URL for the client's assertion consumer service (login responses). - * - */ public Optional> assertionConsumerPostUrl() { return Optional.ofNullable(this.assertionConsumerPostUrl); } - /** - * SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - */ @Import(name="assertionConsumerRedirectUrl") private @Nullable Output assertionConsumerRedirectUrl; - /** - * @return SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - */ public Optional> assertionConsumerRedirectUrl() { return Optional.ofNullable(this.assertionConsumerRedirectUrl); } - /** - * Override realm authentication flow bindings - * - */ @Import(name="authenticationFlowBindingOverrides") private @Nullable Output authenticationFlowBindingOverrides; - /** - * @return Override realm authentication flow bindings - * - */ public Optional> authenticationFlowBindingOverrides() { return Optional.ofNullable(this.authenticationFlowBindingOverrides); } - /** - * When specified, this URL will be used whenever Keycloak needs to link to this client. - * - */ @Import(name="baseUrl") private @Nullable Output baseUrl; - /** - * @return When specified, this URL will be used whenever Keycloak needs to link to this client. - * - */ public Optional> baseUrl() { return Optional.ofNullable(this.baseUrl); } - /** - * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - */ @Import(name="canonicalizationMethod") private @Nullable Output canonicalizationMethod; - /** - * @return The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - */ public Optional> canonicalizationMethod() { return Optional.ofNullable(this.canonicalizationMethod); } - /** - * The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - */ @Import(name="clientId", required=true) private Output clientId; - /** - * @return The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - */ public Output clientId() { return this.clientId; } - /** - * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - */ @Import(name="clientSignatureRequired") private @Nullable Output clientSignatureRequired; - /** - * @return When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - */ public Optional> clientSignatureRequired() { return Optional.ofNullable(this.clientSignatureRequired); } - /** - * The description of this client in the GUI. - * - */ @Import(name="description") private @Nullable Output description; - /** - * @return The description of this client in the GUI. - * - */ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ @Import(name="enabled") private @Nullable Output enabled; - /** - * @return When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ public Optional> enabled() { return Optional.ofNullable(this.enabled); } - /** - * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - */ @Import(name="encryptAssertions") private @Nullable Output encryptAssertions; - /** - * @return When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - */ public Optional> encryptAssertions() { return Optional.ofNullable(this.encryptAssertions); } - /** - * If assertions for the client are encrypted, this certificate will be used for encryption. - * - */ @Import(name="encryptionCertificate") private @Nullable Output encryptionCertificate; - /** - * @return If assertions for the client are encrypted, this certificate will be used for encryption. - * - */ public Optional> encryptionCertificate() { return Optional.ofNullable(this.encryptionCertificate); } @@ -193,332 +105,156 @@ public Optional>> extraConfig() { return Optional.ofNullable(this.extraConfig); } - /** - * Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - */ @Import(name="forceNameIdFormat") private @Nullable Output forceNameIdFormat; - /** - * @return Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - */ public Optional> forceNameIdFormat() { return Optional.ofNullable(this.forceNameIdFormat); } - /** - * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - */ @Import(name="forcePostBinding") private @Nullable Output forcePostBinding; - /** - * @return When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - */ public Optional> forcePostBinding() { return Optional.ofNullable(this.forcePostBinding); } - /** - * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - */ @Import(name="frontChannelLogout") private @Nullable Output frontChannelLogout; - /** - * @return When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - */ public Optional> frontChannelLogout() { return Optional.ofNullable(this.frontChannelLogout); } - /** - * Allow to include all roles mappings in the access token - * - */ @Import(name="fullScopeAllowed") private @Nullable Output fullScopeAllowed; - /** - * @return Allow to include all roles mappings in the access token - * - */ public Optional> fullScopeAllowed() { return Optional.ofNullable(this.fullScopeAllowed); } - /** - * Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - */ @Import(name="idpInitiatedSsoRelayState") private @Nullable Output idpInitiatedSsoRelayState; - /** - * @return Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - */ public Optional> idpInitiatedSsoRelayState() { return Optional.ofNullable(this.idpInitiatedSsoRelayState); } - /** - * URL fragment name to reference client when you want to do IDP Initiated SSO. - * - */ @Import(name="idpInitiatedSsoUrlName") private @Nullable Output idpInitiatedSsoUrlName; - /** - * @return URL fragment name to reference client when you want to do IDP Initiated SSO. - * - */ public Optional> idpInitiatedSsoUrlName() { return Optional.ofNullable(this.idpInitiatedSsoUrlName); } - /** - * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - */ @Import(name="includeAuthnStatement") private @Nullable Output includeAuthnStatement; - /** - * @return When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - */ public Optional> includeAuthnStatement() { return Optional.ofNullable(this.includeAuthnStatement); } - /** - * The login theme of this client. - * - */ @Import(name="loginTheme") private @Nullable Output loginTheme; - /** - * @return The login theme of this client. - * - */ public Optional> loginTheme() { return Optional.ofNullable(this.loginTheme); } - /** - * SAML POST Binding URL for the client's single logout service. - * - */ @Import(name="logoutServicePostBindingUrl") private @Nullable Output logoutServicePostBindingUrl; - /** - * @return SAML POST Binding URL for the client's single logout service. - * - */ public Optional> logoutServicePostBindingUrl() { return Optional.ofNullable(this.logoutServicePostBindingUrl); } - /** - * SAML Redirect Binding URL for the client's single logout service. - * - */ @Import(name="logoutServiceRedirectBindingUrl") private @Nullable Output logoutServiceRedirectBindingUrl; - /** - * @return SAML Redirect Binding URL for the client's single logout service. - * - */ public Optional> logoutServiceRedirectBindingUrl() { return Optional.ofNullable(this.logoutServiceRedirectBindingUrl); } - /** - * When specified, this URL will be used for all SAML requests. - * - */ @Import(name="masterSamlProcessingUrl") private @Nullable Output masterSamlProcessingUrl; - /** - * @return When specified, this URL will be used for all SAML requests. - * - */ public Optional> masterSamlProcessingUrl() { return Optional.ofNullable(this.masterSamlProcessingUrl); } - /** - * The display name of this client in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this client in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * Sets the Name ID format for the subject. - * - */ @Import(name="nameIdFormat") private @Nullable Output nameIdFormat; - /** - * @return Sets the Name ID format for the subject. - * - */ public Optional> nameIdFormat() { return Optional.ofNullable(this.nameIdFormat); } - /** - * The realm this client is attached to. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this client is attached to. - * - */ public Output realmId() { return this.realmId; } - /** - * When specified, this value is prepended to all relative URLs. - * - */ @Import(name="rootUrl") private @Nullable Output rootUrl; - /** - * @return When specified, this value is prepended to all relative URLs. - * - */ public Optional> rootUrl() { return Optional.ofNullable(this.rootUrl); } - /** - * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - */ @Import(name="signAssertions") private @Nullable Output signAssertions; - /** - * @return When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - */ public Optional> signAssertions() { return Optional.ofNullable(this.signAssertions); } - /** - * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - */ @Import(name="signDocuments") private @Nullable Output signDocuments; - /** - * @return When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - */ public Optional> signDocuments() { return Optional.ofNullable(this.signDocuments); } - /** - * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - */ @Import(name="signatureAlgorithm") private @Nullable Output signatureAlgorithm; - /** - * @return The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - */ public Optional> signatureAlgorithm() { return Optional.ofNullable(this.signatureAlgorithm); } - /** - * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - */ @Import(name="signatureKeyName") private @Nullable Output signatureKeyName; - /** - * @return The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - */ public Optional> signatureKeyName() { return Optional.ofNullable(this.signatureKeyName); } - /** - * If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - */ @Import(name="signingCertificate") private @Nullable Output signingCertificate; - /** - * @return If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - */ public Optional> signingCertificate() { return Optional.ofNullable(this.signingCertificate); } - /** - * If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - */ @Import(name="signingPrivateKey") private @Nullable Output signingPrivateKey; - /** - * @return If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - */ public Optional> signingPrivateKey() { return Optional.ofNullable(this.signingPrivateKey); } - /** - * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - */ @Import(name="validRedirectUris") private @Nullable Output> validRedirectUris; - /** - * @return When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - */ public Optional>> validRedirectUris() { return Optional.ofNullable(this.validRedirectUris); } @@ -580,233 +316,101 @@ public Builder(ClientArgs defaults) { $ = new ClientArgs(Objects.requireNonNull(defaults)); } - /** - * @param assertionConsumerPostUrl SAML POST Binding URL for the client's assertion consumer service (login responses). - * - * @return builder - * - */ public Builder assertionConsumerPostUrl(@Nullable Output assertionConsumerPostUrl) { $.assertionConsumerPostUrl = assertionConsumerPostUrl; return this; } - /** - * @param assertionConsumerPostUrl SAML POST Binding URL for the client's assertion consumer service (login responses). - * - * @return builder - * - */ public Builder assertionConsumerPostUrl(String assertionConsumerPostUrl) { return assertionConsumerPostUrl(Output.of(assertionConsumerPostUrl)); } - /** - * @param assertionConsumerRedirectUrl SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - * @return builder - * - */ public Builder assertionConsumerRedirectUrl(@Nullable Output assertionConsumerRedirectUrl) { $.assertionConsumerRedirectUrl = assertionConsumerRedirectUrl; return this; } - /** - * @param assertionConsumerRedirectUrl SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - * @return builder - * - */ public Builder assertionConsumerRedirectUrl(String assertionConsumerRedirectUrl) { return assertionConsumerRedirectUrl(Output.of(assertionConsumerRedirectUrl)); } - /** - * @param authenticationFlowBindingOverrides Override realm authentication flow bindings - * - * @return builder - * - */ public Builder authenticationFlowBindingOverrides(@Nullable Output authenticationFlowBindingOverrides) { $.authenticationFlowBindingOverrides = authenticationFlowBindingOverrides; return this; } - /** - * @param authenticationFlowBindingOverrides Override realm authentication flow bindings - * - * @return builder - * - */ public Builder authenticationFlowBindingOverrides(ClientAuthenticationFlowBindingOverridesArgs authenticationFlowBindingOverrides) { return authenticationFlowBindingOverrides(Output.of(authenticationFlowBindingOverrides)); } - /** - * @param baseUrl When specified, this URL will be used whenever Keycloak needs to link to this client. - * - * @return builder - * - */ public Builder baseUrl(@Nullable Output baseUrl) { $.baseUrl = baseUrl; return this; } - /** - * @param baseUrl When specified, this URL will be used whenever Keycloak needs to link to this client. - * - * @return builder - * - */ public Builder baseUrl(String baseUrl) { return baseUrl(Output.of(baseUrl)); } - /** - * @param canonicalizationMethod The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - * @return builder - * - */ public Builder canonicalizationMethod(@Nullable Output canonicalizationMethod) { $.canonicalizationMethod = canonicalizationMethod; return this; } - /** - * @param canonicalizationMethod The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - * @return builder - * - */ public Builder canonicalizationMethod(String canonicalizationMethod) { return canonicalizationMethod(Output.of(canonicalizationMethod)); } - /** - * @param clientId The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - * @return builder - * - */ public Builder clientId(Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param clientSignatureRequired When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - * @return builder - * - */ public Builder clientSignatureRequired(@Nullable Output clientSignatureRequired) { $.clientSignatureRequired = clientSignatureRequired; return this; } - /** - * @param clientSignatureRequired When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - * @return builder - * - */ public Builder clientSignatureRequired(Boolean clientSignatureRequired) { return clientSignatureRequired(Output.of(clientSignatureRequired)); } - /** - * @param description The description of this client in the GUI. - * - * @return builder - * - */ public Builder description(@Nullable Output description) { $.description = description; return this; } - /** - * @param description The description of this client in the GUI. - * - * @return builder - * - */ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param enabled When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(@Nullable Output enabled) { $.enabled = enabled; return this; } - /** - * @param enabled When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(Boolean enabled) { return enabled(Output.of(enabled)); } - /** - * @param encryptAssertions When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - * @return builder - * - */ public Builder encryptAssertions(@Nullable Output encryptAssertions) { $.encryptAssertions = encryptAssertions; return this; } - /** - * @param encryptAssertions When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - * @return builder - * - */ public Builder encryptAssertions(Boolean encryptAssertions) { return encryptAssertions(Output.of(encryptAssertions)); } - /** - * @param encryptionCertificate If assertions for the client are encrypted, this certificate will be used for encryption. - * - * @return builder - * - */ public Builder encryptionCertificate(@Nullable Output encryptionCertificate) { $.encryptionCertificate = encryptionCertificate; return this; } - /** - * @param encryptionCertificate If assertions for the client are encrypted, this certificate will be used for encryption. - * - * @return builder - * - */ public Builder encryptionCertificate(String encryptionCertificate) { return encryptionCertificate(Output.of(encryptionCertificate)); } @@ -820,474 +424,204 @@ public Builder extraConfig(Map extraConfig) { return extraConfig(Output.of(extraConfig)); } - /** - * @param forceNameIdFormat Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - * @return builder - * - */ public Builder forceNameIdFormat(@Nullable Output forceNameIdFormat) { $.forceNameIdFormat = forceNameIdFormat; return this; } - /** - * @param forceNameIdFormat Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - * @return builder - * - */ public Builder forceNameIdFormat(Boolean forceNameIdFormat) { return forceNameIdFormat(Output.of(forceNameIdFormat)); } - /** - * @param forcePostBinding When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - * @return builder - * - */ public Builder forcePostBinding(@Nullable Output forcePostBinding) { $.forcePostBinding = forcePostBinding; return this; } - /** - * @param forcePostBinding When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - * @return builder - * - */ public Builder forcePostBinding(Boolean forcePostBinding) { return forcePostBinding(Output.of(forcePostBinding)); } - /** - * @param frontChannelLogout When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - * @return builder - * - */ public Builder frontChannelLogout(@Nullable Output frontChannelLogout) { $.frontChannelLogout = frontChannelLogout; return this; } - /** - * @param frontChannelLogout When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - * @return builder - * - */ public Builder frontChannelLogout(Boolean frontChannelLogout) { return frontChannelLogout(Output.of(frontChannelLogout)); } - /** - * @param fullScopeAllowed Allow to include all roles mappings in the access token - * - * @return builder - * - */ public Builder fullScopeAllowed(@Nullable Output fullScopeAllowed) { $.fullScopeAllowed = fullScopeAllowed; return this; } - /** - * @param fullScopeAllowed Allow to include all roles mappings in the access token - * - * @return builder - * - */ public Builder fullScopeAllowed(Boolean fullScopeAllowed) { return fullScopeAllowed(Output.of(fullScopeAllowed)); } - /** - * @param idpInitiatedSsoRelayState Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - * @return builder - * - */ public Builder idpInitiatedSsoRelayState(@Nullable Output idpInitiatedSsoRelayState) { $.idpInitiatedSsoRelayState = idpInitiatedSsoRelayState; return this; } - /** - * @param idpInitiatedSsoRelayState Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - * @return builder - * - */ public Builder idpInitiatedSsoRelayState(String idpInitiatedSsoRelayState) { return idpInitiatedSsoRelayState(Output.of(idpInitiatedSsoRelayState)); } - /** - * @param idpInitiatedSsoUrlName URL fragment name to reference client when you want to do IDP Initiated SSO. - * - * @return builder - * - */ public Builder idpInitiatedSsoUrlName(@Nullable Output idpInitiatedSsoUrlName) { $.idpInitiatedSsoUrlName = idpInitiatedSsoUrlName; return this; } - /** - * @param idpInitiatedSsoUrlName URL fragment name to reference client when you want to do IDP Initiated SSO. - * - * @return builder - * - */ public Builder idpInitiatedSsoUrlName(String idpInitiatedSsoUrlName) { return idpInitiatedSsoUrlName(Output.of(idpInitiatedSsoUrlName)); } - /** - * @param includeAuthnStatement When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - * @return builder - * - */ public Builder includeAuthnStatement(@Nullable Output includeAuthnStatement) { $.includeAuthnStatement = includeAuthnStatement; return this; } - /** - * @param includeAuthnStatement When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - * @return builder - * - */ public Builder includeAuthnStatement(Boolean includeAuthnStatement) { return includeAuthnStatement(Output.of(includeAuthnStatement)); } - /** - * @param loginTheme The login theme of this client. - * - * @return builder - * - */ public Builder loginTheme(@Nullable Output loginTheme) { $.loginTheme = loginTheme; return this; } - /** - * @param loginTheme The login theme of this client. - * - * @return builder - * - */ public Builder loginTheme(String loginTheme) { return loginTheme(Output.of(loginTheme)); } - /** - * @param logoutServicePostBindingUrl SAML POST Binding URL for the client's single logout service. - * - * @return builder - * - */ public Builder logoutServicePostBindingUrl(@Nullable Output logoutServicePostBindingUrl) { $.logoutServicePostBindingUrl = logoutServicePostBindingUrl; return this; } - /** - * @param logoutServicePostBindingUrl SAML POST Binding URL for the client's single logout service. - * - * @return builder - * - */ public Builder logoutServicePostBindingUrl(String logoutServicePostBindingUrl) { return logoutServicePostBindingUrl(Output.of(logoutServicePostBindingUrl)); } - /** - * @param logoutServiceRedirectBindingUrl SAML Redirect Binding URL for the client's single logout service. - * - * @return builder - * - */ public Builder logoutServiceRedirectBindingUrl(@Nullable Output logoutServiceRedirectBindingUrl) { $.logoutServiceRedirectBindingUrl = logoutServiceRedirectBindingUrl; return this; } - /** - * @param logoutServiceRedirectBindingUrl SAML Redirect Binding URL for the client's single logout service. - * - * @return builder - * - */ public Builder logoutServiceRedirectBindingUrl(String logoutServiceRedirectBindingUrl) { return logoutServiceRedirectBindingUrl(Output.of(logoutServiceRedirectBindingUrl)); } - /** - * @param masterSamlProcessingUrl When specified, this URL will be used for all SAML requests. - * - * @return builder - * - */ public Builder masterSamlProcessingUrl(@Nullable Output masterSamlProcessingUrl) { $.masterSamlProcessingUrl = masterSamlProcessingUrl; return this; } - /** - * @param masterSamlProcessingUrl When specified, this URL will be used for all SAML requests. - * - * @return builder - * - */ public Builder masterSamlProcessingUrl(String masterSamlProcessingUrl) { return masterSamlProcessingUrl(Output.of(masterSamlProcessingUrl)); } - /** - * @param name The display name of this client in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this client in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param nameIdFormat Sets the Name ID format for the subject. - * - * @return builder - * - */ public Builder nameIdFormat(@Nullable Output nameIdFormat) { $.nameIdFormat = nameIdFormat; return this; } - /** - * @param nameIdFormat Sets the Name ID format for the subject. - * - * @return builder - * - */ public Builder nameIdFormat(String nameIdFormat) { return nameIdFormat(Output.of(nameIdFormat)); } - /** - * @param realmId The realm this client is attached to. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client is attached to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param rootUrl When specified, this value is prepended to all relative URLs. - * - * @return builder - * - */ public Builder rootUrl(@Nullable Output rootUrl) { $.rootUrl = rootUrl; return this; } - /** - * @param rootUrl When specified, this value is prepended to all relative URLs. - * - * @return builder - * - */ public Builder rootUrl(String rootUrl) { return rootUrl(Output.of(rootUrl)); } - /** - * @param signAssertions When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - * @return builder - * - */ public Builder signAssertions(@Nullable Output signAssertions) { $.signAssertions = signAssertions; return this; } - /** - * @param signAssertions When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - * @return builder - * - */ public Builder signAssertions(Boolean signAssertions) { return signAssertions(Output.of(signAssertions)); } - /** - * @param signDocuments When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - * @return builder - * - */ public Builder signDocuments(@Nullable Output signDocuments) { $.signDocuments = signDocuments; return this; } - /** - * @param signDocuments When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - * @return builder - * - */ public Builder signDocuments(Boolean signDocuments) { return signDocuments(Output.of(signDocuments)); } - /** - * @param signatureAlgorithm The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - * @return builder - * - */ public Builder signatureAlgorithm(@Nullable Output signatureAlgorithm) { $.signatureAlgorithm = signatureAlgorithm; return this; } - /** - * @param signatureAlgorithm The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - * @return builder - * - */ public Builder signatureAlgorithm(String signatureAlgorithm) { return signatureAlgorithm(Output.of(signatureAlgorithm)); } - /** - * @param signatureKeyName The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - * @return builder - * - */ public Builder signatureKeyName(@Nullable Output signatureKeyName) { $.signatureKeyName = signatureKeyName; return this; } - /** - * @param signatureKeyName The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - * @return builder - * - */ public Builder signatureKeyName(String signatureKeyName) { return signatureKeyName(Output.of(signatureKeyName)); } - /** - * @param signingCertificate If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - * @return builder - * - */ public Builder signingCertificate(@Nullable Output signingCertificate) { $.signingCertificate = signingCertificate; return this; } - /** - * @param signingCertificate If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - * @return builder - * - */ public Builder signingCertificate(String signingCertificate) { return signingCertificate(Output.of(signingCertificate)); } - /** - * @param signingPrivateKey If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - * @return builder - * - */ public Builder signingPrivateKey(@Nullable Output signingPrivateKey) { $.signingPrivateKey = signingPrivateKey; return this; } - /** - * @param signingPrivateKey If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - * @return builder - * - */ public Builder signingPrivateKey(String signingPrivateKey) { return signingPrivateKey(Output.of(signingPrivateKey)); } - /** - * @param validRedirectUris When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - * @return builder - * - */ public Builder validRedirectUris(@Nullable Output> validRedirectUris) { $.validRedirectUris = validRedirectUris; return this; } - /** - * @param validRedirectUris When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - * @return builder - * - */ public Builder validRedirectUris(List validRedirectUris) { return validRedirectUris(Output.of(validRedirectUris)); } - /** - * @param validRedirectUris When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - * @return builder - * - */ public Builder validRedirectUris(String... validRedirectUris) { return validRedirectUris(List.of(validRedirectUris)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientDefaultScope.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientDefaultScope.java index 800d18ea..1bbabccf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientDefaultScope.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientDefaultScope.java @@ -16,6 +16,8 @@ /** * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -73,12 +75,13 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist * - * on the server. + * on the server. * */ @ResourceType(type="keycloak:saml/clientDefaultScope:ClientDefaultScope") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientScope.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientScope.java index de58d25a..8f89698b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientScope.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientScope.java @@ -21,6 +21,8 @@ * Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -58,16 +60,17 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak * - * assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + * assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java index d47a71ed..66e2e7b9 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java @@ -19,19 +19,21 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing SAML Identity Providers within Keycloak. + * ## # keycloak.saml.IdentityProvider * - * SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol. + * Allows to create and manage SAML Identity Providers within Keycloak. * - * ## Example Usage + * SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard. + * + * ### Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * * import com.pulumi.Context; * import com.pulumi.Pulumi; * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; * import com.pulumi.keycloak.saml.IdentityProvider; * import com.pulumi.keycloak.saml.IdentityProviderArgs; * import java.util.List; @@ -47,166 +49,189 @@ * } * * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); - * - * var realmSamlIdentityProvider = new IdentityProvider("realmSamlIdentityProvider", IdentityProviderArgs.builder() - * .realm(realm.id()) - * .alias("my-saml-idp") - * .entityId("https://domain.com/entity_id") - * .singleSignOnServiceUrl("https://domain.com/adfs/ls/") - * .singleLogoutServiceUrl("https://domain.com/adfs/ls/?wa=wsignout1.0") + * var realmIdentityProvider = new IdentityProvider("realmIdentityProvider", IdentityProviderArgs.builder() + * .alias("my-idp") * .backchannelSupported(true) - * .postBindingResponse(true) - * .postBindingLogout(true) + * .forceAuthn(true) * .postBindingAuthnRequest(true) + * .postBindingLogout(true) + * .postBindingResponse(true) + * .realm("my-realm") + * .singleLogoutServiceUrl("https://domain.com/adfs/ls/?wa=wsignout1.0") + * .singleSignOnServiceUrl("https://domain.com/adfs/ls/") * .storeToken(false) * .trustEmail(true) - * .forceAuthn(true) * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. + * The following arguments are supported: * - * Example: + * - `realm` - (Required) The name of the realm. This is unique across Keycloak. + * - `alias` - (Optional) The uniq name of identity provider. + * - `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`. + * - `display_name` - (Optional) The display name for the realm that is shown when logging in to the admin console. + * - `store_token` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`. + * - `add_read_token_role_on_create` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`. + * - `trust_email` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`. + * - `link_only` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`. + * - `hide_on_login_page` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * - `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * - `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * - `authenticate_by_default` - (Optional) Authenticate users by default. Defaults to `false`. * - * bash + * #### SAML Configuration * - * ```sh - * $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp - * ``` + * - `single_sign_on_service_url` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest). + * - `single_logout_service_url` - (Optional) The Url that must be used to send logout requests. + * - `backchannel_supported` - (Optional) Does the external IDP support back-channel logout ?. + * - `name_id_policy_format` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * - `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * - `post_binding_authn_request` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * - `post_binding_logout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * - `want_assertions_signed` - (Optional) Indicates whether this service provider expects a signed Assertion. + * - `want_assertions_encrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion. + * - `force_authn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * - `validate_signature` - (Optional) Enable/disable signature validation of SAML responses. + * - `signing_certificate` - (Optional) Signing Certificate. + * - `signature_algorithm` - (Optional) Signing Algorithm. Defaults to empty. + * - `xml_sign_key_info_key_name_transformer` - (Optional) Sign Key Transformer. Defaults to empty. + * + * ### Import + * + * Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. + * + * Example: * */ @ResourceType(type="keycloak:saml/identityProvider:IdentityProvider") public class IdentityProvider extends com.pulumi.resources.CustomResource { /** - * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * */ @Export(name="addReadTokenRoleOnCreate", refs={Boolean.class}, tree="[0]") private Output addReadTokenRoleOnCreate; /** - * @return When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * @return Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * */ public Output> addReadTokenRoleOnCreate() { return Codegen.optional(this.addReadTokenRoleOnCreate); } /** - * The unique name of identity provider. + * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * */ @Export(name="alias", refs={String.class}, tree="[0]") private Output alias; /** - * @return The unique name of identity provider. + * @return The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * */ public Output alias() { return this.alias; } /** - * Authenticate users by default. Defaults to `false`. + * Enable/disable authenticate users by default. * */ @Export(name="authenticateByDefault", refs={Boolean.class}, tree="[0]") private Output authenticateByDefault; /** - * @return Authenticate users by default. Defaults to `false`. + * @return Enable/disable authenticate users by default. * */ public Output> authenticateByDefault() { return Codegen.optional(this.authenticateByDefault); } /** - * Ordered list of requested AuthnContext ClassRefs. + * AuthnContext ClassRefs * */ @Export(name="authnContextClassRefs", refs={List.class,String.class}, tree="[0,1]") private Output> authnContextClassRefs; /** - * @return Ordered list of requested AuthnContext ClassRefs. + * @return AuthnContext ClassRefs * */ public Output>> authnContextClassRefs() { return Codegen.optional(this.authnContextClassRefs); } /** - * Specifies the comparison method used to evaluate the requested context classes or statements. + * AuthnContext Comparison * */ @Export(name="authnContextComparisonType", refs={String.class}, tree="[0]") private Output authnContextComparisonType; /** - * @return Specifies the comparison method used to evaluate the requested context classes or statements. + * @return AuthnContext Comparison * */ public Output> authnContextComparisonType() { return Codegen.optional(this.authnContextComparisonType); } /** - * Ordered list of requested AuthnContext DeclRefs. + * AuthnContext DeclRefs * */ @Export(name="authnContextDeclRefs", refs={List.class,String.class}, tree="[0,1]") private Output> authnContextDeclRefs; /** - * @return Ordered list of requested AuthnContext DeclRefs. + * @return AuthnContext DeclRefs * */ public Output>> authnContextDeclRefs() { return Codegen.optional(this.authnContextDeclRefs); } /** - * Does the external IDP support backchannel logout?. Defaults to `false`. + * Does the external IDP support backchannel logout? * */ @Export(name="backchannelSupported", refs={Boolean.class}, tree="[0]") private Output backchannelSupported; /** - * @return Does the external IDP support backchannel logout?. Defaults to `false`. + * @return Does the external IDP support backchannel logout? * */ public Output> backchannelSupported() { return Codegen.optional(this.backchannelSupported); } /** - * The display name for the realm that is shown when logging in to the admin console. + * Friendly name for Identity Providers. * */ @Export(name="displayName", refs={String.class}, tree="[0]") private Output displayName; /** - * @return The display name for the realm that is shown when logging in to the admin console. + * @return Friendly name for Identity Providers. * */ public Output> displayName() { return Codegen.optional(this.displayName); } /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * Enable/disable this identity provider. * */ @Export(name="enabled", refs={Boolean.class}, tree="[0]") private Output enabled; /** - * @return When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * @return Enable/disable this identity provider. * */ public Output> enabled() { @@ -233,56 +258,58 @@ public Output>> extraConfig() { return Codegen.optional(this.extraConfig); } /** - * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * */ @Export(name="firstBrokerLoginFlowAlias", refs={String.class}, tree="[0]") private Output firstBrokerLoginFlowAlias; /** - * @return Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * @return Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * */ public Output> firstBrokerLoginFlowAlias() { return Codegen.optional(this.firstBrokerLoginFlowAlias); } /** - * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * Require Force Authn. * */ @Export(name="forceAuthn", refs={Boolean.class}, tree="[0]") private Output forceAuthn; /** - * @return Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * @return Require Force Authn. * */ public Output> forceAuthn() { return Codegen.optional(this.forceAuthn); } /** - * A number defining the order of this identity provider in the GUI. + * GUI Order * */ @Export(name="guiOrder", refs={String.class}, tree="[0]") private Output guiOrder; /** - * @return A number defining the order of this identity provider in the GUI. + * @return GUI Order * */ public Output> guiOrder() { return Codegen.optional(this.guiOrder); } /** - * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * Hide On Login Page. * */ @Export(name="hideOnLoginPage", refs={Boolean.class}, tree="[0]") private Output hideOnLoginPage; /** - * @return If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * @return Hide On Login Page. * */ public Output> hideOnLoginPage() { @@ -303,14 +330,16 @@ public Output internalId() { return this.internalId; } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * */ @Export(name="linkOnly", refs={Boolean.class}, tree="[0]") private Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * */ public Output> linkOnly() { @@ -331,140 +360,146 @@ public Output> loginHint() { return Codegen.optional(this.loginHint); } /** - * Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * Name ID Policy Format. * */ @Export(name="nameIdPolicyFormat", refs={String.class}, tree="[0]") private Output nameIdPolicyFormat; /** - * @return Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * @return Name ID Policy Format. * */ public Output> nameIdPolicyFormat() { return Codegen.optional(this.nameIdPolicyFormat); } /** - * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Authn Request. * */ @Export(name="postBindingAuthnRequest", refs={Boolean.class}, tree="[0]") private Output postBindingAuthnRequest; /** - * @return Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @return Post Binding Authn Request. * */ public Output> postBindingAuthnRequest() { return Codegen.optional(this.postBindingAuthnRequest); } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Logout. * */ @Export(name="postBindingLogout", refs={Boolean.class}, tree="[0]") private Output postBindingLogout; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @return Post Binding Logout. * */ public Output> postBindingLogout() { return Codegen.optional(this.postBindingLogout); } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Post Binding Response. * */ @Export(name="postBindingResponse", refs={Boolean.class}, tree="[0]") private Output postBindingResponse; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @return Post Binding Response. * */ public Output> postBindingResponse() { return Codegen.optional(this.postBindingResponse); } /** - * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * */ @Export(name="postBrokerLoginFlowAlias", refs={String.class}, tree="[0]") private Output postBrokerLoginFlowAlias; /** - * @return Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * @return Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * */ public Output> postBrokerLoginFlowAlias() { return Codegen.optional(this.postBrokerLoginFlowAlias); } /** - * The principal attribute. + * Principal Attribute * */ @Export(name="principalAttribute", refs={String.class}, tree="[0]") private Output principalAttribute; /** - * @return The principal attribute. + * @return Principal Attribute * */ public Output> principalAttribute() { return Codegen.optional(this.principalAttribute); } /** - * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * Principal Type * */ @Export(name="principalType", refs={String.class}, tree="[0]") private Output principalType; /** - * @return The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * @return Principal Type * */ public Output> principalType() { return Codegen.optional(this.principalType); } /** - * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * provider id, is always saml, unless you have a custom implementation * */ @Export(name="providerId", refs={String.class}, tree="[0]") private Output providerId; /** - * @return The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * @return provider id, is always saml, unless you have a custom implementation * */ public Output> providerId() { return Codegen.optional(this.providerId); } /** - * The name of the realm. This is unique across Keycloak. + * Realm Name * */ @Export(name="realm", refs={String.class}, tree="[0]") private Output realm; /** - * @return The name of the realm. This is unique across Keycloak. + * @return Realm Name * */ public Output realm() { return this.realm; } /** - * Signing Algorithm. Defaults to empty. + * Signing Algorithm. * */ @Export(name="signatureAlgorithm", refs={String.class}, tree="[0]") private Output signatureAlgorithm; /** - * @return Signing Algorithm. Defaults to empty. + * @return Signing Algorithm. * */ public Output> signatureAlgorithm() { @@ -485,70 +520,70 @@ public Output> signingCertificate() { return Codegen.optional(this.signingCertificate); } /** - * The Url that must be used to send logout requests. + * Logout URL. * */ @Export(name="singleLogoutServiceUrl", refs={String.class}, tree="[0]") private Output singleLogoutServiceUrl; /** - * @return The Url that must be used to send logout requests. + * @return Logout URL. * */ public Output> singleLogoutServiceUrl() { return Codegen.optional(this.singleLogoutServiceUrl); } /** - * The Url that must be used to send authentication requests (SAML AuthnRequest). + * SSO Logout URL. * */ @Export(name="singleSignOnServiceUrl", refs={String.class}, tree="[0]") private Output singleSignOnServiceUrl; /** - * @return The Url that must be used to send authentication requests (SAML AuthnRequest). + * @return SSO Logout URL. * */ public Output singleSignOnServiceUrl() { return this.singleSignOnServiceUrl; } /** - * When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * Enable/disable if tokens must be stored after authenticating users. * */ @Export(name="storeToken", refs={Boolean.class}, tree="[0]") private Output storeToken; /** - * @return When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * @return Enable/disable if tokens must be stored after authenticating users. * */ public Output> storeToken() { return Codegen.optional(this.storeToken); } /** - * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * Sync Mode * */ @Export(name="syncMode", refs={String.class}, tree="[0]") private Output syncMode; /** - * @return The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * @return Sync Mode * */ public Output> syncMode() { return Codegen.optional(this.syncMode); } /** - * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * */ @Export(name="trustEmail", refs={Boolean.class}, tree="[0]") private Output trustEmail; /** - * @return When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * @return If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * */ public Output> trustEmail() { @@ -569,42 +604,42 @@ public Output> validateSignature() { return Codegen.optional(this.validateSignature); } /** - * Indicates whether this service provider expects an encrypted Assertion. + * Want Assertions Encrypted. * */ @Export(name="wantAssertionsEncrypted", refs={Boolean.class}, tree="[0]") private Output wantAssertionsEncrypted; /** - * @return Indicates whether this service provider expects an encrypted Assertion. + * @return Want Assertions Encrypted. * */ public Output> wantAssertionsEncrypted() { return Codegen.optional(this.wantAssertionsEncrypted); } /** - * Indicates whether this service provider expects a signed Assertion. + * Want Assertions Signed. * */ @Export(name="wantAssertionsSigned", refs={Boolean.class}, tree="[0]") private Output wantAssertionsSigned; /** - * @return Indicates whether this service provider expects a signed Assertion. + * @return Want Assertions Signed. * */ public Output> wantAssertionsSigned() { return Codegen.optional(this.wantAssertionsSigned); } /** - * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * Sign Key Transformer. * */ @Export(name="xmlSignKeyInfoKeyNameTransformer", refs={String.class}, tree="[0]") private Output xmlSignKeyInfoKeyNameTransformer; /** - * @return The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * @return Sign Key Transformer. * */ public Output> xmlSignKeyInfoKeyNameTransformer() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProviderArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProviderArgs.java index 86069f97..f08a5c20 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProviderArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProviderArgs.java @@ -21,14 +21,14 @@ public final class IdentityProviderArgs extends com.pulumi.resources.ResourceArg public static final IdentityProviderArgs Empty = new IdentityProviderArgs(); /** - * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * */ @Import(name="addReadTokenRoleOnCreate") private @Nullable Output addReadTokenRoleOnCreate; /** - * @return When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * @return Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * */ public Optional> addReadTokenRoleOnCreate() { @@ -36,14 +36,14 @@ public Optional> addReadTokenRoleOnCreate() { } /** - * The unique name of identity provider. + * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * */ @Import(name="alias", required=true) private Output alias; /** - * @return The unique name of identity provider. + * @return The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * */ public Output alias() { @@ -51,14 +51,14 @@ public Output alias() { } /** - * Authenticate users by default. Defaults to `false`. + * Enable/disable authenticate users by default. * */ @Import(name="authenticateByDefault") private @Nullable Output authenticateByDefault; /** - * @return Authenticate users by default. Defaults to `false`. + * @return Enable/disable authenticate users by default. * */ public Optional> authenticateByDefault() { @@ -66,14 +66,14 @@ public Optional> authenticateByDefault() { } /** - * Ordered list of requested AuthnContext ClassRefs. + * AuthnContext ClassRefs * */ @Import(name="authnContextClassRefs") private @Nullable Output> authnContextClassRefs; /** - * @return Ordered list of requested AuthnContext ClassRefs. + * @return AuthnContext ClassRefs * */ public Optional>> authnContextClassRefs() { @@ -81,14 +81,14 @@ public Optional>> authnContextClassRefs() { } /** - * Specifies the comparison method used to evaluate the requested context classes or statements. + * AuthnContext Comparison * */ @Import(name="authnContextComparisonType") private @Nullable Output authnContextComparisonType; /** - * @return Specifies the comparison method used to evaluate the requested context classes or statements. + * @return AuthnContext Comparison * */ public Optional> authnContextComparisonType() { @@ -96,14 +96,14 @@ public Optional> authnContextComparisonType() { } /** - * Ordered list of requested AuthnContext DeclRefs. + * AuthnContext DeclRefs * */ @Import(name="authnContextDeclRefs") private @Nullable Output> authnContextDeclRefs; /** - * @return Ordered list of requested AuthnContext DeclRefs. + * @return AuthnContext DeclRefs * */ public Optional>> authnContextDeclRefs() { @@ -111,14 +111,14 @@ public Optional>> authnContextDeclRefs() { } /** - * Does the external IDP support backchannel logout?. Defaults to `false`. + * Does the external IDP support backchannel logout? * */ @Import(name="backchannelSupported") private @Nullable Output backchannelSupported; /** - * @return Does the external IDP support backchannel logout?. Defaults to `false`. + * @return Does the external IDP support backchannel logout? * */ public Optional> backchannelSupported() { @@ -126,14 +126,14 @@ public Optional> backchannelSupported() { } /** - * The display name for the realm that is shown when logging in to the admin console. + * Friendly name for Identity Providers. * */ @Import(name="displayName") private @Nullable Output displayName; /** - * @return The display name for the realm that is shown when logging in to the admin console. + * @return Friendly name for Identity Providers. * */ public Optional> displayName() { @@ -141,14 +141,14 @@ public Optional> displayName() { } /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * Enable/disable this identity provider. * */ @Import(name="enabled") private @Nullable Output enabled; /** - * @return When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * @return Enable/disable this identity provider. * */ public Optional> enabled() { @@ -178,14 +178,16 @@ public Optional>> extraConfig() { } /** - * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * */ @Import(name="firstBrokerLoginFlowAlias") private @Nullable Output firstBrokerLoginFlowAlias; /** - * @return Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * @return Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * */ public Optional> firstBrokerLoginFlowAlias() { @@ -193,14 +195,14 @@ public Optional> firstBrokerLoginFlowAlias() { } /** - * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * Require Force Authn. * */ @Import(name="forceAuthn") private @Nullable Output forceAuthn; /** - * @return Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * @return Require Force Authn. * */ public Optional> forceAuthn() { @@ -208,14 +210,14 @@ public Optional> forceAuthn() { } /** - * A number defining the order of this identity provider in the GUI. + * GUI Order * */ @Import(name="guiOrder") private @Nullable Output guiOrder; /** - * @return A number defining the order of this identity provider in the GUI. + * @return GUI Order * */ public Optional> guiOrder() { @@ -223,14 +225,14 @@ public Optional> guiOrder() { } /** - * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * Hide On Login Page. * */ @Import(name="hideOnLoginPage") private @Nullable Output hideOnLoginPage; /** - * @return If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * @return Hide On Login Page. * */ public Optional> hideOnLoginPage() { @@ -238,14 +240,16 @@ public Optional> hideOnLoginPage() { } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * */ @Import(name="linkOnly") private @Nullable Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * */ public Optional> linkOnly() { @@ -268,14 +272,14 @@ public Optional> loginHint() { } /** - * Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * Name ID Policy Format. * */ @Import(name="nameIdPolicyFormat") private @Nullable Output nameIdPolicyFormat; /** - * @return Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * @return Name ID Policy Format. * */ public Optional> nameIdPolicyFormat() { @@ -283,14 +287,14 @@ public Optional> nameIdPolicyFormat() { } /** - * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Authn Request. * */ @Import(name="postBindingAuthnRequest") private @Nullable Output postBindingAuthnRequest; /** - * @return Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @return Post Binding Authn Request. * */ public Optional> postBindingAuthnRequest() { @@ -298,14 +302,14 @@ public Optional> postBindingAuthnRequest() { } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Logout. * */ @Import(name="postBindingLogout") private @Nullable Output postBindingLogout; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @return Post Binding Logout. * */ public Optional> postBindingLogout() { @@ -313,14 +317,14 @@ public Optional> postBindingLogout() { } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Post Binding Response. * */ @Import(name="postBindingResponse") private @Nullable Output postBindingResponse; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @return Post Binding Response. * */ public Optional> postBindingResponse() { @@ -328,14 +332,20 @@ public Optional> postBindingResponse() { } /** - * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * */ @Import(name="postBrokerLoginFlowAlias") private @Nullable Output postBrokerLoginFlowAlias; /** - * @return Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * @return Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * */ public Optional> postBrokerLoginFlowAlias() { @@ -343,14 +353,14 @@ public Optional> postBrokerLoginFlowAlias() { } /** - * The principal attribute. + * Principal Attribute * */ @Import(name="principalAttribute") private @Nullable Output principalAttribute; /** - * @return The principal attribute. + * @return Principal Attribute * */ public Optional> principalAttribute() { @@ -358,14 +368,14 @@ public Optional> principalAttribute() { } /** - * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * Principal Type * */ @Import(name="principalType") private @Nullable Output principalType; /** - * @return The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * @return Principal Type * */ public Optional> principalType() { @@ -373,14 +383,14 @@ public Optional> principalType() { } /** - * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * provider id, is always saml, unless you have a custom implementation * */ @Import(name="providerId") private @Nullable Output providerId; /** - * @return The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * @return provider id, is always saml, unless you have a custom implementation * */ public Optional> providerId() { @@ -388,14 +398,14 @@ public Optional> providerId() { } /** - * The name of the realm. This is unique across Keycloak. + * Realm Name * */ @Import(name="realm", required=true) private Output realm; /** - * @return The name of the realm. This is unique across Keycloak. + * @return Realm Name * */ public Output realm() { @@ -403,14 +413,14 @@ public Output realm() { } /** - * Signing Algorithm. Defaults to empty. + * Signing Algorithm. * */ @Import(name="signatureAlgorithm") private @Nullable Output signatureAlgorithm; /** - * @return Signing Algorithm. Defaults to empty. + * @return Signing Algorithm. * */ public Optional> signatureAlgorithm() { @@ -433,14 +443,14 @@ public Optional> signingCertificate() { } /** - * The Url that must be used to send logout requests. + * Logout URL. * */ @Import(name="singleLogoutServiceUrl") private @Nullable Output singleLogoutServiceUrl; /** - * @return The Url that must be used to send logout requests. + * @return Logout URL. * */ public Optional> singleLogoutServiceUrl() { @@ -448,14 +458,14 @@ public Optional> singleLogoutServiceUrl() { } /** - * The Url that must be used to send authentication requests (SAML AuthnRequest). + * SSO Logout URL. * */ @Import(name="singleSignOnServiceUrl", required=true) private Output singleSignOnServiceUrl; /** - * @return The Url that must be used to send authentication requests (SAML AuthnRequest). + * @return SSO Logout URL. * */ public Output singleSignOnServiceUrl() { @@ -463,14 +473,14 @@ public Output singleSignOnServiceUrl() { } /** - * When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * Enable/disable if tokens must be stored after authenticating users. * */ @Import(name="storeToken") private @Nullable Output storeToken; /** - * @return When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * @return Enable/disable if tokens must be stored after authenticating users. * */ public Optional> storeToken() { @@ -478,14 +488,14 @@ public Optional> storeToken() { } /** - * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * Sync Mode * */ @Import(name="syncMode") private @Nullable Output syncMode; /** - * @return The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * @return Sync Mode * */ public Optional> syncMode() { @@ -493,14 +503,14 @@ public Optional> syncMode() { } /** - * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * */ @Import(name="trustEmail") private @Nullable Output trustEmail; /** - * @return When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * @return If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * */ public Optional> trustEmail() { @@ -523,14 +533,14 @@ public Optional> validateSignature() { } /** - * Indicates whether this service provider expects an encrypted Assertion. + * Want Assertions Encrypted. * */ @Import(name="wantAssertionsEncrypted") private @Nullable Output wantAssertionsEncrypted; /** - * @return Indicates whether this service provider expects an encrypted Assertion. + * @return Want Assertions Encrypted. * */ public Optional> wantAssertionsEncrypted() { @@ -538,14 +548,14 @@ public Optional> wantAssertionsEncrypted() { } /** - * Indicates whether this service provider expects a signed Assertion. + * Want Assertions Signed. * */ @Import(name="wantAssertionsSigned") private @Nullable Output wantAssertionsSigned; /** - * @return Indicates whether this service provider expects a signed Assertion. + * @return Want Assertions Signed. * */ public Optional> wantAssertionsSigned() { @@ -553,14 +563,14 @@ public Optional> wantAssertionsSigned() { } /** - * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * Sign Key Transformer. * */ @Import(name="xmlSignKeyInfoKeyNameTransformer") private @Nullable Output xmlSignKeyInfoKeyNameTransformer; /** - * @return The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * @return Sign Key Transformer. * */ public Optional> xmlSignKeyInfoKeyNameTransformer() { @@ -628,7 +638,7 @@ public Builder(IdentityProviderArgs defaults) { } /** - * @param addReadTokenRoleOnCreate When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * @param addReadTokenRoleOnCreate Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * * @return builder * @@ -639,7 +649,7 @@ public Builder addReadTokenRoleOnCreate(@Nullable Output addReadTokenRo } /** - * @param addReadTokenRoleOnCreate When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * @param addReadTokenRoleOnCreate Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * * @return builder * @@ -649,7 +659,7 @@ public Builder addReadTokenRoleOnCreate(Boolean addReadTokenRoleOnCreate) { } /** - * @param alias The unique name of identity provider. + * @param alias The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * * @return builder * @@ -660,7 +670,7 @@ public Builder alias(Output alias) { } /** - * @param alias The unique name of identity provider. + * @param alias The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * * @return builder * @@ -670,7 +680,7 @@ public Builder alias(String alias) { } /** - * @param authenticateByDefault Authenticate users by default. Defaults to `false`. + * @param authenticateByDefault Enable/disable authenticate users by default. * * @return builder * @@ -681,7 +691,7 @@ public Builder authenticateByDefault(@Nullable Output authenticateByDef } /** - * @param authenticateByDefault Authenticate users by default. Defaults to `false`. + * @param authenticateByDefault Enable/disable authenticate users by default. * * @return builder * @@ -691,7 +701,7 @@ public Builder authenticateByDefault(Boolean authenticateByDefault) { } /** - * @param authnContextClassRefs Ordered list of requested AuthnContext ClassRefs. + * @param authnContextClassRefs AuthnContext ClassRefs * * @return builder * @@ -702,7 +712,7 @@ public Builder authnContextClassRefs(@Nullable Output> authnContext } /** - * @param authnContextClassRefs Ordered list of requested AuthnContext ClassRefs. + * @param authnContextClassRefs AuthnContext ClassRefs * * @return builder * @@ -712,7 +722,7 @@ public Builder authnContextClassRefs(List authnContextClassRefs) { } /** - * @param authnContextClassRefs Ordered list of requested AuthnContext ClassRefs. + * @param authnContextClassRefs AuthnContext ClassRefs * * @return builder * @@ -722,7 +732,7 @@ public Builder authnContextClassRefs(String... authnContextClassRefs) { } /** - * @param authnContextComparisonType Specifies the comparison method used to evaluate the requested context classes or statements. + * @param authnContextComparisonType AuthnContext Comparison * * @return builder * @@ -733,7 +743,7 @@ public Builder authnContextComparisonType(@Nullable Output authnContextC } /** - * @param authnContextComparisonType Specifies the comparison method used to evaluate the requested context classes or statements. + * @param authnContextComparisonType AuthnContext Comparison * * @return builder * @@ -743,7 +753,7 @@ public Builder authnContextComparisonType(String authnContextComparisonType) { } /** - * @param authnContextDeclRefs Ordered list of requested AuthnContext DeclRefs. + * @param authnContextDeclRefs AuthnContext DeclRefs * * @return builder * @@ -754,7 +764,7 @@ public Builder authnContextDeclRefs(@Nullable Output> authnContextD } /** - * @param authnContextDeclRefs Ordered list of requested AuthnContext DeclRefs. + * @param authnContextDeclRefs AuthnContext DeclRefs * * @return builder * @@ -764,7 +774,7 @@ public Builder authnContextDeclRefs(List authnContextDeclRefs) { } /** - * @param authnContextDeclRefs Ordered list of requested AuthnContext DeclRefs. + * @param authnContextDeclRefs AuthnContext DeclRefs * * @return builder * @@ -774,7 +784,7 @@ public Builder authnContextDeclRefs(String... authnContextDeclRefs) { } /** - * @param backchannelSupported Does the external IDP support backchannel logout?. Defaults to `false`. + * @param backchannelSupported Does the external IDP support backchannel logout? * * @return builder * @@ -785,7 +795,7 @@ public Builder backchannelSupported(@Nullable Output backchannelSupport } /** - * @param backchannelSupported Does the external IDP support backchannel logout?. Defaults to `false`. + * @param backchannelSupported Does the external IDP support backchannel logout? * * @return builder * @@ -795,7 +805,7 @@ public Builder backchannelSupported(Boolean backchannelSupported) { } /** - * @param displayName The display name for the realm that is shown when logging in to the admin console. + * @param displayName Friendly name for Identity Providers. * * @return builder * @@ -806,7 +816,7 @@ public Builder displayName(@Nullable Output displayName) { } /** - * @param displayName The display name for the realm that is shown when logging in to the admin console. + * @param displayName Friendly name for Identity Providers. * * @return builder * @@ -816,7 +826,7 @@ public Builder displayName(String displayName) { } /** - * @param enabled When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * @param enabled Enable/disable this identity provider. * * @return builder * @@ -827,7 +837,7 @@ public Builder enabled(@Nullable Output enabled) { } /** - * @param enabled When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * @param enabled Enable/disable this identity provider. * * @return builder * @@ -867,7 +877,8 @@ public Builder extraConfig(Map extraConfig) { } /** - * @param firstBrokerLoginFlowAlias Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * @param firstBrokerLoginFlowAlias Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * * @return builder * @@ -878,7 +889,8 @@ public Builder firstBrokerLoginFlowAlias(@Nullable Output firstBrokerLog } /** - * @param firstBrokerLoginFlowAlias Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * @param firstBrokerLoginFlowAlias Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * * @return builder * @@ -888,7 +900,7 @@ public Builder firstBrokerLoginFlowAlias(String firstBrokerLoginFlowAlias) { } /** - * @param forceAuthn Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * @param forceAuthn Require Force Authn. * * @return builder * @@ -899,7 +911,7 @@ public Builder forceAuthn(@Nullable Output forceAuthn) { } /** - * @param forceAuthn Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * @param forceAuthn Require Force Authn. * * @return builder * @@ -909,7 +921,7 @@ public Builder forceAuthn(Boolean forceAuthn) { } /** - * @param guiOrder A number defining the order of this identity provider in the GUI. + * @param guiOrder GUI Order * * @return builder * @@ -920,7 +932,7 @@ public Builder guiOrder(@Nullable Output guiOrder) { } /** - * @param guiOrder A number defining the order of this identity provider in the GUI. + * @param guiOrder GUI Order * * @return builder * @@ -930,7 +942,7 @@ public Builder guiOrder(String guiOrder) { } /** - * @param hideOnLoginPage If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * @param hideOnLoginPage Hide On Login Page. * * @return builder * @@ -941,7 +953,7 @@ public Builder hideOnLoginPage(@Nullable Output hideOnLoginPage) { } /** - * @param hideOnLoginPage If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * @param hideOnLoginPage Hide On Login Page. * * @return builder * @@ -951,7 +963,8 @@ public Builder hideOnLoginPage(Boolean hideOnLoginPage) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * * @return builder * @@ -962,7 +975,8 @@ public Builder linkOnly(@Nullable Output linkOnly) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * * @return builder * @@ -993,7 +1007,7 @@ public Builder loginHint(String loginHint) { } /** - * @param nameIdPolicyFormat Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * @param nameIdPolicyFormat Name ID Policy Format. * * @return builder * @@ -1004,7 +1018,7 @@ public Builder nameIdPolicyFormat(@Nullable Output nameIdPolicyFormat) { } /** - * @param nameIdPolicyFormat Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * @param nameIdPolicyFormat Name ID Policy Format. * * @return builder * @@ -1014,7 +1028,7 @@ public Builder nameIdPolicyFormat(String nameIdPolicyFormat) { } /** - * @param postBindingAuthnRequest Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @param postBindingAuthnRequest Post Binding Authn Request. * * @return builder * @@ -1025,7 +1039,7 @@ public Builder postBindingAuthnRequest(@Nullable Output postBindingAuth } /** - * @param postBindingAuthnRequest Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @param postBindingAuthnRequest Post Binding Authn Request. * * @return builder * @@ -1035,7 +1049,7 @@ public Builder postBindingAuthnRequest(Boolean postBindingAuthnRequest) { } /** - * @param postBindingLogout Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @param postBindingLogout Post Binding Logout. * * @return builder * @@ -1046,7 +1060,7 @@ public Builder postBindingLogout(@Nullable Output postBindingLogout) { } /** - * @param postBindingLogout Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @param postBindingLogout Post Binding Logout. * * @return builder * @@ -1056,7 +1070,7 @@ public Builder postBindingLogout(Boolean postBindingLogout) { } /** - * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @param postBindingResponse Post Binding Response. * * @return builder * @@ -1067,7 +1081,7 @@ public Builder postBindingResponse(@Nullable Output postBindingResponse } /** - * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @param postBindingResponse Post Binding Response. * * @return builder * @@ -1077,7 +1091,10 @@ public Builder postBindingResponse(Boolean postBindingResponse) { } /** - * @param postBrokerLoginFlowAlias Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * @param postBrokerLoginFlowAlias Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * * @return builder * @@ -1088,7 +1105,10 @@ public Builder postBrokerLoginFlowAlias(@Nullable Output postBrokerLogin } /** - * @param postBrokerLoginFlowAlias Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * @param postBrokerLoginFlowAlias Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * * @return builder * @@ -1098,7 +1118,7 @@ public Builder postBrokerLoginFlowAlias(String postBrokerLoginFlowAlias) { } /** - * @param principalAttribute The principal attribute. + * @param principalAttribute Principal Attribute * * @return builder * @@ -1109,7 +1129,7 @@ public Builder principalAttribute(@Nullable Output principalAttribute) { } /** - * @param principalAttribute The principal attribute. + * @param principalAttribute Principal Attribute * * @return builder * @@ -1119,7 +1139,7 @@ public Builder principalAttribute(String principalAttribute) { } /** - * @param principalType The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * @param principalType Principal Type * * @return builder * @@ -1130,7 +1150,7 @@ public Builder principalType(@Nullable Output principalType) { } /** - * @param principalType The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * @param principalType Principal Type * * @return builder * @@ -1140,7 +1160,7 @@ public Builder principalType(String principalType) { } /** - * @param providerId The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * @param providerId provider id, is always saml, unless you have a custom implementation * * @return builder * @@ -1151,7 +1171,7 @@ public Builder providerId(@Nullable Output providerId) { } /** - * @param providerId The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * @param providerId provider id, is always saml, unless you have a custom implementation * * @return builder * @@ -1161,7 +1181,7 @@ public Builder providerId(String providerId) { } /** - * @param realm The name of the realm. This is unique across Keycloak. + * @param realm Realm Name * * @return builder * @@ -1172,7 +1192,7 @@ public Builder realm(Output realm) { } /** - * @param realm The name of the realm. This is unique across Keycloak. + * @param realm Realm Name * * @return builder * @@ -1182,7 +1202,7 @@ public Builder realm(String realm) { } /** - * @param signatureAlgorithm Signing Algorithm. Defaults to empty. + * @param signatureAlgorithm Signing Algorithm. * * @return builder * @@ -1193,7 +1213,7 @@ public Builder signatureAlgorithm(@Nullable Output signatureAlgorithm) { } /** - * @param signatureAlgorithm Signing Algorithm. Defaults to empty. + * @param signatureAlgorithm Signing Algorithm. * * @return builder * @@ -1224,7 +1244,7 @@ public Builder signingCertificate(String signingCertificate) { } /** - * @param singleLogoutServiceUrl The Url that must be used to send logout requests. + * @param singleLogoutServiceUrl Logout URL. * * @return builder * @@ -1235,7 +1255,7 @@ public Builder singleLogoutServiceUrl(@Nullable Output singleLogoutServi } /** - * @param singleLogoutServiceUrl The Url that must be used to send logout requests. + * @param singleLogoutServiceUrl Logout URL. * * @return builder * @@ -1245,7 +1265,7 @@ public Builder singleLogoutServiceUrl(String singleLogoutServiceUrl) { } /** - * @param singleSignOnServiceUrl The Url that must be used to send authentication requests (SAML AuthnRequest). + * @param singleSignOnServiceUrl SSO Logout URL. * * @return builder * @@ -1256,7 +1276,7 @@ public Builder singleSignOnServiceUrl(Output singleSignOnServiceUrl) { } /** - * @param singleSignOnServiceUrl The Url that must be used to send authentication requests (SAML AuthnRequest). + * @param singleSignOnServiceUrl SSO Logout URL. * * @return builder * @@ -1266,7 +1286,7 @@ public Builder singleSignOnServiceUrl(String singleSignOnServiceUrl) { } /** - * @param storeToken When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * @param storeToken Enable/disable if tokens must be stored after authenticating users. * * @return builder * @@ -1277,7 +1297,7 @@ public Builder storeToken(@Nullable Output storeToken) { } /** - * @param storeToken When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * @param storeToken Enable/disable if tokens must be stored after authenticating users. * * @return builder * @@ -1287,7 +1307,7 @@ public Builder storeToken(Boolean storeToken) { } /** - * @param syncMode The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * @param syncMode Sync Mode * * @return builder * @@ -1298,7 +1318,7 @@ public Builder syncMode(@Nullable Output syncMode) { } /** - * @param syncMode The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * @param syncMode Sync Mode * * @return builder * @@ -1308,7 +1328,7 @@ public Builder syncMode(String syncMode) { } /** - * @param trustEmail When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * @param trustEmail If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * * @return builder * @@ -1319,7 +1339,7 @@ public Builder trustEmail(@Nullable Output trustEmail) { } /** - * @param trustEmail When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * @param trustEmail If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * * @return builder * @@ -1350,7 +1370,7 @@ public Builder validateSignature(Boolean validateSignature) { } /** - * @param wantAssertionsEncrypted Indicates whether this service provider expects an encrypted Assertion. + * @param wantAssertionsEncrypted Want Assertions Encrypted. * * @return builder * @@ -1361,7 +1381,7 @@ public Builder wantAssertionsEncrypted(@Nullable Output wantAssertionsE } /** - * @param wantAssertionsEncrypted Indicates whether this service provider expects an encrypted Assertion. + * @param wantAssertionsEncrypted Want Assertions Encrypted. * * @return builder * @@ -1371,7 +1391,7 @@ public Builder wantAssertionsEncrypted(Boolean wantAssertionsEncrypted) { } /** - * @param wantAssertionsSigned Indicates whether this service provider expects a signed Assertion. + * @param wantAssertionsSigned Want Assertions Signed. * * @return builder * @@ -1382,7 +1402,7 @@ public Builder wantAssertionsSigned(@Nullable Output wantAssertionsSign } /** - * @param wantAssertionsSigned Indicates whether this service provider expects a signed Assertion. + * @param wantAssertionsSigned Want Assertions Signed. * * @return builder * @@ -1392,7 +1412,7 @@ public Builder wantAssertionsSigned(Boolean wantAssertionsSigned) { } /** - * @param xmlSignKeyInfoKeyNameTransformer The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * @param xmlSignKeyInfoKeyNameTransformer Sign Key Transformer. * * @return builder * @@ -1403,7 +1423,7 @@ public Builder xmlSignKeyInfoKeyNameTransformer(@Nullable Output xmlSign } /** - * @param xmlSignKeyInfoKeyNameTransformer The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * @param xmlSignKeyInfoKeyNameTransformer Sign Key Transformer. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/SamlFunctions.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/SamlFunctions.java index 8a513c7e..a4a5ebd3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/SamlFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/SamlFunctions.java @@ -21,6 +21,8 @@ public final class SamlFunctions { * This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -58,6 +60,7 @@ public final class SamlFunctions { * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClient(GetClientArgs args) { @@ -67,6 +70,8 @@ public static Output getClient(GetClientArgs args) { * This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -104,6 +109,7 @@ public static Output getClient(GetClientArgs args) { * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientPlain(GetClientPlainArgs args) { @@ -113,6 +119,8 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -150,6 +158,7 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClient(GetClientArgs args, InvokeOptions options) { @@ -159,6 +168,8 @@ public static Output getClient(GetClientArgs args, InvokeOption * This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -196,6 +207,7 @@ public static Output getClient(GetClientArgs args, InvokeOption * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientPlain(GetClientPlainArgs args, InvokeOptions options) { @@ -207,6 +219,8 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * ## Example Usage * * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -262,6 +276,7 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientInstallationProvider(GetClientInstallationProviderArgs args) { @@ -273,6 +288,8 @@ public static Output getClientInstallationP * ## Example Usage * * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -328,6 +345,7 @@ public static Output getClientInstallationP * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientInstallationProviderPlain(GetClientInstallationProviderPlainArgs args) { @@ -339,6 +357,8 @@ public static CompletableFuture getClientIn * ## Example Usage * * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -394,6 +414,7 @@ public static CompletableFuture getClientIn * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static Output getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options) { @@ -405,6 +426,8 @@ public static Output getClientInstallationP * ## Example Usage * * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -460,6 +483,7 @@ public static Output getClientInstallationP * } * } * ``` + * <!--End PulumiCodeChooser --> * */ public static CompletableFuture getClientInstallationProviderPlain(GetClientInstallationProviderPlainArgs args, InvokeOptions options) { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ScriptProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ScriptProtocolMapper.java index e81a0676..9f63f879 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ScriptProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ScriptProtocolMapper.java @@ -24,6 +24,8 @@ * multiple different clients. * * ## Example Usage + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -70,18 +72,19 @@ * } * } * ``` + * <!--End PulumiCodeChooser --> * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapper.java index 41d90585..0c081e8f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapper.java @@ -15,15 +15,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak. + * ## # keycloak.saml.UserAttributeProtocolMapper * - * SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute - * in a SAML assertion. + * Allows for creating and managing user attribute protocol mappers for + * SAML clients within Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * SAML user attribute protocol mappers allow you to map custom attributes defined + * for a user within Keycloak to an attribute in a SAML assertion. Protocol mappers + * can be defined for a single client, or they can be defined for a client scope which + * can be shared between multiple different clients. * - * ## Example Usage + * ### Example Usage (Client) + * + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -50,159 +54,97 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var samlClient = new Client("samlClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("saml-client") + * .clientId("test-saml-client") + * .realmId(keycloak_realm.test().id()) * .build()); * * var samlUserAttributeMapper = new UserAttributeProtocolMapper("samlUserAttributeMapper", UserAttributeProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientId(samlClient.id()) - * .userAttribute("displayName") + * .realmId(keycloak_realm.test().id()) * .samlAttributeName("displayName") * .samlAttributeNameFormat("Unspecified") + * .userAttribute("displayName") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `user_attribute` - (Required) The custom user attribute to map. + * - `friendly_name` - (Optional) An optional human-friendly name for this attribute. + * - `saml_attribute_name` - (Required) The name of the SAML attribute. + * - `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper") public class UserAttributeProtocolMapper extends com.pulumi.resources.CustomResource { - /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; - /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Output> clientId() { return Codegen.optional(this.clientId); } - /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; - /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } - /** - * An optional human-friendly name for this attribute. - * - */ @Export(name="friendlyName", refs={String.class}, tree="[0]") private Output friendlyName; - /** - * @return An optional human-friendly name for this attribute. - * - */ public Output> friendlyName() { return Codegen.optional(this.friendlyName); } - /** - * The display name of this protocol mapper in the GUI. - * - */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; - /** - * @return The display name of this protocol mapper in the GUI. - * - */ public Output name() { return this.name; } - /** - * The realm this protocol mapper exists within. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this protocol mapper exists within. - * - */ public Output realmId() { return this.realmId; } - /** - * The name of the SAML attribute. - * - */ @Export(name="samlAttributeName", refs={String.class}, tree="[0]") private Output samlAttributeName; - /** - * @return The name of the SAML attribute. - * - */ public Output samlAttributeName() { return this.samlAttributeName; } - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ @Export(name="samlAttributeNameFormat", refs={String.class}, tree="[0]") private Output samlAttributeNameFormat; - /** - * @return The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ public Output samlAttributeNameFormat() { return this.samlAttributeNameFormat; } - /** - * The custom user attribute to map. - * - */ @Export(name="userAttribute", refs={String.class}, tree="[0]") private Output userAttribute; - /** - * @return The custom user attribute to map. - * - */ public Output userAttribute() { return this.userAttribute; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapperArgs.java index 3b2c1f9e..d5ce3967 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapperArgs.java @@ -16,122 +16,58 @@ public final class UserAttributeProtocolMapperArgs extends com.pulumi.resources. public static final UserAttributeProtocolMapperArgs Empty = new UserAttributeProtocolMapperArgs(); - /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; - /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Optional> clientScopeId() { return Optional.ofNullable(this.clientScopeId); } - /** - * An optional human-friendly name for this attribute. - * - */ @Import(name="friendlyName") private @Nullable Output friendlyName; - /** - * @return An optional human-friendly name for this attribute. - * - */ public Optional> friendlyName() { return Optional.ofNullable(this.friendlyName); } - /** - * The display name of this protocol mapper in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this protocol mapper in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The realm this protocol mapper exists within. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this protocol mapper exists within. - * - */ public Output realmId() { return this.realmId; } - /** - * The name of the SAML attribute. - * - */ @Import(name="samlAttributeName", required=true) private Output samlAttributeName; - /** - * @return The name of the SAML attribute. - * - */ public Output samlAttributeName() { return this.samlAttributeName; } - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ @Import(name="samlAttributeNameFormat", required=true) private Output samlAttributeNameFormat; - /** - * @return The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ public Output samlAttributeNameFormat() { return this.samlAttributeNameFormat; } - /** - * The custom user attribute to map. - * - */ @Import(name="userAttribute", required=true) private Output userAttribute; - /** - * @return The custom user attribute to map. - * - */ public Output userAttribute() { return this.userAttribute; } @@ -167,170 +103,74 @@ public Builder(UserAttributeProtocolMapperArgs defaults) { $ = new UserAttributeProtocolMapperArgs(Objects.requireNonNull(defaults)); } - /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientScopeId(@Nullable Output clientScopeId) { $.clientScopeId = clientScopeId; return this; } - /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientScopeId(String clientScopeId) { return clientScopeId(Output.of(clientScopeId)); } - /** - * @param friendlyName An optional human-friendly name for this attribute. - * - * @return builder - * - */ public Builder friendlyName(@Nullable Output friendlyName) { $.friendlyName = friendlyName; return this; } - /** - * @param friendlyName An optional human-friendly name for this attribute. - * - * @return builder - * - */ public Builder friendlyName(String friendlyName) { return friendlyName(Output.of(friendlyName)); } - /** - * @param name The display name of this protocol mapper in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this protocol mapper in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this protocol mapper exists within. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this protocol mapper exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param samlAttributeName The name of the SAML attribute. - * - * @return builder - * - */ public Builder samlAttributeName(Output samlAttributeName) { $.samlAttributeName = samlAttributeName; return this; } - /** - * @param samlAttributeName The name of the SAML attribute. - * - * @return builder - * - */ public Builder samlAttributeName(String samlAttributeName) { return samlAttributeName(Output.of(samlAttributeName)); } - /** - * @param samlAttributeNameFormat The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - * @return builder - * - */ public Builder samlAttributeNameFormat(Output samlAttributeNameFormat) { $.samlAttributeNameFormat = samlAttributeNameFormat; return this; } - /** - * @param samlAttributeNameFormat The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - * @return builder - * - */ public Builder samlAttributeNameFormat(String samlAttributeNameFormat) { return samlAttributeNameFormat(Output.of(samlAttributeNameFormat)); } - /** - * @param userAttribute The custom user attribute to map. - * - * @return builder - * - */ public Builder userAttribute(Output userAttribute) { $.userAttribute = userAttribute; return this; } - /** - * @param userAttribute The custom user attribute to map. - * - * @return builder - * - */ public Builder userAttribute(String userAttribute) { return userAttribute(Output.of(userAttribute)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapper.java index 4a20a9f5..a331c193 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapper.java @@ -15,15 +15,19 @@ import javax.annotation.Nullable; /** - * Allows for creating and managing user property protocol mappers for SAML clients within Keycloak. + * ## # keycloak.saml.UserPropertyProtocolMapper + * + * Allows for creating and managing user property protocol mappers for + * SAML clients within Keycloak. * * SAML user property protocol mappers allow you to map properties of the Keycloak - * user model to an attribute in a SAML assertion. + * user model to an attribute in a SAML assertion. Protocol mappers + * can be defined for a single client, or they can be defined for a client scope which + * can be shared between multiple different clients. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * ### Example Usage (Client) * - * ## Example Usage + * <!--Start PulumiCodeChooser --> * ```java * package generated_program; * @@ -50,159 +54,97 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") * .enabled(true) + * .realm("my-realm") * .build()); * * var samlClient = new Client("samlClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("saml-client") + * .clientId("test-saml-client") + * .realmId(keycloak_realm.test().id()) * .build()); * * var samlUserPropertyMapper = new UserPropertyProtocolMapper("samlUserPropertyMapper", UserPropertyProtocolMapperArgs.builder() - * .realmId(realm.id()) * .clientId(samlClient.id()) - * .userProperty("email") + * .realmId(keycloak_realm.test().id()) * .samlAttributeName("email") * .samlAttributeNameFormat("Unspecified") + * .userProperty("email") * .build()); * * } * } * ``` + * <!--End PulumiCodeChooser --> * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realm_id` - (Required) The realm this protocol mapper exists within. + * - `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to. + * - `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `user_property` - (Required) The property of the Keycloak user model to map. + * - `friendly_name` - (Optional) An optional human-friendly name for this attribute. + * - `saml_attribute_name` - (Required) The name of the SAML attribute. + * - `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: * */ @ResourceType(type="keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper") public class UserPropertyProtocolMapper extends com.pulumi.resources.CustomResource { - /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Export(name="clientId", refs={String.class}, tree="[0]") private Output clientId; - /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Output> clientId() { return Codegen.optional(this.clientId); } - /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Export(name="clientScopeId", refs={String.class}, tree="[0]") private Output clientScopeId; - /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Output> clientScopeId() { return Codegen.optional(this.clientScopeId); } - /** - * An optional human-friendly name for this attribute. - * - */ @Export(name="friendlyName", refs={String.class}, tree="[0]") private Output friendlyName; - /** - * @return An optional human-friendly name for this attribute. - * - */ public Output> friendlyName() { return Codegen.optional(this.friendlyName); } - /** - * The display name of this protocol mapper in the GUI. - * - */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; - /** - * @return The display name of this protocol mapper in the GUI. - * - */ public Output name() { return this.name; } - /** - * The realm this protocol mapper exists within. - * - */ @Export(name="realmId", refs={String.class}, tree="[0]") private Output realmId; - /** - * @return The realm this protocol mapper exists within. - * - */ public Output realmId() { return this.realmId; } - /** - * The name of the SAML attribute. - * - */ @Export(name="samlAttributeName", refs={String.class}, tree="[0]") private Output samlAttributeName; - /** - * @return The name of the SAML attribute. - * - */ public Output samlAttributeName() { return this.samlAttributeName; } - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ @Export(name="samlAttributeNameFormat", refs={String.class}, tree="[0]") private Output samlAttributeNameFormat; - /** - * @return The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ public Output samlAttributeNameFormat() { return this.samlAttributeNameFormat; } - /** - * The property of the Keycloak user model to map. - * - */ @Export(name="userProperty", refs={String.class}, tree="[0]") private Output userProperty; - /** - * @return The property of the Keycloak user model to map. - * - */ public Output userProperty() { return this.userProperty; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapperArgs.java index 69aff091..297c3629 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapperArgs.java @@ -16,122 +16,58 @@ public final class UserPropertyProtocolMapperArgs extends com.pulumi.resources.R public static final UserPropertyProtocolMapperArgs Empty = new UserPropertyProtocolMapperArgs(); - /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; - /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Optional> clientScopeId() { return Optional.ofNullable(this.clientScopeId); } - /** - * An optional human-friendly name for this attribute. - * - */ @Import(name="friendlyName") private @Nullable Output friendlyName; - /** - * @return An optional human-friendly name for this attribute. - * - */ public Optional> friendlyName() { return Optional.ofNullable(this.friendlyName); } - /** - * The display name of this protocol mapper in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this protocol mapper in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The realm this protocol mapper exists within. - * - */ @Import(name="realmId", required=true) private Output realmId; - /** - * @return The realm this protocol mapper exists within. - * - */ public Output realmId() { return this.realmId; } - /** - * The name of the SAML attribute. - * - */ @Import(name="samlAttributeName", required=true) private Output samlAttributeName; - /** - * @return The name of the SAML attribute. - * - */ public Output samlAttributeName() { return this.samlAttributeName; } - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ @Import(name="samlAttributeNameFormat", required=true) private Output samlAttributeNameFormat; - /** - * @return The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ public Output samlAttributeNameFormat() { return this.samlAttributeNameFormat; } - /** - * The property of the Keycloak user model to map. - * - */ @Import(name="userProperty", required=true) private Output userProperty; - /** - * @return The property of the Keycloak user model to map. - * - */ public Output userProperty() { return this.userProperty; } @@ -167,170 +103,74 @@ public Builder(UserPropertyProtocolMapperArgs defaults) { $ = new UserPropertyProtocolMapperArgs(Objects.requireNonNull(defaults)); } - /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientScopeId(@Nullable Output clientScopeId) { $.clientScopeId = clientScopeId; return this; } - /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientScopeId(String clientScopeId) { return clientScopeId(Output.of(clientScopeId)); } - /** - * @param friendlyName An optional human-friendly name for this attribute. - * - * @return builder - * - */ public Builder friendlyName(@Nullable Output friendlyName) { $.friendlyName = friendlyName; return this; } - /** - * @param friendlyName An optional human-friendly name for this attribute. - * - * @return builder - * - */ public Builder friendlyName(String friendlyName) { return friendlyName(Output.of(friendlyName)); } - /** - * @param name The display name of this protocol mapper in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this protocol mapper in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this protocol mapper exists within. - * - * @return builder - * - */ public Builder realmId(Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this protocol mapper exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param samlAttributeName The name of the SAML attribute. - * - * @return builder - * - */ public Builder samlAttributeName(Output samlAttributeName) { $.samlAttributeName = samlAttributeName; return this; } - /** - * @param samlAttributeName The name of the SAML attribute. - * - * @return builder - * - */ public Builder samlAttributeName(String samlAttributeName) { return samlAttributeName(Output.of(samlAttributeName)); } - /** - * @param samlAttributeNameFormat The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - * @return builder - * - */ public Builder samlAttributeNameFormat(Output samlAttributeNameFormat) { $.samlAttributeNameFormat = samlAttributeNameFormat; return this; } - /** - * @param samlAttributeNameFormat The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - * @return builder - * - */ public Builder samlAttributeNameFormat(String samlAttributeNameFormat) { return samlAttributeNameFormat(Output.of(samlAttributeNameFormat)); } - /** - * @param userProperty The property of the Keycloak user model to map. - * - * @return builder - * - */ public Builder userProperty(Output userProperty) { $.userProperty = userProperty; return this; } - /** - * @param userProperty The property of the Keycloak user model to map. - * - * @return builder - * - */ public Builder userProperty(String userProperty) { return userProperty(Output.of(userProperty)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/ClientAuthenticationFlowBindingOverridesArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/ClientAuthenticationFlowBindingOverridesArgs.java index 9420ecba..ccad41ca 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/ClientAuthenticationFlowBindingOverridesArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/ClientAuthenticationFlowBindingOverridesArgs.java @@ -15,32 +15,16 @@ public final class ClientAuthenticationFlowBindingOverridesArgs extends com.pulu public static final ClientAuthenticationFlowBindingOverridesArgs Empty = new ClientAuthenticationFlowBindingOverridesArgs(); - /** - * Browser flow id, (flow needs to exist) - * - */ @Import(name="browserId") private @Nullable Output browserId; - /** - * @return Browser flow id, (flow needs to exist) - * - */ public Optional> browserId() { return Optional.ofNullable(this.browserId); } - /** - * Direct grant flow id (flow needs to exist) - * - */ @Import(name="directGrantId") private @Nullable Output directGrantId; - /** - * @return Direct grant flow id (flow needs to exist) - * - */ public Optional> directGrantId() { return Optional.ofNullable(this.directGrantId); } @@ -70,44 +54,20 @@ public Builder(ClientAuthenticationFlowBindingOverridesArgs defaults) { $ = new ClientAuthenticationFlowBindingOverridesArgs(Objects.requireNonNull(defaults)); } - /** - * @param browserId Browser flow id, (flow needs to exist) - * - * @return builder - * - */ public Builder browserId(@Nullable Output browserId) { $.browserId = browserId; return this; } - /** - * @param browserId Browser flow id, (flow needs to exist) - * - * @return builder - * - */ public Builder browserId(String browserId) { return browserId(Output.of(browserId)); } - /** - * @param directGrantId Direct grant flow id (flow needs to exist) - * - * @return builder - * - */ public Builder directGrantId(@Nullable Output directGrantId) { $.directGrantId = directGrantId; return this; } - /** - * @param directGrantId Direct grant flow id (flow needs to exist) - * - * @return builder - * - */ public Builder directGrantId(String directGrantId) { return directGrantId(Output.of(directGrantId)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/ClientState.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/ClientState.java index 745577de..85c4a2e9 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/ClientState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/ClientState.java @@ -20,182 +20,86 @@ public final class ClientState extends com.pulumi.resources.ResourceArgs { public static final ClientState Empty = new ClientState(); - /** - * SAML POST Binding URL for the client's assertion consumer service (login responses). - * - */ @Import(name="assertionConsumerPostUrl") private @Nullable Output assertionConsumerPostUrl; - /** - * @return SAML POST Binding URL for the client's assertion consumer service (login responses). - * - */ public Optional> assertionConsumerPostUrl() { return Optional.ofNullable(this.assertionConsumerPostUrl); } - /** - * SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - */ @Import(name="assertionConsumerRedirectUrl") private @Nullable Output assertionConsumerRedirectUrl; - /** - * @return SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - */ public Optional> assertionConsumerRedirectUrl() { return Optional.ofNullable(this.assertionConsumerRedirectUrl); } - /** - * Override realm authentication flow bindings - * - */ @Import(name="authenticationFlowBindingOverrides") private @Nullable Output authenticationFlowBindingOverrides; - /** - * @return Override realm authentication flow bindings - * - */ public Optional> authenticationFlowBindingOverrides() { return Optional.ofNullable(this.authenticationFlowBindingOverrides); } - /** - * When specified, this URL will be used whenever Keycloak needs to link to this client. - * - */ @Import(name="baseUrl") private @Nullable Output baseUrl; - /** - * @return When specified, this URL will be used whenever Keycloak needs to link to this client. - * - */ public Optional> baseUrl() { return Optional.ofNullable(this.baseUrl); } - /** - * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - */ @Import(name="canonicalizationMethod") private @Nullable Output canonicalizationMethod; - /** - * @return The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - */ public Optional> canonicalizationMethod() { return Optional.ofNullable(this.canonicalizationMethod); } - /** - * The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - */ @Import(name="clientSignatureRequired") private @Nullable Output clientSignatureRequired; - /** - * @return When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - */ public Optional> clientSignatureRequired() { return Optional.ofNullable(this.clientSignatureRequired); } - /** - * The description of this client in the GUI. - * - */ @Import(name="description") private @Nullable Output description; - /** - * @return The description of this client in the GUI. - * - */ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ @Import(name="enabled") private @Nullable Output enabled; - /** - * @return When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - */ public Optional> enabled() { return Optional.ofNullable(this.enabled); } - /** - * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - */ @Import(name="encryptAssertions") private @Nullable Output encryptAssertions; - /** - * @return When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - */ public Optional> encryptAssertions() { return Optional.ofNullable(this.encryptAssertions); } - /** - * If assertions for the client are encrypted, this certificate will be used for encryption. - * - */ @Import(name="encryptionCertificate") private @Nullable Output encryptionCertificate; - /** - * @return If assertions for the client are encrypted, this certificate will be used for encryption. - * - */ public Optional> encryptionCertificate() { return Optional.ofNullable(this.encryptionCertificate); } - /** - * (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - * - */ @Import(name="encryptionCertificateSha1") private @Nullable Output encryptionCertificateSha1; - /** - * @return (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - * - */ public Optional> encryptionCertificateSha1() { return Optional.ofNullable(this.encryptionCertificateSha1); } @@ -207,362 +111,170 @@ public Optional>> extraConfig() { return Optional.ofNullable(this.extraConfig); } - /** - * Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - */ @Import(name="forceNameIdFormat") private @Nullable Output forceNameIdFormat; - /** - * @return Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - */ public Optional> forceNameIdFormat() { return Optional.ofNullable(this.forceNameIdFormat); } - /** - * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - */ @Import(name="forcePostBinding") private @Nullable Output forcePostBinding; - /** - * @return When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - */ public Optional> forcePostBinding() { return Optional.ofNullable(this.forcePostBinding); } - /** - * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - */ @Import(name="frontChannelLogout") private @Nullable Output frontChannelLogout; - /** - * @return When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - */ public Optional> frontChannelLogout() { return Optional.ofNullable(this.frontChannelLogout); } - /** - * Allow to include all roles mappings in the access token - * - */ @Import(name="fullScopeAllowed") private @Nullable Output fullScopeAllowed; - /** - * @return Allow to include all roles mappings in the access token - * - */ public Optional> fullScopeAllowed() { return Optional.ofNullable(this.fullScopeAllowed); } - /** - * Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - */ @Import(name="idpInitiatedSsoRelayState") private @Nullable Output idpInitiatedSsoRelayState; - /** - * @return Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - */ public Optional> idpInitiatedSsoRelayState() { return Optional.ofNullable(this.idpInitiatedSsoRelayState); } - /** - * URL fragment name to reference client when you want to do IDP Initiated SSO. - * - */ @Import(name="idpInitiatedSsoUrlName") private @Nullable Output idpInitiatedSsoUrlName; - /** - * @return URL fragment name to reference client when you want to do IDP Initiated SSO. - * - */ public Optional> idpInitiatedSsoUrlName() { return Optional.ofNullable(this.idpInitiatedSsoUrlName); } - /** - * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - */ @Import(name="includeAuthnStatement") private @Nullable Output includeAuthnStatement; - /** - * @return When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - */ public Optional> includeAuthnStatement() { return Optional.ofNullable(this.includeAuthnStatement); } - /** - * The login theme of this client. - * - */ @Import(name="loginTheme") private @Nullable Output loginTheme; - /** - * @return The login theme of this client. - * - */ public Optional> loginTheme() { return Optional.ofNullable(this.loginTheme); } - /** - * SAML POST Binding URL for the client's single logout service. - * - */ @Import(name="logoutServicePostBindingUrl") private @Nullable Output logoutServicePostBindingUrl; - /** - * @return SAML POST Binding URL for the client's single logout service. - * - */ public Optional> logoutServicePostBindingUrl() { return Optional.ofNullable(this.logoutServicePostBindingUrl); } - /** - * SAML Redirect Binding URL for the client's single logout service. - * - */ @Import(name="logoutServiceRedirectBindingUrl") private @Nullable Output logoutServiceRedirectBindingUrl; - /** - * @return SAML Redirect Binding URL for the client's single logout service. - * - */ public Optional> logoutServiceRedirectBindingUrl() { return Optional.ofNullable(this.logoutServiceRedirectBindingUrl); } - /** - * When specified, this URL will be used for all SAML requests. - * - */ @Import(name="masterSamlProcessingUrl") private @Nullable Output masterSamlProcessingUrl; - /** - * @return When specified, this URL will be used for all SAML requests. - * - */ public Optional> masterSamlProcessingUrl() { return Optional.ofNullable(this.masterSamlProcessingUrl); } - /** - * The display name of this client in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this client in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * Sets the Name ID format for the subject. - * - */ @Import(name="nameIdFormat") private @Nullable Output nameIdFormat; - /** - * @return Sets the Name ID format for the subject. - * - */ public Optional> nameIdFormat() { return Optional.ofNullable(this.nameIdFormat); } - /** - * The realm this client is attached to. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this client is attached to. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * When specified, this value is prepended to all relative URLs. - * - */ @Import(name="rootUrl") private @Nullable Output rootUrl; - /** - * @return When specified, this value is prepended to all relative URLs. - * - */ public Optional> rootUrl() { return Optional.ofNullable(this.rootUrl); } - /** - * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - */ @Import(name="signAssertions") private @Nullable Output signAssertions; - /** - * @return When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - */ public Optional> signAssertions() { return Optional.ofNullable(this.signAssertions); } - /** - * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - */ @Import(name="signDocuments") private @Nullable Output signDocuments; - /** - * @return When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - */ public Optional> signDocuments() { return Optional.ofNullable(this.signDocuments); } - /** - * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - */ @Import(name="signatureAlgorithm") private @Nullable Output signatureAlgorithm; - /** - * @return The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - */ public Optional> signatureAlgorithm() { return Optional.ofNullable(this.signatureAlgorithm); } - /** - * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - */ @Import(name="signatureKeyName") private @Nullable Output signatureKeyName; - /** - * @return The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - */ public Optional> signatureKeyName() { return Optional.ofNullable(this.signatureKeyName); } - /** - * If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - */ @Import(name="signingCertificate") private @Nullable Output signingCertificate; - /** - * @return If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - */ public Optional> signingCertificate() { return Optional.ofNullable(this.signingCertificate); } - /** - * (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - * - */ @Import(name="signingCertificateSha1") private @Nullable Output signingCertificateSha1; - /** - * @return (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - * - */ public Optional> signingCertificateSha1() { return Optional.ofNullable(this.signingCertificateSha1); } - /** - * If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - */ @Import(name="signingPrivateKey") private @Nullable Output signingPrivateKey; - /** - * @return If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - */ public Optional> signingPrivateKey() { return Optional.ofNullable(this.signingPrivateKey); } - /** - * (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - * - */ @Import(name="signingPrivateKeySha1") private @Nullable Output signingPrivateKeySha1; - /** - * @return (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - * - */ public Optional> signingPrivateKeySha1() { return Optional.ofNullable(this.signingPrivateKeySha1); } - /** - * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - */ @Import(name="validRedirectUris") private @Nullable Output> validRedirectUris; - /** - * @return When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - */ public Optional>> validRedirectUris() { return Optional.ofNullable(this.validRedirectUris); } @@ -627,254 +339,110 @@ public Builder(ClientState defaults) { $ = new ClientState(Objects.requireNonNull(defaults)); } - /** - * @param assertionConsumerPostUrl SAML POST Binding URL for the client's assertion consumer service (login responses). - * - * @return builder - * - */ public Builder assertionConsumerPostUrl(@Nullable Output assertionConsumerPostUrl) { $.assertionConsumerPostUrl = assertionConsumerPostUrl; return this; } - /** - * @param assertionConsumerPostUrl SAML POST Binding URL for the client's assertion consumer service (login responses). - * - * @return builder - * - */ public Builder assertionConsumerPostUrl(String assertionConsumerPostUrl) { return assertionConsumerPostUrl(Output.of(assertionConsumerPostUrl)); } - /** - * @param assertionConsumerRedirectUrl SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - * @return builder - * - */ public Builder assertionConsumerRedirectUrl(@Nullable Output assertionConsumerRedirectUrl) { $.assertionConsumerRedirectUrl = assertionConsumerRedirectUrl; return this; } - /** - * @param assertionConsumerRedirectUrl SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - * @return builder - * - */ public Builder assertionConsumerRedirectUrl(String assertionConsumerRedirectUrl) { return assertionConsumerRedirectUrl(Output.of(assertionConsumerRedirectUrl)); } - /** - * @param authenticationFlowBindingOverrides Override realm authentication flow bindings - * - * @return builder - * - */ public Builder authenticationFlowBindingOverrides(@Nullable Output authenticationFlowBindingOverrides) { $.authenticationFlowBindingOverrides = authenticationFlowBindingOverrides; return this; } - /** - * @param authenticationFlowBindingOverrides Override realm authentication flow bindings - * - * @return builder - * - */ public Builder authenticationFlowBindingOverrides(ClientAuthenticationFlowBindingOverridesArgs authenticationFlowBindingOverrides) { return authenticationFlowBindingOverrides(Output.of(authenticationFlowBindingOverrides)); } - /** - * @param baseUrl When specified, this URL will be used whenever Keycloak needs to link to this client. - * - * @return builder - * - */ public Builder baseUrl(@Nullable Output baseUrl) { $.baseUrl = baseUrl; return this; } - /** - * @param baseUrl When specified, this URL will be used whenever Keycloak needs to link to this client. - * - * @return builder - * - */ public Builder baseUrl(String baseUrl) { return baseUrl(Output.of(baseUrl)); } - /** - * @param canonicalizationMethod The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - * @return builder - * - */ public Builder canonicalizationMethod(@Nullable Output canonicalizationMethod) { $.canonicalizationMethod = canonicalizationMethod; return this; } - /** - * @param canonicalizationMethod The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - * - * @return builder - * - */ public Builder canonicalizationMethod(String canonicalizationMethod) { return canonicalizationMethod(Output.of(canonicalizationMethod)); } - /** - * @param clientId The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param clientSignatureRequired When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - * @return builder - * - */ public Builder clientSignatureRequired(@Nullable Output clientSignatureRequired) { $.clientSignatureRequired = clientSignatureRequired; return this; } - /** - * @param clientSignatureRequired When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - * - * @return builder - * - */ public Builder clientSignatureRequired(Boolean clientSignatureRequired) { return clientSignatureRequired(Output.of(clientSignatureRequired)); } - /** - * @param description The description of this client in the GUI. - * - * @return builder - * - */ public Builder description(@Nullable Output description) { $.description = description; return this; } - /** - * @param description The description of this client in the GUI. - * - * @return builder - * - */ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param enabled When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(@Nullable Output enabled) { $.enabled = enabled; return this; } - /** - * @param enabled When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - * @return builder - * - */ public Builder enabled(Boolean enabled) { return enabled(Output.of(enabled)); } - /** - * @param encryptAssertions When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - * @return builder - * - */ public Builder encryptAssertions(@Nullable Output encryptAssertions) { $.encryptAssertions = encryptAssertions; return this; } - /** - * @param encryptAssertions When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - * - * @return builder - * - */ public Builder encryptAssertions(Boolean encryptAssertions) { return encryptAssertions(Output.of(encryptAssertions)); } - /** - * @param encryptionCertificate If assertions for the client are encrypted, this certificate will be used for encryption. - * - * @return builder - * - */ public Builder encryptionCertificate(@Nullable Output encryptionCertificate) { $.encryptionCertificate = encryptionCertificate; return this; } - /** - * @param encryptionCertificate If assertions for the client are encrypted, this certificate will be used for encryption. - * - * @return builder - * - */ public Builder encryptionCertificate(String encryptionCertificate) { return encryptionCertificate(Output.of(encryptionCertificate)); } - /** - * @param encryptionCertificateSha1 (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - * - * @return builder - * - */ public Builder encryptionCertificateSha1(@Nullable Output encryptionCertificateSha1) { $.encryptionCertificateSha1 = encryptionCertificateSha1; return this; } - /** - * @param encryptionCertificateSha1 (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - * - * @return builder - * - */ public Builder encryptionCertificateSha1(String encryptionCertificateSha1) { return encryptionCertificateSha1(Output.of(encryptionCertificateSha1)); } @@ -888,516 +456,222 @@ public Builder extraConfig(Map extraConfig) { return extraConfig(Output.of(extraConfig)); } - /** - * @param forceNameIdFormat Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - * @return builder - * - */ public Builder forceNameIdFormat(@Nullable Output forceNameIdFormat) { $.forceNameIdFormat = forceNameIdFormat; return this; } - /** - * @param forceNameIdFormat Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - * - * @return builder - * - */ public Builder forceNameIdFormat(Boolean forceNameIdFormat) { return forceNameIdFormat(Output.of(forceNameIdFormat)); } - /** - * @param forcePostBinding When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - * @return builder - * - */ public Builder forcePostBinding(@Nullable Output forcePostBinding) { $.forcePostBinding = forcePostBinding; return this; } - /** - * @param forcePostBinding When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - * - * @return builder - * - */ public Builder forcePostBinding(Boolean forcePostBinding) { return forcePostBinding(Output.of(forcePostBinding)); } - /** - * @param frontChannelLogout When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - * @return builder - * - */ public Builder frontChannelLogout(@Nullable Output frontChannelLogout) { $.frontChannelLogout = frontChannelLogout; return this; } - /** - * @param frontChannelLogout When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - * - * @return builder - * - */ public Builder frontChannelLogout(Boolean frontChannelLogout) { return frontChannelLogout(Output.of(frontChannelLogout)); } - /** - * @param fullScopeAllowed Allow to include all roles mappings in the access token - * - * @return builder - * - */ public Builder fullScopeAllowed(@Nullable Output fullScopeAllowed) { $.fullScopeAllowed = fullScopeAllowed; return this; } - /** - * @param fullScopeAllowed Allow to include all roles mappings in the access token - * - * @return builder - * - */ public Builder fullScopeAllowed(Boolean fullScopeAllowed) { return fullScopeAllowed(Output.of(fullScopeAllowed)); } - /** - * @param idpInitiatedSsoRelayState Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - * @return builder - * - */ public Builder idpInitiatedSsoRelayState(@Nullable Output idpInitiatedSsoRelayState) { $.idpInitiatedSsoRelayState = idpInitiatedSsoRelayState; return this; } - /** - * @param idpInitiatedSsoRelayState Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - * @return builder - * - */ public Builder idpInitiatedSsoRelayState(String idpInitiatedSsoRelayState) { return idpInitiatedSsoRelayState(Output.of(idpInitiatedSsoRelayState)); } - /** - * @param idpInitiatedSsoUrlName URL fragment name to reference client when you want to do IDP Initiated SSO. - * - * @return builder - * - */ public Builder idpInitiatedSsoUrlName(@Nullable Output idpInitiatedSsoUrlName) { $.idpInitiatedSsoUrlName = idpInitiatedSsoUrlName; return this; } - /** - * @param idpInitiatedSsoUrlName URL fragment name to reference client when you want to do IDP Initiated SSO. - * - * @return builder - * - */ public Builder idpInitiatedSsoUrlName(String idpInitiatedSsoUrlName) { return idpInitiatedSsoUrlName(Output.of(idpInitiatedSsoUrlName)); } - /** - * @param includeAuthnStatement When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - * @return builder - * - */ public Builder includeAuthnStatement(@Nullable Output includeAuthnStatement) { $.includeAuthnStatement = includeAuthnStatement; return this; } - /** - * @param includeAuthnStatement When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - * - * @return builder - * - */ public Builder includeAuthnStatement(Boolean includeAuthnStatement) { return includeAuthnStatement(Output.of(includeAuthnStatement)); } - /** - * @param loginTheme The login theme of this client. - * - * @return builder - * - */ public Builder loginTheme(@Nullable Output loginTheme) { $.loginTheme = loginTheme; return this; } - /** - * @param loginTheme The login theme of this client. - * - * @return builder - * - */ public Builder loginTheme(String loginTheme) { return loginTheme(Output.of(loginTheme)); } - /** - * @param logoutServicePostBindingUrl SAML POST Binding URL for the client's single logout service. - * - * @return builder - * - */ public Builder logoutServicePostBindingUrl(@Nullable Output logoutServicePostBindingUrl) { $.logoutServicePostBindingUrl = logoutServicePostBindingUrl; return this; } - /** - * @param logoutServicePostBindingUrl SAML POST Binding URL for the client's single logout service. - * - * @return builder - * - */ public Builder logoutServicePostBindingUrl(String logoutServicePostBindingUrl) { return logoutServicePostBindingUrl(Output.of(logoutServicePostBindingUrl)); } - /** - * @param logoutServiceRedirectBindingUrl SAML Redirect Binding URL for the client's single logout service. - * - * @return builder - * - */ public Builder logoutServiceRedirectBindingUrl(@Nullable Output logoutServiceRedirectBindingUrl) { $.logoutServiceRedirectBindingUrl = logoutServiceRedirectBindingUrl; return this; } - /** - * @param logoutServiceRedirectBindingUrl SAML Redirect Binding URL for the client's single logout service. - * - * @return builder - * - */ public Builder logoutServiceRedirectBindingUrl(String logoutServiceRedirectBindingUrl) { return logoutServiceRedirectBindingUrl(Output.of(logoutServiceRedirectBindingUrl)); } - /** - * @param masterSamlProcessingUrl When specified, this URL will be used for all SAML requests. - * - * @return builder - * - */ public Builder masterSamlProcessingUrl(@Nullable Output masterSamlProcessingUrl) { $.masterSamlProcessingUrl = masterSamlProcessingUrl; return this; } - /** - * @param masterSamlProcessingUrl When specified, this URL will be used for all SAML requests. - * - * @return builder - * - */ public Builder masterSamlProcessingUrl(String masterSamlProcessingUrl) { return masterSamlProcessingUrl(Output.of(masterSamlProcessingUrl)); } - /** - * @param name The display name of this client in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this client in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param nameIdFormat Sets the Name ID format for the subject. - * - * @return builder - * - */ public Builder nameIdFormat(@Nullable Output nameIdFormat) { $.nameIdFormat = nameIdFormat; return this; } - /** - * @param nameIdFormat Sets the Name ID format for the subject. - * - * @return builder - * - */ public Builder nameIdFormat(String nameIdFormat) { return nameIdFormat(Output.of(nameIdFormat)); } - /** - * @param realmId The realm this client is attached to. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this client is attached to. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param rootUrl When specified, this value is prepended to all relative URLs. - * - * @return builder - * - */ public Builder rootUrl(@Nullable Output rootUrl) { $.rootUrl = rootUrl; return this; } - /** - * @param rootUrl When specified, this value is prepended to all relative URLs. - * - * @return builder - * - */ public Builder rootUrl(String rootUrl) { return rootUrl(Output.of(rootUrl)); } - /** - * @param signAssertions When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - * @return builder - * - */ public Builder signAssertions(@Nullable Output signAssertions) { $.signAssertions = signAssertions; return this; } - /** - * @param signAssertions When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - * - * @return builder - * - */ public Builder signAssertions(Boolean signAssertions) { return signAssertions(Output.of(signAssertions)); } - /** - * @param signDocuments When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - * @return builder - * - */ public Builder signDocuments(@Nullable Output signDocuments) { $.signDocuments = signDocuments; return this; } - /** - * @param signDocuments When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - * - * @return builder - * - */ public Builder signDocuments(Boolean signDocuments) { return signDocuments(Output.of(signDocuments)); } - /** - * @param signatureAlgorithm The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - * @return builder - * - */ public Builder signatureAlgorithm(@Nullable Output signatureAlgorithm) { $.signatureAlgorithm = signatureAlgorithm; return this; } - /** - * @param signatureAlgorithm The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - * - * @return builder - * - */ public Builder signatureAlgorithm(String signatureAlgorithm) { return signatureAlgorithm(Output.of(signatureAlgorithm)); } - /** - * @param signatureKeyName The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - * @return builder - * - */ public Builder signatureKeyName(@Nullable Output signatureKeyName) { $.signatureKeyName = signatureKeyName; return this; } - /** - * @param signatureKeyName The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - * - * @return builder - * - */ public Builder signatureKeyName(String signatureKeyName) { return signatureKeyName(Output.of(signatureKeyName)); } - /** - * @param signingCertificate If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - * @return builder - * - */ public Builder signingCertificate(@Nullable Output signingCertificate) { $.signingCertificate = signingCertificate; return this; } - /** - * @param signingCertificate If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - * @return builder - * - */ public Builder signingCertificate(String signingCertificate) { return signingCertificate(Output.of(signingCertificate)); } - /** - * @param signingCertificateSha1 (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - * - * @return builder - * - */ public Builder signingCertificateSha1(@Nullable Output signingCertificateSha1) { $.signingCertificateSha1 = signingCertificateSha1; return this; } - /** - * @param signingCertificateSha1 (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - * - * @return builder - * - */ public Builder signingCertificateSha1(String signingCertificateSha1) { return signingCertificateSha1(Output.of(signingCertificateSha1)); } - /** - * @param signingPrivateKey If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - * @return builder - * - */ public Builder signingPrivateKey(@Nullable Output signingPrivateKey) { $.signingPrivateKey = signingPrivateKey; return this; } - /** - * @param signingPrivateKey If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - * @return builder - * - */ public Builder signingPrivateKey(String signingPrivateKey) { return signingPrivateKey(Output.of(signingPrivateKey)); } - /** - * @param signingPrivateKeySha1 (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - * - * @return builder - * - */ public Builder signingPrivateKeySha1(@Nullable Output signingPrivateKeySha1) { $.signingPrivateKeySha1 = signingPrivateKeySha1; return this; } - /** - * @param signingPrivateKeySha1 (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - * - * @return builder - * - */ public Builder signingPrivateKeySha1(String signingPrivateKeySha1) { return signingPrivateKeySha1(Output.of(signingPrivateKeySha1)); } - /** - * @param validRedirectUris When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - * @return builder - * - */ public Builder validRedirectUris(@Nullable Output> validRedirectUris) { $.validRedirectUris = validRedirectUris; return this; } - /** - * @param validRedirectUris When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - * @return builder - * - */ public Builder validRedirectUris(List validRedirectUris) { return validRedirectUris(Output.of(validRedirectUris)); } - /** - * @param validRedirectUris When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - * @return builder - * - */ public Builder validRedirectUris(String... validRedirectUris) { return validRedirectUris(List.of(validRedirectUris)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/IdentityProviderState.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/IdentityProviderState.java index 5c71224e..d7b38685 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/IdentityProviderState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/IdentityProviderState.java @@ -20,14 +20,14 @@ public final class IdentityProviderState extends com.pulumi.resources.ResourceAr public static final IdentityProviderState Empty = new IdentityProviderState(); /** - * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * */ @Import(name="addReadTokenRoleOnCreate") private @Nullable Output addReadTokenRoleOnCreate; /** - * @return When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * @return Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * */ public Optional> addReadTokenRoleOnCreate() { @@ -35,14 +35,14 @@ public Optional> addReadTokenRoleOnCreate() { } /** - * The unique name of identity provider. + * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * */ @Import(name="alias") private @Nullable Output alias; /** - * @return The unique name of identity provider. + * @return The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * */ public Optional> alias() { @@ -50,14 +50,14 @@ public Optional> alias() { } /** - * Authenticate users by default. Defaults to `false`. + * Enable/disable authenticate users by default. * */ @Import(name="authenticateByDefault") private @Nullable Output authenticateByDefault; /** - * @return Authenticate users by default. Defaults to `false`. + * @return Enable/disable authenticate users by default. * */ public Optional> authenticateByDefault() { @@ -65,14 +65,14 @@ public Optional> authenticateByDefault() { } /** - * Ordered list of requested AuthnContext ClassRefs. + * AuthnContext ClassRefs * */ @Import(name="authnContextClassRefs") private @Nullable Output> authnContextClassRefs; /** - * @return Ordered list of requested AuthnContext ClassRefs. + * @return AuthnContext ClassRefs * */ public Optional>> authnContextClassRefs() { @@ -80,14 +80,14 @@ public Optional>> authnContextClassRefs() { } /** - * Specifies the comparison method used to evaluate the requested context classes or statements. + * AuthnContext Comparison * */ @Import(name="authnContextComparisonType") private @Nullable Output authnContextComparisonType; /** - * @return Specifies the comparison method used to evaluate the requested context classes or statements. + * @return AuthnContext Comparison * */ public Optional> authnContextComparisonType() { @@ -95,14 +95,14 @@ public Optional> authnContextComparisonType() { } /** - * Ordered list of requested AuthnContext DeclRefs. + * AuthnContext DeclRefs * */ @Import(name="authnContextDeclRefs") private @Nullable Output> authnContextDeclRefs; /** - * @return Ordered list of requested AuthnContext DeclRefs. + * @return AuthnContext DeclRefs * */ public Optional>> authnContextDeclRefs() { @@ -110,14 +110,14 @@ public Optional>> authnContextDeclRefs() { } /** - * Does the external IDP support backchannel logout?. Defaults to `false`. + * Does the external IDP support backchannel logout? * */ @Import(name="backchannelSupported") private @Nullable Output backchannelSupported; /** - * @return Does the external IDP support backchannel logout?. Defaults to `false`. + * @return Does the external IDP support backchannel logout? * */ public Optional> backchannelSupported() { @@ -125,14 +125,14 @@ public Optional> backchannelSupported() { } /** - * The display name for the realm that is shown when logging in to the admin console. + * Friendly name for Identity Providers. * */ @Import(name="displayName") private @Nullable Output displayName; /** - * @return The display name for the realm that is shown when logging in to the admin console. + * @return Friendly name for Identity Providers. * */ public Optional> displayName() { @@ -140,14 +140,14 @@ public Optional> displayName() { } /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * Enable/disable this identity provider. * */ @Import(name="enabled") private @Nullable Output enabled; /** - * @return When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * @return Enable/disable this identity provider. * */ public Optional> enabled() { @@ -177,14 +177,16 @@ public Optional>> extraConfig() { } /** - * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * */ @Import(name="firstBrokerLoginFlowAlias") private @Nullable Output firstBrokerLoginFlowAlias; /** - * @return Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * @return Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * */ public Optional> firstBrokerLoginFlowAlias() { @@ -192,14 +194,14 @@ public Optional> firstBrokerLoginFlowAlias() { } /** - * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * Require Force Authn. * */ @Import(name="forceAuthn") private @Nullable Output forceAuthn; /** - * @return Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * @return Require Force Authn. * */ public Optional> forceAuthn() { @@ -207,14 +209,14 @@ public Optional> forceAuthn() { } /** - * A number defining the order of this identity provider in the GUI. + * GUI Order * */ @Import(name="guiOrder") private @Nullable Output guiOrder; /** - * @return A number defining the order of this identity provider in the GUI. + * @return GUI Order * */ public Optional> guiOrder() { @@ -222,14 +224,14 @@ public Optional> guiOrder() { } /** - * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * Hide On Login Page. * */ @Import(name="hideOnLoginPage") private @Nullable Output hideOnLoginPage; /** - * @return If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * @return Hide On Login Page. * */ public Optional> hideOnLoginPage() { @@ -252,14 +254,16 @@ public Optional> internalId() { } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * */ @Import(name="linkOnly") private @Nullable Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * */ public Optional> linkOnly() { @@ -282,14 +286,14 @@ public Optional> loginHint() { } /** - * Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * Name ID Policy Format. * */ @Import(name="nameIdPolicyFormat") private @Nullable Output nameIdPolicyFormat; /** - * @return Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * @return Name ID Policy Format. * */ public Optional> nameIdPolicyFormat() { @@ -297,14 +301,14 @@ public Optional> nameIdPolicyFormat() { } /** - * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Authn Request. * */ @Import(name="postBindingAuthnRequest") private @Nullable Output postBindingAuthnRequest; /** - * @return Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @return Post Binding Authn Request. * */ public Optional> postBindingAuthnRequest() { @@ -312,14 +316,14 @@ public Optional> postBindingAuthnRequest() { } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Logout. * */ @Import(name="postBindingLogout") private @Nullable Output postBindingLogout; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @return Post Binding Logout. * */ public Optional> postBindingLogout() { @@ -327,14 +331,14 @@ public Optional> postBindingLogout() { } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Post Binding Response. * */ @Import(name="postBindingResponse") private @Nullable Output postBindingResponse; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @return Post Binding Response. * */ public Optional> postBindingResponse() { @@ -342,14 +346,20 @@ public Optional> postBindingResponse() { } /** - * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * */ @Import(name="postBrokerLoginFlowAlias") private @Nullable Output postBrokerLoginFlowAlias; /** - * @return Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * @return Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * */ public Optional> postBrokerLoginFlowAlias() { @@ -357,14 +367,14 @@ public Optional> postBrokerLoginFlowAlias() { } /** - * The principal attribute. + * Principal Attribute * */ @Import(name="principalAttribute") private @Nullable Output principalAttribute; /** - * @return The principal attribute. + * @return Principal Attribute * */ public Optional> principalAttribute() { @@ -372,14 +382,14 @@ public Optional> principalAttribute() { } /** - * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * Principal Type * */ @Import(name="principalType") private @Nullable Output principalType; /** - * @return The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * @return Principal Type * */ public Optional> principalType() { @@ -387,14 +397,14 @@ public Optional> principalType() { } /** - * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * provider id, is always saml, unless you have a custom implementation * */ @Import(name="providerId") private @Nullable Output providerId; /** - * @return The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * @return provider id, is always saml, unless you have a custom implementation * */ public Optional> providerId() { @@ -402,14 +412,14 @@ public Optional> providerId() { } /** - * The name of the realm. This is unique across Keycloak. + * Realm Name * */ @Import(name="realm") private @Nullable Output realm; /** - * @return The name of the realm. This is unique across Keycloak. + * @return Realm Name * */ public Optional> realm() { @@ -417,14 +427,14 @@ public Optional> realm() { } /** - * Signing Algorithm. Defaults to empty. + * Signing Algorithm. * */ @Import(name="signatureAlgorithm") private @Nullable Output signatureAlgorithm; /** - * @return Signing Algorithm. Defaults to empty. + * @return Signing Algorithm. * */ public Optional> signatureAlgorithm() { @@ -447,14 +457,14 @@ public Optional> signingCertificate() { } /** - * The Url that must be used to send logout requests. + * Logout URL. * */ @Import(name="singleLogoutServiceUrl") private @Nullable Output singleLogoutServiceUrl; /** - * @return The Url that must be used to send logout requests. + * @return Logout URL. * */ public Optional> singleLogoutServiceUrl() { @@ -462,14 +472,14 @@ public Optional> singleLogoutServiceUrl() { } /** - * The Url that must be used to send authentication requests (SAML AuthnRequest). + * SSO Logout URL. * */ @Import(name="singleSignOnServiceUrl") private @Nullable Output singleSignOnServiceUrl; /** - * @return The Url that must be used to send authentication requests (SAML AuthnRequest). + * @return SSO Logout URL. * */ public Optional> singleSignOnServiceUrl() { @@ -477,14 +487,14 @@ public Optional> singleSignOnServiceUrl() { } /** - * When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * Enable/disable if tokens must be stored after authenticating users. * */ @Import(name="storeToken") private @Nullable Output storeToken; /** - * @return When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * @return Enable/disable if tokens must be stored after authenticating users. * */ public Optional> storeToken() { @@ -492,14 +502,14 @@ public Optional> storeToken() { } /** - * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * Sync Mode * */ @Import(name="syncMode") private @Nullable Output syncMode; /** - * @return The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * @return Sync Mode * */ public Optional> syncMode() { @@ -507,14 +517,14 @@ public Optional> syncMode() { } /** - * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * */ @Import(name="trustEmail") private @Nullable Output trustEmail; /** - * @return When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * @return If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * */ public Optional> trustEmail() { @@ -537,14 +547,14 @@ public Optional> validateSignature() { } /** - * Indicates whether this service provider expects an encrypted Assertion. + * Want Assertions Encrypted. * */ @Import(name="wantAssertionsEncrypted") private @Nullable Output wantAssertionsEncrypted; /** - * @return Indicates whether this service provider expects an encrypted Assertion. + * @return Want Assertions Encrypted. * */ public Optional> wantAssertionsEncrypted() { @@ -552,14 +562,14 @@ public Optional> wantAssertionsEncrypted() { } /** - * Indicates whether this service provider expects a signed Assertion. + * Want Assertions Signed. * */ @Import(name="wantAssertionsSigned") private @Nullable Output wantAssertionsSigned; /** - * @return Indicates whether this service provider expects a signed Assertion. + * @return Want Assertions Signed. * */ public Optional> wantAssertionsSigned() { @@ -567,14 +577,14 @@ public Optional> wantAssertionsSigned() { } /** - * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * Sign Key Transformer. * */ @Import(name="xmlSignKeyInfoKeyNameTransformer") private @Nullable Output xmlSignKeyInfoKeyNameTransformer; /** - * @return The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * @return Sign Key Transformer. * */ public Optional> xmlSignKeyInfoKeyNameTransformer() { @@ -643,7 +653,7 @@ public Builder(IdentityProviderState defaults) { } /** - * @param addReadTokenRoleOnCreate When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * @param addReadTokenRoleOnCreate Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * * @return builder * @@ -654,7 +664,7 @@ public Builder addReadTokenRoleOnCreate(@Nullable Output addReadTokenRo } /** - * @param addReadTokenRoleOnCreate When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * @param addReadTokenRoleOnCreate Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. * * @return builder * @@ -664,7 +674,7 @@ public Builder addReadTokenRoleOnCreate(Boolean addReadTokenRoleOnCreate) { } /** - * @param alias The unique name of identity provider. + * @param alias The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * * @return builder * @@ -675,7 +685,7 @@ public Builder alias(@Nullable Output alias) { } /** - * @param alias The unique name of identity provider. + * @param alias The alias uniquely identifies an identity provider and it is also used to build the redirect uri. * * @return builder * @@ -685,7 +695,7 @@ public Builder alias(String alias) { } /** - * @param authenticateByDefault Authenticate users by default. Defaults to `false`. + * @param authenticateByDefault Enable/disable authenticate users by default. * * @return builder * @@ -696,7 +706,7 @@ public Builder authenticateByDefault(@Nullable Output authenticateByDef } /** - * @param authenticateByDefault Authenticate users by default. Defaults to `false`. + * @param authenticateByDefault Enable/disable authenticate users by default. * * @return builder * @@ -706,7 +716,7 @@ public Builder authenticateByDefault(Boolean authenticateByDefault) { } /** - * @param authnContextClassRefs Ordered list of requested AuthnContext ClassRefs. + * @param authnContextClassRefs AuthnContext ClassRefs * * @return builder * @@ -717,7 +727,7 @@ public Builder authnContextClassRefs(@Nullable Output> authnContext } /** - * @param authnContextClassRefs Ordered list of requested AuthnContext ClassRefs. + * @param authnContextClassRefs AuthnContext ClassRefs * * @return builder * @@ -727,7 +737,7 @@ public Builder authnContextClassRefs(List authnContextClassRefs) { } /** - * @param authnContextClassRefs Ordered list of requested AuthnContext ClassRefs. + * @param authnContextClassRefs AuthnContext ClassRefs * * @return builder * @@ -737,7 +747,7 @@ public Builder authnContextClassRefs(String... authnContextClassRefs) { } /** - * @param authnContextComparisonType Specifies the comparison method used to evaluate the requested context classes or statements. + * @param authnContextComparisonType AuthnContext Comparison * * @return builder * @@ -748,7 +758,7 @@ public Builder authnContextComparisonType(@Nullable Output authnContextC } /** - * @param authnContextComparisonType Specifies the comparison method used to evaluate the requested context classes or statements. + * @param authnContextComparisonType AuthnContext Comparison * * @return builder * @@ -758,7 +768,7 @@ public Builder authnContextComparisonType(String authnContextComparisonType) { } /** - * @param authnContextDeclRefs Ordered list of requested AuthnContext DeclRefs. + * @param authnContextDeclRefs AuthnContext DeclRefs * * @return builder * @@ -769,7 +779,7 @@ public Builder authnContextDeclRefs(@Nullable Output> authnContextD } /** - * @param authnContextDeclRefs Ordered list of requested AuthnContext DeclRefs. + * @param authnContextDeclRefs AuthnContext DeclRefs * * @return builder * @@ -779,7 +789,7 @@ public Builder authnContextDeclRefs(List authnContextDeclRefs) { } /** - * @param authnContextDeclRefs Ordered list of requested AuthnContext DeclRefs. + * @param authnContextDeclRefs AuthnContext DeclRefs * * @return builder * @@ -789,7 +799,7 @@ public Builder authnContextDeclRefs(String... authnContextDeclRefs) { } /** - * @param backchannelSupported Does the external IDP support backchannel logout?. Defaults to `false`. + * @param backchannelSupported Does the external IDP support backchannel logout? * * @return builder * @@ -800,7 +810,7 @@ public Builder backchannelSupported(@Nullable Output backchannelSupport } /** - * @param backchannelSupported Does the external IDP support backchannel logout?. Defaults to `false`. + * @param backchannelSupported Does the external IDP support backchannel logout? * * @return builder * @@ -810,7 +820,7 @@ public Builder backchannelSupported(Boolean backchannelSupported) { } /** - * @param displayName The display name for the realm that is shown when logging in to the admin console. + * @param displayName Friendly name for Identity Providers. * * @return builder * @@ -821,7 +831,7 @@ public Builder displayName(@Nullable Output displayName) { } /** - * @param displayName The display name for the realm that is shown when logging in to the admin console. + * @param displayName Friendly name for Identity Providers. * * @return builder * @@ -831,7 +841,7 @@ public Builder displayName(String displayName) { } /** - * @param enabled When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * @param enabled Enable/disable this identity provider. * * @return builder * @@ -842,7 +852,7 @@ public Builder enabled(@Nullable Output enabled) { } /** - * @param enabled When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * @param enabled Enable/disable this identity provider. * * @return builder * @@ -882,7 +892,8 @@ public Builder extraConfig(Map extraConfig) { } /** - * @param firstBrokerLoginFlowAlias Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * @param firstBrokerLoginFlowAlias Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * * @return builder * @@ -893,7 +904,8 @@ public Builder firstBrokerLoginFlowAlias(@Nullable Output firstBrokerLog } /** - * @param firstBrokerLoginFlowAlias Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * @param firstBrokerLoginFlowAlias Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. * * @return builder * @@ -903,7 +915,7 @@ public Builder firstBrokerLoginFlowAlias(String firstBrokerLoginFlowAlias) { } /** - * @param forceAuthn Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * @param forceAuthn Require Force Authn. * * @return builder * @@ -914,7 +926,7 @@ public Builder forceAuthn(@Nullable Output forceAuthn) { } /** - * @param forceAuthn Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * @param forceAuthn Require Force Authn. * * @return builder * @@ -924,7 +936,7 @@ public Builder forceAuthn(Boolean forceAuthn) { } /** - * @param guiOrder A number defining the order of this identity provider in the GUI. + * @param guiOrder GUI Order * * @return builder * @@ -935,7 +947,7 @@ public Builder guiOrder(@Nullable Output guiOrder) { } /** - * @param guiOrder A number defining the order of this identity provider in the GUI. + * @param guiOrder GUI Order * * @return builder * @@ -945,7 +957,7 @@ public Builder guiOrder(String guiOrder) { } /** - * @param hideOnLoginPage If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * @param hideOnLoginPage Hide On Login Page. * * @return builder * @@ -956,7 +968,7 @@ public Builder hideOnLoginPage(@Nullable Output hideOnLoginPage) { } /** - * @param hideOnLoginPage If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * @param hideOnLoginPage Hide On Login Page. * * @return builder * @@ -987,7 +999,8 @@ public Builder internalId(String internalId) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * * @return builder * @@ -998,7 +1011,8 @@ public Builder linkOnly(@Nullable Output linkOnly) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider * * @return builder * @@ -1029,7 +1043,7 @@ public Builder loginHint(String loginHint) { } /** - * @param nameIdPolicyFormat Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * @param nameIdPolicyFormat Name ID Policy Format. * * @return builder * @@ -1040,7 +1054,7 @@ public Builder nameIdPolicyFormat(@Nullable Output nameIdPolicyFormat) { } /** - * @param nameIdPolicyFormat Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * @param nameIdPolicyFormat Name ID Policy Format. * * @return builder * @@ -1050,7 +1064,7 @@ public Builder nameIdPolicyFormat(String nameIdPolicyFormat) { } /** - * @param postBindingAuthnRequest Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @param postBindingAuthnRequest Post Binding Authn Request. * * @return builder * @@ -1061,7 +1075,7 @@ public Builder postBindingAuthnRequest(@Nullable Output postBindingAuth } /** - * @param postBindingAuthnRequest Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @param postBindingAuthnRequest Post Binding Authn Request. * * @return builder * @@ -1071,7 +1085,7 @@ public Builder postBindingAuthnRequest(Boolean postBindingAuthnRequest) { } /** - * @param postBindingLogout Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @param postBindingLogout Post Binding Logout. * * @return builder * @@ -1082,7 +1096,7 @@ public Builder postBindingLogout(@Nullable Output postBindingLogout) { } /** - * @param postBindingLogout Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * @param postBindingLogout Post Binding Logout. * * @return builder * @@ -1092,7 +1106,7 @@ public Builder postBindingLogout(Boolean postBindingLogout) { } /** - * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @param postBindingResponse Post Binding Response. * * @return builder * @@ -1103,7 +1117,7 @@ public Builder postBindingResponse(@Nullable Output postBindingResponse } /** - * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @param postBindingResponse Post Binding Response. * * @return builder * @@ -1113,7 +1127,10 @@ public Builder postBindingResponse(Boolean postBindingResponse) { } /** - * @param postBrokerLoginFlowAlias Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * @param postBrokerLoginFlowAlias Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * * @return builder * @@ -1124,7 +1141,10 @@ public Builder postBrokerLoginFlowAlias(@Nullable Output postBrokerLogin } /** - * @param postBrokerLoginFlowAlias Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * @param postBrokerLoginFlowAlias Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. * * @return builder * @@ -1134,7 +1154,7 @@ public Builder postBrokerLoginFlowAlias(String postBrokerLoginFlowAlias) { } /** - * @param principalAttribute The principal attribute. + * @param principalAttribute Principal Attribute * * @return builder * @@ -1145,7 +1165,7 @@ public Builder principalAttribute(@Nullable Output principalAttribute) { } /** - * @param principalAttribute The principal attribute. + * @param principalAttribute Principal Attribute * * @return builder * @@ -1155,7 +1175,7 @@ public Builder principalAttribute(String principalAttribute) { } /** - * @param principalType The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * @param principalType Principal Type * * @return builder * @@ -1166,7 +1186,7 @@ public Builder principalType(@Nullable Output principalType) { } /** - * @param principalType The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * @param principalType Principal Type * * @return builder * @@ -1176,7 +1196,7 @@ public Builder principalType(String principalType) { } /** - * @param providerId The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * @param providerId provider id, is always saml, unless you have a custom implementation * * @return builder * @@ -1187,7 +1207,7 @@ public Builder providerId(@Nullable Output providerId) { } /** - * @param providerId The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * @param providerId provider id, is always saml, unless you have a custom implementation * * @return builder * @@ -1197,7 +1217,7 @@ public Builder providerId(String providerId) { } /** - * @param realm The name of the realm. This is unique across Keycloak. + * @param realm Realm Name * * @return builder * @@ -1208,7 +1228,7 @@ public Builder realm(@Nullable Output realm) { } /** - * @param realm The name of the realm. This is unique across Keycloak. + * @param realm Realm Name * * @return builder * @@ -1218,7 +1238,7 @@ public Builder realm(String realm) { } /** - * @param signatureAlgorithm Signing Algorithm. Defaults to empty. + * @param signatureAlgorithm Signing Algorithm. * * @return builder * @@ -1229,7 +1249,7 @@ public Builder signatureAlgorithm(@Nullable Output signatureAlgorithm) { } /** - * @param signatureAlgorithm Signing Algorithm. Defaults to empty. + * @param signatureAlgorithm Signing Algorithm. * * @return builder * @@ -1260,7 +1280,7 @@ public Builder signingCertificate(String signingCertificate) { } /** - * @param singleLogoutServiceUrl The Url that must be used to send logout requests. + * @param singleLogoutServiceUrl Logout URL. * * @return builder * @@ -1271,7 +1291,7 @@ public Builder singleLogoutServiceUrl(@Nullable Output singleLogoutServi } /** - * @param singleLogoutServiceUrl The Url that must be used to send logout requests. + * @param singleLogoutServiceUrl Logout URL. * * @return builder * @@ -1281,7 +1301,7 @@ public Builder singleLogoutServiceUrl(String singleLogoutServiceUrl) { } /** - * @param singleSignOnServiceUrl The Url that must be used to send authentication requests (SAML AuthnRequest). + * @param singleSignOnServiceUrl SSO Logout URL. * * @return builder * @@ -1292,7 +1312,7 @@ public Builder singleSignOnServiceUrl(@Nullable Output singleSignOnServi } /** - * @param singleSignOnServiceUrl The Url that must be used to send authentication requests (SAML AuthnRequest). + * @param singleSignOnServiceUrl SSO Logout URL. * * @return builder * @@ -1302,7 +1322,7 @@ public Builder singleSignOnServiceUrl(String singleSignOnServiceUrl) { } /** - * @param storeToken When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * @param storeToken Enable/disable if tokens must be stored after authenticating users. * * @return builder * @@ -1313,7 +1333,7 @@ public Builder storeToken(@Nullable Output storeToken) { } /** - * @param storeToken When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * @param storeToken Enable/disable if tokens must be stored after authenticating users. * * @return builder * @@ -1323,7 +1343,7 @@ public Builder storeToken(Boolean storeToken) { } /** - * @param syncMode The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * @param syncMode Sync Mode * * @return builder * @@ -1334,7 +1354,7 @@ public Builder syncMode(@Nullable Output syncMode) { } /** - * @param syncMode The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * @param syncMode Sync Mode * * @return builder * @@ -1344,7 +1364,7 @@ public Builder syncMode(String syncMode) { } /** - * @param trustEmail When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * @param trustEmail If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * * @return builder * @@ -1355,7 +1375,7 @@ public Builder trustEmail(@Nullable Output trustEmail) { } /** - * @param trustEmail When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * @param trustEmail If enabled then email provided by this provider is not verified even if verification is enabled for the realm. * * @return builder * @@ -1386,7 +1406,7 @@ public Builder validateSignature(Boolean validateSignature) { } /** - * @param wantAssertionsEncrypted Indicates whether this service provider expects an encrypted Assertion. + * @param wantAssertionsEncrypted Want Assertions Encrypted. * * @return builder * @@ -1397,7 +1417,7 @@ public Builder wantAssertionsEncrypted(@Nullable Output wantAssertionsE } /** - * @param wantAssertionsEncrypted Indicates whether this service provider expects an encrypted Assertion. + * @param wantAssertionsEncrypted Want Assertions Encrypted. * * @return builder * @@ -1407,7 +1427,7 @@ public Builder wantAssertionsEncrypted(Boolean wantAssertionsEncrypted) { } /** - * @param wantAssertionsSigned Indicates whether this service provider expects a signed Assertion. + * @param wantAssertionsSigned Want Assertions Signed. * * @return builder * @@ -1418,7 +1438,7 @@ public Builder wantAssertionsSigned(@Nullable Output wantAssertionsSign } /** - * @param wantAssertionsSigned Indicates whether this service provider expects a signed Assertion. + * @param wantAssertionsSigned Want Assertions Signed. * * @return builder * @@ -1428,7 +1448,7 @@ public Builder wantAssertionsSigned(Boolean wantAssertionsSigned) { } /** - * @param xmlSignKeyInfoKeyNameTransformer The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * @param xmlSignKeyInfoKeyNameTransformer Sign Key Transformer. * * @return builder * @@ -1439,7 +1459,7 @@ public Builder xmlSignKeyInfoKeyNameTransformer(@Nullable Output xmlSign } /** - * @param xmlSignKeyInfoKeyNameTransformer The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * @param xmlSignKeyInfoKeyNameTransformer Sign Key Transformer. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/UserAttributeProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/UserAttributeProtocolMapperState.java index d074f2b8..418e82bd 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/UserAttributeProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/UserAttributeProtocolMapperState.java @@ -15,122 +15,58 @@ public final class UserAttributeProtocolMapperState extends com.pulumi.resources public static final UserAttributeProtocolMapperState Empty = new UserAttributeProtocolMapperState(); - /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; - /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Optional> clientScopeId() { return Optional.ofNullable(this.clientScopeId); } - /** - * An optional human-friendly name for this attribute. - * - */ @Import(name="friendlyName") private @Nullable Output friendlyName; - /** - * @return An optional human-friendly name for this attribute. - * - */ public Optional> friendlyName() { return Optional.ofNullable(this.friendlyName); } - /** - * The display name of this protocol mapper in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this protocol mapper in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The realm this protocol mapper exists within. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this protocol mapper exists within. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * The name of the SAML attribute. - * - */ @Import(name="samlAttributeName") private @Nullable Output samlAttributeName; - /** - * @return The name of the SAML attribute. - * - */ public Optional> samlAttributeName() { return Optional.ofNullable(this.samlAttributeName); } - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ @Import(name="samlAttributeNameFormat") private @Nullable Output samlAttributeNameFormat; - /** - * @return The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ public Optional> samlAttributeNameFormat() { return Optional.ofNullable(this.samlAttributeNameFormat); } - /** - * The custom user attribute to map. - * - */ @Import(name="userAttribute") private @Nullable Output userAttribute; - /** - * @return The custom user attribute to map. - * - */ public Optional> userAttribute() { return Optional.ofNullable(this.userAttribute); } @@ -166,170 +102,74 @@ public Builder(UserAttributeProtocolMapperState defaults) { $ = new UserAttributeProtocolMapperState(Objects.requireNonNull(defaults)); } - /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientScopeId(@Nullable Output clientScopeId) { $.clientScopeId = clientScopeId; return this; } - /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientScopeId(String clientScopeId) { return clientScopeId(Output.of(clientScopeId)); } - /** - * @param friendlyName An optional human-friendly name for this attribute. - * - * @return builder - * - */ public Builder friendlyName(@Nullable Output friendlyName) { $.friendlyName = friendlyName; return this; } - /** - * @param friendlyName An optional human-friendly name for this attribute. - * - * @return builder - * - */ public Builder friendlyName(String friendlyName) { return friendlyName(Output.of(friendlyName)); } - /** - * @param name The display name of this protocol mapper in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this protocol mapper in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this protocol mapper exists within. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this protocol mapper exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param samlAttributeName The name of the SAML attribute. - * - * @return builder - * - */ public Builder samlAttributeName(@Nullable Output samlAttributeName) { $.samlAttributeName = samlAttributeName; return this; } - /** - * @param samlAttributeName The name of the SAML attribute. - * - * @return builder - * - */ public Builder samlAttributeName(String samlAttributeName) { return samlAttributeName(Output.of(samlAttributeName)); } - /** - * @param samlAttributeNameFormat The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - * @return builder - * - */ public Builder samlAttributeNameFormat(@Nullable Output samlAttributeNameFormat) { $.samlAttributeNameFormat = samlAttributeNameFormat; return this; } - /** - * @param samlAttributeNameFormat The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - * @return builder - * - */ public Builder samlAttributeNameFormat(String samlAttributeNameFormat) { return samlAttributeNameFormat(Output.of(samlAttributeNameFormat)); } - /** - * @param userAttribute The custom user attribute to map. - * - * @return builder - * - */ public Builder userAttribute(@Nullable Output userAttribute) { $.userAttribute = userAttribute; return this; } - /** - * @param userAttribute The custom user attribute to map. - * - * @return builder - * - */ public Builder userAttribute(String userAttribute) { return userAttribute(Output.of(userAttribute)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/UserPropertyProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/UserPropertyProtocolMapperState.java index 60174996..f1b4870b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/UserPropertyProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/UserPropertyProtocolMapperState.java @@ -15,122 +15,58 @@ public final class UserPropertyProtocolMapperState extends com.pulumi.resources. public static final UserPropertyProtocolMapperState Empty = new UserPropertyProtocolMapperState(); - /** - * The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Import(name="clientId") private @Nullable Output clientId; - /** - * @return The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Optional> clientId() { return Optional.ofNullable(this.clientId); } - /** - * The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ @Import(name="clientScopeId") private @Nullable Output clientScopeId; - /** - * @return The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - */ public Optional> clientScopeId() { return Optional.ofNullable(this.clientScopeId); } - /** - * An optional human-friendly name for this attribute. - * - */ @Import(name="friendlyName") private @Nullable Output friendlyName; - /** - * @return An optional human-friendly name for this attribute. - * - */ public Optional> friendlyName() { return Optional.ofNullable(this.friendlyName); } - /** - * The display name of this protocol mapper in the GUI. - * - */ @Import(name="name") private @Nullable Output name; - /** - * @return The display name of this protocol mapper in the GUI. - * - */ public Optional> name() { return Optional.ofNullable(this.name); } - /** - * The realm this protocol mapper exists within. - * - */ @Import(name="realmId") private @Nullable Output realmId; - /** - * @return The realm this protocol mapper exists within. - * - */ public Optional> realmId() { return Optional.ofNullable(this.realmId); } - /** - * The name of the SAML attribute. - * - */ @Import(name="samlAttributeName") private @Nullable Output samlAttributeName; - /** - * @return The name of the SAML attribute. - * - */ public Optional> samlAttributeName() { return Optional.ofNullable(this.samlAttributeName); } - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ @Import(name="samlAttributeNameFormat") private @Nullable Output samlAttributeNameFormat; - /** - * @return The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - */ public Optional> samlAttributeNameFormat() { return Optional.ofNullable(this.samlAttributeNameFormat); } - /** - * The property of the Keycloak user model to map. - * - */ @Import(name="userProperty") private @Nullable Output userProperty; - /** - * @return The property of the Keycloak user model to map. - * - */ public Optional> userProperty() { return Optional.ofNullable(this.userProperty); } @@ -166,170 +102,74 @@ public Builder(UserPropertyProtocolMapperState defaults) { $ = new UserPropertyProtocolMapperState(Objects.requireNonNull(defaults)); } - /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientId(@Nullable Output clientId) { $.clientId = clientId; return this; } - /** - * @param clientId The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientId(String clientId) { return clientId(Output.of(clientId)); } - /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientScopeId(@Nullable Output clientScopeId) { $.clientScopeId = clientScopeId; return this; } - /** - * @param clientScopeId The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - * - * @return builder - * - */ public Builder clientScopeId(String clientScopeId) { return clientScopeId(Output.of(clientScopeId)); } - /** - * @param friendlyName An optional human-friendly name for this attribute. - * - * @return builder - * - */ public Builder friendlyName(@Nullable Output friendlyName) { $.friendlyName = friendlyName; return this; } - /** - * @param friendlyName An optional human-friendly name for this attribute. - * - * @return builder - * - */ public Builder friendlyName(String friendlyName) { return friendlyName(Output.of(friendlyName)); } - /** - * @param name The display name of this protocol mapper in the GUI. - * - * @return builder - * - */ public Builder name(@Nullable Output name) { $.name = name; return this; } - /** - * @param name The display name of this protocol mapper in the GUI. - * - * @return builder - * - */ public Builder name(String name) { return name(Output.of(name)); } - /** - * @param realmId The realm this protocol mapper exists within. - * - * @return builder - * - */ public Builder realmId(@Nullable Output realmId) { $.realmId = realmId; return this; } - /** - * @param realmId The realm this protocol mapper exists within. - * - * @return builder - * - */ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } - /** - * @param samlAttributeName The name of the SAML attribute. - * - * @return builder - * - */ public Builder samlAttributeName(@Nullable Output samlAttributeName) { $.samlAttributeName = samlAttributeName; return this; } - /** - * @param samlAttributeName The name of the SAML attribute. - * - * @return builder - * - */ public Builder samlAttributeName(String samlAttributeName) { return samlAttributeName(Output.of(samlAttributeName)); } - /** - * @param samlAttributeNameFormat The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - * @return builder - * - */ public Builder samlAttributeNameFormat(@Nullable Output samlAttributeNameFormat) { $.samlAttributeNameFormat = samlAttributeNameFormat; return this; } - /** - * @param samlAttributeNameFormat The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - * - * @return builder - * - */ public Builder samlAttributeNameFormat(String samlAttributeNameFormat) { return samlAttributeNameFormat(Output.of(samlAttributeNameFormat)); } - /** - * @param userProperty The property of the Keycloak user model to map. - * - * @return builder - * - */ public Builder userProperty(@Nullable Output userProperty) { $.userProperty = userProperty; return this; } - /** - * @param userProperty The property of the Keycloak user model to map. - * - * @return builder - * - */ public Builder userProperty(String userProperty) { return userProperty(Output.of(userProperty)); } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/outputs/ClientAuthenticationFlowBindingOverrides.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/outputs/ClientAuthenticationFlowBindingOverrides.java index e03101b9..fa289259 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/outputs/ClientAuthenticationFlowBindingOverrides.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/outputs/ClientAuthenticationFlowBindingOverrides.java @@ -11,29 +11,13 @@ @CustomType public final class ClientAuthenticationFlowBindingOverrides { - /** - * @return Browser flow id, (flow needs to exist) - * - */ private @Nullable String browserId; - /** - * @return Direct grant flow id (flow needs to exist) - * - */ private @Nullable String directGrantId; private ClientAuthenticationFlowBindingOverrides() {} - /** - * @return Browser flow id, (flow needs to exist) - * - */ public Optional browserId() { return Optional.ofNullable(this.browserId); } - /** - * @return Direct grant flow id (flow needs to exist) - * - */ public Optional directGrantId() { return Optional.ofNullable(this.directGrantId); } diff --git a/sdk/nodejs/attributeImporterIdentityProviderMapper.ts b/sdk/nodejs/attributeImporterIdentityProviderMapper.ts index 67e74f18..b1daa6c8 100644 --- a/sdk/nodejs/attributeImporterIdentityProviderMapper.ts +++ b/sdk/nodejs/attributeImporterIdentityProviderMapper.ts @@ -5,58 +5,44 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** - * Allows for creating and managing an attribute importer identity provider mapper within Keycloak. + * ## # keycloak.AttributeImporterIdentityProviderMapper * - * The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user: - * - For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user. - * - For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user. - * - For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user. + * Allows to create and manage identity provider mappers within Keycloak. * - * > If you are using Keycloak 10 or higher, you will need to specify the `extraConfig` argument in order to define a `syncMode` for the mapper. - * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * - * const realm = new keycloak.Realm("realm", { + * const testMapper = new keycloak.AttributeImporterIdentityProviderMapper("testMapper", { + * attributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", + * identityProviderAlias: "idp_alias", * realm: "my-realm", - * enabled: true, - * }); - * const oidcIdentityProvider = new keycloak.oidc.IdentityProvider("oidcIdentityProvider", { - * realm: realm.id, - * alias: "oidc", - * authorizationUrl: "https://example.com/auth", - * tokenUrl: "https://example.com/token", - * clientId: "example_id", - * clientSecret: "example_token", - * defaultScopes: "openid random profile", - * }); - * const oidcAttributeImporterIdentityProviderMapper = new keycloak.AttributeImporterIdentityProviderMapper("oidcAttributeImporterIdentityProviderMapper", { - * realm: realm.id, - * claimName: "my-email-claim", - * identityProviderAlias: oidcIdentityProvider.alias, - * userAttribute: "email", - * extraConfig: { - * syncMode: "INHERIT", - * }, + * userAttribute: "lastName", * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + * - `realm` - (Required) The name of the realm. + * - `name` - (Required) The name of the mapper. + * - `identityProviderAlias` - (Required) The alias of the associated identity provider. + * - `userAttribute` - (Required) The user attribute name to store SAML attribute. + * - `attributeName` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead. + * - `attributeFriendlyName` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead. + * - `claimName` - (Optional) The claim name. * - * Example: + * ### Import * - * bash + * Identity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idpAlias` is the identity provider alias, and `idpMapperId` is the unique ID that Keycloak + * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. * - * ```sh - * $ pulumi import keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b - * ``` + * Example: */ export class AttributeImporterIdentityProviderMapper extends pulumi.CustomResource { /** @@ -87,35 +73,32 @@ export class AttributeImporterIdentityProviderMapper extends pulumi.CustomResour } /** - * For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. + * Attribute Friendly Name */ public readonly attributeFriendlyName!: pulumi.Output; /** - * For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. + * Attribute Name */ public readonly attributeName!: pulumi.Output; /** - * For OIDC based providers, this is the name of the claim to use. + * Claim Name */ public readonly claimName!: pulumi.Output; - /** - * Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - */ public readonly extraConfig!: pulumi.Output<{[key: string]: any} | undefined>; /** - * The alias of the associated identity provider. + * IDP Alias */ public readonly identityProviderAlias!: pulumi.Output; /** - * The name of the mapper. + * IDP Mapper Name */ public readonly name!: pulumi.Output; /** - * The name of the realm. + * Realm Name */ public readonly realm!: pulumi.Output; /** - * The user attribute or property name to store the mapped result. + * User Attribute */ public readonly userAttribute!: pulumi.Output; @@ -170,35 +153,32 @@ export class AttributeImporterIdentityProviderMapper extends pulumi.CustomResour */ export interface AttributeImporterIdentityProviderMapperState { /** - * For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. + * Attribute Friendly Name */ attributeFriendlyName?: pulumi.Input; /** - * For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. + * Attribute Name */ attributeName?: pulumi.Input; /** - * For OIDC based providers, this is the name of the claim to use. + * Claim Name */ claimName?: pulumi.Input; - /** - * Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - */ extraConfig?: pulumi.Input<{[key: string]: any}>; /** - * The alias of the associated identity provider. + * IDP Alias */ identityProviderAlias?: pulumi.Input; /** - * The name of the mapper. + * IDP Mapper Name */ name?: pulumi.Input; /** - * The name of the realm. + * Realm Name */ realm?: pulumi.Input; /** - * The user attribute or property name to store the mapped result. + * User Attribute */ userAttribute?: pulumi.Input; } @@ -208,35 +188,32 @@ export interface AttributeImporterIdentityProviderMapperState { */ export interface AttributeImporterIdentityProviderMapperArgs { /** - * For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attributeName`. + * Attribute Friendly Name */ attributeFriendlyName?: pulumi.Input; /** - * For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attributeFriendlyName`. + * Attribute Name */ attributeName?: pulumi.Input; /** - * For OIDC based providers, this is the name of the claim to use. + * Claim Name */ claimName?: pulumi.Input; - /** - * Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - */ extraConfig?: pulumi.Input<{[key: string]: any}>; /** - * The alias of the associated identity provider. + * IDP Alias */ identityProviderAlias: pulumi.Input; /** - * The name of the mapper. + * IDP Mapper Name */ name?: pulumi.Input; /** - * The name of the realm. + * Realm Name */ realm: pulumi.Input; /** - * The user attribute or property name to store the mapped result. + * User Attribute */ userAttribute: pulumi.Input; } diff --git a/sdk/nodejs/attributeToRoleIdentityMapper.ts b/sdk/nodejs/attributeToRoleIdentityMapper.ts index fbfb274d..d34a7be6 100644 --- a/sdk/nodejs/attributeToRoleIdentityMapper.ts +++ b/sdk/nodejs/attributeToRoleIdentityMapper.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -43,16 +44,17 @@ import * as utilities from "./utilities"; * }, * }); * ``` + * * * ## Import * * Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak * - * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/nodejs/authentication/bindings.ts b/sdk/nodejs/authentication/bindings.ts index 98f6bcd7..9e37c416 100644 --- a/sdk/nodejs/authentication/bindings.ts +++ b/sdk/nodejs/authentication/bindings.ts @@ -21,6 +21,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -54,6 +55,7 @@ import * as utilities from "../utilities"; * browserFlow: flow.alias, * }); * ``` + * */ export class Bindings extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/authentication/execution.ts b/sdk/nodejs/authentication/execution.ts index cf77d2cf..cf9f1376 100644 --- a/sdk/nodejs/authentication/execution.ts +++ b/sdk/nodejs/authentication/execution.ts @@ -14,6 +14,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -43,14 +44,15 @@ import * as utilities from "../utilities"; * dependsOn: [executionOne], * }); * ``` + * * * ## Import * * Authentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/nodejs/authentication/executionConfig.ts b/sdk/nodejs/authentication/executionConfig.ts index df5e8c0a..1aab2bf2 100644 --- a/sdk/nodejs/authentication/executionConfig.ts +++ b/sdk/nodejs/authentication/executionConfig.ts @@ -10,6 +10,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -36,18 +37,19 @@ import * as utilities from "../utilities"; * }, * }); * ``` + * * * ## Import * * Configurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`. * - * If the `authenticationExecutionId` is incorrect, the import will still be successful. + * If the `authenticationExecutionId` is incorrect, the import will still be successful. * - * A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. + * A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:authentication/executionConfig:ExecutionConfig config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/nodejs/authentication/flow.ts b/sdk/nodejs/authentication/flow.ts index 55aefbdf..7a03aaeb 100644 --- a/sdk/nodejs/authentication/flow.ts +++ b/sdk/nodejs/authentication/flow.ts @@ -13,6 +13,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -32,22 +33,23 @@ import * as utilities from "../utilities"; * requirement: "REQUIRED", * }); * ``` + * * * ## Import * * Authentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is * - * typically a GUID which is autogenerated when the flow is created via Keycloak. + * typically a GUID which is autogenerated when the flow is created via Keycloak. * - * Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the + * Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the * - * "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, + * "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, * - * which will be a list of authentication flows. + * which will be a list of authentication flows. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:authentication/flow:Flow flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1 diff --git a/sdk/nodejs/authentication/subflow.ts b/sdk/nodejs/authentication/subflow.ts index 6aab098f..0465a556 100644 --- a/sdk/nodejs/authentication/subflow.ts +++ b/sdk/nodejs/authentication/subflow.ts @@ -12,6 +12,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -32,24 +33,25 @@ import * as utilities from "../utilities"; * requirement: "ALTERNATIVE", * }); * ``` + * * * ## Import * * Authentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`. * - * The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. + * The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. * - * Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the + * Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the * - * "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to + * "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to * - * `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. + * `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. * - * __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). + * __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/"Parent Flow"/3bad1172-bb5c-4a77-9615-c2606eb03081 diff --git a/sdk/nodejs/customIdentityProviderMapping.ts b/sdk/nodejs/customIdentityProviderMapping.ts index f4097628..8e31c110 100644 --- a/sdk/nodejs/customIdentityProviderMapping.ts +++ b/sdk/nodejs/customIdentityProviderMapping.ts @@ -7,6 +7,7 @@ import * as utilities from "./utilities"; /** * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -35,16 +36,17 @@ import * as utilities from "./utilities"; * }, * }); * ``` + * * * ## Import * * Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak * - * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b @@ -87,7 +89,7 @@ export class CustomIdentityProviderMapping extends pulumi.CustomResource { */ public readonly identityProviderAlias!: pulumi.Output; /** - * The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. */ public readonly identityProviderMapper!: pulumi.Output; /** @@ -152,7 +154,7 @@ export interface CustomIdentityProviderMappingState { */ identityProviderAlias?: pulumi.Input; /** - * The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. */ identityProviderMapper?: pulumi.Input; /** @@ -178,7 +180,7 @@ export interface CustomIdentityProviderMappingArgs { */ identityProviderAlias: pulumi.Input; /** - * The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + * The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. */ identityProviderMapper: pulumi.Input; /** diff --git a/sdk/nodejs/customUserFederation.ts b/sdk/nodejs/customUserFederation.ts index bac2bbfa..2a4a75c0 100644 --- a/sdk/nodejs/customUserFederation.ts +++ b/sdk/nodejs/customUserFederation.ts @@ -5,44 +5,48 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** + * ## # keycloak.CustomUserFederation + * * Allows for creating and managing custom user federation providers within Keycloak. * - * A custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). + * A custom user federation provider is an implementation of Keycloak's + * [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). * An example of this implementation can be found here. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "test", * enabled: true, + * realm: "test", * }); * const customUserFederation = new keycloak.CustomUserFederation("customUserFederation", { - * realmId: realm.id, - * providerId: "custom", * enabled: true, - * config: { - * dummyString: "foobar", - * dummyBool: true, - * multivalue: "value1##value2", - * }, + * providerId: "custom", + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + * The following arguments are supported: * - * The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: + * - `realmId` - (Required) The realm that this provider will provide user federation for. + * - `name` - (Required) Display name of the provider when displayed in the console. + * - `providerId` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * - `cachePolicy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:index/customUserFederation:CustomUserFederation custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - * ``` + * Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + * The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: */ export class CustomUserFederation extends pulumi.CustomResource { /** @@ -72,20 +76,15 @@ export class CustomUserFederation extends pulumi.CustomResource { return obj['__pulumiType'] === CustomUserFederation.__pulumiType; } - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - */ public readonly cachePolicy!: pulumi.Output; /** - * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. */ public readonly changedSyncPeriod!: pulumi.Output; - /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - */ public readonly config!: pulumi.Output<{[key: string]: any} | undefined>; /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. */ public readonly enabled!: pulumi.Output; /** @@ -97,19 +96,20 @@ export class CustomUserFederation extends pulumi.CustomResource { */ public readonly name!: pulumi.Output; /** - * Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. + * The parent_id of the generated component. will use realm_id if not specified. */ public readonly parentId!: pulumi.Output; /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. */ public readonly priority!: pulumi.Output; /** - * The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface */ public readonly providerId!: pulumi.Output; /** - * The realm that this provider will provide user federation for. + * The realm (name) this provider will provide user federation for. */ public readonly realmId!: pulumi.Output; @@ -164,20 +164,15 @@ export class CustomUserFederation extends pulumi.CustomResource { * Input properties used for looking up and filtering CustomUserFederation resources. */ export interface CustomUserFederationState { - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - */ cachePolicy?: pulumi.Input; /** - * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. */ changedSyncPeriod?: pulumi.Input; - /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - */ config?: pulumi.Input<{[key: string]: any}>; /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. */ enabled?: pulumi.Input; /** @@ -189,19 +184,20 @@ export interface CustomUserFederationState { */ name?: pulumi.Input; /** - * Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. + * The parent_id of the generated component. will use realm_id if not specified. */ parentId?: pulumi.Input; /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. */ priority?: pulumi.Input; /** - * The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface */ providerId?: pulumi.Input; /** - * The realm that this provider will provide user federation for. + * The realm (name) this provider will provide user federation for. */ realmId?: pulumi.Input; } @@ -210,20 +206,15 @@ export interface CustomUserFederationState { * The set of arguments for constructing a CustomUserFederation resource. */ export interface CustomUserFederationArgs { - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - */ cachePolicy?: pulumi.Input; /** - * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + * sync. */ changedSyncPeriod?: pulumi.Input; - /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - */ config?: pulumi.Input<{[key: string]: any}>; /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. */ enabled?: pulumi.Input; /** @@ -235,19 +226,20 @@ export interface CustomUserFederationArgs { */ name?: pulumi.Input; /** - * Must be set to the realms' `internalId` when it differs from the realm. This can happen when existing resources are imported into the state. + * The parent_id of the generated component. will use realm_id if not specified. */ parentId?: pulumi.Input; /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. */ priority?: pulumi.Input; /** - * The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + * The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + * interface */ providerId: pulumi.Input; /** - * The realm that this provider will provide user federation for. + * The realm (name) this provider will provide user federation for. */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/defaultGroups.ts b/sdk/nodejs/defaultGroups.ts index de3b1d65..aacabc01 100644 --- a/sdk/nodejs/defaultGroups.ts +++ b/sdk/nodejs/defaultGroups.ts @@ -5,38 +5,44 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** + * ## # keycloak.DefaultGroups + * * Allows for managing a realm's default groups. * - * > You should not use `keycloak.DefaultGroups` with a group whose members are managed by `keycloak.GroupMemberships`. + * Note that you should not use `keycloak.DefaultGroups` with a group with memberships managed + * by `keycloak.GroupMemberships`. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const group = new keycloak.Group("group", {realmId: realm.id}); * const _default = new keycloak.DefaultGroups("default", { - * realmId: realm.id, * groupIds: [group.id], + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Default groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm this group exists in. + * - `groupIds` - (Required) A set of group ids that should be default groups on the realm referenced by `realmId`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:index/defaultGroups:DefaultGroups default my-realm - * ``` + * Groups can be imported using the format `{{realm_id}}` where `realmId` is the realm the group exists in. + * + * Example: */ export class DefaultGroups extends pulumi.CustomResource { /** @@ -66,13 +72,7 @@ export class DefaultGroups extends pulumi.CustomResource { return obj['__pulumiType'] === DefaultGroups.__pulumiType; } - /** - * A set of group ids that should be default groups on the realm referenced by `realmId`. - */ public readonly groupIds!: pulumi.Output; - /** - * The realm this group exists in. - */ public readonly realmId!: pulumi.Output; /** @@ -110,13 +110,7 @@ export class DefaultGroups extends pulumi.CustomResource { * Input properties used for looking up and filtering DefaultGroups resources. */ export interface DefaultGroupsState { - /** - * A set of group ids that should be default groups on the realm referenced by `realmId`. - */ groupIds?: pulumi.Input[]>; - /** - * The realm this group exists in. - */ realmId?: pulumi.Input; } @@ -124,12 +118,6 @@ export interface DefaultGroupsState { * The set of arguments for constructing a DefaultGroups resource. */ export interface DefaultGroupsArgs { - /** - * A set of group ids that should be default groups on the realm referenced by `realmId`. - */ groupIds: pulumi.Input[]>; - /** - * The realm this group exists in. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/defaultRoles.ts b/sdk/nodejs/defaultRoles.ts index 61eb8ab4..6babcab4 100644 --- a/sdk/nodejs/defaultRoles.ts +++ b/sdk/nodejs/defaultRoles.ts @@ -10,8 +10,10 @@ import * as utilities from "./utilities"; * Note: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak. * * ## Example Usage + * * ### Realm Role) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -25,18 +27,19 @@ import * as utilities from "./utilities"; * defaultRoles: ["uma_authorization"], * }); * ``` + * * * ## Import * * Default roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite * - * role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing + * role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing * - * the default roles. + * the default roles. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d diff --git a/sdk/nodejs/genericClientProtocolMapper.ts b/sdk/nodejs/genericClientProtocolMapper.ts index 721f168e..35fdfdc3 100644 --- a/sdk/nodejs/genericClientProtocolMapper.ts +++ b/sdk/nodejs/genericClientProtocolMapper.ts @@ -5,9 +5,9 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** - * !> **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `keycloak.GenericProtocolMapper` instead. + * ## # keycloak.GenericClientProtocolMapper * - * Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. + * Allows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak. * * There are two uses cases for using this resource: * * If you implemented a custom protocol mapper, this resource can be used to configure it @@ -16,45 +16,53 @@ import * as utilities from "./utilities"; * Due to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. * Therefore, if possible, a specific mapper should be used. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const samlClient = new keycloak.saml.Client("samlClient", { - * realmId: realm.id, * clientId: "test-client", + * realmId: realm.id, * }); * const samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", { - * realmId: realm.id, * clientId: samlClient.id, - * protocol: "saml", - * protocolMapper: "saml-hardcode-attribute-mapper", * config: { * "attribute.name": "name", * "attribute.nameformat": "Basic", * "attribute.value": "value", * "friendly.name": "display name", * }, + * protocol: "saml", + * protocolMapper: "saml-hardcode-attribute-mapper", + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required) The client this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * - `protocolMapper` - (Required) The name of the protocol mapper. The protocol mapper must be + * compatible with the specified client. + * - `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * + * Example: */ export class GenericClientProtocolMapper extends pulumi.CustomResource { /** @@ -85,31 +93,28 @@ export class GenericClientProtocolMapper extends pulumi.CustomResource { } /** - * The client this protocol mapper is attached to. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; - /** - * A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - */ public readonly config!: pulumi.Output<{[key: string]: any}>; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * The protocol of the client (openid-connect / saml). */ public readonly protocol!: pulumi.Output; /** - * The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * The type of the protocol mapper. */ public readonly protocolMapper!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; @@ -165,31 +170,28 @@ export class GenericClientProtocolMapper extends pulumi.CustomResource { */ export interface GenericClientProtocolMapperState { /** - * The client this protocol mapper is attached to. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; - /** - * A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - */ config?: pulumi.Input<{[key: string]: any}>; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * The protocol of the client (openid-connect / saml). */ protocol?: pulumi.Input; /** - * The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * The type of the protocol mapper. */ protocolMapper?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; } @@ -199,31 +201,28 @@ export interface GenericClientProtocolMapperState { */ export interface GenericClientProtocolMapperArgs { /** - * The client this protocol mapper is attached to. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; - /** - * A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - */ config: pulumi.Input<{[key: string]: any}>; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + * The protocol of the client (openid-connect / saml). */ protocol: pulumi.Input; /** - * The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + * The type of the protocol mapper. */ protocolMapper: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/genericClientRoleMapper.ts b/sdk/nodejs/genericClientRoleMapper.ts index 4e8f9044..ef6d79c2 100644 --- a/sdk/nodejs/genericClientRoleMapper.ts +++ b/sdk/nodejs/genericClientRoleMapper.ts @@ -14,8 +14,10 @@ import * as utilities from "./utilities"; * inside an access token for a client. * * ## Example Usage + * * ### Realm Role To Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -40,8 +42,11 @@ import * as utilities from "./utilities"; * roleId: realmRole.id, * }); * ``` + * + * * ### Client Role To Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -79,8 +84,11 @@ import * as utilities from "./utilities"; * roleId: clientRoleA.id, * }); * ``` + * + * * ### Realm Role To Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -100,8 +108,11 @@ import * as utilities from "./utilities"; * roleId: realmRole.id, * }); * ``` + * + * * ### Client Role To Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -128,18 +139,19 @@ import * as utilities from "./utilities"; * roleId: clientRole.id, * }); * ``` + * * * ## Import * * Generic client role mappers can be imported using one of the following two formats: * - * - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + * - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` * - * - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + * - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/nodejs/genericProtocolMapper.ts b/sdk/nodejs/genericProtocolMapper.ts index fe2a518f..1253aa7f 100644 --- a/sdk/nodejs/genericProtocolMapper.ts +++ b/sdk/nodejs/genericProtocolMapper.ts @@ -16,6 +16,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -41,14 +42,15 @@ import * as utilities from "./utilities"; * }, * }); * ``` + * * * ## Import * * Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/nodejs/genericRoleMapper.ts b/sdk/nodejs/genericRoleMapper.ts index 98a160d6..b83a95df 100644 --- a/sdk/nodejs/genericRoleMapper.ts +++ b/sdk/nodejs/genericRoleMapper.ts @@ -12,8 +12,10 @@ import * as utilities from "./utilities"; * inside an access token for a client. * * ## Example Usage + * * ### Realm Role To Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -38,8 +40,11 @@ import * as utilities from "./utilities"; * roleId: realmRole.id, * }); * ``` + * + * * ### Client Role To Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -77,8 +82,11 @@ import * as utilities from "./utilities"; * roleId: clientRoleA.id, * }); * ``` + * + * * ### Realm Role To Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -98,8 +106,11 @@ import * as utilities from "./utilities"; * roleId: realmRole.id, * }); * ``` + * + * * ### Client Role To Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -126,18 +137,19 @@ import * as utilities from "./utilities"; * roleId: clientRole.id, * }); * ``` + * * * ## Import * * Generic client role mappers can be imported using one of the following two formats: * - * - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + * - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` * - * - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + * - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/nodejs/getAuthenticationExecution.ts b/sdk/nodejs/getAuthenticationExecution.ts index e8d9c7a8..f2963df4 100644 --- a/sdk/nodejs/getAuthenticationExecution.ts +++ b/sdk/nodejs/getAuthenticationExecution.ts @@ -9,6 +9,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -23,6 +24,7 @@ import * as utilities from "./utilities"; * providerId: "auth-cookie", * }); * ``` + * */ export function getAuthenticationExecution(args: GetAuthenticationExecutionArgs, opts?: pulumi.InvokeOptions): Promise { @@ -69,6 +71,7 @@ export interface GetAuthenticationExecutionResult { * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -83,6 +86,7 @@ export interface GetAuthenticationExecutionResult { * providerId: "auth-cookie", * }); * ``` + * */ export function getAuthenticationExecutionOutput(args: GetAuthenticationExecutionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getAuthenticationExecution(a, opts)) diff --git a/sdk/nodejs/getAuthenticationFlow.ts b/sdk/nodejs/getAuthenticationFlow.ts index 9a315c8e..63d9e487 100644 --- a/sdk/nodejs/getAuthenticationFlow.ts +++ b/sdk/nodejs/getAuthenticationFlow.ts @@ -9,6 +9,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -22,6 +23,7 @@ import * as utilities from "./utilities"; * alias: "browser", * }); * ``` + * */ export function getAuthenticationFlow(args: GetAuthenticationFlowArgs, opts?: pulumi.InvokeOptions): Promise { @@ -62,6 +64,7 @@ export interface GetAuthenticationFlowResult { * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -75,6 +78,7 @@ export interface GetAuthenticationFlowResult { * alias: "browser", * }); * ``` + * */ export function getAuthenticationFlowOutput(args: GetAuthenticationFlowOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getAuthenticationFlow(a, opts)) diff --git a/sdk/nodejs/getClientDescriptionConverter.ts b/sdk/nodejs/getClientDescriptionConverter.ts index 5f9c20f6..cb502c82 100644 --- a/sdk/nodejs/getClientDescriptionConverter.ts +++ b/sdk/nodejs/getClientDescriptionConverter.ts @@ -12,6 +12,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -56,6 +57,7 @@ import * as utilities from "./utilities"; * clientId: samlClientClientDescriptionConverter.apply(samlClientClientDescriptionConverter => samlClientClientDescriptionConverter.clientId), * }); * ``` + * */ export function getClientDescriptionConverter(args: GetClientDescriptionConverterArgs, opts?: pulumi.InvokeOptions): Promise { @@ -132,6 +134,7 @@ export interface GetClientDescriptionConverterResult { * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -176,6 +179,7 @@ export interface GetClientDescriptionConverterResult { * clientId: samlClientClientDescriptionConverter.apply(samlClientClientDescriptionConverter => samlClientClientDescriptionConverter.clientId), * }); * ``` + * */ export function getClientDescriptionConverterOutput(args: GetClientDescriptionConverterOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getClientDescriptionConverter(a, opts)) diff --git a/sdk/nodejs/getGroup.ts b/sdk/nodejs/getGroup.ts index c1975c95..e9123528 100644 --- a/sdk/nodejs/getGroup.ts +++ b/sdk/nodejs/getGroup.ts @@ -5,33 +5,10 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** + * ## # keycloak.Group data source + * * This data source can be used to fetch properties of a Keycloak group for * usage with other resources, such as `keycloak.GroupRoles`. - * - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const offlineAccess = keycloak.getRoleOutput({ - * realmId: realm.id, - * name: "offline_access", - * }); - * const group = keycloak.getGroupOutput({ - * realmId: realm.id, - * name: "group", - * }); - * const groupRoles = new keycloak.GroupRoles("groupRoles", { - * realmId: realm.id, - * groupId: group.apply(group => group.id), - * roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)], - * }); - * ``` */ export function getGroup(args: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise { @@ -46,13 +23,7 @@ export function getGroup(args: GetGroupArgs, opts?: pulumi.InvokeOptions): Promi * A collection of arguments for invoking getGroup. */ export interface GetGroupArgs { - /** - * The name of the group. If there are multiple groups match `name`, the first result will be returned. - */ name: string; - /** - * The realm this group exists within. - */ realmId: string; } @@ -71,33 +42,10 @@ export interface GetGroupResult { readonly realmId: string; } /** + * ## # keycloak.Group data source + * * This data source can be used to fetch properties of a Keycloak group for * usage with other resources, such as `keycloak.GroupRoles`. - * - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const offlineAccess = keycloak.getRoleOutput({ - * realmId: realm.id, - * name: "offline_access", - * }); - * const group = keycloak.getGroupOutput({ - * realmId: realm.id, - * name: "group", - * }); - * const groupRoles = new keycloak.GroupRoles("groupRoles", { - * realmId: realm.id, - * groupId: group.apply(group => group.id), - * roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)], - * }); - * ``` */ export function getGroupOutput(args: GetGroupOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getGroup(a, opts)) @@ -107,12 +55,6 @@ export function getGroupOutput(args: GetGroupOutputArgs, opts?: pulumi.InvokeOpt * A collection of arguments for invoking getGroup. */ export interface GetGroupOutputArgs { - /** - * The name of the group. If there are multiple groups match `name`, the first result will be returned. - */ name: pulumi.Input; - /** - * The realm this group exists within. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/getRealm.ts b/sdk/nodejs/getRealm.ts index 72ca5745..e6cc223f 100644 --- a/sdk/nodejs/getRealm.ts +++ b/sdk/nodejs/getRealm.ts @@ -7,11 +7,14 @@ import * as outputs from "./types/output"; import * as utilities from "./utilities"; /** + * ## # keycloak.Realm data source + * * This data source can be used to fetch properties of a Keycloak realm for * usage with other resources. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -19,8 +22,19 @@ import * as utilities from "./utilities"; * const realm = keycloak.getRealm({ * realm: "my-realm", * }); - * const group = new keycloak.Role("group", {realmId: realm.then(realm => realm.id)}); + * const group = new keycloak.Role("group", {realmId: data.keycloak_realm.id}); * ``` + * + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm` - (Required) The realm name. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.Realm` resource for details on the exported attributes. */ export function getRealm(args: GetRealmArgs, opts?: pulumi.InvokeOptions): Promise { @@ -50,9 +64,6 @@ export interface GetRealmArgs { displayNameHtml?: string; internationalizations?: inputs.GetRealmInternationalization[]; otpPolicy?: inputs.GetRealmOtpPolicy; - /** - * The realm name. - */ realm: string; securityDefenses?: inputs.GetRealmSecurityDefense[]; smtpServers?: inputs.GetRealmSmtpServer[]; @@ -126,11 +137,14 @@ export interface GetRealmResult { readonly webAuthnPolicy: outputs.GetRealmWebAuthnPolicy; } /** + * ## # keycloak.Realm data source + * * This data source can be used to fetch properties of a Keycloak realm for * usage with other resources. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -138,8 +152,19 @@ export interface GetRealmResult { * const realm = keycloak.getRealm({ * realm: "my-realm", * }); - * const group = new keycloak.Role("group", {realmId: realm.then(realm => realm.id)}); + * const group = new keycloak.Role("group", {realmId: data.keycloak_realm.id}); * ``` + * + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realm` - (Required) The realm name. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.Realm` resource for details on the exported attributes. */ export function getRealmOutput(args: GetRealmOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getRealm(a, opts)) @@ -155,9 +180,6 @@ export interface GetRealmOutputArgs { displayNameHtml?: pulumi.Input; internationalizations?: pulumi.Input[]>; otpPolicy?: pulumi.Input; - /** - * The realm name. - */ realm: pulumi.Input; securityDefenses?: pulumi.Input[]>; smtpServers?: pulumi.Input[]>; diff --git a/sdk/nodejs/getRealmKeys.ts b/sdk/nodejs/getRealmKeys.ts index 5d2aa0d3..6c9aee71 100644 --- a/sdk/nodejs/getRealmKeys.ts +++ b/sdk/nodejs/getRealmKeys.ts @@ -7,13 +7,15 @@ import * as outputs from "./types/output"; import * as utilities from "./utilities"; /** + * ## # keycloak.getRealmKeys data source + * * Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. * * Remarks: * * - A key must meet all filter criteria - * - This data source may return more than one value. - * - If no key matches the filter criteria, then an error will be returned. + * - This datasource may return more than one value. + * - If no key matches the filter criteria, then an error is returned. */ export function getRealmKeys(args: GetRealmKeysArgs, opts?: pulumi.InvokeOptions): Promise { @@ -29,17 +31,8 @@ export function getRealmKeys(args: GetRealmKeysArgs, opts?: pulumi.InvokeOptions * A collection of arguments for invoking getRealmKeys. */ export interface GetRealmKeysArgs { - /** - * When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - */ algorithms?: string[]; - /** - * The realm from which the keys will be retrieved. - */ realmId: string; - /** - * When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - */ statuses?: string[]; } @@ -52,24 +45,20 @@ export interface GetRealmKeysResult { * The provider-assigned unique ID for this managed resource. */ readonly id: string; - /** - * (Computed) A list of keys that match the filter criteria. Each key has the following attributes: - */ readonly keys: outputs.GetRealmKeysKey[]; readonly realmId: string; - /** - * Key status (string) - */ readonly statuses?: string[]; } /** + * ## # keycloak.getRealmKeys data source + * * Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. * * Remarks: * * - A key must meet all filter criteria - * - This data source may return more than one value. - * - If no key matches the filter criteria, then an error will be returned. + * - This datasource may return more than one value. + * - If no key matches the filter criteria, then an error is returned. */ export function getRealmKeysOutput(args: GetRealmKeysOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getRealmKeys(a, opts)) @@ -79,16 +68,7 @@ export function getRealmKeysOutput(args: GetRealmKeysOutputArgs, opts?: pulumi.I * A collection of arguments for invoking getRealmKeys. */ export interface GetRealmKeysOutputArgs { - /** - * When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - */ algorithms?: pulumi.Input[]>; - /** - * The realm from which the keys will be retrieved. - */ realmId: pulumi.Input; - /** - * When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - */ statuses?: pulumi.Input[]>; } diff --git a/sdk/nodejs/getRole.ts b/sdk/nodejs/getRole.ts index 18fa9b8c..f3a7e707 100644 --- a/sdk/nodejs/getRole.ts +++ b/sdk/nodejs/getRole.ts @@ -5,30 +5,10 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** + * ## # keycloak.Role data source + * * This data source can be used to fetch properties of a Keycloak role for * usage with other resources, such as `keycloak.GroupRoles`. - * - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const offlineAccess = keycloak.getRoleOutput({ - * realmId: realm.id, - * name: "offline_access", - * }); - * const group = new keycloak.Group("group", {realmId: realm.id}); - * const groupRoles = new keycloak.GroupRoles("groupRoles", { - * realmId: realm.id, - * groupId: group.id, - * roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)], - * }); - * ``` */ export function getRole(args: GetRoleArgs, opts?: pulumi.InvokeOptions): Promise { @@ -44,17 +24,8 @@ export function getRole(args: GetRoleArgs, opts?: pulumi.InvokeOptions): Promise * A collection of arguments for invoking getRole. */ export interface GetRoleArgs { - /** - * When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloakClient` resource should be used here. - */ clientId?: string; - /** - * The name of the role. - */ name: string; - /** - * The realm this role exists within. - */ realmId: string; } @@ -65,9 +36,6 @@ export interface GetRoleResult { readonly attributes: {[key: string]: any}; readonly clientId?: string; readonly compositeRoles: string[]; - /** - * (Computed) The description of the role. - */ readonly description: string; /** * The provider-assigned unique ID for this managed resource. @@ -77,30 +45,10 @@ export interface GetRoleResult { readonly realmId: string; } /** + * ## # keycloak.Role data source + * * This data source can be used to fetch properties of a Keycloak role for * usage with other resources, such as `keycloak.GroupRoles`. - * - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const offlineAccess = keycloak.getRoleOutput({ - * realmId: realm.id, - * name: "offline_access", - * }); - * const group = new keycloak.Group("group", {realmId: realm.id}); - * const groupRoles = new keycloak.GroupRoles("groupRoles", { - * realmId: realm.id, - * groupId: group.id, - * roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)], - * }); - * ``` */ export function getRoleOutput(args: GetRoleOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getRole(a, opts)) @@ -110,16 +58,7 @@ export function getRoleOutput(args: GetRoleOutputArgs, opts?: pulumi.InvokeOptio * A collection of arguments for invoking getRole. */ export interface GetRoleOutputArgs { - /** - * When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloakClient` resource should be used here. - */ clientId?: pulumi.Input; - /** - * The name of the role. - */ name: pulumi.Input; - /** - * The realm this role exists within. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/getUser.ts b/sdk/nodejs/getUser.ts index 8f8c7399..489799b5 100644 --- a/sdk/nodejs/getUser.ts +++ b/sdk/nodejs/getUser.ts @@ -9,6 +9,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -22,6 +23,7 @@ import * as utilities from "./utilities"; * })); * export const keycloakUserId = defaultAdminUser.then(defaultAdminUser => defaultAdminUser.id); * ``` + * */ export function getUser(args: GetUserArgs, opts?: pulumi.InvokeOptions): Promise { @@ -91,6 +93,7 @@ export interface GetUserResult { * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -104,6 +107,7 @@ export interface GetUserResult { * })); * export const keycloakUserId = defaultAdminUser.then(defaultAdminUser => defaultAdminUser.id); * ``` + * */ export function getUserOutput(args: GetUserOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getUser(a, opts)) diff --git a/sdk/nodejs/getUserRealmRoles.ts b/sdk/nodejs/getUserRealmRoles.ts index 237cccf5..d4dda739 100644 --- a/sdk/nodejs/getUserRealmRoles.ts +++ b/sdk/nodejs/getUserRealmRoles.ts @@ -9,6 +9,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -26,6 +27,7 @@ import * as utilities from "./utilities"; * })); * export const keycloakUserRoleNames = userRealmRoles.then(userRealmRoles => userRealmRoles.roleNames); * ``` + * */ export function getUserRealmRoles(args: GetUserRealmRolesArgs, opts?: pulumi.InvokeOptions): Promise { @@ -70,6 +72,7 @@ export interface GetUserRealmRolesResult { * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -87,6 +90,7 @@ export interface GetUserRealmRolesResult { * })); * export const keycloakUserRoleNames = userRealmRoles.then(userRealmRoles => userRealmRoles.roleNames); * ``` + * */ export function getUserRealmRolesOutput(args: GetUserRealmRolesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getUserRealmRoles(a, opts)) diff --git a/sdk/nodejs/group.ts b/sdk/nodejs/group.ts index 25611aca..ae9f6e0f 100644 --- a/sdk/nodejs/group.ts +++ b/sdk/nodejs/group.ts @@ -5,54 +5,67 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** + * ## # keycloak.Group + * * Allows for creating and managing Groups within Keycloak. * - * Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and - * group membership can be mapped to a claim. + * Groups provide a logical wrapping for users within Keycloak. Users within a + * group can share attributes and roles, and group membership can be mapped + * to a claim. * * Attributes can also be defined on Groups. * - * Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource **should not** - * be used to manage groups that were created this way. + * Groups can also be federated from external data sources, such as LDAP or Active Directory. + * This resource **should not** be used to manage groups that were created this way. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const parentGroup = new keycloak.Group("parentGroup", {realmId: realm.id}); * const childGroup = new keycloak.Group("childGroup", { - * realmId: realm.id, * parentId: parentGroup.id, + * realmId: realm.id, * }); * const childGroupWithOptionalAttributes = new keycloak.Group("childGroupWithOptionalAttributes", { - * realmId: realm.id, - * parentId: parentGroup.id, * attributes: { - * foo: "bar", - * multivalue: "value1##value2", + * key1: "value1", + * key2: "value2", * }, + * parentId: parentGroup.id, + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + * - `realmId` - (Required) The realm this group exists in. + * - `parentId` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level. + * - `name` - (Required) The name of the group. + * - `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group. * - * Example: + * ### Attributes Reference * - * bash + * In addition to the arguments listed above, the following computed attributes are exported: * - * ```sh - * $ pulumi import keycloak:index/group:Group child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd - * ``` + * - `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. + * + * ### Import + * + * Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `groupId` is the unique ID that Keycloak + * assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + * + * Example: */ export class Group extends pulumi.CustomResource { /** @@ -82,25 +95,10 @@ export class Group extends pulumi.CustomResource { return obj['__pulumiType'] === Group.__pulumiType; } - /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ public readonly attributes!: pulumi.Output<{[key: string]: any} | undefined>; - /** - * The name of the group. - */ public readonly name!: pulumi.Output; - /** - * The ID of this group's parent. If omitted, this group will be defined at the root level. - */ public readonly parentId!: pulumi.Output; - /** - * (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - */ public /*out*/ readonly path!: pulumi.Output; - /** - * The realm this group exists in. - */ public readonly realmId!: pulumi.Output; /** @@ -141,25 +139,10 @@ export class Group extends pulumi.CustomResource { * Input properties used for looking up and filtering Group resources. */ export interface GroupState { - /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ attributes?: pulumi.Input<{[key: string]: any}>; - /** - * The name of the group. - */ name?: pulumi.Input; - /** - * The ID of this group's parent. If omitted, this group will be defined at the root level. - */ parentId?: pulumi.Input; - /** - * (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - */ path?: pulumi.Input; - /** - * The realm this group exists in. - */ realmId?: pulumi.Input; } @@ -167,20 +150,8 @@ export interface GroupState { * The set of arguments for constructing a Group resource. */ export interface GroupArgs { - /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ attributes?: pulumi.Input<{[key: string]: any}>; - /** - * The name of the group. - */ name?: pulumi.Input; - /** - * The ID of this group's parent. If omitted, this group will be defined at the root level. - */ parentId?: pulumi.Input; - /** - * The realm this group exists in. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/groupMemberships.ts b/sdk/nodejs/groupMemberships.ts index 600094e2..78f7df23 100644 --- a/sdk/nodejs/groupMemberships.ts +++ b/sdk/nodejs/groupMemberships.ts @@ -5,31 +5,32 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** - * Allows for managing a Keycloak group's members. - * - * Note that this resource attempts to be an **authoritative** source over group members. When this resource takes control - * over a group's members, users that are manually added to the group will be removed, and users that are manually removed - * from the group will be added upon the next run of `pulumi up`. + * ## # keycloak.GroupMemberships * - * Also note that you should not use `keycloak.GroupMemberships` with a group has been assigned as a default group via - * `keycloak.DefaultGroups`. + * Allows for managing a Keycloak group's members. * - * This resource **should not** be used to control membership of a group that has its members federated from an external - * source via group mapping. + * Note that this resource attempts to be an **authoritative** source over group members. + * When this resource takes control over a group's members, users that are manually added + * to the group will be removed, and users that are manually removed from the group will + * be added upon the next run of `pulumi up`. Eventually, a non-authoritative resource + * for group membership will be added to this provider. * - * To non-exclusively manage the group's of a user, see the [`keycloak.UserGroups` resource][1] + * Also note that you should not use `keycloak.GroupMemberships` with a group has been assigned + * as a default group via `keycloak.DefaultGroups`. * - * This resource paginates its data loading on refresh by 50 items. + * This resource **should not** be used to control membership of a group that has its members + * federated from an external source via group mapping. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const group = new keycloak.Group("group", {realmId: realm.id}); * const user = new keycloak.User("user", { @@ -37,19 +38,25 @@ import * as utilities from "./utilities"; * username: "my-user", * }); * const groupMembers = new keycloak.GroupMemberships("groupMembers", { - * realmId: realm.id, * groupId: group.id, * members: [user.username], + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * This resource does not support import. Instead of importing, feel free to create this resource + * The following arguments are supported: + * + * - `realmId` - (Required) The realm this group exists in. + * - `groupId` - (Required) The ID of the group this resource should manage memberships for. + * - `members` - (Required) An array of usernames that belong to this group. * - * as if it did not already exist on the server. + * ### Import * - * [1]: providers/mrparkers/keycloak/latest/docs/resources/group_memberships + * This resource does not support import. Instead of importing, feel free to create this resource + * as if it did not already exist on the server. */ export class GroupMemberships extends pulumi.CustomResource { /** @@ -79,17 +86,8 @@ export class GroupMemberships extends pulumi.CustomResource { return obj['__pulumiType'] === GroupMemberships.__pulumiType; } - /** - * The ID of the group this resource should manage memberships for. - */ public readonly groupId!: pulumi.Output; - /** - * A list of usernames that belong to this group. - */ public readonly members!: pulumi.Output; - /** - * The realm this group exists in. - */ public readonly realmId!: pulumi.Output; /** @@ -129,17 +127,8 @@ export class GroupMemberships extends pulumi.CustomResource { * Input properties used for looking up and filtering GroupMemberships resources. */ export interface GroupMembershipsState { - /** - * The ID of the group this resource should manage memberships for. - */ groupId?: pulumi.Input; - /** - * A list of usernames that belong to this group. - */ members?: pulumi.Input[]>; - /** - * The realm this group exists in. - */ realmId?: pulumi.Input; } @@ -147,16 +136,7 @@ export interface GroupMembershipsState { * The set of arguments for constructing a GroupMemberships resource. */ export interface GroupMembershipsArgs { - /** - * The ID of the group this resource should manage memberships for. - */ groupId?: pulumi.Input; - /** - * A list of usernames that belong to this group. - */ members: pulumi.Input[]>; - /** - * The realm this group exists in. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/groupRoles.ts b/sdk/nodejs/groupRoles.ts index c21a066c..33bbf748 100644 --- a/sdk/nodejs/groupRoles.ts +++ b/sdk/nodejs/groupRoles.ts @@ -5,106 +5,75 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** + * ## # keycloak.GroupRoles + * * Allows you to manage roles assigned to a Keycloak group. * - * If `exhaustive` is true, this resource attempts to be an **authoritative** source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the - * group will be added upon the next run of `pulumi up`. - * If `exhaustive` is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple `keycloak.GroupRoles` for the same `groupId`. + * Note that this resource attempts to be an **authoritative** source over + * group roles. When this resource takes control over a group's roles, + * roles that are manually added to the group will be removed, and roles + * that are manually removed from the group will be added upon the next run + * of `pulumi up`. * - * Note that when assigning composite roles to a group, you may see a non-empty plan following a `pulumi up` if you - * assign a role and a composite that includes that role to the same group. + * Note that when assigning composite roles to a group, you may see a + * non-empty plan following a `pulumi up` if you assign a role and a + * composite that includes that role to the same group. * - * ## Example Usage - * ### Exhaustive Roles) + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const realmRole = new keycloak.Role("realmRole", { - * realmId: realm.id, * description: "My Realm Role", + * realmId: realm.id, * }); * const client = new keycloak.openid.Client("client", { - * realmId: realm.id, + * accessType: "BEARER-ONLY", * clientId: "client", * enabled: true, - * accessType: "BEARER-ONLY", + * realmId: realm.id, * }); * const clientRole = new keycloak.Role("clientRole", { - * realmId: realm.id, * clientId: keycloak_client.client.id, * description: "My Client Role", + * realmId: realm.id, * }); * const group = new keycloak.Group("group", {realmId: realm.id}); * const groupRoles = new keycloak.GroupRoles("groupRoles", { - * realmId: realm.id, * groupId: group.id, + * realmId: realm.id, * roleIds: [ * realmRole.id, * clientRole.id, * ], * }); * ``` - * ### Non Exhaustive Roles) + * * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as keycloak from "@pulumi/keycloak"; + * ### Argument Reference * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const realmRole = new keycloak.Role("realmRole", { - * realmId: realm.id, - * description: "My Realm Role", - * }); - * const client = new keycloak.openid.Client("client", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, - * accessType: "BEARER-ONLY", - * }); - * const clientRole = new keycloak.Role("clientRole", { - * realmId: realm.id, - * clientId: keycloak_client.client.id, - * description: "My Client Role", - * }); - * const group = new keycloak.Group("group", {realmId: realm.id}); - * const groupRoleAssociation1 = new keycloak.GroupRoles("groupRoleAssociation1", { - * realmId: realm.id, - * groupId: group.id, - * exhaustive: false, - * roleIds: [realmRole.id], - * }); - * const groupRoleAssociation2 = new keycloak.GroupRoles("groupRoleAssociation2", { - * realmId: realm.id, - * groupId: group.id, - * exhaustive: false, - * roleIds: [clientRole.id], - * }); - * ``` - * - * ## Import - * - * This resource can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically + * - `realmId` - (Required) The realm this group exists in. + * - `groupId` - (Required) The ID of the group this resource should + * manage roles for. + * - `roleIds` - (Required) A list of role IDs to map to the group * - * a GUID. + * ### Import * - * Example: + * This resource can be imported using the format + * `{{realm_id}}/{{group_id}}`, where `groupId` is the unique ID that + * Keycloak assigns to the group upon creation. This value can be found in + * the URI when editing this group in the GUI, and is typically a GUID. * - * bash - * - * ```sh - * $ pulumi import keycloak:index/groupRoles:GroupRoles group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94 - * ``` + * Example: */ export class GroupRoles extends pulumi.CustomResource { /** @@ -134,21 +103,9 @@ export class GroupRoles extends pulumi.CustomResource { return obj['__pulumiType'] === GroupRoles.__pulumiType; } - /** - * Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - */ public readonly exhaustive!: pulumi.Output; - /** - * The ID of the group this resource should manage roles for. - */ public readonly groupId!: pulumi.Output; - /** - * The realm this group exists in. - */ public readonly realmId!: pulumi.Output; - /** - * A list of role IDs to map to the group. - */ public readonly roleIds!: pulumi.Output; /** @@ -193,21 +150,9 @@ export class GroupRoles extends pulumi.CustomResource { * Input properties used for looking up and filtering GroupRoles resources. */ export interface GroupRolesState { - /** - * Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - */ exhaustive?: pulumi.Input; - /** - * The ID of the group this resource should manage roles for. - */ groupId?: pulumi.Input; - /** - * The realm this group exists in. - */ realmId?: pulumi.Input; - /** - * A list of role IDs to map to the group. - */ roleIds?: pulumi.Input[]>; } @@ -215,20 +160,8 @@ export interface GroupRolesState { * The set of arguments for constructing a GroupRoles resource. */ export interface GroupRolesArgs { - /** - * Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - */ exhaustive?: pulumi.Input; - /** - * The ID of the group this resource should manage roles for. - */ groupId: pulumi.Input; - /** - * The realm this group exists in. - */ realmId: pulumi.Input; - /** - * A list of role IDs to map to the group. - */ roleIds: pulumi.Input[]>; } diff --git a/sdk/nodejs/hardcodedAttributeIdentityProviderMapper.ts b/sdk/nodejs/hardcodedAttributeIdentityProviderMapper.ts index 37e0da75..8dee28ba 100644 --- a/sdk/nodejs/hardcodedAttributeIdentityProviderMapper.ts +++ b/sdk/nodejs/hardcodedAttributeIdentityProviderMapper.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -38,6 +39,7 @@ import * as utilities from "./utilities"; * }, * }); * ``` + * */ export class HardcodedAttributeIdentityProviderMapper extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/hardcodedRoleIdentityMapper.ts b/sdk/nodejs/hardcodedRoleIdentityMapper.ts index ac4869b1..5269fe3b 100644 --- a/sdk/nodejs/hardcodedRoleIdentityMapper.ts +++ b/sdk/nodejs/hardcodedRoleIdentityMapper.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -40,6 +41,7 @@ import * as utilities from "./utilities"; * }, * }); * ``` + * */ export class HardcodedRoleIdentityMapper extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/identityProviderTokenExchangeScopePermission.ts b/sdk/nodejs/identityProviderTokenExchangeScopePermission.ts index 1dbeb1cf..472c471a 100644 --- a/sdk/nodejs/identityProviderTokenExchangeScopePermission.ts +++ b/sdk/nodejs/identityProviderTokenExchangeScopePermission.ts @@ -7,6 +7,7 @@ import * as utilities from "./utilities"; /** * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -41,16 +42,17 @@ import * as utilities from "./utilities"; * clients: [token_exchangeWebappClient.id], * }); * ``` + * * * ## Import * * This resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that * - * you assign to the identity provider upon creation. + * you assign to the identity provider upon creation. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp diff --git a/sdk/nodejs/ldap/customMapper.ts b/sdk/nodejs/ldap/customMapper.ts index def77127..0ab0f023 100644 --- a/sdk/nodejs/ldap/customMapper.ts +++ b/sdk/nodejs/ldap/customMapper.ts @@ -15,6 +15,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -48,16 +49,17 @@ import * as utilities from "../utilities"; * }, * }); * ``` + * * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/nodejs/ldap/fullNameMapper.ts b/sdk/nodejs/ldap/fullNameMapper.ts index 0e8ac4fd..0f620245 100644 --- a/sdk/nodejs/ldap/fullNameMapper.ts +++ b/sdk/nodejs/ldap/fullNameMapper.ts @@ -5,55 +5,63 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing full name mappers for Keycloak users federated via LDAP. + * ## # keycloak.ldap.FullNameMapper * - * The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a - * Keycloak user. + * Allows for creating and managing full name mappers for Keycloak users federated + * via LDAP. * - * ## Example Usage + * The LDAP full name mapper can map a user's full name from an LDAP attribute + * to the first and last name attributes of a Keycloak user. * + * ### Example Usage + * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "test", * }); * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * realmId: realm.id, - * usernameLdapAttribute: "cn", + * bindCredential: "admin", + * bindDn: "cn=admin,dc=example,dc=org", + * connectionUrl: "ldap://openldap", * rdnLdapAttribute: "cn", - * uuidLdapAttribute: "entryDN", + * realmId: realm.id, * userObjectClasses: [ * "simpleSecurityObject", * "organizationalRole", * ], - * connectionUrl: "ldap://openldap", + * usernameLdapAttribute: "cn", * usersDn: "dc=example,dc=org", - * bindDn: "cn=admin,dc=example,dc=org", - * bindCredential: "admin", + * uuidLdapAttribute: "entryDN", * }); * const ldapFullNameMapper = new keycloak.ldap.FullNameMapper("ldapFullNameMapper", { - * realmId: realm.id, - * ldapUserFederationId: ldapUserFederation.id, * ldapFullNameAttribute: "cn", + * ldapUserFederationId: ldapUserFederation.id, + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The following arguments are supported: * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * - `realmId` - (Required) The realm that this LDAP mapper will exist in. + * - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `ldapFullNameAttribute` - (Required) The name of the LDAP attribute containing the user's full name. + * - `readOnly` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. + * - `writeOnly` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. * - * Example: + * ### Import * - * bash - * - * ```sh - * $ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: */ export class FullNameMapper extends pulumi.CustomResource { /** @@ -83,29 +91,20 @@ export class FullNameMapper extends pulumi.CustomResource { return obj['__pulumiType'] === FullNameMapper.__pulumiType; } - /** - * The name of the LDAP attribute containing the user's full name. - */ public readonly ldapFullNameAttribute!: pulumi.Output; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ public readonly ldapUserFederationId!: pulumi.Output; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ public readonly name!: pulumi.Output; - /** - * When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - */ public readonly readOnly!: pulumi.Output; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ public readonly realmId!: pulumi.Output; - /** - * When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - */ public readonly writeOnly!: pulumi.Output; /** @@ -154,29 +153,20 @@ export class FullNameMapper extends pulumi.CustomResource { * Input properties used for looking up and filtering FullNameMapper resources. */ export interface FullNameMapperState { - /** - * The name of the LDAP attribute containing the user's full name. - */ ldapFullNameAttribute?: pulumi.Input; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId?: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; - /** - * When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - */ readOnly?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId?: pulumi.Input; - /** - * When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - */ writeOnly?: pulumi.Input; } @@ -184,28 +174,19 @@ export interface FullNameMapperState { * The set of arguments for constructing a FullNameMapper resource. */ export interface FullNameMapperArgs { - /** - * The name of the LDAP attribute containing the user's full name. - */ ldapFullNameAttribute: pulumi.Input; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; - /** - * When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - */ readOnly?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId: pulumi.Input; - /** - * When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - */ writeOnly?: pulumi.Input; } diff --git a/sdk/nodejs/ldap/groupMapper.ts b/sdk/nodejs/ldap/groupMapper.ts index 12357594..1f0cefdb 100644 --- a/sdk/nodejs/ldap/groupMapper.ts +++ b/sdk/nodejs/ldap/groupMapper.ts @@ -5,61 +5,81 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing group mappers for Keycloak users federated via LDAP. + * ## # keycloak.ldap.GroupMapper * - * The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also - * create the groups within Keycloak if they do not already exist. + * Allows for creating and managing group mappers for Keycloak users federated + * via LDAP. * - * ## Example Usage + * The LDAP group mapper can be used to map an LDAP user's groups from some DN + * to Keycloak groups. This group mapper will also create the groups within Keycloak + * if they do not already exist. * + * ### Example Usage + * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "test", * }); * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * realmId: realm.id, - * usernameLdapAttribute: "cn", + * bindCredential: "admin", + * bindDn: "cn=admin,dc=example,dc=org", + * connectionUrl: "ldap://openldap", * rdnLdapAttribute: "cn", - * uuidLdapAttribute: "entryDN", + * realmId: realm.id, * userObjectClasses: [ * "simpleSecurityObject", * "organizationalRole", * ], - * connectionUrl: "ldap://openldap", + * usernameLdapAttribute: "cn", * usersDn: "dc=example,dc=org", - * bindDn: "cn=admin,dc=example,dc=org", - * bindCredential: "admin", + * uuidLdapAttribute: "entryDN", * }); * const ldapGroupMapper = new keycloak.ldap.GroupMapper("ldapGroupMapper", { - * realmId: realm.id, - * ldapUserFederationId: ldapUserFederation.id, - * ldapGroupsDn: "dc=example,dc=org", * groupNameLdapAttribute: "cn", * groupObjectClasses: ["groupOfNames"], + * ldapGroupsDn: "dc=example,dc=org", + * ldapUserFederationId: ldapUserFederation.id, + * memberofLdapAttribute: "memberOf", * membershipAttributeType: "DN", * membershipLdapAttribute: "member", * membershipUserLdapAttribute: "cn", - * memberofLdapAttribute: "memberOf", + * realmId: realm.id, * }); * ``` + * * - * ## Import - * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * ### Argument Reference * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm that this LDAP mapper will exist in. + * - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `ldapGroupsDn` - (Required) The LDAP DN where groups can be found. + * - `groupNameLdapAttribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. + * - `groupObjectClasses` - (Required) Array of strings representing the object classes for the group. Must contain at least one. + * - `preserveGroupInheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. + * - `ignoreMissingGroups` - (Optional) When `true`, missing groups in the hierarchy will be ignored. + * - `membershipLdapAttribute` - (Required) The name of the LDAP attribute that is used for membership mappings. + * - `membershipAttributeType` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. + * - `membershipUserLdapAttribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. + * - `groupsLdapFilter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * - `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`. + * - `userRolesRetrieveStrategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + * - `memberofLdapAttribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. + * - `mappedGroupAttributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. + * - `dropNonExistingGroupsDuringSync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: */ export class GroupMapper extends pulumi.CustomResource { /** @@ -89,77 +109,32 @@ export class GroupMapper extends pulumi.CustomResource { return obj['__pulumiType'] === GroupMapper.__pulumiType; } - /** - * When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - */ public readonly dropNonExistingGroupsDuringSync!: pulumi.Output; - /** - * The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - */ public readonly groupNameLdapAttribute!: pulumi.Output; - /** - * List of strings representing the object classes for the group. Must contain at least one. - */ public readonly groupObjectClasses!: pulumi.Output; - /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - */ public readonly groupsLdapFilter!: pulumi.Output; - /** - * Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - */ public readonly groupsPath!: pulumi.Output; - /** - * When `true`, missing groups in the hierarchy will be ignored. - */ public readonly ignoreMissingGroups!: pulumi.Output; - /** - * The LDAP DN where groups can be found. - */ public readonly ldapGroupsDn!: pulumi.Output; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ public readonly ldapUserFederationId!: pulumi.Output; - /** - * Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - */ public readonly mappedGroupAttributes!: pulumi.Output; - /** - * Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - */ public readonly memberofLdapAttribute!: pulumi.Output; - /** - * Can be one of `DN` or `UID`. Defaults to `DN`. - */ public readonly membershipAttributeType!: pulumi.Output; - /** - * The name of the LDAP attribute that is used for membership mappings. - */ public readonly membershipLdapAttribute!: pulumi.Output; - /** - * The name of the LDAP attribute on a user that is used for membership mappings. - */ public readonly membershipUserLdapAttribute!: pulumi.Output; - /** - * Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - */ public readonly mode!: pulumi.Output; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ public readonly name!: pulumi.Output; - /** - * When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - */ public readonly preserveGroupInheritance!: pulumi.Output; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ public readonly realmId!: pulumi.Output; - /** - * Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - */ public readonly userRolesRetrieveStrategy!: pulumi.Output; /** @@ -244,77 +219,32 @@ export class GroupMapper extends pulumi.CustomResource { * Input properties used for looking up and filtering GroupMapper resources. */ export interface GroupMapperState { - /** - * When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - */ dropNonExistingGroupsDuringSync?: pulumi.Input; - /** - * The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - */ groupNameLdapAttribute?: pulumi.Input; - /** - * List of strings representing the object classes for the group. Must contain at least one. - */ groupObjectClasses?: pulumi.Input[]>; - /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - */ groupsLdapFilter?: pulumi.Input; - /** - * Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - */ groupsPath?: pulumi.Input; - /** - * When `true`, missing groups in the hierarchy will be ignored. - */ ignoreMissingGroups?: pulumi.Input; - /** - * The LDAP DN where groups can be found. - */ ldapGroupsDn?: pulumi.Input; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId?: pulumi.Input; - /** - * Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - */ mappedGroupAttributes?: pulumi.Input[]>; - /** - * Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - */ memberofLdapAttribute?: pulumi.Input; - /** - * Can be one of `DN` or `UID`. Defaults to `DN`. - */ membershipAttributeType?: pulumi.Input; - /** - * The name of the LDAP attribute that is used for membership mappings. - */ membershipLdapAttribute?: pulumi.Input; - /** - * The name of the LDAP attribute on a user that is used for membership mappings. - */ membershipUserLdapAttribute?: pulumi.Input; - /** - * Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - */ mode?: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; - /** - * When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - */ preserveGroupInheritance?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId?: pulumi.Input; - /** - * Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - */ userRolesRetrieveStrategy?: pulumi.Input; } @@ -322,76 +252,31 @@ export interface GroupMapperState { * The set of arguments for constructing a GroupMapper resource. */ export interface GroupMapperArgs { - /** - * When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - */ dropNonExistingGroupsDuringSync?: pulumi.Input; - /** - * The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - */ groupNameLdapAttribute: pulumi.Input; - /** - * List of strings representing the object classes for the group. Must contain at least one. - */ groupObjectClasses: pulumi.Input[]>; - /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - */ groupsLdapFilter?: pulumi.Input; - /** - * Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - */ groupsPath?: pulumi.Input; - /** - * When `true`, missing groups in the hierarchy will be ignored. - */ ignoreMissingGroups?: pulumi.Input; - /** - * The LDAP DN where groups can be found. - */ ldapGroupsDn: pulumi.Input; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId: pulumi.Input; - /** - * Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - */ mappedGroupAttributes?: pulumi.Input[]>; - /** - * Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - */ memberofLdapAttribute?: pulumi.Input; - /** - * Can be one of `DN` or `UID`. Defaults to `DN`. - */ membershipAttributeType?: pulumi.Input; - /** - * The name of the LDAP attribute that is used for membership mappings. - */ membershipLdapAttribute: pulumi.Input; - /** - * The name of the LDAP attribute on a user that is used for membership mappings. - */ membershipUserLdapAttribute: pulumi.Input; - /** - * Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - */ mode?: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; - /** - * When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - */ preserveGroupInheritance?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId: pulumi.Input; - /** - * Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - */ userRolesRetrieveStrategy?: pulumi.Input; } diff --git a/sdk/nodejs/ldap/hardcodedAttributeMapper.ts b/sdk/nodejs/ldap/hardcodedAttributeMapper.ts index 80af3956..230784fe 100644 --- a/sdk/nodejs/ldap/hardcodedAttributeMapper.ts +++ b/sdk/nodejs/ldap/hardcodedAttributeMapper.ts @@ -13,6 +13,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -43,16 +44,17 @@ import * as utilities from "../utilities"; * attributeValue: "bar", * }); * ``` + * * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/nodejs/ldap/hardcodedGroupMapper.ts b/sdk/nodejs/ldap/hardcodedGroupMapper.ts index d99cd705..2e3b02d7 100644 --- a/sdk/nodejs/ldap/hardcodedGroupMapper.ts +++ b/sdk/nodejs/ldap/hardcodedGroupMapper.ts @@ -11,6 +11,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -40,16 +41,17 @@ import * as utilities from "../utilities"; * group: realmGroup.name, * }); * ``` + * * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/nodejs/ldap/hardcodedRoleMapper.ts b/sdk/nodejs/ldap/hardcodedRoleMapper.ts index 34369d33..e64b02d1 100644 --- a/sdk/nodejs/ldap/hardcodedRoleMapper.ts +++ b/sdk/nodejs/ldap/hardcodedRoleMapper.ts @@ -5,19 +5,19 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP. + * ## # keycloak.ldap.HardcodedRoleMapper * - * The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. + * This mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. * - * ## Example Usage - * ### Realm Role) + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", + * realm: "test", * enabled: true, * }); * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { @@ -34,69 +34,28 @@ import * as utilities from "../utilities"; * bindDn: "cn=admin,dc=example,dc=org", * bindCredential: "admin", * }); - * const realmAdminRole = new keycloak.Role("realmAdminRole", { - * realmId: realm.id, - * description: "My Realm Role", - * }); * const assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", { * realmId: realm.id, * ldapUserFederationId: ldapUserFederation.id, - * role: realmAdminRole.name, + * role: "admin", * }); * ``` - * ### Client Role) + * * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as keycloak from "@pulumi/keycloak"; + * ### Argument Reference * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * realmId: realm.id, - * usernameLdapAttribute: "cn", - * rdnLdapAttribute: "cn", - * uuidLdapAttribute: "entryDN", - * userObjectClasses: [ - * "simpleSecurityObject", - * "organizationalRole", - * ], - * connectionUrl: "ldap://openldap", - * usersDn: "dc=example,dc=org", - * bindDn: "cn=admin,dc=example,dc=org", - * bindCredential: "admin", - * }); - * const realmManagement = keycloak.openid.getClientOutput({ - * realmId: realm.id, - * clientId: "realm-management", - * }); - * const createClient = pulumi.all([realm.id, realmManagement]).apply(([id, realmManagement]) => keycloak.getRoleOutput({ - * realmId: id, - * clientId: realmManagement.id, - * name: "create-client", - * })); - * const assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", { - * realmId: realm.id, - * ldapUserFederationId: ldapUserFederation.id, - * role: pulumi.all([realmManagement, createClient]).apply(([realmManagement, createClient]) => `${realmManagement.clientId}.${createClient.name}`), - * }); - * ``` - * - * ## Import - * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm that this LDAP mapper will exist in. + * - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `role` - (Required) The role which should be assigned to the users. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: */ export class HardcodedRoleMapper extends pulumi.CustomResource { /** @@ -127,19 +86,19 @@ export class HardcodedRoleMapper extends pulumi.CustomResource { } /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ public readonly ldapUserFederationId!: pulumi.Output; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ public readonly name!: pulumi.Output; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ public readonly realmId!: pulumi.Output; /** - * The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * Role to grant to user. */ public readonly role!: pulumi.Output; @@ -186,19 +145,19 @@ export class HardcodedRoleMapper extends pulumi.CustomResource { */ export interface HardcodedRoleMapperState { /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId?: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId?: pulumi.Input; /** - * The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * Role to grant to user. */ role?: pulumi.Input; } @@ -208,19 +167,19 @@ export interface HardcodedRoleMapperState { */ export interface HardcodedRoleMapperArgs { /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId: pulumi.Input; /** - * The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + * Role to grant to user. */ role: pulumi.Input; } diff --git a/sdk/nodejs/ldap/msadLdsUserAccountControlMapper.ts b/sdk/nodejs/ldap/msadLdsUserAccountControlMapper.ts index ed9f5bdb..21460192 100644 --- a/sdk/nodejs/ldap/msadLdsUserAccountControlMapper.ts +++ b/sdk/nodejs/ldap/msadLdsUserAccountControlMapper.ts @@ -15,6 +15,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -43,16 +44,17 @@ import * as utilities from "../utilities"; * ldapUserFederationId: ldapUserFederation.id, * }); * ``` + * * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/nodejs/ldap/msadUserAccountControlMapper.ts b/sdk/nodejs/ldap/msadUserAccountControlMapper.ts index 88adaf2e..8ebced78 100644 --- a/sdk/nodejs/ldap/msadUserAccountControlMapper.ts +++ b/sdk/nodejs/ldap/msadUserAccountControlMapper.ts @@ -5,6 +5,8 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** + * ## # keycloak.ldap.MsadUserAccountControlMapper + * * Allows for creating and managing MSAD user account control mappers for Keycloak * users federated via LDAP. * @@ -13,50 +15,53 @@ import * as utilities from "../utilities"; * AD user state to Keycloak in order to enforce settings like expired passwords * or disabled accounts. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "test", * }); * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * realmId: realm.id, - * usernameLdapAttribute: "cn", + * bindCredential: "admin", + * bindDn: "cn=admin,dc=example,dc=org", + * connectionUrl: "ldap://my-ad-server", * rdnLdapAttribute: "cn", - * uuidLdapAttribute: "objectGUID", + * realmId: realm.id, * userObjectClasses: [ * "person", * "organizationalPerson", * "user", * ], - * connectionUrl: "ldap://my-ad-server", + * usernameLdapAttribute: "cn", * usersDn: "dc=example,dc=org", - * bindDn: "cn=admin,dc=example,dc=org", - * bindCredential: "admin", + * uuidLdapAttribute: "objectGUID", * }); * const msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", { - * realmId: realm.id, * ldapUserFederationId: ldapUserFederation.id, + * realmId: realm.id, * }); * ``` + * * - * ## Import - * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * ### Argument Reference * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm that this LDAP mapper will exist in. + * - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `ldapPasswordPolicyHintsEnabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: */ export class MsadUserAccountControlMapper extends pulumi.CustomResource { /** @@ -86,20 +91,17 @@ export class MsadUserAccountControlMapper extends pulumi.CustomResource { return obj['__pulumiType'] === MsadUserAccountControlMapper.__pulumiType; } - /** - * When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - */ public readonly ldapPasswordPolicyHintsEnabled!: pulumi.Output; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ public readonly ldapUserFederationId!: pulumi.Output; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ public readonly name!: pulumi.Output; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ public readonly realmId!: pulumi.Output; @@ -142,20 +144,17 @@ export class MsadUserAccountControlMapper extends pulumi.CustomResource { * Input properties used for looking up and filtering MsadUserAccountControlMapper resources. */ export interface MsadUserAccountControlMapperState { - /** - * When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - */ ldapPasswordPolicyHintsEnabled?: pulumi.Input; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId?: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId?: pulumi.Input; } @@ -164,20 +163,17 @@ export interface MsadUserAccountControlMapperState { * The set of arguments for constructing a MsadUserAccountControlMapper resource. */ export interface MsadUserAccountControlMapperArgs { - /** - * When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - */ ldapPasswordPolicyHintsEnabled?: pulumi.Input; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/ldap/roleMapper.ts b/sdk/nodejs/ldap/roleMapper.ts index afd9720a..af3dc513 100644 --- a/sdk/nodejs/ldap/roleMapper.ts +++ b/sdk/nodejs/ldap/roleMapper.ts @@ -11,6 +11,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -46,16 +47,17 @@ import * as utilities from "../utilities"; * memberofLdapAttribute: "memberOf", * }); * ``` + * * * ## Import * * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/nodejs/ldap/userAttributeMapper.ts b/sdk/nodejs/ldap/userAttributeMapper.ts index 0c9c71cc..1ae78caf 100644 --- a/sdk/nodejs/ldap/userAttributeMapper.ts +++ b/sdk/nodejs/ldap/userAttributeMapper.ts @@ -5,57 +5,66 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** + * ## # keycloak.ldap.UserAttributeMapper + * * Allows for creating and managing user attribute mappers for Keycloak users * federated via LDAP. * * The LDAP user attribute mapper can be used to map a single LDAP attribute * to an attribute on the Keycloak user model. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "test", * }); * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * realmId: realm.id, - * usernameLdapAttribute: "cn", + * bindCredential: "admin", + * bindDn: "cn=admin,dc=example,dc=org", + * connectionUrl: "ldap://openldap", * rdnLdapAttribute: "cn", - * uuidLdapAttribute: "entryDN", + * realmId: realm.id, * userObjectClasses: [ * "simpleSecurityObject", * "organizationalRole", * ], - * connectionUrl: "ldap://openldap", + * usernameLdapAttribute: "cn", * usersDn: "dc=example,dc=org", - * bindDn: "cn=admin,dc=example,dc=org", - * bindCredential: "admin", + * uuidLdapAttribute: "entryDN", * }); * const ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper("ldapUserAttributeMapper", { - * realmId: realm.id, + * ldapAttribute: "bar", * ldapUserFederationId: ldapUserFederation.id, + * realmId: realm.id, * userModelAttribute: "foo", - * ldapAttribute: "bar", * }); * ``` + * * - * ## Import - * - * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * ### Argument Reference * - * The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm that this LDAP mapper will exist in. + * - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + * - `name` - (Required) Display name of this mapper when displayed in the console. + * - `userModelAttribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into. + * - `ldapAttribute` - (Required) Name of the mapped attribute on the LDAP object. + * - `readOnly` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * - `alwaysReadValueFromLdap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * - `isMandatoryInLdap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - * ``` + * LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + * The ID of the LDAP user federation provider and the mapper can be found within + * the Keycloak GUI, and they are typically GUIDs: */ export class UserAttributeMapper extends pulumi.CustomResource { /** @@ -86,43 +95,43 @@ export class UserAttributeMapper extends pulumi.CustomResource { } /** - * When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * When true, the value fetched from LDAP will override the value stored in Keycloak. */ public readonly alwaysReadValueFromLdap!: pulumi.Output; /** - * Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. + * Default value to set in LDAP if is_mandatory_in_ldap and the value is empty */ public readonly attributeDefaultValue!: pulumi.Output; /** - * Should be true for binary LDAP attributes. + * Should be true for binary LDAP attributes */ public readonly isBinaryAttribute!: pulumi.Output; /** - * When `true`, this attribute must exist in LDAP. Defaults to `false`. + * When true, this attribute must exist in LDAP. */ public readonly isMandatoryInLdap!: pulumi.Output; /** - * Name of the mapped attribute on the LDAP object. + * Name of the mapped attribute on LDAP object. */ public readonly ldapAttribute!: pulumi.Output; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ public readonly ldapUserFederationId!: pulumi.Output; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ public readonly name!: pulumi.Output; /** - * When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. */ public readonly readOnly!: pulumi.Output; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ public readonly realmId!: pulumi.Output; /** - * Name of the user property or attribute you want to map the LDAP attribute into. + * Name of the UserModel property or attribute you want to map the LDAP attribute into. */ public readonly userModelAttribute!: pulumi.Output; @@ -184,43 +193,43 @@ export class UserAttributeMapper extends pulumi.CustomResource { */ export interface UserAttributeMapperState { /** - * When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * When true, the value fetched from LDAP will override the value stored in Keycloak. */ alwaysReadValueFromLdap?: pulumi.Input; /** - * Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. + * Default value to set in LDAP if is_mandatory_in_ldap and the value is empty */ attributeDefaultValue?: pulumi.Input; /** - * Should be true for binary LDAP attributes. + * Should be true for binary LDAP attributes */ isBinaryAttribute?: pulumi.Input; /** - * When `true`, this attribute must exist in LDAP. Defaults to `false`. + * When true, this attribute must exist in LDAP. */ isMandatoryInLdap?: pulumi.Input; /** - * Name of the mapped attribute on the LDAP object. + * Name of the mapped attribute on LDAP object. */ ldapAttribute?: pulumi.Input; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId?: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; /** - * When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. */ readOnly?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId?: pulumi.Input; /** - * Name of the user property or attribute you want to map the LDAP attribute into. + * Name of the UserModel property or attribute you want to map the LDAP attribute into. */ userModelAttribute?: pulumi.Input; } @@ -230,43 +239,43 @@ export interface UserAttributeMapperState { */ export interface UserAttributeMapperArgs { /** - * When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + * When true, the value fetched from LDAP will override the value stored in Keycloak. */ alwaysReadValueFromLdap?: pulumi.Input; /** - * Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. + * Default value to set in LDAP if is_mandatory_in_ldap and the value is empty */ attributeDefaultValue?: pulumi.Input; /** - * Should be true for binary LDAP attributes. + * Should be true for binary LDAP attributes */ isBinaryAttribute?: pulumi.Input; /** - * When `true`, this attribute must exist in LDAP. Defaults to `false`. + * When true, this attribute must exist in LDAP. */ isMandatoryInLdap?: pulumi.Input; /** - * Name of the mapped attribute on the LDAP object. + * Name of the mapped attribute on LDAP object. */ ldapAttribute: pulumi.Input; /** - * The ID of the LDAP user federation provider to attach this mapper to. + * The ldap user federation provider to attach this mapper to. */ ldapUserFederationId: pulumi.Input; /** - * Display name of this mapper when displayed in the console. + * Display name of the mapper when displayed in the console. */ name?: pulumi.Input; /** - * When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + * When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. */ readOnly?: pulumi.Input; /** - * The realm that this LDAP mapper will exist in. + * The realm in which the ldap user federation provider exists. */ realmId: pulumi.Input; /** - * Name of the user property or attribute you want to map the LDAP attribute into. + * Name of the UserModel property or attribute you want to map the LDAP attribute into. */ userModelAttribute: pulumi.Input; } diff --git a/sdk/nodejs/ldap/userFederation.ts b/sdk/nodejs/ldap/userFederation.ts index 1dc72fee..dabbe5a8 100644 --- a/sdk/nodejs/ldap/userFederation.ts +++ b/sdk/nodejs/ldap/userFederation.ts @@ -7,6 +7,8 @@ import * as outputs from "../types/output"; import * as utilities from "../utilities"; /** + * ## # keycloak.ldap.UserFederation + * * Allows for creating and managing LDAP user federation providers within Keycloak. * * Keycloak can use an LDAP user federation provider to federate users to Keycloak @@ -14,51 +16,78 @@ import * as utilities from "../utilities"; * will exist within the realm and will be able to log in to clients. Federated * users can have their attributes defined using mappers. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "test", * }); * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * realmId: realm.id, + * bindCredential: "admin", + * bindDn: "cn=admin,dc=example,dc=org", + * connectionTimeout: "5s", + * connectionUrl: "ldap://openldap", * enabled: true, - * usernameLdapAttribute: "cn", * rdnLdapAttribute: "cn", - * uuidLdapAttribute: "entryDN", + * readTimeout: "10s", + * realmId: realm.id, * userObjectClasses: [ * "simpleSecurityObject", * "organizationalRole", * ], - * connectionUrl: "ldap://openldap", + * usernameLdapAttribute: "cn", * usersDn: "dc=example,dc=org", - * bindDn: "cn=admin,dc=example,dc=org", - * bindCredential: "admin", - * connectionTimeout: "5s", - * readTimeout: "10s", - * kerberos: { - * kerberosRealm: "FOO.LOCAL", - * serverPrincipal: "HTTP/host.foo.com@FOO.LOCAL", - * keyTab: "/etc/host.keytab", - * }, + * uuidLdapAttribute: "entryDN", * }); * ``` + * * - * ## Import + * ### Argument Reference * - * LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. + * The following arguments are supported: * - * The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: + * - `realmId` - (Required) The realm that this provider will provide user federation for. + * - `name` - (Required) Display name of the provider when displayed in the console. + * - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * - `importEnabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * - `editMode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * - `syncRegistrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * - `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`. + * - `usernameLdapAttribute` - (Required) Name of the LDAP attribute to use as the Keycloak username. + * - `rdnLdapAttribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name. + * - `uuidLdapAttribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. + * - `userObjectClasses` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * - `connectionUrl` - (Required) Connection URL to the LDAP server. + * - `usersDn` - (Required) Full DN of LDAP tree where your users are. + * - `bindDn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + * - `bindCredential` - (Optional) Password of LDAP admin. This attribute must be set if `bindDn` is set. + * - `customUserSearchFilter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * - `searchScope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`: + * - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`. + * - `SUBTREE`: Search entire LDAP subtree. + * - `validatePasswordPolicy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it. + * - `useTruststoreSpi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: + * - `ALWAYS` - Always use the truststore SPI for LDAP connections. + * - `NEVER` - Never use the truststore SPI for LDAP connections. + * - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol. + * - `connectionTimeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * - `readTimeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * - `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * - `batchSizeForSync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`. + * - `fullSyncPeriod` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. + * - `changedSyncPeriod` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * - `cachePolicy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - * ``` + * LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. + * The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: */ export class UserFederation extends pulumi.CustomResource { /** @@ -89,27 +118,28 @@ export class UserFederation extends pulumi.CustomResource { } /** - * The number of users to sync within a single transaction. Defaults to `1000`. + * The number of users to sync within a single transaction. */ public readonly batchSizeForSync!: pulumi.Output; /** - * Password of LDAP admin. This attribute must be set if `bindDn` is set. + * Password of LDAP admin. */ public readonly bindCredential!: pulumi.Output; /** - * DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + * DN of LDAP admin, which will be used by Keycloak to access LDAP server. */ public readonly bindDn!: pulumi.Output; /** - * A block containing the cache settings. + * Settings regarding cache policy for this realm. */ public readonly cache!: pulumi.Output; /** - * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. */ public readonly changedSyncPeriod!: pulumi.Output; /** - * LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP connection timeout (duration string) */ public readonly connectionTimeout!: pulumi.Output; /** @@ -117,19 +147,20 @@ export class UserFederation extends pulumi.CustomResource { */ public readonly connectionUrl!: pulumi.Output; /** - * Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. */ public readonly customUserSearchFilter!: pulumi.Output; /** - * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. */ public readonly deleteDefaultMappers!: pulumi.Output; /** - * Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. */ public readonly editMode!: pulumi.Output; /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. */ public readonly enabled!: pulumi.Output; /** @@ -137,11 +168,11 @@ export class UserFederation extends pulumi.CustomResource { */ public readonly fullSyncPeriod!: pulumi.Output; /** - * When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * When true, LDAP users will be imported into the Keycloak database. */ public readonly importEnabled!: pulumi.Output; /** - * A block containing the kerberos settings. + * Settings regarding kerberos authentication for this realm. */ public readonly kerberos!: pulumi.Output; /** @@ -149,11 +180,11 @@ export class UserFederation extends pulumi.CustomResource { */ public readonly name!: pulumi.Output; /** - * When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * When true, Keycloak assumes the LDAP server supports pagination. */ public readonly pagination!: pulumi.Output; /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. */ public readonly priority!: pulumi.Output; /** @@ -161,23 +192,23 @@ export class UserFederation extends pulumi.CustomResource { */ public readonly rdnLdapAttribute!: pulumi.Output; /** - * LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP read timeout (duration string) */ public readonly readTimeout!: pulumi.Output; /** - * The realm that this provider will provide user federation for. + * The realm this provider will provide user federation for. */ public readonly realmId!: pulumi.Output; /** - * Can be one of `ONE_LEVEL` or `SUBTREE`: + * ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. */ public readonly searchScope!: pulumi.Output; /** - * When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. */ public readonly startTls!: pulumi.Output; /** - * When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * When true, newly created users will be synced back to LDAP. */ public readonly syncRegistrations!: pulumi.Output; /** @@ -188,12 +219,9 @@ export class UserFederation extends pulumi.CustomResource { * When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). */ public readonly usePasswordModifyExtendedOp!: pulumi.Output; - /** - * Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - */ public readonly useTruststoreSpi!: pulumi.Output; /** - * Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * All values of LDAP objectClass attribute for users in LDAP. */ public readonly userObjectClasses!: pulumi.Output; /** @@ -209,11 +237,11 @@ export class UserFederation extends pulumi.CustomResource { */ public readonly uuidLdapAttribute!: pulumi.Output; /** - * When `true`, Keycloak will validate passwords using the realm policy before updating it. + * When true, Keycloak will validate passwords using the realm policy before updating it. */ public readonly validatePasswordPolicy!: pulumi.Output; /** - * Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. */ public readonly vendor!: pulumi.Output; @@ -330,27 +358,28 @@ export class UserFederation extends pulumi.CustomResource { */ export interface UserFederationState { /** - * The number of users to sync within a single transaction. Defaults to `1000`. + * The number of users to sync within a single transaction. */ batchSizeForSync?: pulumi.Input; /** - * Password of LDAP admin. This attribute must be set if `bindDn` is set. + * Password of LDAP admin. */ bindCredential?: pulumi.Input; /** - * DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + * DN of LDAP admin, which will be used by Keycloak to access LDAP server. */ bindDn?: pulumi.Input; /** - * A block containing the cache settings. + * Settings regarding cache policy for this realm. */ cache?: pulumi.Input; /** - * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. */ changedSyncPeriod?: pulumi.Input; /** - * LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP connection timeout (duration string) */ connectionTimeout?: pulumi.Input; /** @@ -358,19 +387,20 @@ export interface UserFederationState { */ connectionUrl?: pulumi.Input; /** - * Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. */ customUserSearchFilter?: pulumi.Input; /** - * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. */ deleteDefaultMappers?: pulumi.Input; /** - * Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. */ editMode?: pulumi.Input; /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. */ enabled?: pulumi.Input; /** @@ -378,11 +408,11 @@ export interface UserFederationState { */ fullSyncPeriod?: pulumi.Input; /** - * When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * When true, LDAP users will be imported into the Keycloak database. */ importEnabled?: pulumi.Input; /** - * A block containing the kerberos settings. + * Settings regarding kerberos authentication for this realm. */ kerberos?: pulumi.Input; /** @@ -390,11 +420,11 @@ export interface UserFederationState { */ name?: pulumi.Input; /** - * When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * When true, Keycloak assumes the LDAP server supports pagination. */ pagination?: pulumi.Input; /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. */ priority?: pulumi.Input; /** @@ -402,23 +432,23 @@ export interface UserFederationState { */ rdnLdapAttribute?: pulumi.Input; /** - * LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP read timeout (duration string) */ readTimeout?: pulumi.Input; /** - * The realm that this provider will provide user federation for. + * The realm this provider will provide user federation for. */ realmId?: pulumi.Input; /** - * Can be one of `ONE_LEVEL` or `SUBTREE`: + * ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. */ searchScope?: pulumi.Input; /** - * When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. */ startTls?: pulumi.Input; /** - * When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * When true, newly created users will be synced back to LDAP. */ syncRegistrations?: pulumi.Input; /** @@ -429,12 +459,9 @@ export interface UserFederationState { * When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). */ usePasswordModifyExtendedOp?: pulumi.Input; - /** - * Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - */ useTruststoreSpi?: pulumi.Input; /** - * Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * All values of LDAP objectClass attribute for users in LDAP. */ userObjectClasses?: pulumi.Input[]>; /** @@ -450,11 +477,11 @@ export interface UserFederationState { */ uuidLdapAttribute?: pulumi.Input; /** - * When `true`, Keycloak will validate passwords using the realm policy before updating it. + * When true, Keycloak will validate passwords using the realm policy before updating it. */ validatePasswordPolicy?: pulumi.Input; /** - * Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. */ vendor?: pulumi.Input; } @@ -464,27 +491,28 @@ export interface UserFederationState { */ export interface UserFederationArgs { /** - * The number of users to sync within a single transaction. Defaults to `1000`. + * The number of users to sync within a single transaction. */ batchSizeForSync?: pulumi.Input; /** - * Password of LDAP admin. This attribute must be set if `bindDn` is set. + * Password of LDAP admin. */ bindCredential?: pulumi.Input; /** - * DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. + * DN of LDAP admin, which will be used by Keycloak to access LDAP server. */ bindDn?: pulumi.Input; /** - * A block containing the cache settings. + * Settings regarding cache policy for this realm. */ cache?: pulumi.Input; /** - * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + * How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + * sync. */ changedSyncPeriod?: pulumi.Input; /** - * LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP connection timeout (duration string) */ connectionTimeout?: pulumi.Input; /** @@ -492,19 +520,20 @@ export interface UserFederationArgs { */ connectionUrl: pulumi.Input; /** - * Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + * Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. */ customUserSearchFilter?: pulumi.Input; /** - * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + * When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + * user federation provider. */ deleteDefaultMappers?: pulumi.Input; /** - * Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + * READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. */ editMode?: pulumi.Input; /** - * When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + * When false, this provider will not be used when performing queries for users. */ enabled?: pulumi.Input; /** @@ -512,11 +541,11 @@ export interface UserFederationArgs { */ fullSyncPeriod?: pulumi.Input; /** - * When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + * When true, LDAP users will be imported into the Keycloak database. */ importEnabled?: pulumi.Input; /** - * A block containing the kerberos settings. + * Settings regarding kerberos authentication for this realm. */ kerberos?: pulumi.Input; /** @@ -524,11 +553,11 @@ export interface UserFederationArgs { */ name?: pulumi.Input; /** - * When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + * When true, Keycloak assumes the LDAP server supports pagination. */ pagination?: pulumi.Input; /** - * Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + * Priority of this provider when looking up users. Lower values are first. */ priority?: pulumi.Input; /** @@ -536,23 +565,23 @@ export interface UserFederationArgs { */ rdnLdapAttribute: pulumi.Input; /** - * LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + * LDAP read timeout (duration string) */ readTimeout?: pulumi.Input; /** - * The realm that this provider will provide user federation for. + * The realm this provider will provide user federation for. */ realmId: pulumi.Input; /** - * Can be one of `ONE_LEVEL` or `SUBTREE`: + * ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. */ searchScope?: pulumi.Input; /** - * When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + * When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. */ startTls?: pulumi.Input; /** - * When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + * When true, newly created users will be synced back to LDAP. */ syncRegistrations?: pulumi.Input; /** @@ -563,12 +592,9 @@ export interface UserFederationArgs { * When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). */ usePasswordModifyExtendedOp?: pulumi.Input; - /** - * Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - */ useTruststoreSpi?: pulumi.Input; /** - * Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + * All values of LDAP objectClass attribute for users in LDAP. */ userObjectClasses: pulumi.Input[]>; /** @@ -584,11 +610,11 @@ export interface UserFederationArgs { */ uuidLdapAttribute: pulumi.Input; /** - * When `true`, Keycloak will validate passwords using the realm policy before updating it. + * When true, Keycloak will validate passwords using the realm policy before updating it. */ validatePasswordPolicy?: pulumi.Input; /** - * Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + * LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. */ vendor?: pulumi.Input; } diff --git a/sdk/nodejs/oidc/googleIdentityProvider.ts b/sdk/nodejs/oidc/googleIdentityProvider.ts index d43d57e9..1608720e 100644 --- a/sdk/nodejs/oidc/googleIdentityProvider.ts +++ b/sdk/nodejs/oidc/googleIdentityProvider.ts @@ -11,6 +11,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -31,14 +32,15 @@ import * as utilities from "../utilities"; * }, * }); * ``` + * * * ## Import * * Google Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp diff --git a/sdk/nodejs/oidc/identityProvider.ts b/sdk/nodejs/oidc/identityProvider.ts index a9c34100..34613295 100644 --- a/sdk/nodejs/oidc/identityProvider.ts +++ b/sdk/nodejs/oidc/identityProvider.ts @@ -11,6 +11,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -31,14 +32,15 @@ import * as utilities from "../utilities"; * }, * }); * ``` + * * * ## Import * * Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp diff --git a/sdk/nodejs/openid/audienceProtocolMapper.ts b/sdk/nodejs/openid/audienceProtocolMapper.ts index 2b88e3e0..320b52d8 100644 --- a/sdk/nodejs/openid/audienceProtocolMapper.ts +++ b/sdk/nodejs/openid/audienceProtocolMapper.ts @@ -5,72 +5,81 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing audience protocol mappers within Keycloak. + * ## # keycloak.openid.AudienceProtocolMapper * - * Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom - * string, or it can be mapped to the ID of a pre-existing client. + * Allows for creating and managing audience protocol mappers within + * Keycloak. This mapper was added in Keycloak v4.6.0.Final. * - * ## Example Usage - * ### Client) + * Audience protocol mappers allow you add audiences to the `aud` claim + * within issued tokens. The audience can be a custom string, or it can be + * mapped to the ID of a pre-existing client. * + * ### Example Usage (Client) + * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * enabled: true, + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", { - * realmId: realm.id, * clientId: openidClient.id, * includedCustomAudience: "foo", + * realmId: realm.id, * }); * ``` - * ### Client Scope) + * + * + * ### Example Usage (Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", { - * realmId: realm.id, * clientScopeId: clientScope.id, * includedCustomAudience: "foo", + * realmId: realm.id, * }); * ``` + * * - * ## Import - * - * Protocol mappers can be imported using one of the following formats: - * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * ### Argument Reference * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `includedClientAudience` - (Required if `includedCustomAudience` is not specified) A client ID to include within the token's `aud` claim. + * - `includedCustomAudience` - (Required if `includedClientAudience` is not specified) A custom audience to include within the token's `aud` claim. + * - `addToIdToken` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * - `addToAccessToken` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class AudienceProtocolMapper extends pulumi.CustomResource { /** @@ -101,35 +110,35 @@ export class AudienceProtocolMapper extends pulumi.CustomResource { } /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the access token. */ public readonly addToAccessToken!: pulumi.Output; /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the id token. */ public readonly addToIdToken!: pulumi.Output; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; /** - * A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + * A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience */ public readonly includedClientAudience!: pulumi.Output; /** - * A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + * A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience */ public readonly includedCustomAudience!: pulumi.Output; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; @@ -178,35 +187,35 @@ export class AudienceProtocolMapper extends pulumi.CustomResource { */ export interface AudienceProtocolMapperState { /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the id token. */ addToIdToken?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + * A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience */ includedClientAudience?: pulumi.Input; /** - * A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + * A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience */ includedCustomAudience?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; } @@ -216,35 +225,35 @@ export interface AudienceProtocolMapperState { */ export interface AudienceProtocolMapperArgs { /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + * Indicates if this claim should be added to the id token. */ addToIdToken?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * A client ID to include within the token's `aud` claim. Conflicts with `includedCustomAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + * A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience */ includedClientAudience?: pulumi.Input; /** - * A custom audience to include within the token's `aud` claim. Conflicts with `includedClientAudience`. One of `includedClientAudience` or `includedCustomAudience` must be specified. + * A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience */ includedCustomAudience?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/openid/audienceResolveProtocolMapper.ts b/sdk/nodejs/openid/audienceResolveProtocolMapper.ts index 874059ac..a5d42a45 100644 --- a/sdk/nodejs/openid/audienceResolveProtocolMapper.ts +++ b/sdk/nodejs/openid/audienceResolveProtocolMapper.ts @@ -12,8 +12,10 @@ import * as utilities from "../utilities"; * [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. * * ## Example Usage + * * ### Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -34,8 +36,11 @@ import * as utilities from "../utilities"; * clientId: openidClient.id, * }); * ``` + * + * * ### Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -50,18 +55,19 @@ import * as utilities from "../utilities"; * clientScopeId: clientScope.id, * }); * ``` + * * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/nodejs/openid/audienceResolveProtocolMappter.ts b/sdk/nodejs/openid/audienceResolveProtocolMappter.ts index 9f217370..2720652d 100644 --- a/sdk/nodejs/openid/audienceResolveProtocolMappter.ts +++ b/sdk/nodejs/openid/audienceResolveProtocolMappter.ts @@ -12,8 +12,10 @@ import * as utilities from "../utilities"; * [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. * * ## Example Usage + * * ### Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -34,8 +36,11 @@ import * as utilities from "../utilities"; * clientId: openidClient.id, * }); * ``` + * + * * ### Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -50,18 +55,19 @@ import * as utilities from "../utilities"; * clientScopeId: clientScope.id, * }); * ``` + * * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/nodejs/openid/client.ts b/sdk/nodejs/openid/client.ts index ac0f01fb..a915d4bc 100644 --- a/sdk/nodejs/openid/client.ts +++ b/sdk/nodejs/openid/client.ts @@ -7,49 +7,77 @@ import * as outputs from "../types/output"; import * as utilities from "../utilities"; /** + * ## # keycloak.openid.Client + * * Allows for creating and managing Keycloak clients that use the OpenID Connect protocol. * * Clients are entities that can use Keycloak for user authentication. Typically, * clients are applications that redirect users to Keycloak for authentication * in order to take advantage of Keycloak's user sessions for SSO. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * clientId: "test-client", * enabled: true, - * accessType: "CONFIDENTIAL", + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], - * loginTheme: "keycloak", - * extraConfig: { - * key1: "value1", - * key2: "value2", - * }, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + * - `realmId` - (Required) The realm this client is attached to. + * - `clientId` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + * - `name` - (Optional) The display name of this client in the GUI. + * - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + * - `description` - (Optional) The description of this client in the GUI. + * - `accessType` - (Required) Specifies the type of client, which can be one of the following: + * - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating. + * This client should be used for applications using the Authorization Code or Client Credentials grant flows. + * - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect + * URIs for security. This client should be used for applications using the Implicit grant flow. + * - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests. + * - `clientSecret` - (Optional) The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and + * should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute. + * - `standardFlowEnabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. + * - `implicitFlowEnabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. + * - `directAccessGrantsEnabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. + * - `serviceAccountsEnabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. + * - `validRedirectUris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple + * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` + * is set to `true`. + * - `webOrigins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins. + * - `adminUrl` - (Optional) URL to the admin interface of the client. + * - `baseUrl` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client. + * - `pkceCodeChallengeMethod` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. + * - `fullScopeAllowed` - (Optional) - Allow to include all roles mappings in the access token. * - * Example: + * ### Attributes Reference * - * bash + * In addition to the arguments listed above, the following computed attributes are exported: * - * ```sh - * $ pulumi import keycloak:openid/client:Client openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - * ``` + * - `serviceAccountUserId` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. + * + * ### Import + * + * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `clientKeycloakId` is the unique ID that Keycloak + * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + * + * Example: */ export class Client extends pulumi.CustomResource { /** @@ -79,192 +107,51 @@ export class Client extends pulumi.CustomResource { return obj['__pulumiType'] === Client.__pulumiType; } - /** - * The amount of time in seconds before an access token expires. This will override the default for the realm. - */ public readonly accessTokenLifespan!: pulumi.Output; - /** - * Specifies the type of client, which can be one of the following: - */ public readonly accessType!: pulumi.Output; - /** - * URL to the admin interface of the client. - */ public readonly adminUrl!: pulumi.Output; - /** - * Override realm authentication flow bindings - */ public readonly authenticationFlowBindingOverrides!: pulumi.Output; - /** - * When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: - */ public readonly authorization!: pulumi.Output; - /** - * Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - */ public readonly backchannelLogoutRevokeOfflineSessions!: pulumi.Output; - /** - * When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - */ public readonly backchannelLogoutSessionRequired!: pulumi.Output; - /** - * The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - */ public readonly backchannelLogoutUrl!: pulumi.Output; - /** - * Default URL to use when the auth server needs to redirect or link back to the client. - */ public readonly baseUrl!: pulumi.Output; - /** - * Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - */ public readonly clientAuthenticatorType!: pulumi.Output; - /** - * The Client ID for this client, referenced in the URI during authentication and in issued tokens. - */ public readonly clientId!: pulumi.Output; - /** - * Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - */ public readonly clientOfflineSessionIdleTimeout!: pulumi.Output; - /** - * Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - */ public readonly clientOfflineSessionMaxLifespan!: pulumi.Output; - /** - * The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - */ public readonly clientSecret!: pulumi.Output; - /** - * Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - */ public readonly clientSessionIdleTimeout!: pulumi.Output; - /** - * Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - */ public readonly clientSessionMaxLifespan!: pulumi.Output; - /** - * When `true`, users have to consent to client access. Defaults to `false`. - */ public readonly consentRequired!: pulumi.Output; - /** - * The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. - */ public readonly consentScreenText!: pulumi.Output; - /** - * The description of this client in the GUI. - */ public readonly description!: pulumi.Output; - /** - * When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - */ public readonly directAccessGrantsEnabled!: pulumi.Output; - /** - * When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. - */ public readonly displayOnConsentScreen!: pulumi.Output; - /** - * When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - */ public readonly enabled!: pulumi.Output; - /** - * When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. - */ public readonly excludeSessionStateFromAuthResponse!: pulumi.Output; public readonly extraConfig!: pulumi.Output<{[key: string]: any} | undefined>; - /** - * When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. - */ public readonly frontchannelLogoutEnabled!: pulumi.Output; - /** - * The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. - */ public readonly frontchannelLogoutUrl!: pulumi.Output; - /** - * Allow to include all roles mappings in the access token. - */ public readonly fullScopeAllowed!: pulumi.Output; - /** - * When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - */ public readonly implicitFlowEnabled!: pulumi.Output; - /** - * When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - */ public readonly import!: pulumi.Output; - /** - * The client login theme. This will override the default theme for the realm. - */ public readonly loginTheme!: pulumi.Output; - /** - * The display name of this client in the GUI. - */ public readonly name!: pulumi.Output; - /** - * Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - */ public readonly oauth2DeviceAuthorizationGrantEnabled!: pulumi.Output; - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - */ public readonly oauth2DeviceCodeLifespan!: pulumi.Output; - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - */ public readonly oauth2DevicePollingInterval!: pulumi.Output; - /** - * The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - */ public readonly pkceCodeChallengeMethod!: pulumi.Output; - /** - * The realm this client is attached to. - */ public readonly realmId!: pulumi.Output; - /** - * (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - */ public /*out*/ readonly resourceServerId!: pulumi.Output; - /** - * When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. - */ public readonly rootUrl!: pulumi.Output; - /** - * (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - */ public /*out*/ readonly serviceAccountUserId!: pulumi.Output; - /** - * When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - */ public readonly serviceAccountsEnabled!: pulumi.Output; - /** - * When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - */ public readonly standardFlowEnabled!: pulumi.Output; - /** - * If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. - */ public readonly useRefreshTokens!: pulumi.Output; - /** - * If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - */ public readonly useRefreshTokensClientCredentials!: pulumi.Output; - /** - * A list of valid URIs a browser is permitted to redirect to after a successful logout. - */ public readonly validPostLogoutRedirectUris!: pulumi.Output; - /** - * A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` - * is set to `true`. - */ public readonly validRedirectUris!: pulumi.Output; - /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - */ public readonly webOrigins!: pulumi.Output; /** @@ -395,192 +282,51 @@ export class Client extends pulumi.CustomResource { * Input properties used for looking up and filtering Client resources. */ export interface ClientState { - /** - * The amount of time in seconds before an access token expires. This will override the default for the realm. - */ accessTokenLifespan?: pulumi.Input; - /** - * Specifies the type of client, which can be one of the following: - */ accessType?: pulumi.Input; - /** - * URL to the admin interface of the client. - */ adminUrl?: pulumi.Input; - /** - * Override realm authentication flow bindings - */ authenticationFlowBindingOverrides?: pulumi.Input; - /** - * When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: - */ authorization?: pulumi.Input; - /** - * Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - */ backchannelLogoutRevokeOfflineSessions?: pulumi.Input; - /** - * When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - */ backchannelLogoutSessionRequired?: pulumi.Input; - /** - * The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - */ backchannelLogoutUrl?: pulumi.Input; - /** - * Default URL to use when the auth server needs to redirect or link back to the client. - */ baseUrl?: pulumi.Input; - /** - * Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - */ clientAuthenticatorType?: pulumi.Input; - /** - * The Client ID for this client, referenced in the URI during authentication and in issued tokens. - */ clientId?: pulumi.Input; - /** - * Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - */ clientOfflineSessionIdleTimeout?: pulumi.Input; - /** - * Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - */ clientOfflineSessionMaxLifespan?: pulumi.Input; - /** - * The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - */ clientSecret?: pulumi.Input; - /** - * Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - */ clientSessionIdleTimeout?: pulumi.Input; - /** - * Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - */ clientSessionMaxLifespan?: pulumi.Input; - /** - * When `true`, users have to consent to client access. Defaults to `false`. - */ consentRequired?: pulumi.Input; - /** - * The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. - */ consentScreenText?: pulumi.Input; - /** - * The description of this client in the GUI. - */ description?: pulumi.Input; - /** - * When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - */ directAccessGrantsEnabled?: pulumi.Input; - /** - * When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. - */ displayOnConsentScreen?: pulumi.Input; - /** - * When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - */ enabled?: pulumi.Input; - /** - * When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. - */ excludeSessionStateFromAuthResponse?: pulumi.Input; extraConfig?: pulumi.Input<{[key: string]: any}>; - /** - * When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. - */ frontchannelLogoutEnabled?: pulumi.Input; - /** - * The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. - */ frontchannelLogoutUrl?: pulumi.Input; - /** - * Allow to include all roles mappings in the access token. - */ fullScopeAllowed?: pulumi.Input; - /** - * When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - */ implicitFlowEnabled?: pulumi.Input; - /** - * When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - */ import?: pulumi.Input; - /** - * The client login theme. This will override the default theme for the realm. - */ loginTheme?: pulumi.Input; - /** - * The display name of this client in the GUI. - */ name?: pulumi.Input; - /** - * Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - */ oauth2DeviceAuthorizationGrantEnabled?: pulumi.Input; - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - */ oauth2DeviceCodeLifespan?: pulumi.Input; - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - */ oauth2DevicePollingInterval?: pulumi.Input; - /** - * The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - */ pkceCodeChallengeMethod?: pulumi.Input; - /** - * The realm this client is attached to. - */ realmId?: pulumi.Input; - /** - * (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - */ resourceServerId?: pulumi.Input; - /** - * When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. - */ rootUrl?: pulumi.Input; - /** - * (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - */ serviceAccountUserId?: pulumi.Input; - /** - * When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - */ serviceAccountsEnabled?: pulumi.Input; - /** - * When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - */ standardFlowEnabled?: pulumi.Input; - /** - * If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. - */ useRefreshTokens?: pulumi.Input; - /** - * If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - */ useRefreshTokensClientCredentials?: pulumi.Input; - /** - * A list of valid URIs a browser is permitted to redirect to after a successful logout. - */ validPostLogoutRedirectUris?: pulumi.Input[]>; - /** - * A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` - * is set to `true`. - */ validRedirectUris?: pulumi.Input[]>; - /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - */ webOrigins?: pulumi.Input[]>; } @@ -588,183 +334,48 @@ export interface ClientState { * The set of arguments for constructing a Client resource. */ export interface ClientArgs { - /** - * The amount of time in seconds before an access token expires. This will override the default for the realm. - */ accessTokenLifespan?: pulumi.Input; - /** - * Specifies the type of client, which can be one of the following: - */ accessType: pulumi.Input; - /** - * URL to the admin interface of the client. - */ adminUrl?: pulumi.Input; - /** - * Override realm authentication flow bindings - */ authenticationFlowBindingOverrides?: pulumi.Input; - /** - * When this block is present, fine-grained authorization will be enabled for this client. The client's `accessType` must be `CONFIDENTIAL`, and `serviceAccountsEnabled` must be `true`. This block has the following arguments: - */ authorization?: pulumi.Input; - /** - * Specifying whether a "revokeOfflineAccess" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - */ backchannelLogoutRevokeOfflineSessions?: pulumi.Input; - /** - * When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - */ backchannelLogoutSessionRequired?: pulumi.Input; - /** - * The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - */ backchannelLogoutUrl?: pulumi.Input; - /** - * Default URL to use when the auth server needs to redirect or link back to the client. - */ baseUrl?: pulumi.Input; - /** - * Defaults to `client-secret`. The authenticator type for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - * - `client-secret` (Default) Use client id and client secret to authenticate client. - * - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - * - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extraConfig` with `attributes.x509.subjectdn = ` - * - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extraConfig` with `attributes.token.endpoint.auth.signing.alg = ` - */ clientAuthenticatorType?: pulumi.Input; - /** - * The Client ID for this client, referenced in the URI during authentication and in issued tokens. - */ clientId: pulumi.Input; - /** - * Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - */ clientOfflineSessionIdleTimeout?: pulumi.Input; - /** - * Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - */ clientOfflineSessionMaxLifespan?: pulumi.Input; - /** - * The secret for clients with an `accessType` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - */ clientSecret?: pulumi.Input; - /** - * Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - */ clientSessionIdleTimeout?: pulumi.Input; - /** - * Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - */ clientSessionMaxLifespan?: pulumi.Input; - /** - * When `true`, users have to consent to client access. Defaults to `false`. - */ consentRequired?: pulumi.Input; - /** - * The text to display on the consent screen about permissions specific to this client. This is applicable only when `displayOnConsentScreen` is `true`. - */ consentScreenText?: pulumi.Input; - /** - * The description of this client in the GUI. - */ description?: pulumi.Input; - /** - * When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - */ directAccessGrantsEnabled?: pulumi.Input; - /** - * When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consentRequired` is `true`. - */ displayOnConsentScreen?: pulumi.Input; - /** - * When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - */ enabled?: pulumi.Input; - /** - * When `true`, the parameter `sessionState` will not be included in OpenID Connect Authentication Response. - */ excludeSessionStateFromAuthResponse?: pulumi.Input; extraConfig?: pulumi.Input<{[key: string]: any}>; - /** - * When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannelLogoutUrl`. Defaults to `false`. - */ frontchannelLogoutEnabled?: pulumi.Input; - /** - * The frontchannel logout url. This is applicable only when `frontchannelLogoutEnabled` is `true`. - */ frontchannelLogoutUrl?: pulumi.Input; - /** - * Allow to include all roles mappings in the access token. - */ fullScopeAllowed?: pulumi.Input; - /** - * When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - */ implicitFlowEnabled?: pulumi.Input; - /** - * When `true`, the client with the specified `clientId` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - */ import?: pulumi.Input; - /** - * The client login theme. This will override the default theme for the realm. - */ loginTheme?: pulumi.Input; - /** - * The display name of this client in the GUI. - */ name?: pulumi.Input; - /** - * Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - */ oauth2DeviceAuthorizationGrantEnabled?: pulumi.Input; - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - */ oauth2DeviceCodeLifespan?: pulumi.Input; - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - */ oauth2DevicePollingInterval?: pulumi.Input; - /** - * The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - */ pkceCodeChallengeMethod?: pulumi.Input; - /** - * The realm this client is attached to. - */ realmId: pulumi.Input; - /** - * When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required. - */ rootUrl?: pulumi.Input; - /** - * When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - */ serviceAccountsEnabled?: pulumi.Input; - /** - * When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - */ standardFlowEnabled?: pulumi.Input; - /** - * If this is `true`, a refreshToken will be created and added to the token response. If this is `false` then no refreshToken will be generated. Defaults to `true`. - */ useRefreshTokens?: pulumi.Input; - /** - * If this is `true`, a refreshToken will be created and added to the token response if the clientCredentials grant is used and a user session will be created. If this is `false` then no refreshToken will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - */ useRefreshTokensClientCredentials?: pulumi.Input; - /** - * A list of valid URIs a browser is permitted to redirect to after a successful logout. - */ validPostLogoutRedirectUris?: pulumi.Input[]>; - /** - * A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - * wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` - * is set to `true`. - */ validRedirectUris?: pulumi.Input[]>; - /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - */ webOrigins?: pulumi.Input[]>; } diff --git a/sdk/nodejs/openid/clientAuthorizationPermission.ts b/sdk/nodejs/openid/clientAuthorizationPermission.ts index 382ebb36..b352aa1f 100644 --- a/sdk/nodejs/openid/clientAuthorizationPermission.ts +++ b/sdk/nodejs/openid/clientAuthorizationPermission.ts @@ -11,9 +11,9 @@ import * as utilities from "../utilities"; * * Client authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9 diff --git a/sdk/nodejs/openid/clientDefaultScopes.ts b/sdk/nodejs/openid/clientDefaultScopes.ts index d33aa195..1fc20c52 100644 --- a/sdk/nodejs/openid/clientDefaultScopes.ts +++ b/sdk/nodejs/openid/clientDefaultScopes.ts @@ -7,22 +7,22 @@ import * as utilities from "../utilities"; /** * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const client = new keycloak.openid.Client("client", { - * realmId: realm.id, - * clientId: "test-client", * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * realmId: realm.id, * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const clientDefaultScopes = new keycloak.openid.ClientDefaultScopes("clientDefaultScopes", { - * realmId: realm.id, * clientId: client.id, * defaultScopes: [ * "profile", @@ -31,14 +31,23 @@ import * as utilities from "../utilities"; * "web-origins", * clientScope.name, * ], + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * This resource does not support import. Instead of importing, feel free to create this resource + * The following arguments are supported: + * + * - `realmId` - (Required) The realm this client and scopes exists in. + * - `clientId` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. + * - `defaultScopes` - (Required) An array of client scope names to attach to this client. * - * as if it did not already exist on the server. + * ### Import + * + * This resource does not support import. Instead of importing, feel free to create this resource + * as if it did not already exist on the server. */ export class ClientDefaultScopes extends pulumi.CustomResource { /** @@ -68,17 +77,8 @@ export class ClientDefaultScopes extends pulumi.CustomResource { return obj['__pulumiType'] === ClientDefaultScopes.__pulumiType; } - /** - * The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - */ public readonly clientId!: pulumi.Output; - /** - * An array of client scope names to attach to this client. - */ public readonly defaultScopes!: pulumi.Output; - /** - * The realm this client and scopes exists in. - */ public readonly realmId!: pulumi.Output; /** @@ -121,17 +121,8 @@ export class ClientDefaultScopes extends pulumi.CustomResource { * Input properties used for looking up and filtering ClientDefaultScopes resources. */ export interface ClientDefaultScopesState { - /** - * The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - */ clientId?: pulumi.Input; - /** - * An array of client scope names to attach to this client. - */ defaultScopes?: pulumi.Input[]>; - /** - * The realm this client and scopes exists in. - */ realmId?: pulumi.Input; } @@ -139,16 +130,7 @@ export interface ClientDefaultScopesState { * The set of arguments for constructing a ClientDefaultScopes resource. */ export interface ClientDefaultScopesArgs { - /** - * The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - */ clientId: pulumi.Input; - /** - * An array of client scope names to attach to this client. - */ defaultScopes: pulumi.Input[]>; - /** - * The realm this client and scopes exists in. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/openid/clientOptionalScopes.ts b/sdk/nodejs/openid/clientOptionalScopes.ts index 4a914788..f17665e2 100644 --- a/sdk/nodejs/openid/clientOptionalScopes.ts +++ b/sdk/nodejs/openid/clientOptionalScopes.ts @@ -7,38 +7,46 @@ import * as utilities from "../utilities"; /** * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const client = new keycloak.openid.Client("client", { - * realmId: realm.id, - * clientId: "test-client", * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * realmId: realm.id, * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const clientOptionalScopes = new keycloak.openid.ClientOptionalScopes("clientOptionalScopes", { - * realmId: realm.id, * clientId: client.id, * optionalScopes: [ * "address", * "phone", * "offline_access", - * "microprofile-jwt", * clientScope.name, * ], + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * This resource does not support import. Instead of importing, feel free to create this resource + * The following arguments are supported: + * + * - `realmId` - (Required) The realm this client and scopes exists in. + * - `clientId` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. + * - `optionalScopes` - (Required) An array of client scope names to attach to this client as optional scopes. * - * as if it did not already exist on the server. + * ### Import + * + * This resource does not support import. Instead of importing, feel free to create this resource + * as if it did not already exist on the server. */ export class ClientOptionalScopes extends pulumi.CustomResource { /** @@ -68,17 +76,8 @@ export class ClientOptionalScopes extends pulumi.CustomResource { return obj['__pulumiType'] === ClientOptionalScopes.__pulumiType; } - /** - * The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - */ public readonly clientId!: pulumi.Output; - /** - * An array of client scope names to attach to this client as optional scopes. - */ public readonly optionalScopes!: pulumi.Output; - /** - * The realm this client and scopes exists in. - */ public readonly realmId!: pulumi.Output; /** @@ -121,17 +120,8 @@ export class ClientOptionalScopes extends pulumi.CustomResource { * Input properties used for looking up and filtering ClientOptionalScopes resources. */ export interface ClientOptionalScopesState { - /** - * The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - */ clientId?: pulumi.Input; - /** - * An array of client scope names to attach to this client as optional scopes. - */ optionalScopes?: pulumi.Input[]>; - /** - * The realm this client and scopes exists in. - */ realmId?: pulumi.Input; } @@ -139,16 +129,7 @@ export interface ClientOptionalScopesState { * The set of arguments for constructing a ClientOptionalScopes resource. */ export interface ClientOptionalScopesArgs { - /** - * The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - */ clientId: pulumi.Input; - /** - * An array of client scope names to attach to this client as optional scopes. - */ optionalScopes: pulumi.Input[]>; - /** - * The realm this client and scopes exists in. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/openid/clientPolicy.ts b/sdk/nodejs/openid/clientPolicy.ts index e180c175..74d8565f 100644 --- a/sdk/nodejs/openid/clientPolicy.ts +++ b/sdk/nodejs/openid/clientPolicy.ts @@ -11,6 +11,7 @@ import * as utilities from "../utilities"; * * In this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `keycloak.openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id. * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -41,6 +42,7 @@ import * as utilities from "../utilities"; * clients: [openidClient.id], * }); * ``` + * */ export class ClientPolicy extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/openid/clientScope.ts b/sdk/nodejs/openid/clientScope.ts index 9c08970d..9c9ad04f 100644 --- a/sdk/nodejs/openid/clientScope.ts +++ b/sdk/nodejs/openid/clientScope.ts @@ -5,42 +5,50 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol. + * ## # keycloak.openid.ClientScope * - * Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also - * be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 `scope` parameter. + * Allows for creating and managing Keycloak client scopes that can be attached to + * clients that use the OpenID Connect protocol. * - * ## Example Usage + * Client Scopes can be used to share common protocol and role mappings between multiple + * clients within a realm. They can also be used by clients to conditionally request + * claims or roles for a user based on the OAuth 2.0 `scope` parameter. * + * ### Example Usage + * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClientScope = new keycloak.openid.ClientScope("openidClientScope", { - * realmId: realm.id, * description: "When requested, this scope will map a user's group memberships to a claim", - * includeInTokenScope: true, - * guiOrder: 1, + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + * - `realmId` - (Required) The realm this client scope belongs to. + * - `name` - (Required) The display name of this client scope in the GUI. + * - `description` - (Optional) The description of this client scope in the GUI. + * - `consentScreenText` - (Optional) When set, a consent screen will be displayed to users + * authenticating to clients with this scope attached. The consent screen will display the string + * value of this attribute. * - * Example: + * ### Import * - * bash + * Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `clientScopeId` is the unique ID that Keycloak + * assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. * - * ```sh - * $ pulumi import keycloak:openid/clientScope:ClientScope openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52 - * ``` + * Example: */ export class ClientScope extends pulumi.CustomResource { /** @@ -70,29 +78,11 @@ export class ClientScope extends pulumi.CustomResource { return obj['__pulumiType'] === ClientScope.__pulumiType; } - /** - * When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - */ public readonly consentScreenText!: pulumi.Output; - /** - * The description of this client scope in the GUI. - */ public readonly description!: pulumi.Output; - /** - * Specify order of the client scope in GUI (such as in Consent page) as integer. - */ public readonly guiOrder!: pulumi.Output; - /** - * When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - */ public readonly includeInTokenScope!: pulumi.Output; - /** - * The display name of this client scope in the GUI. - */ public readonly name!: pulumi.Output; - /** - * The realm this client scope belongs to. - */ public readonly realmId!: pulumi.Output; /** @@ -135,29 +125,11 @@ export class ClientScope extends pulumi.CustomResource { * Input properties used for looking up and filtering ClientScope resources. */ export interface ClientScopeState { - /** - * When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - */ consentScreenText?: pulumi.Input; - /** - * The description of this client scope in the GUI. - */ description?: pulumi.Input; - /** - * Specify order of the client scope in GUI (such as in Consent page) as integer. - */ guiOrder?: pulumi.Input; - /** - * When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - */ includeInTokenScope?: pulumi.Input; - /** - * The display name of this client scope in the GUI. - */ name?: pulumi.Input; - /** - * The realm this client scope belongs to. - */ realmId?: pulumi.Input; } @@ -165,28 +137,10 @@ export interface ClientScopeState { * The set of arguments for constructing a ClientScope resource. */ export interface ClientScopeArgs { - /** - * When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - */ consentScreenText?: pulumi.Input; - /** - * The description of this client scope in the GUI. - */ description?: pulumi.Input; - /** - * Specify order of the client scope in GUI (such as in Consent page) as integer. - */ guiOrder?: pulumi.Input; - /** - * When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - */ includeInTokenScope?: pulumi.Input; - /** - * The display name of this client scope in the GUI. - */ name?: pulumi.Input; - /** - * The realm this client scope belongs to. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/openid/clientServiceAccountRealmRole.ts b/sdk/nodejs/openid/clientServiceAccountRealmRole.ts index f22a717d..0def98e9 100644 --- a/sdk/nodejs/openid/clientServiceAccountRealmRole.ts +++ b/sdk/nodejs/openid/clientServiceAccountRealmRole.ts @@ -13,6 +13,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -32,14 +33,15 @@ import * as utilities from "../utilities"; * role: realmRole.name, * }); * ``` + * * * ## Import * * This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/nodejs/openid/clientServiceAccountRole.ts b/sdk/nodejs/openid/clientServiceAccountRole.ts index bb35d8f1..617c4b06 100644 --- a/sdk/nodejs/openid/clientServiceAccountRole.ts +++ b/sdk/nodejs/openid/clientServiceAccountRole.ts @@ -13,6 +13,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -40,14 +41,15 @@ import * as utilities from "../utilities"; * role: client1Role.name, * }); * ``` + * * * ## Import * * This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/nodejs/openid/fullNameProtocolMapper.ts b/sdk/nodejs/openid/fullNameProtocolMapper.ts index 6a910bcd..14da0ca4 100644 --- a/sdk/nodejs/openid/fullNameProtocolMapper.ts +++ b/sdk/nodejs/openid/fullNameProtocolMapper.ts @@ -5,72 +5,79 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing full name protocol mappers within Keycloak. + * ## # keycloak.openid.FullNameProtocolMapper * - * Full name protocol mappers allow you to map a user's first and last name to the OpenID Connect `name` claim in a token. + * Allows for creating and managing full name protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * Full name protocol mappers allow you to map a user's first and last name + * to the OpenID Connect `name` claim in a token. Protocol mappers can be defined + * for a single client, or they can be defined for a client scope which can + * be shared between multiple different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * enabled: true, + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * const fullNameMapper = new keycloak.openid.FullNameProtocolMapper("fullNameMapper", { - * realmId: realm.id, * clientId: openidClient.id, + * realmId: realm.id, * }); * ``` - * ### Client Scope) + * * + * ### Example Usage (Client Scope) + * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const fullNameMapper = new keycloak.openid.FullNameProtocolMapper("fullNameMapper", { - * realmId: realm.id, * clientScopeId: clientScope.id, + * realmId: realm.id, * }); * ``` + * * - * ## Import - * - * Protocol mappers can be imported using one of the following formats: + * ### Argument Reference * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `addToIdToken` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. + * - `addToAccessToken` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. + * - `addToUserinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. * - * Example: + * ### Import * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class FullNameProtocolMapper extends pulumi.CustomResource { /** @@ -100,32 +107,23 @@ export class FullNameProtocolMapper extends pulumi.CustomResource { return obj['__pulumiType'] === FullNameProtocolMapper.__pulumiType; } - /** - * Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - */ public readonly addToAccessToken!: pulumi.Output; - /** - * Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - */ public readonly addToIdToken!: pulumi.Output; - /** - * Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - */ public readonly addToUserinfo!: pulumi.Output; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; @@ -171,32 +169,23 @@ export class FullNameProtocolMapper extends pulumi.CustomResource { * Input properties used for looking up and filtering FullNameProtocolMapper resources. */ export interface FullNameProtocolMapperState { - /** - * Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - */ addToAccessToken?: pulumi.Input; - /** - * Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - */ addToIdToken?: pulumi.Input; - /** - * Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - */ addToUserinfo?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; } @@ -205,32 +194,23 @@ export interface FullNameProtocolMapperState { * The set of arguments for constructing a FullNameProtocolMapper resource. */ export interface FullNameProtocolMapperArgs { - /** - * Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - */ addToAccessToken?: pulumi.Input; - /** - * Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - */ addToIdToken?: pulumi.Input; - /** - * Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - */ addToUserinfo?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/openid/getClient.ts b/sdk/nodejs/openid/getClient.ts index 673e135c..c0f2e899 100644 --- a/sdk/nodejs/openid/getClient.ts +++ b/sdk/nodejs/openid/getClient.ts @@ -7,10 +7,13 @@ import * as outputs from "../types/output"; import * as utilities from "../utilities"; /** + * ## # keycloak.openid.Client data source + * * This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -25,6 +28,18 @@ import * as utilities from "../utilities"; * name: "realm-admin", * })); * ``` + * + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realmId` - (Required) The realm id. + * - `clientId` - (Required) The client id. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.openid.Client` resource for details on the exported attributes. */ export function getClient(args: GetClientArgs, opts?: pulumi.InvokeOptions): Promise { @@ -45,9 +60,6 @@ export function getClient(args: GetClientArgs, opts?: pulumi.InvokeOptions): Pro * A collection of arguments for invoking getClient. */ export interface GetClientArgs { - /** - * The client id (not its unique ID). - */ clientId: string; consentScreenText?: string; displayOnConsentScreen?: boolean; @@ -55,9 +67,6 @@ export interface GetClientArgs { oauth2DeviceAuthorizationGrantEnabled?: boolean; oauth2DeviceCodeLifespan?: string; oauth2DevicePollingInterval?: string; - /** - * The realm id. - */ realmId: string; } @@ -116,10 +125,13 @@ export interface GetClientResult { readonly webOrigins: string[]; } /** + * ## # keycloak.openid.Client data source + * * This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -134,6 +146,18 @@ export interface GetClientResult { * name: "realm-admin", * })); * ``` + * + * + * ### Argument Reference + * + * The following arguments are supported: + * + * - `realmId` - (Required) The realm id. + * - `clientId` - (Required) The client id. + * + * ### Attributes Reference + * + * See the docs for the `keycloak.openid.Client` resource for details on the exported attributes. */ export function getClientOutput(args: GetClientOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getClient(a, opts)) @@ -143,9 +167,6 @@ export function getClientOutput(args: GetClientOutputArgs, opts?: pulumi.InvokeO * A collection of arguments for invoking getClient. */ export interface GetClientOutputArgs { - /** - * The client id (not its unique ID). - */ clientId: pulumi.Input; consentScreenText?: pulumi.Input; displayOnConsentScreen?: pulumi.Input; @@ -153,8 +174,5 @@ export interface GetClientOutputArgs { oauth2DeviceAuthorizationGrantEnabled?: pulumi.Input; oauth2DeviceCodeLifespan?: pulumi.Input; oauth2DevicePollingInterval?: pulumi.Input; - /** - * The realm id. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/openid/getClientAuthorizationPolicy.ts b/sdk/nodejs/openid/getClientAuthorizationPolicy.ts index ec0c4625..142a4fe4 100644 --- a/sdk/nodejs/openid/getClientAuthorizationPolicy.ts +++ b/sdk/nodejs/openid/getClientAuthorizationPolicy.ts @@ -13,6 +13,7 @@ import * as utilities from "../utilities"; * permission for this client called "Default Permission". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data * source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -50,6 +51,7 @@ import * as utilities from "../utilities"; * resources: [resource.id], * }); * ``` + * */ export function getClientAuthorizationPolicy(args: GetClientAuthorizationPolicyArgs, opts?: pulumi.InvokeOptions): Promise { @@ -128,6 +130,7 @@ export interface GetClientAuthorizationPolicyResult { * permission for this client called "Default Permission". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data * source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -165,6 +168,7 @@ export interface GetClientAuthorizationPolicyResult { * resources: [resource.id], * }); * ``` + * */ export function getClientAuthorizationPolicyOutput(args: GetClientAuthorizationPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getClientAuthorizationPolicy(a, opts)) diff --git a/sdk/nodejs/openid/getClientScope.ts b/sdk/nodejs/openid/getClientScope.ts index 80ad68c8..c849d58f 100644 --- a/sdk/nodejs/openid/getClientScope.ts +++ b/sdk/nodejs/openid/getClientScope.ts @@ -9,6 +9,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -24,6 +25,7 @@ import * as utilities from "../utilities"; * includedCustomAudience: "foo", * }); * ``` + * */ export function getClientScope(args: GetClientScopeArgs, opts?: pulumi.InvokeOptions): Promise { @@ -68,6 +70,7 @@ export interface GetClientScopeResult { * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -83,6 +86,7 @@ export interface GetClientScopeResult { * includedCustomAudience: "foo", * }); * ``` + * */ export function getClientScopeOutput(args: GetClientScopeOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getClientScope(a, opts)) diff --git a/sdk/nodejs/openid/getClientServiceAccountUser.ts b/sdk/nodejs/openid/getClientServiceAccountUser.ts index 4d790abe..25aa774b 100644 --- a/sdk/nodejs/openid/getClientServiceAccountUser.ts +++ b/sdk/nodejs/openid/getClientServiceAccountUser.ts @@ -16,6 +16,7 @@ import * as utilities from "../utilities"; * that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this * user, using the `keycloak.UserRoles` resource. * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -44,6 +45,7 @@ import * as utilities from "../utilities"; * roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)], * }); * ``` + * */ export function getClientServiceAccountUser(args: GetClientServiceAccountUserArgs, opts?: pulumi.InvokeOptions): Promise { @@ -98,6 +100,7 @@ export interface GetClientServiceAccountUserResult { * that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this * user, using the `keycloak.UserRoles` resource. * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -126,6 +129,7 @@ export interface GetClientServiceAccountUserResult { * roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)], * }); * ``` + * */ export function getClientServiceAccountUserOutput(args: GetClientServiceAccountUserOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getClientServiceAccountUser(a, opts)) diff --git a/sdk/nodejs/openid/groupMembershipProtocolMapper.ts b/sdk/nodejs/openid/groupMembershipProtocolMapper.ts index 57933baf..cdd67c0f 100644 --- a/sdk/nodejs/openid/groupMembershipProtocolMapper.ts +++ b/sdk/nodejs/openid/groupMembershipProtocolMapper.ts @@ -5,74 +5,83 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing group membership protocol mappers within Keycloak. + * ## # keycloak.openid.GroupMembershipProtocolMapper * - * Group membership protocol mappers allow you to map a user's group memberships to a claim in a token. + * Allows for creating and managing group membership protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * Group membership protocol mappers allow you to map a user's group memberships + * to a claim in a token. Protocol mappers can be defined for a single client, + * or they can be defined for a client scope which can be shared between multiple + * different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * enabled: true, + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", { - * realmId: realm.id, - * clientId: openidClient.id, * claimName: "groups", + * clientId: openidClient.id, + * realmId: realm.id, * }); * ``` - * ### Client Scope) + * + * + * ### Example Usage (Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", { - * realmId: realm.id, - * clientScopeId: clientScope.id, * claimName: "groups", + * clientScopeId: clientScope.id, + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `claimName` - (Required) The name of the claim to insert into a token. + * - `fullPath` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`. + * - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class GroupMembershipProtocolMapper extends pulumi.CustomResource { /** @@ -102,40 +111,25 @@ export class GroupMembershipProtocolMapper extends pulumi.CustomResource { return obj['__pulumiType'] === GroupMembershipProtocolMapper.__pulumiType; } - /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. - */ public readonly addToAccessToken!: pulumi.Output; - /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. - */ public readonly addToIdToken!: pulumi.Output; - /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - */ public readonly addToUserinfo!: pulumi.Output; - /** - * The name of the claim to insert into a token. - */ public readonly claimName!: pulumi.Output; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; - /** - * Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - */ public readonly fullPath!: pulumi.Output; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; @@ -188,40 +182,25 @@ export class GroupMembershipProtocolMapper extends pulumi.CustomResource { * Input properties used for looking up and filtering GroupMembershipProtocolMapper resources. */ export interface GroupMembershipProtocolMapperState { - /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. - */ addToAccessToken?: pulumi.Input; - /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. - */ addToIdToken?: pulumi.Input; - /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - */ addToUserinfo?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; - /** - * Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - */ fullPath?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; } @@ -230,40 +209,25 @@ export interface GroupMembershipProtocolMapperState { * The set of arguments for constructing a GroupMembershipProtocolMapper resource. */ export interface GroupMembershipProtocolMapperArgs { - /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. - */ addToAccessToken?: pulumi.Input; - /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. - */ addToIdToken?: pulumi.Input; - /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - */ addToUserinfo?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; - /** - * Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - */ fullPath?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/openid/hardcodedClaimProtocolMapper.ts b/sdk/nodejs/openid/hardcodedClaimProtocolMapper.ts index 086b597e..89bb3ca4 100644 --- a/sdk/nodejs/openid/hardcodedClaimProtocolMapper.ts +++ b/sdk/nodejs/openid/hardcodedClaimProtocolMapper.ts @@ -5,76 +5,86 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing hardcoded claim protocol mappers within Keycloak. + * ## # keycloak.openid.HardcodedClaimProtocolMapper * - * Hardcoded claim protocol mappers allow you to define a claim with a hardcoded value. + * Allows for creating and managing hardcoded claim protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * Hardcoded claim protocol mappers allow you to define a claim with a hardcoded + * value. Protocol mappers can be defined for a single client, or they can + * be defined for a client scope which can be shared between multiple different + * clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * enabled: true, + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", { - * realmId: realm.id, - * clientId: openidClient.id, * claimName: "foo", * claimValue: "bar", + * clientId: openidClient.id, + * realmId: realm.id, * }); * ``` - * ### Client Scope) + * + * + * ### Example Usage (Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", { - * realmId: realm.id, - * clientScopeId: clientScope.id, * claimName: "foo", * claimValue: "bar", + * clientScopeId: clientScope.id, + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `claimName` - (Required) The name of the claim to insert into a token. + * - `claimValue` - (Required) The hardcoded value of the claim. + * - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + * - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class HardcodedClaimProtocolMapper extends pulumi.CustomResource { /** @@ -105,43 +115,37 @@ export class HardcodedClaimProtocolMapper extends pulumi.CustomResource { } /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ public readonly addToAccessToken!: pulumi.Output; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ public readonly addToIdToken!: pulumi.Output; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ public readonly addToUserinfo!: pulumi.Output; - /** - * The name of the claim to insert into a token. - */ public readonly claimName!: pulumi.Output; - /** - * The hardcoded value of the claim. - */ public readonly claimValue!: pulumi.Output; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ public readonly claimValueType!: pulumi.Output; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; @@ -200,43 +204,37 @@ export class HardcodedClaimProtocolMapper extends pulumi.CustomResource { */ export interface HardcodedClaimProtocolMapperState { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ addToIdToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ addToUserinfo?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName?: pulumi.Input; - /** - * The hardcoded value of the claim. - */ claimValue?: pulumi.Input; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ claimValueType?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; } @@ -246,43 +244,37 @@ export interface HardcodedClaimProtocolMapperState { */ export interface HardcodedClaimProtocolMapperArgs { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ addToIdToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ addToUserinfo?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName: pulumi.Input; - /** - * The hardcoded value of the claim. - */ claimValue: pulumi.Input; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ claimValueType?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/openid/hardcodedRoleProtocolMapper.ts b/sdk/nodejs/openid/hardcodedRoleProtocolMapper.ts index 08e629aa..7746272c 100644 --- a/sdk/nodejs/openid/hardcodedRoleProtocolMapper.ts +++ b/sdk/nodejs/openid/hardcodedRoleProtocolMapper.ts @@ -5,76 +5,82 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing hardcoded role protocol mappers within Keycloak. + * ## # keycloak.openid.HardcodedRoleProtocolMapper * - * Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. + * Allows for creating and managing hardcoded role protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * Hardcoded role protocol mappers allow you to specify a single role to + * always map to an access token for a client. Protocol mappers can be + * defined for a single client, or they can be defined for a client scope + * which can be shared between multiple different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const role = new keycloak.Role("role", {realmId: realm.id}); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * enabled: true, + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", { - * realmId: realm.id, * clientId: openidClient.id, + * realmId: realm.id, * roleId: role.id, * }); * ``` - * ### Client Scope) + * + * + * ### Example Usage (Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const role = new keycloak.Role("role", {realmId: realm.id}); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", { - * realmId: realm.id, * clientScopeId: clientScope.id, + * realmId: realm.id, * roleId: role.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: - * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the + * GUI. + * - `roleId` - (Required) The ID of the role to map to an access token. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class HardcodedRoleProtocolMapper extends pulumi.CustomResource { /** @@ -105,24 +111,21 @@ export class HardcodedRoleProtocolMapper extends pulumi.CustomResource { } /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; - /** - * The ID of the role to map to an access token. - */ public readonly roleId!: pulumi.Output; /** @@ -167,24 +170,21 @@ export class HardcodedRoleProtocolMapper extends pulumi.CustomResource { */ export interface HardcodedRoleProtocolMapperState { /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; - /** - * The ID of the role to map to an access token. - */ roleId?: pulumi.Input; } @@ -193,23 +193,20 @@ export interface HardcodedRoleProtocolMapperState { */ export interface HardcodedRoleProtocolMapperArgs { /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; - /** - * The ID of the role to map to an access token. - */ roleId: pulumi.Input; } diff --git a/sdk/nodejs/openid/scriptProtocolMapper.ts b/sdk/nodejs/openid/scriptProtocolMapper.ts index 36936a09..34bddbd2 100644 --- a/sdk/nodejs/openid/scriptProtocolMapper.ts +++ b/sdk/nodejs/openid/scriptProtocolMapper.ts @@ -15,8 +15,10 @@ import * as utilities from "../utilities"; * > Support for this protocol mapper was removed in Keycloak 18. * * ## Example Usage + * * ### Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -39,8 +41,11 @@ import * as utilities from "../utilities"; * script: "exports = 'foo';", * }); * ``` + * + * * ### Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -57,18 +62,19 @@ import * as utilities from "../utilities"; * script: "exports = 'foo';", * }); * ``` + * * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/nodejs/openid/userAttributeProtocolMapper.ts b/sdk/nodejs/openid/userAttributeProtocolMapper.ts index a2ce3e0f..cfadf813 100644 --- a/sdk/nodejs/openid/userAttributeProtocolMapper.ts +++ b/sdk/nodejs/openid/userAttributeProtocolMapper.ts @@ -5,76 +5,87 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing user attribute protocol mappers within Keycloak. + * ## # keycloak.openid.UserAttributeProtocolMapper * - * User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. + * Allows for creating and managing user attribute protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * User attribute protocol mappers allow you to map custom attributes defined + * for a user within Keycloak to a claim in a token. Protocol mappers can be + * defined for a single client, or they can be defined for a client scope which + * can be shared between multiple different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * enabled: true, + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", { - * realmId: realm.id, + * claimName: "bar", * clientId: openidClient.id, + * realmId: realm.id, * userAttribute: "foo", - * claimName: "bar", * }); * ``` - * ### Client Scope) + * + * + * ### Example Usage (Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", { - * realmId: realm.id, + * claimName: "bar", * clientScopeId: clientScope.id, + * realmId: realm.id, * userAttribute: "foo", - * claimName: "bar", * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `userAttribute` - (Required) The custom user attribute to map a claim for. + * - `claimName` - (Required) The name of the claim to insert into a token. + * - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + * - `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * - `addToIdToken` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * - `addToAccessToken` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * - `addToUserinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class UserAttributeProtocolMapper extends pulumi.CustomResource { /** @@ -105,52 +116,46 @@ export class UserAttributeProtocolMapper extends pulumi.CustomResource { } /** - * Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ public readonly addToAccessToken!: pulumi.Output; /** - * Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ public readonly addToIdToken!: pulumi.Output; /** - * Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ public readonly addToUserinfo!: pulumi.Output; /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates if attribute values should be aggregated within the group attributes */ public readonly aggregateAttributes!: pulumi.Output; - /** - * The name of the claim to insert into a token. - */ public readonly claimName!: pulumi.Output; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ public readonly claimValueType!: pulumi.Output; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. */ public readonly multivalued!: pulumi.Output; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; - /** - * The custom user attribute to map a claim for. - */ public readonly userAttribute!: pulumi.Output; /** @@ -212,52 +217,46 @@ export class UserAttributeProtocolMapper extends pulumi.CustomResource { */ export interface UserAttributeProtocolMapperState { /** - * Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ addToIdToken?: pulumi.Input; /** - * Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ addToUserinfo?: pulumi.Input; /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates if attribute values should be aggregated within the group attributes */ aggregateAttributes?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName?: pulumi.Input; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ claimValueType?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. */ multivalued?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; - /** - * The custom user attribute to map a claim for. - */ userAttribute?: pulumi.Input; } @@ -266,51 +265,45 @@ export interface UserAttributeProtocolMapperState { */ export interface UserAttributeProtocolMapperArgs { /** - * Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ addToIdToken?: pulumi.Input; /** - * Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ addToUserinfo?: pulumi.Input; /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates if attribute values should be aggregated within the group attributes */ aggregateAttributes?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName: pulumi.Input; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ claimValueType?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. */ multivalued?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; - /** - * The custom user attribute to map a claim for. - */ userAttribute: pulumi.Input; } diff --git a/sdk/nodejs/openid/userClientRoleProtocolMapper.ts b/sdk/nodejs/openid/userClientRoleProtocolMapper.ts index df465037..f16c9ecf 100644 --- a/sdk/nodejs/openid/userClientRoleProtocolMapper.ts +++ b/sdk/nodejs/openid/userClientRoleProtocolMapper.ts @@ -13,8 +13,10 @@ import * as utilities from "../utilities"; * multiple different clients. * * ## Example Usage + * * ### Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -36,8 +38,11 @@ import * as utilities from "../utilities"; * claimName: "foo", * }); * ``` + * + * * ### Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -53,18 +58,19 @@ import * as utilities from "../utilities"; * claimName: "foo", * }); * ``` + * * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/nodejs/openid/userPropertyProtocolMapper.ts b/sdk/nodejs/openid/userPropertyProtocolMapper.ts index 5f2a2d47..04678e68 100644 --- a/sdk/nodejs/openid/userPropertyProtocolMapper.ts +++ b/sdk/nodejs/openid/userPropertyProtocolMapper.ts @@ -5,77 +5,86 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing user property protocol mappers within Keycloak. + * ## # keycloak.openid.UserPropertyProtocolMapper * - * User property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in - * a token. + * Allows for creating and managing user property protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * User property protocol mappers allow you to map built in properties defined + * on the Keycloak user interface to a claim in a token. Protocol mappers can be + * defined for a single client, or they can be defined for a client scope which + * can be shared between multiple different clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * enabled: true, + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * const userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", { - * realmId: realm.id, + * claimName: "email", * clientId: openidClient.id, + * realmId: realm.id, * userProperty: "email", - * claimName: "email", * }); * ``` - * ### Client Scope) + * + * + * ### Example Usage (Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", { - * realmId: realm.id, + * claimName: "email", * clientScopeId: clientScope.id, + * realmId: realm.id, * userProperty: "email", - * claimName: "email", * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: + * The following arguments are supported: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `userProperty` - (Required) The built in user property (such as email) to map a claim for. + * - `claimName` - (Required) The name of the claim to insert into a token. + * - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + * - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * ### Import * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class UserPropertyProtocolMapper extends pulumi.CustomResource { /** @@ -106,44 +115,38 @@ export class UserPropertyProtocolMapper extends pulumi.CustomResource { } /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the property should be a claim in the access token. */ public readonly addToAccessToken!: pulumi.Output; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the property should be a claim in the id token. */ public readonly addToIdToken!: pulumi.Output; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the property should appear in the userinfo response body. */ public readonly addToUserinfo!: pulumi.Output; - /** - * The name of the claim to insert into a token. - */ public readonly claimName!: pulumi.Output; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ public readonly claimValueType!: pulumi.Output; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; - /** - * The built in user property (such as email) to map a claim for. - */ public readonly userProperty!: pulumi.Output; /** @@ -201,44 +204,38 @@ export class UserPropertyProtocolMapper extends pulumi.CustomResource { */ export interface UserPropertyProtocolMapperState { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the property should be a claim in the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the property should be a claim in the id token. */ addToIdToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the property should appear in the userinfo response body. */ addToUserinfo?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName?: pulumi.Input; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ claimValueType?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; - /** - * The built in user property (such as email) to map a claim for. - */ userProperty?: pulumi.Input; } @@ -247,43 +244,37 @@ export interface UserPropertyProtocolMapperState { */ export interface UserPropertyProtocolMapperArgs { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the property should be a claim in the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the property should be a claim in the id token. */ addToIdToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the property should appear in the userinfo response body. */ addToUserinfo?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName: pulumi.Input; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ claimValueType?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; - /** - * The built in user property (such as email) to map a claim for. - */ userProperty: pulumi.Input; } diff --git a/sdk/nodejs/openid/userRealmRoleProtocolMapper.ts b/sdk/nodejs/openid/userRealmRoleProtocolMapper.ts index d3ba684e..97afce63 100644 --- a/sdk/nodejs/openid/userRealmRoleProtocolMapper.ts +++ b/sdk/nodejs/openid/userRealmRoleProtocolMapper.ts @@ -5,74 +5,85 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing user realm role protocol mappers within Keycloak. + * ## # keycloak.openid.UserRealmRoleProtocolMapper * - * User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + * Allows for creating and managing user realm role protocol mappers within + * Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + * Protocol mappers can be defined for a single client, or they can + * be defined for a client scope which can be shared between multiple different + * clients. * - * ## Example Usage - * ### Client) + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, - * clientId: "client", - * enabled: true, * accessType: "CONFIDENTIAL", + * clientId: "test-client", + * enabled: true, + * realmId: realm.id, * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * const userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", { - * realmId: realm.id, - * clientId: openidClient.id, * claimName: "foo", + * clientId: openidClient.id, + * realmId: realm.id, * }); * ``` - * ### Client Scope) + * * + * ### Example Usage (Client Scope) + * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); * const userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", { - * realmId: realm.id, - * clientScopeId: clientScope.id, * claimName: "foo", + * clientScopeId: clientScope.id, + * realmId: realm.id, * }); * ``` + * * - * ## Import - * - * Protocol mappers can be imported using one of the following formats: - * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * ### Argument Reference * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * Example: + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `claimName` - (Required) The name of the claim to insert into a token. + * - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + * - `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`. + * - `realmRolePrefix` - (Optional) A prefix for each Realm Role. + * - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. * - * bash + * ### Import * - * ```sh - * $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class UserRealmRoleProtocolMapper extends pulumi.CustomResource { /** @@ -103,47 +114,44 @@ export class UserRealmRoleProtocolMapper extends pulumi.CustomResource { } /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ public readonly addToAccessToken!: pulumi.Output; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ public readonly addToIdToken!: pulumi.Output; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ public readonly addToUserinfo!: pulumi.Output; - /** - * The name of the claim to insert into a token. - */ public readonly claimName!: pulumi.Output; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ public readonly claimValueType!: pulumi.Output; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ public readonly clientId!: pulumi.Output; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ public readonly clientScopeId!: pulumi.Output; /** - * Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. */ public readonly multivalued!: pulumi.Output; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ public readonly name!: pulumi.Output; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ public readonly realmId!: pulumi.Output; /** - * A prefix for each Realm Role. + * Prefix that will be added to each realm role. */ public readonly realmRolePrefix!: pulumi.Output; @@ -201,47 +209,44 @@ export class UserRealmRoleProtocolMapper extends pulumi.CustomResource { */ export interface UserRealmRoleProtocolMapperState { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ addToIdToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ addToUserinfo?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName?: pulumi.Input; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ claimValueType?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. */ multivalued?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId?: pulumi.Input; /** - * A prefix for each Realm Role. + * Prefix that will be added to each realm role. */ realmRolePrefix?: pulumi.Input; } @@ -251,47 +256,44 @@ export interface UserRealmRoleProtocolMapperState { */ export interface UserRealmRoleProtocolMapperArgs { /** - * Indicates if the property should be added as a claim to the access token. Defaults to `true`. + * Indicates if the attribute should be a claim in the access token. */ addToAccessToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the id token. Defaults to `true`. + * Indicates if the attribute should be a claim in the id token. */ addToIdToken?: pulumi.Input; /** - * Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + * Indicates if the attribute should appear in the userinfo response body. */ addToUserinfo?: pulumi.Input; - /** - * The name of the claim to insert into a token. - */ claimName: pulumi.Input; /** - * The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + * Claim type used when serializing tokens. */ claimValueType?: pulumi.Input; /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client. Cannot be used at the same time as client_scope_id. */ clientId?: pulumi.Input; /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. + * The mapper's associated client scope. Cannot be used at the same time as client_id. */ clientScopeId?: pulumi.Input; /** - * Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + * Indicates whether this attribute is a single value or an array of values. */ multivalued?: pulumi.Input; /** - * The display name of this protocol mapper in the GUI. + * A human-friendly name that will appear in the Keycloak console. */ name?: pulumi.Input; /** - * The realm this protocol mapper exists within. + * The realm id where the associated client or client scope exists. */ realmId: pulumi.Input; /** - * A prefix for each Realm Role. + * Prefix that will be added to each realm role. */ realmRolePrefix?: pulumi.Input; } diff --git a/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts b/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts index fbf0cce3..6d408f06 100644 --- a/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts +++ b/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts @@ -13,8 +13,10 @@ import * as utilities from "../utilities"; * multiple different clients. * * ## Example Usage + * * ### Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -38,8 +40,11 @@ import * as utilities from "../utilities"; * sessionNote: "bar", * }); * ``` + * + * * ### Client Scope) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -57,18 +62,19 @@ import * as utilities from "../utilities"; * sessionNote: "bar", * }); * ``` + * * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/nodejs/realm.ts b/sdk/nodejs/realm.ts index 4067ecf0..3663262e 100644 --- a/sdk/nodejs/realm.ts +++ b/sdk/nodejs/realm.ts @@ -6,93 +6,6 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; -/** - * Allows for creating and managing Realms within Keycloak. - * - * A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated - * from multiple sources. - * - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * accessCodeLifespan: "1h", - * attributes: { - * mycustomAttribute: "myCustomValue", - * }, - * displayName: "my realm", - * displayNameHtml: "my realm", - * enabled: true, - * internationalization: { - * defaultLocale: "en", - * supportedLocales: [ - * "en", - * "de", - * "es", - * ], - * }, - * loginTheme: "base", - * passwordPolicy: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername", - * realm: "my-realm", - * securityDefenses: { - * bruteForceDetection: { - * failureResetTimeSeconds: 43200, - * maxFailureWaitSeconds: 900, - * maxLoginFailures: 30, - * minimumQuickLoginWaitSeconds: 60, - * permanentLockout: false, - * quickLoginCheckMilliSeconds: 1000, - * waitIncrementSeconds: 60, - * }, - * headers: { - * contentSecurityPolicy: "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - * contentSecurityPolicyReportOnly: "", - * strictTransportSecurity: "max-age=31536000; includeSubDomains", - * xContentTypeOptions: "nosniff", - * xFrameOptions: "DENY", - * xRobotsTag: "none", - * xXssProtection: "1; mode=block", - * }, - * }, - * smtpServer: { - * auth: { - * password: "password", - * username: "tom", - * }, - * from: "example@example.com", - * host: "smtp.example.com", - * }, - * sslRequired: "external", - * webAuthnPolicy: { - * relyingPartyEntityName: "Example", - * relyingPartyId: "keycloak.example.com", - * signatureAlgorithms: [ - * "ES256", - * "RS256", - * ], - * }, - * }); - * ``` - * ## Default Client Scopes - * - * - `defaultDefaultClientScopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - * - `defaultOptionalClientScopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. - * - * ## Import - * - * Realms can be imported using their name. - * - * Example: - * - * bash - * - * ```sh - * $ pulumi import keycloak:index/realm:Realm realm my-realm - * ``` - */ export class Realm extends pulumi.CustomResource { /** * Get an existing Realm resource's state with the given name, ID, and optional extra @@ -121,219 +34,87 @@ export class Realm extends pulumi.CustomResource { return obj['__pulumiType'] === Realm.__pulumiType; } - /** - * The maximum amount of time a client has to finish the authorization code flow. - */ public readonly accessCodeLifespan!: pulumi.Output; - /** - * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - */ public readonly accessCodeLifespanLogin!: pulumi.Output; - /** - * The maximum amount of time a user has to complete login related actions, such as updating a password. - */ public readonly accessCodeLifespanUserAction!: pulumi.Output; - /** - * The amount of time an access token can be used before it expires. - */ public readonly accessTokenLifespan!: pulumi.Output; - /** - * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - */ public readonly accessTokenLifespanForImplicitFlow!: pulumi.Output; - /** - * Used for account management pages. - */ public readonly accountTheme!: pulumi.Output; - /** - * The maximum time a user has to use an admin-generated permit before it expires. - */ public readonly actionTokenGeneratedByAdminLifespan!: pulumi.Output; - /** - * The maximum time a user has to use a user-generated permit before it expires. - */ public readonly actionTokenGeneratedByUserLifespan!: pulumi.Output; - /** - * Used for the admin console. - */ public readonly adminTheme!: pulumi.Output; - /** - * A map of custom attributes to add to the realm. - */ public readonly attributes!: pulumi.Output<{[key: string]: any} | undefined>; /** - * The desired flow for browser authentication. Defaults to `browser`. + * Which flow should be used for BrowserFlow */ public readonly browserFlow!: pulumi.Output; /** - * The desired flow for client authentication. Defaults to `clients`. + * Which flow should be used for ClientAuthenticationFlow */ public readonly clientAuthenticationFlow!: pulumi.Output; - /** - * The amount of time a session can be idle before it expires. Users can override it for individual clients. - */ public readonly clientSessionIdleTimeout!: pulumi.Output; - /** - * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - */ public readonly clientSessionMaxLifespan!: pulumi.Output; public readonly defaultDefaultClientScopes!: pulumi.Output; public readonly defaultOptionalClientScopes!: pulumi.Output; - /** - * Default algorithm used to sign tokens for the realm. - */ public readonly defaultSignatureAlgorithm!: pulumi.Output; /** - * The desired flow for direct access authentication. Defaults to `direct grant`. + * Which flow should be used for DirectGrantFlow */ public readonly directGrantFlow!: pulumi.Output; - /** - * The display name for the realm that is shown when logging in to the admin console. - */ public readonly displayName!: pulumi.Output; - /** - * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - */ public readonly displayNameHtml!: pulumi.Output; /** - * The desired flow for Docker authentication. Defaults to `docker auth`. + * Which flow should be used for DockerAuthenticationFlow */ public readonly dockerAuthenticationFlow!: pulumi.Output; - /** - * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. - */ public readonly duplicateEmailsAllowed!: pulumi.Output; - /** - * When true, the username field is editable. - */ public readonly editUsernameAllowed!: pulumi.Output; - /** - * Used for emails that are sent by Keycloak. - */ public readonly emailTheme!: pulumi.Output; - /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. - */ public readonly enabled!: pulumi.Output; - /** - * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - */ public readonly internalId!: pulumi.Output; public readonly internationalization!: pulumi.Output; - /** - * Used for the login, forgot password, and registration pages. - */ public readonly loginTheme!: pulumi.Output; - /** - * When true, users may log in with their email address. - */ public readonly loginWithEmailAllowed!: pulumi.Output; - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - */ public readonly oauth2DeviceCodeLifespan!: pulumi.Output; - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - */ public readonly oauth2DevicePollingInterval!: pulumi.Output; - /** - * The amount of time an offline session can be idle before it expires. - */ public readonly offlineSessionIdleTimeout!: pulumi.Output; - /** - * The maximum amount of time before an offline session expires regardless of activity. - */ public readonly offlineSessionMaxLifespan!: pulumi.Output; - /** - * Enable `offlineSessionMaxLifespan`. - */ public readonly offlineSessionMaxLifespanEnabled!: pulumi.Output; public readonly otpPolicy!: pulumi.Output; /** - * The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" */ public readonly passwordPolicy!: pulumi.Output; - /** - * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - */ public readonly realm!: pulumi.Output; - /** - * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - */ public readonly refreshTokenMaxReuse!: pulumi.Output; - /** - * When true, user registration will be enabled, and a link for registration will be displayed on the login page. - */ public readonly registrationAllowed!: pulumi.Output; - /** - * When true, the user's email will be used as their username during registration. - */ public readonly registrationEmailAsUsername!: pulumi.Output; /** - * The desired flow for user registration. Defaults to `registration`. + * Which flow should be used for RegistrationFlow */ public readonly registrationFlow!: pulumi.Output; - /** - * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - */ public readonly rememberMe!: pulumi.Output; /** - * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * Which flow should be used for ResetCredentialsFlow */ public readonly resetCredentialsFlow!: pulumi.Output; - /** - * When true, a "forgot password" link will be displayed on the login page. - */ public readonly resetPasswordAllowed!: pulumi.Output; - /** - * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - */ public readonly revokeRefreshToken!: pulumi.Output; public readonly securityDefenses!: pulumi.Output; public readonly smtpServer!: pulumi.Output; /** - * Can be one of following values: 'none, 'external' or 'all' + * SSL Required: Values can be 'none', 'external' or 'all'. */ public readonly sslRequired!: pulumi.Output; - /** - * The amount of time a session can be idle before it expires. - */ public readonly ssoSessionIdleTimeout!: pulumi.Output; - /** - * Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. - */ public readonly ssoSessionIdleTimeoutRememberMe!: pulumi.Output; - /** - * The maximum amount of time before a session expires regardless of activity. - */ public readonly ssoSessionMaxLifespan!: pulumi.Output; - /** - * Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. - */ public readonly ssoSessionMaxLifespanRememberMe!: pulumi.Output; - /** - * When `true`, users are allowed to manage their own resources. Defaults to `false`. - */ public readonly userManagedAccess!: pulumi.Output; - /** - * When true, users are required to verify their email address after registration and after email address changes. - */ public readonly verifyEmail!: pulumi.Output; - /** - * Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - */ public readonly webAuthnPasswordlessPolicy!: pulumi.Output; - /** - * Configuration for WebAuthn Policy authentication. - */ public readonly webAuthnPolicy!: pulumi.Output; /** @@ -476,219 +257,87 @@ export class Realm extends pulumi.CustomResource { * Input properties used for looking up and filtering Realm resources. */ export interface RealmState { - /** - * The maximum amount of time a client has to finish the authorization code flow. - */ accessCodeLifespan?: pulumi.Input; - /** - * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - */ accessCodeLifespanLogin?: pulumi.Input; - /** - * The maximum amount of time a user has to complete login related actions, such as updating a password. - */ accessCodeLifespanUserAction?: pulumi.Input; - /** - * The amount of time an access token can be used before it expires. - */ accessTokenLifespan?: pulumi.Input; - /** - * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - */ accessTokenLifespanForImplicitFlow?: pulumi.Input; - /** - * Used for account management pages. - */ accountTheme?: pulumi.Input; - /** - * The maximum time a user has to use an admin-generated permit before it expires. - */ actionTokenGeneratedByAdminLifespan?: pulumi.Input; - /** - * The maximum time a user has to use a user-generated permit before it expires. - */ actionTokenGeneratedByUserLifespan?: pulumi.Input; - /** - * Used for the admin console. - */ adminTheme?: pulumi.Input; - /** - * A map of custom attributes to add to the realm. - */ attributes?: pulumi.Input<{[key: string]: any}>; /** - * The desired flow for browser authentication. Defaults to `browser`. + * Which flow should be used for BrowserFlow */ browserFlow?: pulumi.Input; /** - * The desired flow for client authentication. Defaults to `clients`. + * Which flow should be used for ClientAuthenticationFlow */ clientAuthenticationFlow?: pulumi.Input; - /** - * The amount of time a session can be idle before it expires. Users can override it for individual clients. - */ clientSessionIdleTimeout?: pulumi.Input; - /** - * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - */ clientSessionMaxLifespan?: pulumi.Input; defaultDefaultClientScopes?: pulumi.Input[]>; defaultOptionalClientScopes?: pulumi.Input[]>; - /** - * Default algorithm used to sign tokens for the realm. - */ defaultSignatureAlgorithm?: pulumi.Input; /** - * The desired flow for direct access authentication. Defaults to `direct grant`. + * Which flow should be used for DirectGrantFlow */ directGrantFlow?: pulumi.Input; - /** - * The display name for the realm that is shown when logging in to the admin console. - */ displayName?: pulumi.Input; - /** - * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - */ displayNameHtml?: pulumi.Input; /** - * The desired flow for Docker authentication. Defaults to `docker auth`. + * Which flow should be used for DockerAuthenticationFlow */ dockerAuthenticationFlow?: pulumi.Input; - /** - * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. - */ duplicateEmailsAllowed?: pulumi.Input; - /** - * When true, the username field is editable. - */ editUsernameAllowed?: pulumi.Input; - /** - * Used for emails that are sent by Keycloak. - */ emailTheme?: pulumi.Input; - /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. - */ enabled?: pulumi.Input; - /** - * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - */ internalId?: pulumi.Input; internationalization?: pulumi.Input; - /** - * Used for the login, forgot password, and registration pages. - */ loginTheme?: pulumi.Input; - /** - * When true, users may log in with their email address. - */ loginWithEmailAllowed?: pulumi.Input; - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - */ oauth2DeviceCodeLifespan?: pulumi.Input; - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - */ oauth2DevicePollingInterval?: pulumi.Input; - /** - * The amount of time an offline session can be idle before it expires. - */ offlineSessionIdleTimeout?: pulumi.Input; - /** - * The maximum amount of time before an offline session expires regardless of activity. - */ offlineSessionMaxLifespan?: pulumi.Input; - /** - * Enable `offlineSessionMaxLifespan`. - */ offlineSessionMaxLifespanEnabled?: pulumi.Input; otpPolicy?: pulumi.Input; /** - * The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" */ passwordPolicy?: pulumi.Input; - /** - * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - */ realm?: pulumi.Input; - /** - * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - */ refreshTokenMaxReuse?: pulumi.Input; - /** - * When true, user registration will be enabled, and a link for registration will be displayed on the login page. - */ registrationAllowed?: pulumi.Input; - /** - * When true, the user's email will be used as their username during registration. - */ registrationEmailAsUsername?: pulumi.Input; /** - * The desired flow for user registration. Defaults to `registration`. + * Which flow should be used for RegistrationFlow */ registrationFlow?: pulumi.Input; - /** - * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - */ rememberMe?: pulumi.Input; /** - * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * Which flow should be used for ResetCredentialsFlow */ resetCredentialsFlow?: pulumi.Input; - /** - * When true, a "forgot password" link will be displayed on the login page. - */ resetPasswordAllowed?: pulumi.Input; - /** - * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - */ revokeRefreshToken?: pulumi.Input; securityDefenses?: pulumi.Input; smtpServer?: pulumi.Input; /** - * Can be one of following values: 'none, 'external' or 'all' + * SSL Required: Values can be 'none', 'external' or 'all'. */ sslRequired?: pulumi.Input; - /** - * The amount of time a session can be idle before it expires. - */ ssoSessionIdleTimeout?: pulumi.Input; - /** - * Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. - */ ssoSessionIdleTimeoutRememberMe?: pulumi.Input; - /** - * The maximum amount of time before a session expires regardless of activity. - */ ssoSessionMaxLifespan?: pulumi.Input; - /** - * Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. - */ ssoSessionMaxLifespanRememberMe?: pulumi.Input; - /** - * When `true`, users are allowed to manage their own resources. Defaults to `false`. - */ userManagedAccess?: pulumi.Input; - /** - * When true, users are required to verify their email address after registration and after email address changes. - */ verifyEmail?: pulumi.Input; - /** - * Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - */ webAuthnPasswordlessPolicy?: pulumi.Input; - /** - * Configuration for WebAuthn Policy authentication. - */ webAuthnPolicy?: pulumi.Input; } @@ -696,218 +345,86 @@ export interface RealmState { * The set of arguments for constructing a Realm resource. */ export interface RealmArgs { - /** - * The maximum amount of time a client has to finish the authorization code flow. - */ accessCodeLifespan?: pulumi.Input; - /** - * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - */ accessCodeLifespanLogin?: pulumi.Input; - /** - * The maximum amount of time a user has to complete login related actions, such as updating a password. - */ accessCodeLifespanUserAction?: pulumi.Input; - /** - * The amount of time an access token can be used before it expires. - */ accessTokenLifespan?: pulumi.Input; - /** - * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - */ accessTokenLifespanForImplicitFlow?: pulumi.Input; - /** - * Used for account management pages. - */ accountTheme?: pulumi.Input; - /** - * The maximum time a user has to use an admin-generated permit before it expires. - */ actionTokenGeneratedByAdminLifespan?: pulumi.Input; - /** - * The maximum time a user has to use a user-generated permit before it expires. - */ actionTokenGeneratedByUserLifespan?: pulumi.Input; - /** - * Used for the admin console. - */ adminTheme?: pulumi.Input; - /** - * A map of custom attributes to add to the realm. - */ attributes?: pulumi.Input<{[key: string]: any}>; /** - * The desired flow for browser authentication. Defaults to `browser`. + * Which flow should be used for BrowserFlow */ browserFlow?: pulumi.Input; /** - * The desired flow for client authentication. Defaults to `clients`. + * Which flow should be used for ClientAuthenticationFlow */ clientAuthenticationFlow?: pulumi.Input; - /** - * The amount of time a session can be idle before it expires. Users can override it for individual clients. - */ clientSessionIdleTimeout?: pulumi.Input; - /** - * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - */ clientSessionMaxLifespan?: pulumi.Input; defaultDefaultClientScopes?: pulumi.Input[]>; defaultOptionalClientScopes?: pulumi.Input[]>; - /** - * Default algorithm used to sign tokens for the realm. - */ defaultSignatureAlgorithm?: pulumi.Input; /** - * The desired flow for direct access authentication. Defaults to `direct grant`. + * Which flow should be used for DirectGrantFlow */ directGrantFlow?: pulumi.Input; - /** - * The display name for the realm that is shown when logging in to the admin console. - */ displayName?: pulumi.Input; - /** - * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - */ displayNameHtml?: pulumi.Input; /** - * The desired flow for Docker authentication. Defaults to `docker auth`. + * Which flow should be used for DockerAuthenticationFlow */ dockerAuthenticationFlow?: pulumi.Input; - /** - * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`. - */ duplicateEmailsAllowed?: pulumi.Input; - /** - * When true, the username field is editable. - */ editUsernameAllowed?: pulumi.Input; - /** - * Used for emails that are sent by Keycloak. - */ emailTheme?: pulumi.Input; - /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. - */ enabled?: pulumi.Input; - /** - * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - */ internalId?: pulumi.Input; internationalization?: pulumi.Input; - /** - * Used for the login, forgot password, and registration pages. - */ loginTheme?: pulumi.Input; - /** - * When true, users may log in with their email address. - */ loginWithEmailAllowed?: pulumi.Input; - /** - * The maximum amount of time a client has to finish the device code flow before it expires. - * - * The attributes below should be specified in seconds. - */ oauth2DeviceCodeLifespan?: pulumi.Input; - /** - * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - */ oauth2DevicePollingInterval?: pulumi.Input; - /** - * The amount of time an offline session can be idle before it expires. - */ offlineSessionIdleTimeout?: pulumi.Input; - /** - * The maximum amount of time before an offline session expires regardless of activity. - */ offlineSessionMaxLifespan?: pulumi.Input; - /** - * Enable `offlineSessionMaxLifespan`. - */ offlineSessionMaxLifespanEnabled?: pulumi.Input; otpPolicy?: pulumi.Input; /** - * The password policy for users within the realm. - * - * The arguments below can be used to configure authentication flow bindings: + * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + * and notUsername(undefined)" */ passwordPolicy?: pulumi.Input; - /** - * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - */ realm: pulumi.Input; - /** - * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - * - * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - */ refreshTokenMaxReuse?: pulumi.Input; - /** - * When true, user registration will be enabled, and a link for registration will be displayed on the login page. - */ registrationAllowed?: pulumi.Input; - /** - * When true, the user's email will be used as their username during registration. - */ registrationEmailAsUsername?: pulumi.Input; /** - * The desired flow for user registration. Defaults to `registration`. + * Which flow should be used for RegistrationFlow */ registrationFlow?: pulumi.Input; - /** - * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - */ rememberMe?: pulumi.Input; /** - * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + * Which flow should be used for ResetCredentialsFlow */ resetCredentialsFlow?: pulumi.Input; - /** - * When true, a "forgot password" link will be displayed on the login page. - */ resetPasswordAllowed?: pulumi.Input; - /** - * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - */ revokeRefreshToken?: pulumi.Input; securityDefenses?: pulumi.Input; smtpServer?: pulumi.Input; /** - * Can be one of following values: 'none, 'external' or 'all' + * SSL Required: Values can be 'none', 'external' or 'all'. */ sslRequired?: pulumi.Input; - /** - * The amount of time a session can be idle before it expires. - */ ssoSessionIdleTimeout?: pulumi.Input; - /** - * Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`. - */ ssoSessionIdleTimeoutRememberMe?: pulumi.Input; - /** - * The maximum amount of time before a session expires regardless of activity. - */ ssoSessionMaxLifespan?: pulumi.Input; - /** - * Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`. - */ ssoSessionMaxLifespanRememberMe?: pulumi.Input; - /** - * When `true`, users are allowed to manage their own resources. Defaults to `false`. - */ userManagedAccess?: pulumi.Input; - /** - * When true, users are required to verify their email address after registration and after email address changes. - */ verifyEmail?: pulumi.Input; - /** - * Configuration for WebAuthn Passwordless Policy authentication. - * - * Each of these attributes are blocks with the following attributes: - */ webAuthnPasswordlessPolicy?: pulumi.Input; - /** - * Configuration for WebAuthn Policy authentication. - */ webAuthnPolicy?: pulumi.Input; } diff --git a/sdk/nodejs/realmEvents.ts b/sdk/nodejs/realmEvents.ts index bb63b889..0d75733c 100644 --- a/sdk/nodejs/realmEvents.ts +++ b/sdk/nodejs/realmEvents.ts @@ -5,35 +5,44 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** + * ## # keycloak.RealmEvents + * * Allows for managing Realm Events settings within Keycloak. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); + * const realm = new keycloak.Realm("realm", {realm: "test"}); * const realmEvents = new keycloak.RealmEvents("realmEvents", { - * realmId: realm.id, - * eventsEnabled: true, - * eventsExpiration: 3600, - * adminEventsEnabled: true, * adminEventsDetailsEnabled: true, + * adminEventsEnabled: true, * enabledEventTypes: [ * "LOGIN", * "LOGOUT", * ], + * eventsEnabled: true, + * eventsExpiration: 3600, * eventsListeners: ["jboss-logging"], + * realmId: realm.id, * }); * ``` + * + * + * ### Argument Reference * - * ## Import + * The following arguments are supported: * - * This resource currently does not support importing. + * - `realmId` - (Required) The name of the realm the event settings apply to. + * - `adminEventsEnabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`. + * - `adminEventsDetailsEnabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`. + * - `eventsEnabled` - (Optional) When true, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. + * - `eventsExpiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never. + * - `enabledEventTypes` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. + * - `eventsListeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. */ export class RealmEvents extends pulumi.CustomResource { /** @@ -63,33 +72,12 @@ export class RealmEvents extends pulumi.CustomResource { return obj['__pulumiType'] === RealmEvents.__pulumiType; } - /** - * When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - */ public readonly adminEventsDetailsEnabled!: pulumi.Output; - /** - * When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - */ public readonly adminEventsEnabled!: pulumi.Output; - /** - * The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - */ public readonly enabledEventTypes!: pulumi.Output; - /** - * When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. - */ public readonly eventsEnabled!: pulumi.Output; - /** - * The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - */ public readonly eventsExpiration!: pulumi.Output; - /** - * The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - */ public readonly eventsListeners!: pulumi.Output; - /** - * The name of the realm the event settings apply to. - */ public readonly realmId!: pulumi.Output; /** @@ -134,33 +122,12 @@ export class RealmEvents extends pulumi.CustomResource { * Input properties used for looking up and filtering RealmEvents resources. */ export interface RealmEventsState { - /** - * When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - */ adminEventsDetailsEnabled?: pulumi.Input; - /** - * When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - */ adminEventsEnabled?: pulumi.Input; - /** - * The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - */ enabledEventTypes?: pulumi.Input[]>; - /** - * When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. - */ eventsEnabled?: pulumi.Input; - /** - * The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - */ eventsExpiration?: pulumi.Input; - /** - * The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - */ eventsListeners?: pulumi.Input[]>; - /** - * The name of the realm the event settings apply to. - */ realmId?: pulumi.Input; } @@ -168,32 +135,11 @@ export interface RealmEventsState { * The set of arguments for constructing a RealmEvents resource. */ export interface RealmEventsArgs { - /** - * When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - */ adminEventsDetailsEnabled?: pulumi.Input; - /** - * When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - */ adminEventsEnabled?: pulumi.Input; - /** - * The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - */ enabledEventTypes?: pulumi.Input[]>; - /** - * When `true`, events from `enabledEventTypes` are saved to the database, making them available through the admin console. Defaults to `false`. - */ eventsEnabled?: pulumi.Input; - /** - * The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - */ eventsExpiration?: pulumi.Input; - /** - * The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - */ eventsListeners?: pulumi.Input[]>; - /** - * The name of the realm the event settings apply to. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/realmKeystoreAesGenerated.ts b/sdk/nodejs/realmKeystoreAesGenerated.ts index 27568fe4..45afba31 100644 --- a/sdk/nodejs/realmKeystoreAesGenerated.ts +++ b/sdk/nodejs/realmKeystoreAesGenerated.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -24,14 +25,15 @@ import * as utilities from "./utilities"; * secretSize: 16, * }); * ``` + * * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/nodejs/realmKeystoreEcdsaGenerated.ts b/sdk/nodejs/realmKeystoreEcdsaGenerated.ts index 80da605e..9f522b60 100644 --- a/sdk/nodejs/realmKeystoreEcdsaGenerated.ts +++ b/sdk/nodejs/realmKeystoreEcdsaGenerated.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -24,14 +25,15 @@ import * as utilities from "./utilities"; * ellipticCurveKey: "P-256", * }); * ``` + * * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/nodejs/realmKeystoreHmacGenerated.ts b/sdk/nodejs/realmKeystoreHmacGenerated.ts index 81af5130..605b7758 100644 --- a/sdk/nodejs/realmKeystoreHmacGenerated.ts +++ b/sdk/nodejs/realmKeystoreHmacGenerated.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -25,14 +26,15 @@ import * as utilities from "./utilities"; * secretSize: 64, * }); * ``` + * * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/nodejs/realmKeystoreJavaGenerated.ts b/sdk/nodejs/realmKeystoreJavaGenerated.ts index 26d54a4b..bb6e3e87 100644 --- a/sdk/nodejs/realmKeystoreJavaGenerated.ts +++ b/sdk/nodejs/realmKeystoreJavaGenerated.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -28,14 +29,15 @@ import * as utilities from "./utilities"; * algorithm: "RS256", * }); * ``` + * * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/nodejs/realmKeystoreRsa.ts b/sdk/nodejs/realmKeystoreRsa.ts index 15f127eb..1e3fd55e 100644 --- a/sdk/nodejs/realmKeystoreRsa.ts +++ b/sdk/nodejs/realmKeystoreRsa.ts @@ -13,9 +13,9 @@ import * as utilities from "./utilities"; * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/nodejs/realmKeystoreRsaGenerated.ts b/sdk/nodejs/realmKeystoreRsaGenerated.ts index 2669cf09..60b5a6df 100644 --- a/sdk/nodejs/realmKeystoreRsaGenerated.ts +++ b/sdk/nodejs/realmKeystoreRsaGenerated.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -25,14 +26,15 @@ import * as utilities from "./utilities"; * keySize: 2048, * }); * ``` + * * * ## Import * * Realm keys can be imported using realm name and keystore id, you can find it in web UI. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/nodejs/realmUserProfile.ts b/sdk/nodejs/realmUserProfile.ts index 3f44fb6d..2c128542 100644 --- a/sdk/nodejs/realmUserProfile.ts +++ b/sdk/nodejs/realmUserProfile.ts @@ -20,6 +20,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -99,6 +100,7 @@ import * as utilities from "./utilities"; * ], * }); * ``` + * * * ## Import * diff --git a/sdk/nodejs/requiredAction.ts b/sdk/nodejs/requiredAction.ts index eb9d92b5..d9048ca7 100644 --- a/sdk/nodejs/requiredAction.ts +++ b/sdk/nodejs/requiredAction.ts @@ -11,6 +11,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -25,14 +26,15 @@ import * as utilities from "./utilities"; * enabled: true, * }); * ``` + * * * ## Import * * Authentication executions can be imported using the formats: `{{realm}}/{{alias}}`. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias diff --git a/sdk/nodejs/role.ts b/sdk/nodejs/role.ts index 4ec5037b..7cb47400 100644 --- a/sdk/nodejs/role.ts +++ b/sdk/nodejs/role.ts @@ -5,135 +5,116 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "./utilities"; /** + * ## # keycloak.Role + * * Allows for creating and managing roles within Keycloak. * - * Roles allow you define privileges within Keycloak and map them to users and groups. + * Roles allow you define privileges within Keycloak and map them to users + * and groups. * - * ## Example Usage - * ### Realm Role) + * ### Example Usage (Realm role) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const realmRole = new keycloak.Role("realmRole", { - * realmId: realm.id, * description: "My Realm Role", - * attributes: { - * key: "value", - * multivalue: "value1##value2", - * }, + * realmId: realm.id, * }); * ``` - * ### Client Role) + * * + * ### Example Usage (Client role) + * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, + * const client = new keycloak.openid.Client("client", { + * accessType: "BEARER-ONLY", * clientId: "client", * enabled: true, - * accessType: "CONFIDENTIAL", - * validRedirectUris: ["http://localhost:8080/openid-callback"], + * realmId: realm.id, * }); * const clientRole = new keycloak.Role("clientRole", { - * realmId: realm.id, - * clientId: keycloak_client.openid_client.id, + * clientId: keycloak_client.client.id, * description: "My Client Role", - * attributes: { - * key: "value", - * }, + * realmId: realm.id, * }); * ``` - * ### Composite Role) + * + * + * ### Example Usage (Composite role) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); - * // realm roles - * const createRole = new keycloak.Role("createRole", { - * realmId: realm.id, - * attributes: { - * key: "value", - * }, - * }); - * const readRole = new keycloak.Role("readRole", { - * realmId: realm.id, - * attributes: { - * key: "value", - * }, - * }); - * const updateRole = new keycloak.Role("updateRole", { - * realmId: realm.id, - * attributes: { - * key: "value", - * }, - * }); - * const deleteRole = new keycloak.Role("deleteRole", { - * realmId: realm.id, - * attributes: { - * key: "value", - * }, - * }); - * // client role - * const openidClient = new keycloak.openid.Client("openidClient", { - * realmId: realm.id, + * const createRole = new keycloak.Role("createRole", {realmId: realm.id}); + * const readRole = new keycloak.Role("readRole", {realmId: realm.id}); + * const updateRole = new keycloak.Role("updateRole", {realmId: realm.id}); + * const deleteRole = new keycloak.Role("deleteRole", {realmId: realm.id}); + * const client = new keycloak.openid.Client("client", { + * accessType: "BEARER-ONLY", * clientId: "client", * enabled: true, - * accessType: "CONFIDENTIAL", - * validRedirectUris: ["http://localhost:8080/openid-callback"], + * realmId: realm.id, * }); * const clientRole = new keycloak.Role("clientRole", { - * realmId: realm.id, - * clientId: keycloak_client.openid_client.id, + * clientId: keycloak_client.client.id, * description: "My Client Role", - * attributes: { - * key: "value", - * }, + * realmId: realm.id, * }); * const adminRole = new keycloak.Role("adminRole", { - * realmId: realm.id, * compositeRoles: [ - * createRole.id, - * readRole.id, - * updateRole.id, - * deleteRole.id, - * clientRole.id, + * "{keycloak_role.create_role.id}", + * "{keycloak_role.read_role.id}", + * "{keycloak_role.update_role.id}", + * "{keycloak_role.delete_role.id}", + * "{keycloak_role.client_role.id}", * ], - * attributes: { - * key: "value", - * }, + * realmId: realm.id, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns + * The following arguments are supported: * - * to the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role. + * - `realmId` - (Required) The realm this role exists within. + * - `clientId` - (Optional) When specified, this role will be created as + * a client role attached to the client with the provided ID + * - `name` - (Required) The name of the role + * - `description` - (Optional) The description of the role + * - `compositeRoles` - (Optional) When specified, this role will be a + * composite role, composed of all roles that have an ID present within + * this list. * - * Example: + * ### Import * - * bash + * Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where + * `roleId` is the unique ID that Keycloak assigns to the role. The ID is + * not easy to find in the GUI, but it appears in the URL when editing the + * role. * - * ```sh - * $ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad - * ``` + * Example: */ export class Role extends pulumi.CustomResource { /** @@ -163,29 +144,11 @@ export class Role extends pulumi.CustomResource { return obj['__pulumiType'] === Role.__pulumiType; } - /** - * A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ public readonly attributes!: pulumi.Output<{[key: string]: any} | undefined>; - /** - * When specified, this role will be created as a client role attached to the client with the provided ID - */ public readonly clientId!: pulumi.Output; - /** - * When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - */ public readonly compositeRoles!: pulumi.Output; - /** - * The description of the role - */ public readonly description!: pulumi.Output; - /** - * The name of the role - */ public readonly name!: pulumi.Output; - /** - * The realm this role exists within. - */ public readonly realmId!: pulumi.Output; /** @@ -228,29 +191,11 @@ export class Role extends pulumi.CustomResource { * Input properties used for looking up and filtering Role resources. */ export interface RoleState { - /** - * A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ attributes?: pulumi.Input<{[key: string]: any}>; - /** - * When specified, this role will be created as a client role attached to the client with the provided ID - */ clientId?: pulumi.Input; - /** - * When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - */ compositeRoles?: pulumi.Input[]>; - /** - * The description of the role - */ description?: pulumi.Input; - /** - * The name of the role - */ name?: pulumi.Input; - /** - * The realm this role exists within. - */ realmId?: pulumi.Input; } @@ -258,28 +203,10 @@ export interface RoleState { * The set of arguments for constructing a Role resource. */ export interface RoleArgs { - /** - * A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ attributes?: pulumi.Input<{[key: string]: any}>; - /** - * When specified, this role will be created as a client role attached to the client with the provided ID - */ clientId?: pulumi.Input; - /** - * When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - */ compositeRoles?: pulumi.Input[]>; - /** - * The description of the role - */ description?: pulumi.Input; - /** - * The name of the role - */ name?: pulumi.Input; - /** - * The realm this role exists within. - */ realmId: pulumi.Input; } diff --git a/sdk/nodejs/saml/client.ts b/sdk/nodejs/saml/client.ts index 50da600c..5081d321 100644 --- a/sdk/nodejs/saml/client.ts +++ b/sdk/nodejs/saml/client.ts @@ -7,46 +7,74 @@ import * as outputs from "../types/output"; import * as utilities from "../utilities"; /** + * ## # keycloak.saml.Client + * * Allows for creating and managing Keycloak clients that use the SAML protocol. * - * Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users - * to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. + * Clients are entities that can use Keycloak for user authentication. Typically, + * clients are applications that redirect users to Keycloak for authentication + * in order to take advantage of Keycloak's user sessions for SSO. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fs from "fs"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const samlClient = new keycloak.saml.Client("samlClient", { + * clientId: "test-saml-client", + * includeAuthnStatement: true, * realmId: realm.id, - * clientId: "saml-client", - * signDocuments: false, * signAssertions: true, - * includeAuthnStatement: true, + * signDocuments: false, * signingCertificate: fs.readFileSync("saml-cert.pem", "utf8"), * signingPrivateKey: fs.readFileSync("saml-key.pem", "utf8"), * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. + * - `realmId` - (Required) The realm this client is attached to. + * - `clientId` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + * - `name` - (Optional) The display name of this client in the GUI. + * - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + * - `description` - (Optional) The description of this client in the GUI. + * - `includeAuthnStatement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. + * - `signDocuments` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. + * - `signAssertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. + * - `clientSignatureRequired` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. + * - `forcePostBinding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. + * - `frontChannelLogout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. + * - `nameIdFormat` - (Optional) Sets the Name ID format for the subject. + * - `rootUrl` - (Optional) When specified, this value is prepended to all relative URLs. + * - `validRedirectUris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. + * - `baseUrl` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. + * - `masterSamlProcessingUrl` - (Optional) When specified, this URL will be used for all SAML requests. + * - `signingCertificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. + * - `signingPrivateKey` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. + * - `idpInitiatedSsoUrlName` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. + * - `idpInitiatedSsoRelayState` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. + * - `assertionConsumerPostUrl` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). + * - `assertionConsumerRedirectUrl` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). + * - `logoutServicePostBindingUrl` - (Optional) SAML POST Binding URL for the client's single logout service. + * - `logoutServiceRedirectBindingUrl` - (Optional) SAML Redirect Binding URL for the client's single logout service. + * - `fullScopeAllowed` - (Optional) - Allow to include all roles mappings in the access token * - * Example: + * ### Import * - * bash + * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `clientKeycloakId` is the unique ID that Keycloak + * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. * - * ```sh - * $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - * ``` + * Example: */ export class Client extends pulumi.CustomResource { /** @@ -76,150 +104,42 @@ export class Client extends pulumi.CustomResource { return obj['__pulumiType'] === Client.__pulumiType; } - /** - * SAML POST Binding URL for the client's assertion consumer service (login responses). - */ public readonly assertionConsumerPostUrl!: pulumi.Output; - /** - * SAML Redirect Binding URL for the client's assertion consumer service (login responses). - */ public readonly assertionConsumerRedirectUrl!: pulumi.Output; - /** - * Override realm authentication flow bindings - */ public readonly authenticationFlowBindingOverrides!: pulumi.Output; - /** - * When specified, this URL will be used whenever Keycloak needs to link to this client. - */ public readonly baseUrl!: pulumi.Output; - /** - * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - */ public readonly canonicalizationMethod!: pulumi.Output; - /** - * The unique ID of this client, referenced in the URI during authentication and in issued tokens. - */ public readonly clientId!: pulumi.Output; - /** - * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. - */ public readonly clientSignatureRequired!: pulumi.Output; - /** - * The description of this client in the GUI. - */ public readonly description!: pulumi.Output; - /** - * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - */ public readonly enabled!: pulumi.Output; - /** - * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - */ public readonly encryptAssertions!: pulumi.Output; - /** - * If assertions for the client are encrypted, this certificate will be used for encryption. - */ public readonly encryptionCertificate!: pulumi.Output; - /** - * (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - */ public /*out*/ readonly encryptionCertificateSha1!: pulumi.Output; public readonly extraConfig!: pulumi.Output<{[key: string]: any} | undefined>; - /** - * Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. - */ public readonly forceNameIdFormat!: pulumi.Output; - /** - * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - */ public readonly forcePostBinding!: pulumi.Output; - /** - * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - */ public readonly frontChannelLogout!: pulumi.Output; - /** - * Allow to include all roles mappings in the access token - */ public readonly fullScopeAllowed!: pulumi.Output; - /** - * Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - */ public readonly idpInitiatedSsoRelayState!: pulumi.Output; - /** - * URL fragment name to reference client when you want to do IDP Initiated SSO. - */ public readonly idpInitiatedSsoUrlName!: pulumi.Output; - /** - * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - */ public readonly includeAuthnStatement!: pulumi.Output; - /** - * The login theme of this client. - */ public readonly loginTheme!: pulumi.Output; - /** - * SAML POST Binding URL for the client's single logout service. - */ public readonly logoutServicePostBindingUrl!: pulumi.Output; - /** - * SAML Redirect Binding URL for the client's single logout service. - */ public readonly logoutServiceRedirectBindingUrl!: pulumi.Output; - /** - * When specified, this URL will be used for all SAML requests. - */ public readonly masterSamlProcessingUrl!: pulumi.Output; - /** - * The display name of this client in the GUI. - */ public readonly name!: pulumi.Output; - /** - * Sets the Name ID format for the subject. - */ public readonly nameIdFormat!: pulumi.Output; - /** - * The realm this client is attached to. - */ public readonly realmId!: pulumi.Output; - /** - * When specified, this value is prepended to all relative URLs. - */ public readonly rootUrl!: pulumi.Output; - /** - * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - */ public readonly signAssertions!: pulumi.Output; - /** - * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - */ public readonly signDocuments!: pulumi.Output; - /** - * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - */ public readonly signatureAlgorithm!: pulumi.Output; - /** - * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - */ public readonly signatureKeyName!: pulumi.Output; - /** - * If documents or assertions from the client are signed, this certificate will be used to verify the signature. - */ public readonly signingCertificate!: pulumi.Output; - /** - * (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - */ public /*out*/ readonly signingCertificateSha1!: pulumi.Output; - /** - * If documents or assertions from the client are signed, this private key will be used to verify the signature. - */ public readonly signingPrivateKey!: pulumi.Output; - /** - * (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - */ public /*out*/ readonly signingPrivateKeySha1!: pulumi.Output; - /** - * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - */ public readonly validRedirectUris!: pulumi.Output; /** @@ -327,150 +247,42 @@ export class Client extends pulumi.CustomResource { * Input properties used for looking up and filtering Client resources. */ export interface ClientState { - /** - * SAML POST Binding URL for the client's assertion consumer service (login responses). - */ assertionConsumerPostUrl?: pulumi.Input; - /** - * SAML Redirect Binding URL for the client's assertion consumer service (login responses). - */ assertionConsumerRedirectUrl?: pulumi.Input; - /** - * Override realm authentication flow bindings - */ authenticationFlowBindingOverrides?: pulumi.Input; - /** - * When specified, this URL will be used whenever Keycloak needs to link to this client. - */ baseUrl?: pulumi.Input; - /** - * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - */ canonicalizationMethod?: pulumi.Input; - /** - * The unique ID of this client, referenced in the URI during authentication and in issued tokens. - */ clientId?: pulumi.Input; - /** - * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. - */ clientSignatureRequired?: pulumi.Input; - /** - * The description of this client in the GUI. - */ description?: pulumi.Input; - /** - * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - */ enabled?: pulumi.Input; - /** - * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - */ encryptAssertions?: pulumi.Input; - /** - * If assertions for the client are encrypted, this certificate will be used for encryption. - */ encryptionCertificate?: pulumi.Input; - /** - * (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - */ encryptionCertificateSha1?: pulumi.Input; extraConfig?: pulumi.Input<{[key: string]: any}>; - /** - * Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. - */ forceNameIdFormat?: pulumi.Input; - /** - * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - */ forcePostBinding?: pulumi.Input; - /** - * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - */ frontChannelLogout?: pulumi.Input; - /** - * Allow to include all roles mappings in the access token - */ fullScopeAllowed?: pulumi.Input; - /** - * Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - */ idpInitiatedSsoRelayState?: pulumi.Input; - /** - * URL fragment name to reference client when you want to do IDP Initiated SSO. - */ idpInitiatedSsoUrlName?: pulumi.Input; - /** - * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - */ includeAuthnStatement?: pulumi.Input; - /** - * The login theme of this client. - */ loginTheme?: pulumi.Input; - /** - * SAML POST Binding URL for the client's single logout service. - */ logoutServicePostBindingUrl?: pulumi.Input; - /** - * SAML Redirect Binding URL for the client's single logout service. - */ logoutServiceRedirectBindingUrl?: pulumi.Input; - /** - * When specified, this URL will be used for all SAML requests. - */ masterSamlProcessingUrl?: pulumi.Input; - /** - * The display name of this client in the GUI. - */ name?: pulumi.Input; - /** - * Sets the Name ID format for the subject. - */ nameIdFormat?: pulumi.Input; - /** - * The realm this client is attached to. - */ realmId?: pulumi.Input; - /** - * When specified, this value is prepended to all relative URLs. - */ rootUrl?: pulumi.Input; - /** - * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - */ signAssertions?: pulumi.Input; - /** - * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - */ signDocuments?: pulumi.Input; - /** - * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - */ signatureAlgorithm?: pulumi.Input; - /** - * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - */ signatureKeyName?: pulumi.Input; - /** - * If documents or assertions from the client are signed, this certificate will be used to verify the signature. - */ signingCertificate?: pulumi.Input; - /** - * (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - */ signingCertificateSha1?: pulumi.Input; - /** - * If documents or assertions from the client are signed, this private key will be used to verify the signature. - */ signingPrivateKey?: pulumi.Input; - /** - * (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - */ signingPrivateKeySha1?: pulumi.Input; - /** - * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - */ validRedirectUris?: pulumi.Input[]>; } @@ -478,137 +290,38 @@ export interface ClientState { * The set of arguments for constructing a Client resource. */ export interface ClientArgs { - /** - * SAML POST Binding URL for the client's assertion consumer service (login responses). - */ assertionConsumerPostUrl?: pulumi.Input; - /** - * SAML Redirect Binding URL for the client's assertion consumer service (login responses). - */ assertionConsumerRedirectUrl?: pulumi.Input; - /** - * Override realm authentication flow bindings - */ authenticationFlowBindingOverrides?: pulumi.Input; - /** - * When specified, this URL will be used whenever Keycloak needs to link to this client. - */ baseUrl?: pulumi.Input; - /** - * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - */ canonicalizationMethod?: pulumi.Input; - /** - * The unique ID of this client, referenced in the URI during authentication and in issued tokens. - */ clientId: pulumi.Input; - /** - * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`. - */ clientSignatureRequired?: pulumi.Input; - /** - * The description of this client in the GUI. - */ description?: pulumi.Input; - /** - * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - */ enabled?: pulumi.Input; - /** - * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - */ encryptAssertions?: pulumi.Input; - /** - * If assertions for the client are encrypted, this certificate will be used for encryption. - */ encryptionCertificate?: pulumi.Input; extraConfig?: pulumi.Input<{[key: string]: any}>; - /** - * Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`. - */ forceNameIdFormat?: pulumi.Input; - /** - * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - */ forcePostBinding?: pulumi.Input; - /** - * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - */ frontChannelLogout?: pulumi.Input; - /** - * Allow to include all roles mappings in the access token - */ fullScopeAllowed?: pulumi.Input; - /** - * Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - */ idpInitiatedSsoRelayState?: pulumi.Input; - /** - * URL fragment name to reference client when you want to do IDP Initiated SSO. - */ idpInitiatedSsoUrlName?: pulumi.Input; - /** - * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - */ includeAuthnStatement?: pulumi.Input; - /** - * The login theme of this client. - */ loginTheme?: pulumi.Input; - /** - * SAML POST Binding URL for the client's single logout service. - */ logoutServicePostBindingUrl?: pulumi.Input; - /** - * SAML Redirect Binding URL for the client's single logout service. - */ logoutServiceRedirectBindingUrl?: pulumi.Input; - /** - * When specified, this URL will be used for all SAML requests. - */ masterSamlProcessingUrl?: pulumi.Input; - /** - * The display name of this client in the GUI. - */ name?: pulumi.Input; - /** - * Sets the Name ID format for the subject. - */ nameIdFormat?: pulumi.Input; - /** - * The realm this client is attached to. - */ realmId: pulumi.Input; - /** - * When specified, this value is prepended to all relative URLs. - */ rootUrl?: pulumi.Input; - /** - * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - */ signAssertions?: pulumi.Input; - /** - * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - */ signDocuments?: pulumi.Input; - /** - * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - */ signatureAlgorithm?: pulumi.Input; - /** - * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - */ signatureKeyName?: pulumi.Input; - /** - * If documents or assertions from the client are signed, this certificate will be used to verify the signature. - */ signingCertificate?: pulumi.Input; - /** - * If documents or assertions from the client are signed, this private key will be used to verify the signature. - */ signingPrivateKey?: pulumi.Input; - /** - * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - */ validRedirectUris?: pulumi.Input[]>; } diff --git a/sdk/nodejs/saml/clientDefaultScope.ts b/sdk/nodejs/saml/clientDefaultScope.ts index 0fac4b41..fe508d49 100644 --- a/sdk/nodejs/saml/clientDefaultScope.ts +++ b/sdk/nodejs/saml/clientDefaultScope.ts @@ -7,6 +7,7 @@ import * as utilities from "../utilities"; /** * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fs from "fs"; @@ -35,12 +36,13 @@ import * as utilities from "../utilities"; * ], * }); * ``` + * * * ## Import * * This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist * - * on the server. + * on the server. */ export class ClientDefaultScope extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/saml/clientScope.ts b/sdk/nodejs/saml/clientScope.ts index dd2763bc..89235ad0 100644 --- a/sdk/nodejs/saml/clientScope.ts +++ b/sdk/nodejs/saml/clientScope.ts @@ -11,6 +11,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -25,16 +26,17 @@ import * as utilities from "../utilities"; * guiOrder: 1, * }); * ``` + * * * ## Import * * Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak * - * assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + * assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e diff --git a/sdk/nodejs/saml/getClient.ts b/sdk/nodejs/saml/getClient.ts index da94bbff..c423f099 100644 --- a/sdk/nodejs/saml/getClient.ts +++ b/sdk/nodejs/saml/getClient.ts @@ -11,6 +11,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -25,6 +26,7 @@ import * as utilities from "../utilities"; * name: "realm-admin", * })); * ``` + * */ export function getClient(args: GetClientArgs, opts?: pulumi.InvokeOptions): Promise { @@ -101,6 +103,7 @@ export interface GetClientResult { * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -115,6 +118,7 @@ export interface GetClientResult { * name: "realm-admin", * })); * ``` + * */ export function getClientOutput(args: GetClientOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getClient(a, opts)) diff --git a/sdk/nodejs/saml/getClientInstallationProvider.ts b/sdk/nodejs/saml/getClientInstallationProvider.ts index e79e308a..06d13abd 100644 --- a/sdk/nodejs/saml/getClientInstallationProvider.ts +++ b/sdk/nodejs/saml/getClientInstallationProvider.ts @@ -11,6 +11,7 @@ import * as utilities from "../utilities"; * * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; @@ -37,6 +38,7 @@ import * as utilities from "../utilities"; * }); * const _default = new aws.iam.SamlProvider("default", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor => samlIdpDescriptor.value)}); * ``` + * */ export function getClientInstallationProvider(args: GetClientInstallationProviderArgs, opts?: pulumi.InvokeOptions): Promise { @@ -89,6 +91,7 @@ export interface GetClientInstallationProviderResult { * * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; @@ -115,6 +118,7 @@ export interface GetClientInstallationProviderResult { * }); * const _default = new aws.iam.SamlProvider("default", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor => samlIdpDescriptor.value)}); * ``` + * */ export function getClientInstallationProviderOutput(args: GetClientInstallationProviderOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getClientInstallationProvider(a, opts)) diff --git a/sdk/nodejs/saml/identityProvider.ts b/sdk/nodejs/saml/identityProvider.ts index b9c383ee..110a1bd1 100644 --- a/sdk/nodejs/saml/identityProvider.ts +++ b/sdk/nodejs/saml/identityProvider.ts @@ -5,47 +5,74 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing SAML Identity Providers within Keycloak. + * ## # keycloak.saml.IdentityProvider * - * SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol. + * Allows to create and manage SAML Identity Providers within Keycloak. * - * ## Example Usage + * SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard. * + * ### Example Usage + * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const realmSamlIdentityProvider = new keycloak.saml.IdentityProvider("realmSamlIdentityProvider", { - * realm: realm.id, - * alias: "my-saml-idp", - * entityId: "https://domain.com/entity_id", - * singleSignOnServiceUrl: "https://domain.com/adfs/ls/", - * singleLogoutServiceUrl: "https://domain.com/adfs/ls/?wa=wsignout1.0", + * const realmIdentityProvider = new keycloak.saml.IdentityProvider("realmIdentityProvider", { + * alias: "my-idp", * backchannelSupported: true, - * postBindingResponse: true, - * postBindingLogout: true, + * forceAuthn: true, * postBindingAuthnRequest: true, + * postBindingLogout: true, + * postBindingResponse: true, + * realm: "my-realm", + * singleLogoutServiceUrl: "https://domain.com/adfs/ls/?wa=wsignout1.0", + * singleSignOnServiceUrl: "https://domain.com/adfs/ls/", * storeToken: false, * trustEmail: true, - * forceAuthn: true, * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. + * The following arguments are supported: * - * Example: + * - `realm` - (Required) The name of the realm. This is unique across Keycloak. + * - `alias` - (Optional) The uniq name of identity provider. + * - `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`. + * - `displayName` - (Optional) The display name for the realm that is shown when logging in to the admin console. + * - `storeToken` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`. + * - `addReadTokenRoleOnCreate` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`. + * - `trustEmail` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`. + * - `linkOnly` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`. + * - `hideOnLoginPage` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * - `firstBrokerLoginFlowAlias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * - `postBrokerLoginFlowAlias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * - `authenticateByDefault` - (Optional) Authenticate users by default. Defaults to `false`. * - * bash + * #### SAML Configuration * - * ```sh - * $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp - * ``` + * - `singleSignOnServiceUrl` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest). + * - `singleLogoutServiceUrl` - (Optional) The Url that must be used to send logout requests. + * - `backchannelSupported` - (Optional) Does the external IDP support back-channel logout ?. + * - `nameIdPolicyFormat` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * - `postBindingResponse` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * - `postBindingAuthnRequest` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * - `postBindingLogout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * - `wantAssertionsSigned` - (Optional) Indicates whether this service provider expects a signed Assertion. + * - `wantAssertionsEncrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion. + * - `forceAuthn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * - `validateSignature` - (Optional) Enable/disable signature validation of SAML responses. + * - `signingCertificate` - (Optional) Signing Certificate. + * - `signatureAlgorithm` - (Optional) Signing Algorithm. Defaults to empty. + * - `xmlSignKeyInfoKeyNameTransformer` - (Optional) Sign Key Transformer. Defaults to empty. + * + * ### Import + * + * Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idpAlias` is the identity provider alias. + * + * Example: */ export class IdentityProvider extends pulumi.CustomResource { /** @@ -76,39 +103,39 @@ export class IdentityProvider extends pulumi.CustomResource { } /** - * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. */ public readonly addReadTokenRoleOnCreate!: pulumi.Output; /** - * The unique name of identity provider. + * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. */ public readonly alias!: pulumi.Output; /** - * Authenticate users by default. Defaults to `false`. + * Enable/disable authenticate users by default. */ public readonly authenticateByDefault!: pulumi.Output; /** - * Ordered list of requested AuthnContext ClassRefs. + * AuthnContext ClassRefs */ public readonly authnContextClassRefs!: pulumi.Output; /** - * Specifies the comparison method used to evaluate the requested context classes or statements. + * AuthnContext Comparison */ public readonly authnContextComparisonType!: pulumi.Output; /** - * Ordered list of requested AuthnContext DeclRefs. + * AuthnContext DeclRefs */ public readonly authnContextDeclRefs!: pulumi.Output; /** - * Does the external IDP support backchannel logout?. Defaults to `false`. + * Does the external IDP support backchannel logout? */ public readonly backchannelSupported!: pulumi.Output; /** - * The display name for the realm that is shown when logging in to the admin console. + * Friendly name for Identity Providers. */ public readonly displayName!: pulumi.Output; /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * Enable/disable this identity provider. */ public readonly enabled!: pulumi.Output; /** @@ -117,19 +144,20 @@ export class IdentityProvider extends pulumi.CustomResource { public readonly entityId!: pulumi.Output; public readonly extraConfig!: pulumi.Output<{[key: string]: any} | undefined>; /** - * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. */ public readonly firstBrokerLoginFlowAlias!: pulumi.Output; /** - * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * Require Force Authn. */ public readonly forceAuthn!: pulumi.Output; /** - * A number defining the order of this identity provider in the GUI. + * GUI Order */ public readonly guiOrder!: pulumi.Output; /** - * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * Hide On Login Page. */ public readonly hideOnLoginPage!: pulumi.Output; /** @@ -137,7 +165,8 @@ export class IdentityProvider extends pulumi.CustomResource { */ public /*out*/ readonly internalId!: pulumi.Output; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider */ public readonly linkOnly!: pulumi.Output; /** @@ -145,43 +174,46 @@ export class IdentityProvider extends pulumi.CustomResource { */ public readonly loginHint!: pulumi.Output; /** - * Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * Name ID Policy Format. */ public readonly nameIdPolicyFormat!: pulumi.Output; /** - * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Authn Request. */ public readonly postBindingAuthnRequest!: pulumi.Output; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Logout. */ public readonly postBindingLogout!: pulumi.Output; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Post Binding Response. */ public readonly postBindingResponse!: pulumi.Output; /** - * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. */ public readonly postBrokerLoginFlowAlias!: pulumi.Output; /** - * The principal attribute. + * Principal Attribute */ public readonly principalAttribute!: pulumi.Output; /** - * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * Principal Type */ public readonly principalType!: pulumi.Output; /** - * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * provider id, is always saml, unless you have a custom implementation */ public readonly providerId!: pulumi.Output; /** - * The name of the realm. This is unique across Keycloak. + * Realm Name */ public readonly realm!: pulumi.Output; /** - * Signing Algorithm. Defaults to empty. + * Signing Algorithm. */ public readonly signatureAlgorithm!: pulumi.Output; /** @@ -189,23 +221,23 @@ export class IdentityProvider extends pulumi.CustomResource { */ public readonly signingCertificate!: pulumi.Output; /** - * The Url that must be used to send logout requests. + * Logout URL. */ public readonly singleLogoutServiceUrl!: pulumi.Output; /** - * The Url that must be used to send authentication requests (SAML AuthnRequest). + * SSO Logout URL. */ public readonly singleSignOnServiceUrl!: pulumi.Output; /** - * When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * Enable/disable if tokens must be stored after authenticating users. */ public readonly storeToken!: pulumi.Output; /** - * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * Sync Mode */ public readonly syncMode!: pulumi.Output; /** - * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * If enabled then email provided by this provider is not verified even if verification is enabled for the realm. */ public readonly trustEmail!: pulumi.Output; /** @@ -213,15 +245,15 @@ export class IdentityProvider extends pulumi.CustomResource { */ public readonly validateSignature!: pulumi.Output; /** - * Indicates whether this service provider expects an encrypted Assertion. + * Want Assertions Encrypted. */ public readonly wantAssertionsEncrypted!: pulumi.Output; /** - * Indicates whether this service provider expects a signed Assertion. + * Want Assertions Signed. */ public readonly wantAssertionsSigned!: pulumi.Output; /** - * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * Sign Key Transformer. */ public readonly xmlSignKeyInfoKeyNameTransformer!: pulumi.Output; @@ -339,39 +371,39 @@ export class IdentityProvider extends pulumi.CustomResource { */ export interface IdentityProviderState { /** - * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. */ addReadTokenRoleOnCreate?: pulumi.Input; /** - * The unique name of identity provider. + * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. */ alias?: pulumi.Input; /** - * Authenticate users by default. Defaults to `false`. + * Enable/disable authenticate users by default. */ authenticateByDefault?: pulumi.Input; /** - * Ordered list of requested AuthnContext ClassRefs. + * AuthnContext ClassRefs */ authnContextClassRefs?: pulumi.Input[]>; /** - * Specifies the comparison method used to evaluate the requested context classes or statements. + * AuthnContext Comparison */ authnContextComparisonType?: pulumi.Input; /** - * Ordered list of requested AuthnContext DeclRefs. + * AuthnContext DeclRefs */ authnContextDeclRefs?: pulumi.Input[]>; /** - * Does the external IDP support backchannel logout?. Defaults to `false`. + * Does the external IDP support backchannel logout? */ backchannelSupported?: pulumi.Input; /** - * The display name for the realm that is shown when logging in to the admin console. + * Friendly name for Identity Providers. */ displayName?: pulumi.Input; /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * Enable/disable this identity provider. */ enabled?: pulumi.Input; /** @@ -380,19 +412,20 @@ export interface IdentityProviderState { entityId?: pulumi.Input; extraConfig?: pulumi.Input<{[key: string]: any}>; /** - * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. */ firstBrokerLoginFlowAlias?: pulumi.Input; /** - * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * Require Force Authn. */ forceAuthn?: pulumi.Input; /** - * A number defining the order of this identity provider in the GUI. + * GUI Order */ guiOrder?: pulumi.Input; /** - * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * Hide On Login Page. */ hideOnLoginPage?: pulumi.Input; /** @@ -400,7 +433,8 @@ export interface IdentityProviderState { */ internalId?: pulumi.Input; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider */ linkOnly?: pulumi.Input; /** @@ -408,43 +442,46 @@ export interface IdentityProviderState { */ loginHint?: pulumi.Input; /** - * Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * Name ID Policy Format. */ nameIdPolicyFormat?: pulumi.Input; /** - * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Authn Request. */ postBindingAuthnRequest?: pulumi.Input; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Logout. */ postBindingLogout?: pulumi.Input; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Post Binding Response. */ postBindingResponse?: pulumi.Input; /** - * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. */ postBrokerLoginFlowAlias?: pulumi.Input; /** - * The principal attribute. + * Principal Attribute */ principalAttribute?: pulumi.Input; /** - * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * Principal Type */ principalType?: pulumi.Input; /** - * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * provider id, is always saml, unless you have a custom implementation */ providerId?: pulumi.Input; /** - * The name of the realm. This is unique across Keycloak. + * Realm Name */ realm?: pulumi.Input; /** - * Signing Algorithm. Defaults to empty. + * Signing Algorithm. */ signatureAlgorithm?: pulumi.Input; /** @@ -452,23 +489,23 @@ export interface IdentityProviderState { */ signingCertificate?: pulumi.Input; /** - * The Url that must be used to send logout requests. + * Logout URL. */ singleLogoutServiceUrl?: pulumi.Input; /** - * The Url that must be used to send authentication requests (SAML AuthnRequest). + * SSO Logout URL. */ singleSignOnServiceUrl?: pulumi.Input; /** - * When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * Enable/disable if tokens must be stored after authenticating users. */ storeToken?: pulumi.Input; /** - * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * Sync Mode */ syncMode?: pulumi.Input; /** - * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * If enabled then email provided by this provider is not verified even if verification is enabled for the realm. */ trustEmail?: pulumi.Input; /** @@ -476,15 +513,15 @@ export interface IdentityProviderState { */ validateSignature?: pulumi.Input; /** - * Indicates whether this service provider expects an encrypted Assertion. + * Want Assertions Encrypted. */ wantAssertionsEncrypted?: pulumi.Input; /** - * Indicates whether this service provider expects a signed Assertion. + * Want Assertions Signed. */ wantAssertionsSigned?: pulumi.Input; /** - * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * Sign Key Transformer. */ xmlSignKeyInfoKeyNameTransformer?: pulumi.Input; } @@ -494,39 +531,39 @@ export interface IdentityProviderState { */ export interface IdentityProviderArgs { /** - * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. */ addReadTokenRoleOnCreate?: pulumi.Input; /** - * The unique name of identity provider. + * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. */ alias: pulumi.Input; /** - * Authenticate users by default. Defaults to `false`. + * Enable/disable authenticate users by default. */ authenticateByDefault?: pulumi.Input; /** - * Ordered list of requested AuthnContext ClassRefs. + * AuthnContext ClassRefs */ authnContextClassRefs?: pulumi.Input[]>; /** - * Specifies the comparison method used to evaluate the requested context classes or statements. + * AuthnContext Comparison */ authnContextComparisonType?: pulumi.Input; /** - * Ordered list of requested AuthnContext DeclRefs. + * AuthnContext DeclRefs */ authnContextDeclRefs?: pulumi.Input[]>; /** - * Does the external IDP support backchannel logout?. Defaults to `false`. + * Does the external IDP support backchannel logout? */ backchannelSupported?: pulumi.Input; /** - * The display name for the realm that is shown when logging in to the admin console. + * Friendly name for Identity Providers. */ displayName?: pulumi.Input; /** - * When `false`, users and clients will not be able to access this realm. Defaults to `true`. + * Enable/disable this identity provider. */ enabled?: pulumi.Input; /** @@ -535,23 +572,25 @@ export interface IdentityProviderArgs { entityId: pulumi.Input; extraConfig?: pulumi.Input<{[key: string]: any}>; /** - * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + * that there is not yet existing Keycloak account linked with the authenticated identity provider account. */ firstBrokerLoginFlowAlias?: pulumi.Input; /** - * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + * Require Force Authn. */ forceAuthn?: pulumi.Input; /** - * A number defining the order of this identity provider in the GUI. + * GUI Order */ guiOrder?: pulumi.Input; /** - * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + * Hide On Login Page. */ hideOnLoginPage?: pulumi.Input; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + * want to allow login from the provider, but want to integrate with a provider */ linkOnly?: pulumi.Input; /** @@ -559,43 +598,46 @@ export interface IdentityProviderArgs { */ loginHint?: pulumi.Input; /** - * Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + * Name ID Policy Format. */ nameIdPolicyFormat?: pulumi.Input; /** - * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Authn Request. */ postBindingAuthnRequest?: pulumi.Input; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + * Post Binding Logout. */ postBindingLogout?: pulumi.Input; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Post Binding Response. */ postBindingResponse?: pulumi.Input; /** - * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. */ postBrokerLoginFlowAlias?: pulumi.Input; /** - * The principal attribute. + * Principal Attribute */ principalAttribute?: pulumi.Input; /** - * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + * Principal Type */ principalType?: pulumi.Input; /** - * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + * provider id, is always saml, unless you have a custom implementation */ providerId?: pulumi.Input; /** - * The name of the realm. This is unique across Keycloak. + * Realm Name */ realm: pulumi.Input; /** - * Signing Algorithm. Defaults to empty. + * Signing Algorithm. */ signatureAlgorithm?: pulumi.Input; /** @@ -603,23 +645,23 @@ export interface IdentityProviderArgs { */ signingCertificate?: pulumi.Input; /** - * The Url that must be used to send logout requests. + * Logout URL. */ singleLogoutServiceUrl?: pulumi.Input; /** - * The Url that must be used to send authentication requests (SAML AuthnRequest). + * SSO Logout URL. */ singleSignOnServiceUrl: pulumi.Input; /** - * When `true`, tokens will be stored after authenticating users. Defaults to `true`. + * Enable/disable if tokens must be stored after authenticating users. */ storeToken?: pulumi.Input; /** - * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + * Sync Mode */ syncMode?: pulumi.Input; /** - * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + * If enabled then email provided by this provider is not verified even if verification is enabled for the realm. */ trustEmail?: pulumi.Input; /** @@ -627,15 +669,15 @@ export interface IdentityProviderArgs { */ validateSignature?: pulumi.Input; /** - * Indicates whether this service provider expects an encrypted Assertion. + * Want Assertions Encrypted. */ wantAssertionsEncrypted?: pulumi.Input; /** - * Indicates whether this service provider expects a signed Assertion. + * Want Assertions Signed. */ wantAssertionsSigned?: pulumi.Input; /** - * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + * Sign Key Transformer. */ xmlSignKeyInfoKeyNameTransformer?: pulumi.Input; } diff --git a/sdk/nodejs/saml/scriptProtocolMapper.ts b/sdk/nodejs/saml/scriptProtocolMapper.ts index 35b131d3..0710525a 100644 --- a/sdk/nodejs/saml/scriptProtocolMapper.ts +++ b/sdk/nodejs/saml/scriptProtocolMapper.ts @@ -14,6 +14,7 @@ import * as utilities from "../utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -34,18 +35,19 @@ import * as utilities from "../utilities"; * samlAttributeNameFormat: "Unspecified", * }); * ``` + * * * ## Import * * Protocol mappers can be imported using one of the following formats: * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/nodejs/saml/userAttributeProtocolMapper.ts b/sdk/nodejs/saml/userAttributeProtocolMapper.ts index 9585f3c9..f6213521 100644 --- a/sdk/nodejs/saml/userAttributeProtocolMapper.ts +++ b/sdk/nodejs/saml/userAttributeProtocolMapper.ts @@ -5,56 +5,61 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak. + * ## # keycloak.saml.UserAttributeProtocolMapper * - * SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute - * in a SAML assertion. + * Allows for creating and managing user attribute protocol mappers for + * SAML clients within Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * SAML user attribute protocol mappers allow you to map custom attributes defined + * for a user within Keycloak to an attribute in a SAML assertion. Protocol mappers + * can be defined for a single client, or they can be defined for a client scope which + * can be shared between multiple different clients. * - * ## Example Usage + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const samlClient = new keycloak.saml.Client("samlClient", { - * realmId: realm.id, - * clientId: "saml-client", + * clientId: "test-saml-client", + * realmId: keycloak_realm.test.id, * }); * const samlUserAttributeMapper = new keycloak.saml.UserAttributeProtocolMapper("samlUserAttributeMapper", { - * realmId: realm.id, * clientId: samlClient.id, - * userAttribute: "displayName", + * realmId: keycloak_realm.test.id, * samlAttributeName: "displayName", * samlAttributeNameFormat: "Unspecified", + * userAttribute: "displayName", * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Protocol mappers can be imported using one of the following formats: - * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The SAML client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The SAML client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `userAttribute` - (Required) The custom user attribute to map. + * - `friendlyName` - (Optional) An optional human-friendly name for this attribute. + * - `samlAttributeName` - (Required) The name of the SAML attribute. + * - `samlAttributeNameFormat` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. * - * Example: + * ### Import * - * bash - * - * ```sh - * $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class UserAttributeProtocolMapper extends pulumi.CustomResource { /** @@ -84,37 +89,13 @@ export class UserAttributeProtocolMapper extends pulumi.CustomResource { return obj['__pulumiType'] === UserAttributeProtocolMapper.__pulumiType; } - /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - */ public readonly clientId!: pulumi.Output; - /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - */ public readonly clientScopeId!: pulumi.Output; - /** - * An optional human-friendly name for this attribute. - */ public readonly friendlyName!: pulumi.Output; - /** - * The display name of this protocol mapper in the GUI. - */ public readonly name!: pulumi.Output; - /** - * The realm this protocol mapper exists within. - */ public readonly realmId!: pulumi.Output; - /** - * The name of the SAML attribute. - */ public readonly samlAttributeName!: pulumi.Output; - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - */ public readonly samlAttributeNameFormat!: pulumi.Output; - /** - * The custom user attribute to map. - */ public readonly userAttribute!: pulumi.Output; /** @@ -170,37 +151,13 @@ export class UserAttributeProtocolMapper extends pulumi.CustomResource { * Input properties used for looking up and filtering UserAttributeProtocolMapper resources. */ export interface UserAttributeProtocolMapperState { - /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - */ clientId?: pulumi.Input; - /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - */ clientScopeId?: pulumi.Input; - /** - * An optional human-friendly name for this attribute. - */ friendlyName?: pulumi.Input; - /** - * The display name of this protocol mapper in the GUI. - */ name?: pulumi.Input; - /** - * The realm this protocol mapper exists within. - */ realmId?: pulumi.Input; - /** - * The name of the SAML attribute. - */ samlAttributeName?: pulumi.Input; - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - */ samlAttributeNameFormat?: pulumi.Input; - /** - * The custom user attribute to map. - */ userAttribute?: pulumi.Input; } @@ -208,36 +165,12 @@ export interface UserAttributeProtocolMapperState { * The set of arguments for constructing a UserAttributeProtocolMapper resource. */ export interface UserAttributeProtocolMapperArgs { - /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - */ clientId?: pulumi.Input; - /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - */ clientScopeId?: pulumi.Input; - /** - * An optional human-friendly name for this attribute. - */ friendlyName?: pulumi.Input; - /** - * The display name of this protocol mapper in the GUI. - */ name?: pulumi.Input; - /** - * The realm this protocol mapper exists within. - */ realmId: pulumi.Input; - /** - * The name of the SAML attribute. - */ samlAttributeName: pulumi.Input; - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - */ samlAttributeNameFormat: pulumi.Input; - /** - * The custom user attribute to map. - */ userAttribute: pulumi.Input; } diff --git a/sdk/nodejs/saml/userPropertyProtocolMapper.ts b/sdk/nodejs/saml/userPropertyProtocolMapper.ts index 5cf78176..55b67bd4 100644 --- a/sdk/nodejs/saml/userPropertyProtocolMapper.ts +++ b/sdk/nodejs/saml/userPropertyProtocolMapper.ts @@ -5,56 +5,61 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * Allows for creating and managing user property protocol mappers for SAML clients within Keycloak. + * ## # keycloak.saml.UserPropertyProtocolMapper * - * SAML user property protocol mappers allow you to map properties of the Keycloak - * user model to an attribute in a SAML assertion. + * Allows for creating and managing user property protocol mappers for + * SAML clients within Keycloak. * - * Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - * multiple different clients. + * SAML user property protocol mappers allow you to map properties of the Keycloak + * user model to an attribute in a SAML assertion. Protocol mappers + * can be defined for a single client, or they can be defined for a client scope which + * can be shared between multiple different clients. * - * ## Example Usage + * ### Example Usage (Client) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const samlClient = new keycloak.saml.Client("samlClient", { - * realmId: realm.id, - * clientId: "saml-client", + * clientId: "test-saml-client", + * realmId: keycloak_realm.test.id, * }); * const samlUserPropertyMapper = new keycloak.saml.UserPropertyProtocolMapper("samlUserPropertyMapper", { - * realmId: realm.id, * clientId: samlClient.id, - * userProperty: "email", + * realmId: keycloak_realm.test.id, * samlAttributeName: "email", * samlAttributeNameFormat: "Unspecified", + * userProperty: "email", * }); * ``` + * * - * ## Import - * - * Protocol mappers can be imported using one of the following formats: + * ### Argument Reference * - * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * The following arguments are supported: * - * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + * - `realmId` - (Required) The realm this protocol mapper exists within. + * - `clientId` - (Required if `clientScopeId` is not specified) The SAML client this protocol mapper is attached to. + * - `clientScopeId` - (Required if `clientId` is not specified) The SAML client scope this protocol mapper is attached to. + * - `name` - (Required) The display name of this protocol mapper in the GUI. + * - `userProperty` - (Required) The property of the Keycloak user model to map. + * - `friendlyName` - (Optional) An optional human-friendly name for this attribute. + * - `samlAttributeName` - (Required) The name of the SAML attribute. + * - `samlAttributeNameFormat` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. * - * Example: + * ### Import * - * bash - * - * ```sh - * $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Protocol mappers can be imported using one of the following formats: + * - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + * - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` * - * ```sh - * $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - * ``` + * Example: */ export class UserPropertyProtocolMapper extends pulumi.CustomResource { /** @@ -84,37 +89,13 @@ export class UserPropertyProtocolMapper extends pulumi.CustomResource { return obj['__pulumiType'] === UserPropertyProtocolMapper.__pulumiType; } - /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - */ public readonly clientId!: pulumi.Output; - /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - */ public readonly clientScopeId!: pulumi.Output; - /** - * An optional human-friendly name for this attribute. - */ public readonly friendlyName!: pulumi.Output; - /** - * The display name of this protocol mapper in the GUI. - */ public readonly name!: pulumi.Output; - /** - * The realm this protocol mapper exists within. - */ public readonly realmId!: pulumi.Output; - /** - * The name of the SAML attribute. - */ public readonly samlAttributeName!: pulumi.Output; - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - */ public readonly samlAttributeNameFormat!: pulumi.Output; - /** - * The property of the Keycloak user model to map. - */ public readonly userProperty!: pulumi.Output; /** @@ -170,37 +151,13 @@ export class UserPropertyProtocolMapper extends pulumi.CustomResource { * Input properties used for looking up and filtering UserPropertyProtocolMapper resources. */ export interface UserPropertyProtocolMapperState { - /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - */ clientId?: pulumi.Input; - /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - */ clientScopeId?: pulumi.Input; - /** - * An optional human-friendly name for this attribute. - */ friendlyName?: pulumi.Input; - /** - * The display name of this protocol mapper in the GUI. - */ name?: pulumi.Input; - /** - * The realm this protocol mapper exists within. - */ realmId?: pulumi.Input; - /** - * The name of the SAML attribute. - */ samlAttributeName?: pulumi.Input; - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - */ samlAttributeNameFormat?: pulumi.Input; - /** - * The property of the Keycloak user model to map. - */ userProperty?: pulumi.Input; } @@ -208,36 +165,12 @@ export interface UserPropertyProtocolMapperState { * The set of arguments for constructing a UserPropertyProtocolMapper resource. */ export interface UserPropertyProtocolMapperArgs { - /** - * The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified. - */ clientId?: pulumi.Input; - /** - * The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified. - */ clientScopeId?: pulumi.Input; - /** - * An optional human-friendly name for this attribute. - */ friendlyName?: pulumi.Input; - /** - * The display name of this protocol mapper in the GUI. - */ name?: pulumi.Input; - /** - * The realm this protocol mapper exists within. - */ realmId: pulumi.Input; - /** - * The name of the SAML attribute. - */ samlAttributeName: pulumi.Input; - /** - * The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - */ samlAttributeNameFormat: pulumi.Input; - /** - * The property of the Keycloak user model to map. - */ userProperty: pulumi.Input; } diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index af41e01b..097ca911 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -264,39 +264,21 @@ export interface GroupPermissionsViewScope { } export interface RealmInternationalization { - /** - * The locale to use by default. This locale code must be present within the `supportedLocales` list. - */ defaultLocale: pulumi.Input; - /** - * A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - */ supportedLocales: pulumi.Input[]>; } export interface RealmOtpPolicy { /** - * What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + * What hashing algorithm should be used to generate the OTP. */ algorithm?: pulumi.Input; - /** - * How many digits the OTP have. Defaults to `6`. - */ digits?: pulumi.Input; - /** - * What should the initial counter value be. Defaults to `2`. - */ initialCounter?: pulumi.Input; - /** - * How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - */ lookAheadWindow?: pulumi.Input; - /** - * How many seconds should an OTP token be valid. Defaults to `30`. - */ period?: pulumi.Input; /** - * One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + * OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password */ type?: pulumi.Input; } @@ -307,120 +289,41 @@ export interface RealmSecurityDefenses { } export interface RealmSecurityDefensesBruteForceDetection { - /** - * When will failure count be reset? - */ failureResetTimeSeconds?: pulumi.Input; maxFailureWaitSeconds?: pulumi.Input; - /** - * How many failures before wait is triggered. - */ maxLoginFailures?: pulumi.Input; - /** - * How long to wait after a quick login failure. - * - `maxFailureWaitSeconds ` - (Optional) Max. time a user will be locked out. - */ minimumQuickLoginWaitSeconds?: pulumi.Input; - /** - * When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - */ permanentLockout?: pulumi.Input; - /** - * Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - */ quickLoginCheckMilliSeconds?: pulumi.Input; - /** - * This represents the amount of time a user should be locked out when the login failure threshold has been met. - */ waitIncrementSeconds?: pulumi.Input; } export interface RealmSecurityDefensesHeaders { - /** - * Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - */ contentSecurityPolicy?: pulumi.Input; - /** - * Used for testing Content Security Policies. - */ contentSecurityPolicyReportOnly?: pulumi.Input; - /** - * The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - */ referrerPolicy?: pulumi.Input; - /** - * The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - */ strictTransportSecurity?: pulumi.Input; - /** - * Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - */ xContentTypeOptions?: pulumi.Input; - /** - * Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - */ xFrameOptions?: pulumi.Input; - /** - * Prevent pages from appearing in search engines. - */ xRobotsTag?: pulumi.Input; - /** - * This header configures the Cross-site scripting (XSS) filter in your browser. - */ xXssProtection?: pulumi.Input; } export interface RealmSmtpServer { - /** - * Enables authentication to the SMTP server. This block supports the following arguments: - */ auth?: pulumi.Input; - /** - * The email address uses for bounces. - */ envelopeFrom?: pulumi.Input; - /** - * The email address for the sender. - */ from: pulumi.Input; - /** - * The display name of the sender email address. - */ fromDisplayName?: pulumi.Input; - /** - * The host of the SMTP server. - */ host: pulumi.Input; - /** - * The port of the SMTP server (defaults to 25). - */ port?: pulumi.Input; - /** - * The "reply to" email address. - */ replyTo?: pulumi.Input; - /** - * The display name of the "reply to" email address. - */ replyToDisplayName?: pulumi.Input; - /** - * When `true`, enables SSL. Defaults to `false`. - */ ssl?: pulumi.Input; - /** - * When `true`, enables StartTLS. Defaults to `false`. - */ starttls?: pulumi.Input; } export interface RealmSmtpServerAuth { - /** - * The SMTP server password. - */ password: pulumi.Input; - /** - * The SMTP server username. - */ username: pulumi.Input; } @@ -505,114 +408,69 @@ export interface RealmUserProfileGroup { } export interface RealmWebAuthnPasswordlessPolicy { - /** - * A set of AAGUIDs for which an authenticator can be registered. - */ acceptableAaguids?: pulumi.Input[]>; /** - * The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * Either none, indirect or direct */ attestationConveyancePreference?: pulumi.Input; /** - * The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * Either platform or cross-platform */ authenticatorAttachment?: pulumi.Input; - /** - * When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - */ avoidSameAuthenticatorRegister?: pulumi.Input; - /** - * The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - */ createTimeout?: pulumi.Input; - /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - */ relyingPartyEntityName?: pulumi.Input; - /** - * The WebAuthn relying party ID. - */ relyingPartyId?: pulumi.Input; /** - * Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * Either Yes or No */ requireResidentKey?: pulumi.Input; /** - * A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing */ signatureAlgorithms?: pulumi.Input[]>; /** - * Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * Either required, preferred or discouraged */ userVerificationRequirement?: pulumi.Input; } export interface RealmWebAuthnPolicy { - /** - * A set of AAGUIDs for which an authenticator can be registered. - */ acceptableAaguids?: pulumi.Input[]>; /** - * The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * Either none, indirect or direct */ attestationConveyancePreference?: pulumi.Input; /** - * The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * Either platform or cross-platform */ authenticatorAttachment?: pulumi.Input; - /** - * When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - */ avoidSameAuthenticatorRegister?: pulumi.Input; - /** - * The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - */ createTimeout?: pulumi.Input; - /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - */ relyingPartyEntityName?: pulumi.Input; - /** - * The WebAuthn relying party ID. - */ relyingPartyId?: pulumi.Input; /** - * Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * Either Yes or No */ requireResidentKey?: pulumi.Input; /** - * A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing */ signatureAlgorithms?: pulumi.Input[]>; /** - * Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * Either required, preferred or discouraged */ userVerificationRequirement?: pulumi.Input; } export interface UserFederatedIdentity { - /** - * The name of the identity provider - */ identityProvider: pulumi.Input; - /** - * The ID of the user defined in the identity provider - */ userId: pulumi.Input; - /** - * The user name of the user defined in the identity provider - */ userName: pulumi.Input; } export interface UserInitialPassword { - /** - * If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - */ temporary?: pulumi.Input; - /** - * The initial password. - */ value: pulumi.Input; } @@ -654,7 +512,7 @@ export interface UsersPermissionsViewScope { export namespace ldap { export interface UserFederationCache { /** - * Day of the week the entry will become invalid on + * Day of the week the entry will become invalid on. */ evictionDay?: pulumi.Input; /** @@ -669,15 +527,12 @@ export namespace ldap { * Max lifespan of cache entry (duration string). */ maxLifespan?: pulumi.Input; - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - */ policy?: pulumi.Input; } export interface UserFederationKerberos { /** - * The name of the kerberos realm, e.g. FOO.LOCAL. + * The name of the kerberos realm, e.g. FOO.LOCAL */ kerberosRealm: pulumi.Input; /** @@ -697,32 +552,14 @@ export namespace ldap { export namespace openid { export interface ClientAuthenticationFlowBindingOverrides { - /** - * Browser flow id, (flow needs to exist) - */ browserId?: pulumi.Input; - /** - * Direct grant flow id (flow needs to exist) - */ directGrantId?: pulumi.Input; } export interface ClientAuthorization { - /** - * When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - */ allowRemoteResourceManagement?: pulumi.Input; - /** - * Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - */ decisionStrategy?: pulumi.Input; - /** - * When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - */ keepDefaults?: pulumi.Input; - /** - * Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - */ policyEnforcementMode: pulumi.Input; } @@ -783,13 +620,7 @@ export namespace openid { export namespace saml { export interface ClientAuthenticationFlowBindingOverrides { - /** - * Browser flow id, (flow needs to exist) - */ browserId?: pulumi.Input; - /** - * Direct grant flow id (flow needs to exist) - */ directGrantId?: pulumi.Input; } diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 3caeb932..4eabb3aa 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -19,37 +19,13 @@ export interface GetRealmInternationalization { } export interface GetRealmKeysKey { - /** - * Key algorithm (string) - */ algorithm: string; - /** - * Key certificate (string) - */ certificate: string; - /** - * Key ID (string) - */ kid: string; - /** - * Key provider ID (string) - */ providerId: string; - /** - * Key provider priority (int64) - */ providerPriority: number; - /** - * Key public key (string) - */ publicKey: string; - /** - * When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - */ status: string; - /** - * Key type (string) - */ type: string; } @@ -193,39 +169,21 @@ export interface GroupPermissionsViewScope { } export interface RealmInternationalization { - /** - * The locale to use by default. This locale code must be present within the `supportedLocales` list. - */ defaultLocale: string; - /** - * A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - */ supportedLocales: string[]; } export interface RealmOtpPolicy { /** - * What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + * What hashing algorithm should be used to generate the OTP. */ algorithm?: string; - /** - * How many digits the OTP have. Defaults to `6`. - */ digits?: number; - /** - * What should the initial counter value be. Defaults to `2`. - */ initialCounter?: number; - /** - * How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - */ lookAheadWindow?: number; - /** - * How many seconds should an OTP token be valid. Defaults to `30`. - */ period?: number; /** - * One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + * OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password */ type?: string; } @@ -236,120 +194,41 @@ export interface RealmSecurityDefenses { } export interface RealmSecurityDefensesBruteForceDetection { - /** - * When will failure count be reset? - */ failureResetTimeSeconds?: number; maxFailureWaitSeconds?: number; - /** - * How many failures before wait is triggered. - */ maxLoginFailures?: number; - /** - * How long to wait after a quick login failure. - * - `maxFailureWaitSeconds ` - (Optional) Max. time a user will be locked out. - */ minimumQuickLoginWaitSeconds?: number; - /** - * When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - */ permanentLockout?: boolean; - /** - * Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - */ quickLoginCheckMilliSeconds?: number; - /** - * This represents the amount of time a user should be locked out when the login failure threshold has been met. - */ waitIncrementSeconds?: number; } export interface RealmSecurityDefensesHeaders { - /** - * Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - */ contentSecurityPolicy?: string; - /** - * Used for testing Content Security Policies. - */ contentSecurityPolicyReportOnly?: string; - /** - * The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - */ referrerPolicy?: string; - /** - * The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - */ strictTransportSecurity?: string; - /** - * Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - */ xContentTypeOptions?: string; - /** - * Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - */ xFrameOptions?: string; - /** - * Prevent pages from appearing in search engines. - */ xRobotsTag?: string; - /** - * This header configures the Cross-site scripting (XSS) filter in your browser. - */ xXssProtection?: string; } export interface RealmSmtpServer { - /** - * Enables authentication to the SMTP server. This block supports the following arguments: - */ auth?: outputs.RealmSmtpServerAuth; - /** - * The email address uses for bounces. - */ envelopeFrom?: string; - /** - * The email address for the sender. - */ from: string; - /** - * The display name of the sender email address. - */ fromDisplayName?: string; - /** - * The host of the SMTP server. - */ host: string; - /** - * The port of the SMTP server (defaults to 25). - */ port?: string; - /** - * The "reply to" email address. - */ replyTo?: string; - /** - * The display name of the "reply to" email address. - */ replyToDisplayName?: string; - /** - * When `true`, enables SSL. Defaults to `false`. - */ ssl?: boolean; - /** - * When `true`, enables StartTLS. Defaults to `false`. - */ starttls?: boolean; } export interface RealmSmtpServerAuth { - /** - * The SMTP server password. - */ password: string; - /** - * The SMTP server username. - */ username: string; } @@ -434,114 +313,69 @@ export interface RealmUserProfileGroup { } export interface RealmWebAuthnPasswordlessPolicy { - /** - * A set of AAGUIDs for which an authenticator can be registered. - */ acceptableAaguids?: string[]; /** - * The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * Either none, indirect or direct */ attestationConveyancePreference?: string; /** - * The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * Either platform or cross-platform */ authenticatorAttachment?: string; - /** - * When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - */ avoidSameAuthenticatorRegister?: boolean; - /** - * The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - */ createTimeout?: number; - /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - */ relyingPartyEntityName?: string; - /** - * The WebAuthn relying party ID. - */ relyingPartyId?: string; /** - * Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * Either Yes or No */ requireResidentKey?: string; /** - * A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing */ signatureAlgorithms: string[]; /** - * Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * Either required, preferred or discouraged */ userVerificationRequirement?: string; } export interface RealmWebAuthnPolicy { - /** - * A set of AAGUIDs for which an authenticator can be registered. - */ acceptableAaguids?: string[]; /** - * The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + * Either none, indirect or direct */ attestationConveyancePreference?: string; /** - * The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + * Either platform or cross-platform */ authenticatorAttachment?: string; - /** - * When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - */ avoidSameAuthenticatorRegister?: boolean; - /** - * The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - */ createTimeout?: number; - /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - */ relyingPartyEntityName?: string; - /** - * The WebAuthn relying party ID. - */ relyingPartyId?: string; /** - * Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + * Either Yes or No */ requireResidentKey?: string; /** - * A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + * Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing */ signatureAlgorithms: string[]; /** - * Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + * Either required, preferred or discouraged */ userVerificationRequirement?: string; } export interface UserFederatedIdentity { - /** - * The name of the identity provider - */ identityProvider: string; - /** - * The ID of the user defined in the identity provider - */ userId: string; - /** - * The user name of the user defined in the identity provider - */ userName: string; } export interface UserInitialPassword { - /** - * If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - */ temporary?: boolean; - /** - * The initial password. - */ value: string; } @@ -584,7 +418,7 @@ export interface UsersPermissionsViewScope { export namespace ldap { export interface UserFederationCache { /** - * Day of the week the entry will become invalid on + * Day of the week the entry will become invalid on. */ evictionDay?: number; /** @@ -599,15 +433,12 @@ export namespace ldap { * Max lifespan of cache entry (duration string). */ maxLifespan?: string; - /** - * Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - */ policy?: string; } export interface UserFederationKerberos { /** - * The name of the kerberos realm, e.g. FOO.LOCAL. + * The name of the kerberos realm, e.g. FOO.LOCAL */ kerberosRealm: string; /** @@ -628,32 +459,14 @@ export namespace ldap { export namespace openid { export interface ClientAuthenticationFlowBindingOverrides { - /** - * Browser flow id, (flow needs to exist) - */ browserId?: string; - /** - * Direct grant flow id (flow needs to exist) - */ directGrantId?: string; } export interface ClientAuthorization { - /** - * When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - */ allowRemoteResourceManagement?: boolean; - /** - * Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - */ decisionStrategy?: string; - /** - * When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - */ keepDefaults?: boolean; - /** - * Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - */ policyEnforcementMode: string; } @@ -732,13 +545,7 @@ export namespace openid { export namespace saml { export interface ClientAuthenticationFlowBindingOverrides { - /** - * Browser flow id, (flow needs to exist) - */ browserId?: string; - /** - * Direct grant flow id (flow needs to exist) - */ directGrantId?: string; } diff --git a/sdk/nodejs/user.ts b/sdk/nodejs/user.ts index 01e540ac..360c2947 100644 --- a/sdk/nodejs/user.ts +++ b/sdk/nodejs/user.ts @@ -7,61 +7,69 @@ import * as outputs from "./types/output"; import * as utilities from "./utilities"; /** + * ## # keycloak.User + * * Allows for creating and managing Users within Keycloak. * - * This resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource. Creating users within - * Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers - * or identity providers. + * This resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource. + * Creating users within Keycloak is not recommended. Instead, users should be federated from external sources + * by configuring user federation providers or identity providers. * - * ## Example Usage + * ### Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", * enabled: true, + * realm: "my-realm", * }); * const user = new keycloak.User("user", { - * realmId: realm.id, - * username: "bob", - * enabled: true, * email: "bob@domain.com", + * enabled: true, * firstName: "Bob", * lastName: "Bobson", + * realmId: realm.id, + * username: "bob", * }); * const userWithInitialPassword = new keycloak.User("userWithInitialPassword", { - * realmId: realm.id, - * username: "alice", - * enabled: true, * email: "alice@domain.com", + * enabled: true, * firstName: "Alice", - * lastName: "Aliceberg", - * attributes: { - * foo: "bar", - * multivalue: "value1##value2", - * }, * initialPassword: { - * value: "some password", * temporary: true, + * value: "some password", * }, + * lastName: "Aliceberg", + * realmId: realm.id, + * username: "alice", * }); * ``` + * * - * ## Import + * ### Argument Reference * - * Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + * The following arguments are supported: * - * assigns to the user upon creation. This value can be found in the GUI when editing the user. + * - `realmId` - (Required) The realm this user belongs to. + * - `username` - (Required) The unique username of this user. + * - `initialPassword` (Optional) When given, the user's initial password will be set. + * This attribute is only respected during initial user creation. + * - `value` (Required) The initial password. + * - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`. + * - `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`. + * - `email` - (Optional) The user's email. + * - `firstName` - (Optional) The user's first name. + * - `lastName` - (Optional) The user's last name. * - * Example: + * ### Import * - * bash + * Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `userId` is the unique ID that Keycloak + * assigns to the user upon creation. This value can be found in the GUI when editing the user. * - * ```sh - * $ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4 - * ``` + * Example: */ export class User extends pulumi.CustomResource { /** @@ -91,49 +99,16 @@ export class User extends pulumi.CustomResource { return obj['__pulumiType'] === User.__pulumiType; } - /** - * A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ public readonly attributes!: pulumi.Output<{[key: string]: any} | undefined>; - /** - * The user's email. - */ public readonly email!: pulumi.Output; - /** - * Whether the email address was validated or not. Default to `false`. - */ public readonly emailVerified!: pulumi.Output; - /** - * When false, this user cannot log in. Defaults to `true`. - */ public readonly enabled!: pulumi.Output; - /** - * When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - */ public readonly federatedIdentities!: pulumi.Output; - /** - * The user's first name. - */ public readonly firstName!: pulumi.Output; - /** - * When given, the user's initial password will be set. This attribute is only respected during initial user creation. - */ public readonly initialPassword!: pulumi.Output; - /** - * The user's last name. - */ public readonly lastName!: pulumi.Output; - /** - * The realm this user belongs to. - */ public readonly realmId!: pulumi.Output; - /** - * A list of required user actions. - */ public readonly requiredActions!: pulumi.Output; - /** - * The unique username of this user. - */ public readonly username!: pulumi.Output; /** @@ -189,49 +164,16 @@ export class User extends pulumi.CustomResource { * Input properties used for looking up and filtering User resources. */ export interface UserState { - /** - * A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ attributes?: pulumi.Input<{[key: string]: any}>; - /** - * The user's email. - */ email?: pulumi.Input; - /** - * Whether the email address was validated or not. Default to `false`. - */ emailVerified?: pulumi.Input; - /** - * When false, this user cannot log in. Defaults to `true`. - */ enabled?: pulumi.Input; - /** - * When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - */ federatedIdentities?: pulumi.Input[]>; - /** - * The user's first name. - */ firstName?: pulumi.Input; - /** - * When given, the user's initial password will be set. This attribute is only respected during initial user creation. - */ initialPassword?: pulumi.Input; - /** - * The user's last name. - */ lastName?: pulumi.Input; - /** - * The realm this user belongs to. - */ realmId?: pulumi.Input; - /** - * A list of required user actions. - */ requiredActions?: pulumi.Input[]>; - /** - * The unique username of this user. - */ username?: pulumi.Input; } @@ -239,48 +181,15 @@ export interface UserState { * The set of arguments for constructing a User resource. */ export interface UserArgs { - /** - * A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - */ attributes?: pulumi.Input<{[key: string]: any}>; - /** - * The user's email. - */ email?: pulumi.Input; - /** - * Whether the email address was validated or not. Default to `false`. - */ emailVerified?: pulumi.Input; - /** - * When false, this user cannot log in. Defaults to `true`. - */ enabled?: pulumi.Input; - /** - * When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - */ federatedIdentities?: pulumi.Input[]>; - /** - * The user's first name. - */ firstName?: pulumi.Input; - /** - * When given, the user's initial password will be set. This attribute is only respected during initial user creation. - */ initialPassword?: pulumi.Input; - /** - * The user's last name. - */ lastName?: pulumi.Input; - /** - * The realm this user belongs to. - */ realmId: pulumi.Input; - /** - * A list of required user actions. - */ requiredActions?: pulumi.Input[]>; - /** - * The unique username of this user. - */ username: pulumi.Input; } diff --git a/sdk/nodejs/userGroups.ts b/sdk/nodejs/userGroups.ts index 45a78542..81013b77 100644 --- a/sdk/nodejs/userGroups.ts +++ b/sdk/nodejs/userGroups.ts @@ -11,7 +11,9 @@ import * as utilities from "./utilities"; * If `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `keycloak.UserGroups` for the same `userId`. * * ## Example Usage + * * ### Exhaustive Groups) + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -31,7 +33,10 @@ import * as utilities from "./utilities"; * groupIds: [group.id], * }); * ``` + * + * * ### Non Exhaustive Groups) + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -59,12 +64,13 @@ import * as utilities from "./utilities"; * groupIds: [groupBar.id], * }); * ``` + * * * ## Import * * This resource does not support import. Instead of importing, feel free to create this resource * - * as if it did not already exist on the server. + * as if it did not already exist on the server. */ export class UserGroups extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/userRoles.ts b/sdk/nodejs/userRoles.ts index 7efd2283..c5d4140a 100644 --- a/sdk/nodejs/userRoles.ts +++ b/sdk/nodejs/userRoles.ts @@ -15,8 +15,10 @@ import * as utilities from "./utilities"; * a role and a composite that includes that role to the same user. * * ## Example Usage + * * ### Exhaustive Roles) * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -57,16 +59,17 @@ import * as utilities from "./utilities"; * ], * }); * ``` + * * * ## Import * * This resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak * - * assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. + * assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924 diff --git a/sdk/nodejs/userTemplateImporterIdentityProviderMapper.ts b/sdk/nodejs/userTemplateImporterIdentityProviderMapper.ts index fac5bd46..7d470c48 100644 --- a/sdk/nodejs/userTemplateImporterIdentityProviderMapper.ts +++ b/sdk/nodejs/userTemplateImporterIdentityProviderMapper.ts @@ -15,6 +15,7 @@ import * as utilities from "./utilities"; * * ## Example Usage * + * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; @@ -41,16 +42,17 @@ import * as utilities from "./utilities"; * }, * }); * ``` + * * * ## Import * * Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak * - * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + * assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. * - * Example: + * Example: * - * bash + * bash * * ```sh * $ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/nodejs/usersPermissions.ts b/sdk/nodejs/usersPermissions.ts index 1b45b484..a6d3eda2 100644 --- a/sdk/nodejs/usersPermissions.ts +++ b/sdk/nodejs/usersPermissions.ts @@ -20,35 +20,6 @@ import * as utilities from "./utilities"; * 4. Create all scope based permission for the scopes and users resources. * * > This resource should only be created once per realm. - * - * ## Example Usage - * ### Argument Reference - * - * The following arguments are supported: - * - * - `realmId` - (Required) The realm in which to manage fine-grained user permissions. - * - * Each of the scopes that can be managed are defined below: - * - * - `viewScope` - (Optional) When specified, set the scope based view permission. - * - `manageScope` - (Optional) When specified, set the scope based manage permission. - * - `mapRolesScope` - (Optional) When specified, set the scope based mapRoles permission. - * - `manageGroupMembershipScope` - (Optional) When specified, set the scope based manageGroupMembership permission. - * - `impersonateScope` - (Optional) When specified, set the scope based impersonate permission. - * - `userImpersonatedScope` - (Optional) When specified, set the scope based userImpersonated permission. - * - * The configuration block for each of these scopes supports the following arguments: - * - * - `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID. - * - `description` - (Optional) Description of the permission. - * - `decisionStrategy` - (Optional) Decision strategy of the permission. - * - * ### Attributes Reference - * - * In addition to the arguments listed above, the following computed attributes are exported: - * - * - `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`. - * - `authorizationResourceServerId` - Resource server id representing the realm management client on which these permissions are managed. */ export class UsersPermissions extends pulumi.CustomResource { /** diff --git a/sdk/python/pulumi_keycloak/_inputs.py b/sdk/python/pulumi_keycloak/_inputs.py index 6dbebcf7..bc760722 100644 --- a/sdk/python/pulumi_keycloak/_inputs.py +++ b/sdk/python/pulumi_keycloak/_inputs.py @@ -257,19 +257,12 @@ class RealmInternationalizationArgs: def __init__(__self__, *, default_locale: pulumi.Input[str], supported_locales: pulumi.Input[Sequence[pulumi.Input[str]]]): - """ - :param pulumi.Input[str] default_locale: The locale to use by default. This locale code must be present within the `supported_locales` list. - :param pulumi.Input[Sequence[pulumi.Input[str]]] supported_locales: A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - """ pulumi.set(__self__, "default_locale", default_locale) pulumi.set(__self__, "supported_locales", supported_locales) @property @pulumi.getter(name="defaultLocale") def default_locale(self) -> pulumi.Input[str]: - """ - The locale to use by default. This locale code must be present within the `supported_locales` list. - """ return pulumi.get(self, "default_locale") @default_locale.setter @@ -279,9 +272,6 @@ def default_locale(self, value: pulumi.Input[str]): @property @pulumi.getter(name="supportedLocales") def supported_locales(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: - """ - A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - """ return pulumi.get(self, "supported_locales") @supported_locales.setter @@ -299,12 +289,8 @@ def __init__(__self__, *, period: Optional[pulumi.Input[int]] = None, type: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input[str] algorithm: What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. - :param pulumi.Input[int] digits: How many digits the OTP have. Defaults to `6`. - :param pulumi.Input[int] initial_counter: What should the initial counter value be. Defaults to `2`. - :param pulumi.Input[int] look_ahead_window: How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - :param pulumi.Input[int] period: How many seconds should an OTP token be valid. Defaults to `30`. - :param pulumi.Input[str] type: One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + :param pulumi.Input[str] algorithm: What hashing algorithm should be used to generate the OTP. + :param pulumi.Input[str] type: OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password """ if algorithm is not None: pulumi.set(__self__, "algorithm", algorithm) @@ -323,7 +309,7 @@ def __init__(__self__, *, @pulumi.getter def algorithm(self) -> Optional[pulumi.Input[str]]: """ - What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + What hashing algorithm should be used to generate the OTP. """ return pulumi.get(self, "algorithm") @@ -334,9 +320,6 @@ def algorithm(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def digits(self) -> Optional[pulumi.Input[int]]: - """ - How many digits the OTP have. Defaults to `6`. - """ return pulumi.get(self, "digits") @digits.setter @@ -346,9 +329,6 @@ def digits(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="initialCounter") def initial_counter(self) -> Optional[pulumi.Input[int]]: - """ - What should the initial counter value be. Defaults to `2`. - """ return pulumi.get(self, "initial_counter") @initial_counter.setter @@ -358,9 +338,6 @@ def initial_counter(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="lookAheadWindow") def look_ahead_window(self) -> Optional[pulumi.Input[int]]: - """ - How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - """ return pulumi.get(self, "look_ahead_window") @look_ahead_window.setter @@ -370,9 +347,6 @@ def look_ahead_window(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter def period(self) -> Optional[pulumi.Input[int]]: - """ - How many seconds should an OTP token be valid. Defaults to `30`. - """ return pulumi.get(self, "period") @period.setter @@ -383,7 +357,7 @@ def period(self, value: Optional[pulumi.Input[int]]): @pulumi.getter def type(self) -> Optional[pulumi.Input[str]]: """ - One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password """ return pulumi.get(self, "type") @@ -431,15 +405,6 @@ def __init__(__self__, *, permanent_lockout: Optional[pulumi.Input[bool]] = None, quick_login_check_milli_seconds: Optional[pulumi.Input[int]] = None, wait_increment_seconds: Optional[pulumi.Input[int]] = None): - """ - :param pulumi.Input[int] failure_reset_time_seconds: When will failure count be reset? - :param pulumi.Input[int] max_login_failures: How many failures before wait is triggered. - :param pulumi.Input[int] minimum_quick_login_wait_seconds: How long to wait after a quick login failure. - - `max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - :param pulumi.Input[bool] permanent_lockout: When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - :param pulumi.Input[int] quick_login_check_milli_seconds: Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - :param pulumi.Input[int] wait_increment_seconds: This represents the amount of time a user should be locked out when the login failure threshold has been met. - """ if failure_reset_time_seconds is not None: pulumi.set(__self__, "failure_reset_time_seconds", failure_reset_time_seconds) if max_failure_wait_seconds is not None: @@ -458,9 +423,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="failureResetTimeSeconds") def failure_reset_time_seconds(self) -> Optional[pulumi.Input[int]]: - """ - When will failure count be reset? - """ return pulumi.get(self, "failure_reset_time_seconds") @failure_reset_time_seconds.setter @@ -479,9 +441,6 @@ def max_failure_wait_seconds(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="maxLoginFailures") def max_login_failures(self) -> Optional[pulumi.Input[int]]: - """ - How many failures before wait is triggered. - """ return pulumi.get(self, "max_login_failures") @max_login_failures.setter @@ -491,10 +450,6 @@ def max_login_failures(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="minimumQuickLoginWaitSeconds") def minimum_quick_login_wait_seconds(self) -> Optional[pulumi.Input[int]]: - """ - How long to wait after a quick login failure. - - `max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - """ return pulumi.get(self, "minimum_quick_login_wait_seconds") @minimum_quick_login_wait_seconds.setter @@ -504,9 +459,6 @@ def minimum_quick_login_wait_seconds(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="permanentLockout") def permanent_lockout(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - """ return pulumi.get(self, "permanent_lockout") @permanent_lockout.setter @@ -516,9 +468,6 @@ def permanent_lockout(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="quickLoginCheckMilliSeconds") def quick_login_check_milli_seconds(self) -> Optional[pulumi.Input[int]]: - """ - Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - """ return pulumi.get(self, "quick_login_check_milli_seconds") @quick_login_check_milli_seconds.setter @@ -528,9 +477,6 @@ def quick_login_check_milli_seconds(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="waitIncrementSeconds") def wait_increment_seconds(self) -> Optional[pulumi.Input[int]]: - """ - This represents the amount of time a user should be locked out when the login failure threshold has been met. - """ return pulumi.get(self, "wait_increment_seconds") @wait_increment_seconds.setter @@ -549,16 +495,6 @@ def __init__(__self__, *, x_frame_options: Optional[pulumi.Input[str]] = None, x_robots_tag: Optional[pulumi.Input[str]] = None, x_xss_protection: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[str] content_security_policy: Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - :param pulumi.Input[str] content_security_policy_report_only: Used for testing Content Security Policies. - :param pulumi.Input[str] referrer_policy: The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - :param pulumi.Input[str] strict_transport_security: The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - :param pulumi.Input[str] x_content_type_options: Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - :param pulumi.Input[str] x_frame_options: Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - :param pulumi.Input[str] x_robots_tag: Prevent pages from appearing in search engines. - :param pulumi.Input[str] x_xss_protection: This header configures the Cross-site scripting (XSS) filter in your browser. - """ if content_security_policy is not None: pulumi.set(__self__, "content_security_policy", content_security_policy) if content_security_policy_report_only is not None: @@ -579,9 +515,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="contentSecurityPolicy") def content_security_policy(self) -> Optional[pulumi.Input[str]]: - """ - Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - """ return pulumi.get(self, "content_security_policy") @content_security_policy.setter @@ -591,9 +524,6 @@ def content_security_policy(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="contentSecurityPolicyReportOnly") def content_security_policy_report_only(self) -> Optional[pulumi.Input[str]]: - """ - Used for testing Content Security Policies. - """ return pulumi.get(self, "content_security_policy_report_only") @content_security_policy_report_only.setter @@ -603,9 +533,6 @@ def content_security_policy_report_only(self, value: Optional[pulumi.Input[str]] @property @pulumi.getter(name="referrerPolicy") def referrer_policy(self) -> Optional[pulumi.Input[str]]: - """ - The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - """ return pulumi.get(self, "referrer_policy") @referrer_policy.setter @@ -615,9 +542,6 @@ def referrer_policy(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="strictTransportSecurity") def strict_transport_security(self) -> Optional[pulumi.Input[str]]: - """ - The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - """ return pulumi.get(self, "strict_transport_security") @strict_transport_security.setter @@ -627,9 +551,6 @@ def strict_transport_security(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="xContentTypeOptions") def x_content_type_options(self) -> Optional[pulumi.Input[str]]: - """ - Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - """ return pulumi.get(self, "x_content_type_options") @x_content_type_options.setter @@ -639,9 +560,6 @@ def x_content_type_options(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="xFrameOptions") def x_frame_options(self) -> Optional[pulumi.Input[str]]: - """ - Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - """ return pulumi.get(self, "x_frame_options") @x_frame_options.setter @@ -651,9 +569,6 @@ def x_frame_options(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="xRobotsTag") def x_robots_tag(self) -> Optional[pulumi.Input[str]]: - """ - Prevent pages from appearing in search engines. - """ return pulumi.get(self, "x_robots_tag") @x_robots_tag.setter @@ -663,9 +578,6 @@ def x_robots_tag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="xXssProtection") def x_xss_protection(self) -> Optional[pulumi.Input[str]]: - """ - This header configures the Cross-site scripting (XSS) filter in your browser. - """ return pulumi.get(self, "x_xss_protection") @x_xss_protection.setter @@ -686,18 +598,6 @@ def __init__(__self__, *, reply_to_display_name: Optional[pulumi.Input[str]] = None, ssl: Optional[pulumi.Input[bool]] = None, starttls: Optional[pulumi.Input[bool]] = None): - """ - :param pulumi.Input[str] from_: The email address for the sender. - :param pulumi.Input[str] host: The host of the SMTP server. - :param pulumi.Input['RealmSmtpServerAuthArgs'] auth: Enables authentication to the SMTP server. This block supports the following arguments: - :param pulumi.Input[str] envelope_from: The email address uses for bounces. - :param pulumi.Input[str] from_display_name: The display name of the sender email address. - :param pulumi.Input[str] port: The port of the SMTP server (defaults to 25). - :param pulumi.Input[str] reply_to: The "reply to" email address. - :param pulumi.Input[str] reply_to_display_name: The display name of the "reply to" email address. - :param pulumi.Input[bool] ssl: When `true`, enables SSL. Defaults to `false`. - :param pulumi.Input[bool] starttls: When `true`, enables StartTLS. Defaults to `false`. - """ pulumi.set(__self__, "from_", from_) pulumi.set(__self__, "host", host) if auth is not None: @@ -720,9 +620,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="from") def from_(self) -> pulumi.Input[str]: - """ - The email address for the sender. - """ return pulumi.get(self, "from_") @from_.setter @@ -732,9 +629,6 @@ def from_(self, value: pulumi.Input[str]): @property @pulumi.getter def host(self) -> pulumi.Input[str]: - """ - The host of the SMTP server. - """ return pulumi.get(self, "host") @host.setter @@ -744,9 +638,6 @@ def host(self, value: pulumi.Input[str]): @property @pulumi.getter def auth(self) -> Optional[pulumi.Input['RealmSmtpServerAuthArgs']]: - """ - Enables authentication to the SMTP server. This block supports the following arguments: - """ return pulumi.get(self, "auth") @auth.setter @@ -756,9 +647,6 @@ def auth(self, value: Optional[pulumi.Input['RealmSmtpServerAuthArgs']]): @property @pulumi.getter(name="envelopeFrom") def envelope_from(self) -> Optional[pulumi.Input[str]]: - """ - The email address uses for bounces. - """ return pulumi.get(self, "envelope_from") @envelope_from.setter @@ -768,9 +656,6 @@ def envelope_from(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="fromDisplayName") def from_display_name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of the sender email address. - """ return pulumi.get(self, "from_display_name") @from_display_name.setter @@ -780,9 +665,6 @@ def from_display_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def port(self) -> Optional[pulumi.Input[str]]: - """ - The port of the SMTP server (defaults to 25). - """ return pulumi.get(self, "port") @port.setter @@ -792,9 +674,6 @@ def port(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="replyTo") def reply_to(self) -> Optional[pulumi.Input[str]]: - """ - The "reply to" email address. - """ return pulumi.get(self, "reply_to") @reply_to.setter @@ -804,9 +683,6 @@ def reply_to(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="replyToDisplayName") def reply_to_display_name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of the "reply to" email address. - """ return pulumi.get(self, "reply_to_display_name") @reply_to_display_name.setter @@ -816,9 +692,6 @@ def reply_to_display_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def ssl(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, enables SSL. Defaults to `false`. - """ return pulumi.get(self, "ssl") @ssl.setter @@ -828,9 +701,6 @@ def ssl(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def starttls(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, enables StartTLS. Defaults to `false`. - """ return pulumi.get(self, "starttls") @starttls.setter @@ -843,19 +713,12 @@ class RealmSmtpServerAuthArgs: def __init__(__self__, *, password: pulumi.Input[str], username: pulumi.Input[str]): - """ - :param pulumi.Input[str] password: The SMTP server password. - :param pulumi.Input[str] username: The SMTP server username. - """ pulumi.set(__self__, "password", password) pulumi.set(__self__, "username", username) @property @pulumi.getter def password(self) -> pulumi.Input[str]: - """ - The SMTP server password. - """ return pulumi.get(self, "password") @password.setter @@ -865,9 +728,6 @@ def password(self, value: pulumi.Input[str]): @property @pulumi.getter def username(self) -> pulumi.Input[str]: - """ - The SMTP server username. - """ return pulumi.get(self, "username") @username.setter @@ -1184,16 +1044,11 @@ def __init__(__self__, *, signature_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, user_verification_requirement: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input[Sequence[pulumi.Input[str]]] acceptable_aaguids: A set of AAGUIDs for which an authenticator can be registered. - :param pulumi.Input[str] attestation_conveyance_preference: The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. - :param pulumi.Input[str] authenticator_attachment: The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. - :param pulumi.Input[bool] avoid_same_authenticator_register: When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - :param pulumi.Input[int] create_timeout: The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - :param pulumi.Input[str] relying_party_entity_name: A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - :param pulumi.Input[str] relying_party_id: The WebAuthn relying party ID. - :param pulumi.Input[str] require_resident_key: Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] signature_algorithms: A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. - :param pulumi.Input[str] user_verification_requirement: Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + :param pulumi.Input[str] attestation_conveyance_preference: Either none, indirect or direct + :param pulumi.Input[str] authenticator_attachment: Either platform or cross-platform + :param pulumi.Input[str] require_resident_key: Either Yes or No + :param pulumi.Input[Sequence[pulumi.Input[str]]] signature_algorithms: Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing + :param pulumi.Input[str] user_verification_requirement: Either required, preferred or discouraged """ if acceptable_aaguids is not None: pulumi.set(__self__, "acceptable_aaguids", acceptable_aaguids) @@ -1219,9 +1074,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="acceptableAaguids") def acceptable_aaguids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A set of AAGUIDs for which an authenticator can be registered. - """ return pulumi.get(self, "acceptable_aaguids") @acceptable_aaguids.setter @@ -1232,7 +1084,7 @@ def acceptable_aaguids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[ @pulumi.getter(name="attestationConveyancePreference") def attestation_conveyance_preference(self) -> Optional[pulumi.Input[str]]: """ - The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + Either none, indirect or direct """ return pulumi.get(self, "attestation_conveyance_preference") @@ -1244,7 +1096,7 @@ def attestation_conveyance_preference(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="authenticatorAttachment") def authenticator_attachment(self) -> Optional[pulumi.Input[str]]: """ - The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + Either platform or cross-platform """ return pulumi.get(self, "authenticator_attachment") @@ -1255,9 +1107,6 @@ def authenticator_attachment(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="avoidSameAuthenticatorRegister") def avoid_same_authenticator_register(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - """ return pulumi.get(self, "avoid_same_authenticator_register") @avoid_same_authenticator_register.setter @@ -1267,9 +1116,6 @@ def avoid_same_authenticator_register(self, value: Optional[pulumi.Input[bool]]) @property @pulumi.getter(name="createTimeout") def create_timeout(self) -> Optional[pulumi.Input[int]]: - """ - The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - """ return pulumi.get(self, "create_timeout") @create_timeout.setter @@ -1279,9 +1125,6 @@ def create_timeout(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="relyingPartyEntityName") def relying_party_entity_name(self) -> Optional[pulumi.Input[str]]: - """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - """ return pulumi.get(self, "relying_party_entity_name") @relying_party_entity_name.setter @@ -1291,9 +1134,6 @@ def relying_party_entity_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="relyingPartyId") def relying_party_id(self) -> Optional[pulumi.Input[str]]: - """ - The WebAuthn relying party ID. - """ return pulumi.get(self, "relying_party_id") @relying_party_id.setter @@ -1304,7 +1144,7 @@ def relying_party_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="requireResidentKey") def require_resident_key(self) -> Optional[pulumi.Input[str]]: """ - Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + Either Yes or No """ return pulumi.get(self, "require_resident_key") @@ -1316,7 +1156,7 @@ def require_resident_key(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="signatureAlgorithms") def signature_algorithms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing """ return pulumi.get(self, "signature_algorithms") @@ -1328,7 +1168,7 @@ def signature_algorithms(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="userVerificationRequirement") def user_verification_requirement(self) -> Optional[pulumi.Input[str]]: """ - Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + Either required, preferred or discouraged """ return pulumi.get(self, "user_verification_requirement") @@ -1351,16 +1191,11 @@ def __init__(__self__, *, signature_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, user_verification_requirement: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input[Sequence[pulumi.Input[str]]] acceptable_aaguids: A set of AAGUIDs for which an authenticator can be registered. - :param pulumi.Input[str] attestation_conveyance_preference: The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. - :param pulumi.Input[str] authenticator_attachment: The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. - :param pulumi.Input[bool] avoid_same_authenticator_register: When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - :param pulumi.Input[int] create_timeout: The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - :param pulumi.Input[str] relying_party_entity_name: A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - :param pulumi.Input[str] relying_party_id: The WebAuthn relying party ID. - :param pulumi.Input[str] require_resident_key: Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] signature_algorithms: A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. - :param pulumi.Input[str] user_verification_requirement: Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + :param pulumi.Input[str] attestation_conveyance_preference: Either none, indirect or direct + :param pulumi.Input[str] authenticator_attachment: Either platform or cross-platform + :param pulumi.Input[str] require_resident_key: Either Yes or No + :param pulumi.Input[Sequence[pulumi.Input[str]]] signature_algorithms: Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing + :param pulumi.Input[str] user_verification_requirement: Either required, preferred or discouraged """ if acceptable_aaguids is not None: pulumi.set(__self__, "acceptable_aaguids", acceptable_aaguids) @@ -1386,9 +1221,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="acceptableAaguids") def acceptable_aaguids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A set of AAGUIDs for which an authenticator can be registered. - """ return pulumi.get(self, "acceptable_aaguids") @acceptable_aaguids.setter @@ -1399,7 +1231,7 @@ def acceptable_aaguids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[ @pulumi.getter(name="attestationConveyancePreference") def attestation_conveyance_preference(self) -> Optional[pulumi.Input[str]]: """ - The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + Either none, indirect or direct """ return pulumi.get(self, "attestation_conveyance_preference") @@ -1411,7 +1243,7 @@ def attestation_conveyance_preference(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="authenticatorAttachment") def authenticator_attachment(self) -> Optional[pulumi.Input[str]]: """ - The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + Either platform or cross-platform """ return pulumi.get(self, "authenticator_attachment") @@ -1422,9 +1254,6 @@ def authenticator_attachment(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="avoidSameAuthenticatorRegister") def avoid_same_authenticator_register(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - """ return pulumi.get(self, "avoid_same_authenticator_register") @avoid_same_authenticator_register.setter @@ -1434,9 +1263,6 @@ def avoid_same_authenticator_register(self, value: Optional[pulumi.Input[bool]]) @property @pulumi.getter(name="createTimeout") def create_timeout(self) -> Optional[pulumi.Input[int]]: - """ - The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - """ return pulumi.get(self, "create_timeout") @create_timeout.setter @@ -1446,9 +1272,6 @@ def create_timeout(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="relyingPartyEntityName") def relying_party_entity_name(self) -> Optional[pulumi.Input[str]]: - """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - """ return pulumi.get(self, "relying_party_entity_name") @relying_party_entity_name.setter @@ -1458,9 +1281,6 @@ def relying_party_entity_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="relyingPartyId") def relying_party_id(self) -> Optional[pulumi.Input[str]]: - """ - The WebAuthn relying party ID. - """ return pulumi.get(self, "relying_party_id") @relying_party_id.setter @@ -1471,7 +1291,7 @@ def relying_party_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="requireResidentKey") def require_resident_key(self) -> Optional[pulumi.Input[str]]: """ - Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + Either Yes or No """ return pulumi.get(self, "require_resident_key") @@ -1483,7 +1303,7 @@ def require_resident_key(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="signatureAlgorithms") def signature_algorithms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing """ return pulumi.get(self, "signature_algorithms") @@ -1495,7 +1315,7 @@ def signature_algorithms(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="userVerificationRequirement") def user_verification_requirement(self) -> Optional[pulumi.Input[str]]: """ - Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + Either required, preferred or discouraged """ return pulumi.get(self, "user_verification_requirement") @@ -1510,11 +1330,6 @@ def __init__(__self__, *, identity_provider: pulumi.Input[str], user_id: pulumi.Input[str], user_name: pulumi.Input[str]): - """ - :param pulumi.Input[str] identity_provider: The name of the identity provider - :param pulumi.Input[str] user_id: The ID of the user defined in the identity provider - :param pulumi.Input[str] user_name: The user name of the user defined in the identity provider - """ pulumi.set(__self__, "identity_provider", identity_provider) pulumi.set(__self__, "user_id", user_id) pulumi.set(__self__, "user_name", user_name) @@ -1522,9 +1337,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="identityProvider") def identity_provider(self) -> pulumi.Input[str]: - """ - The name of the identity provider - """ return pulumi.get(self, "identity_provider") @identity_provider.setter @@ -1534,9 +1346,6 @@ def identity_provider(self, value: pulumi.Input[str]): @property @pulumi.getter(name="userId") def user_id(self) -> pulumi.Input[str]: - """ - The ID of the user defined in the identity provider - """ return pulumi.get(self, "user_id") @user_id.setter @@ -1546,9 +1355,6 @@ def user_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="userName") def user_name(self) -> pulumi.Input[str]: - """ - The user name of the user defined in the identity provider - """ return pulumi.get(self, "user_name") @user_name.setter @@ -1561,10 +1367,6 @@ class UserInitialPasswordArgs: def __init__(__self__, *, value: pulumi.Input[str], temporary: Optional[pulumi.Input[bool]] = None): - """ - :param pulumi.Input[str] value: The initial password. - :param pulumi.Input[bool] temporary: If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - """ pulumi.set(__self__, "value", value) if temporary is not None: pulumi.set(__self__, "temporary", temporary) @@ -1572,9 +1374,6 @@ def __init__(__self__, *, @property @pulumi.getter def value(self) -> pulumi.Input[str]: - """ - The initial password. - """ return pulumi.get(self, "value") @value.setter @@ -1584,9 +1383,6 @@ def value(self, value: pulumi.Input[str]): @property @pulumi.getter def temporary(self) -> Optional[pulumi.Input[bool]]: - """ - If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - """ return pulumi.get(self, "temporary") @temporary.setter diff --git a/sdk/python/pulumi_keycloak/attribute_importer_identity_provider_mapper.py b/sdk/python/pulumi_keycloak/attribute_importer_identity_provider_mapper.py index b8cdd193..f0e6e059 100644 --- a/sdk/python/pulumi_keycloak/attribute_importer_identity_provider_mapper.py +++ b/sdk/python/pulumi_keycloak/attribute_importer_identity_provider_mapper.py @@ -24,14 +24,13 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a AttributeImporterIdentityProviderMapper resource. - :param pulumi.Input[str] identity_provider_alias: The alias of the associated identity provider. - :param pulumi.Input[str] realm: The name of the realm. - :param pulumi.Input[str] user_attribute: The user attribute or property name to store the mapped result. - :param pulumi.Input[str] attribute_friendly_name: For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. - :param pulumi.Input[str] attribute_name: For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. - :param pulumi.Input[str] claim_name: For OIDC based providers, this is the name of the claim to use. - :param pulumi.Input[Mapping[str, Any]] extra_config: Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - :param pulumi.Input[str] name: The name of the mapper. + :param pulumi.Input[str] identity_provider_alias: IDP Alias + :param pulumi.Input[str] realm: Realm Name + :param pulumi.Input[str] user_attribute: User Attribute + :param pulumi.Input[str] attribute_friendly_name: Attribute Friendly Name + :param pulumi.Input[str] attribute_name: Attribute Name + :param pulumi.Input[str] claim_name: Claim Name + :param pulumi.Input[str] name: IDP Mapper Name """ pulumi.set(__self__, "identity_provider_alias", identity_provider_alias) pulumi.set(__self__, "realm", realm) @@ -51,7 +50,7 @@ def __init__(__self__, *, @pulumi.getter(name="identityProviderAlias") def identity_provider_alias(self) -> pulumi.Input[str]: """ - The alias of the associated identity provider. + IDP Alias """ return pulumi.get(self, "identity_provider_alias") @@ -63,7 +62,7 @@ def identity_provider_alias(self, value: pulumi.Input[str]): @pulumi.getter def realm(self) -> pulumi.Input[str]: """ - The name of the realm. + Realm Name """ return pulumi.get(self, "realm") @@ -75,7 +74,7 @@ def realm(self, value: pulumi.Input[str]): @pulumi.getter(name="userAttribute") def user_attribute(self) -> pulumi.Input[str]: """ - The user attribute or property name to store the mapped result. + User Attribute """ return pulumi.get(self, "user_attribute") @@ -87,7 +86,7 @@ def user_attribute(self, value: pulumi.Input[str]): @pulumi.getter(name="attributeFriendlyName") def attribute_friendly_name(self) -> Optional[pulumi.Input[str]]: """ - For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + Attribute Friendly Name """ return pulumi.get(self, "attribute_friendly_name") @@ -99,7 +98,7 @@ def attribute_friendly_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="attributeName") def attribute_name(self) -> Optional[pulumi.Input[str]]: """ - For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + Attribute Name """ return pulumi.get(self, "attribute_name") @@ -111,7 +110,7 @@ def attribute_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="claimName") def claim_name(self) -> Optional[pulumi.Input[str]]: """ - For OIDC based providers, this is the name of the claim to use. + Claim Name """ return pulumi.get(self, "claim_name") @@ -122,9 +121,6 @@ def claim_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="extraConfig") def extra_config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - """ return pulumi.get(self, "extra_config") @extra_config.setter @@ -135,7 +131,7 @@ def extra_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The name of the mapper. + IDP Mapper Name """ return pulumi.get(self, "name") @@ -157,14 +153,13 @@ def __init__(__self__, *, user_attribute: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering AttributeImporterIdentityProviderMapper resources. - :param pulumi.Input[str] attribute_friendly_name: For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. - :param pulumi.Input[str] attribute_name: For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. - :param pulumi.Input[str] claim_name: For OIDC based providers, this is the name of the claim to use. - :param pulumi.Input[Mapping[str, Any]] extra_config: Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - :param pulumi.Input[str] identity_provider_alias: The alias of the associated identity provider. - :param pulumi.Input[str] name: The name of the mapper. - :param pulumi.Input[str] realm: The name of the realm. - :param pulumi.Input[str] user_attribute: The user attribute or property name to store the mapped result. + :param pulumi.Input[str] attribute_friendly_name: Attribute Friendly Name + :param pulumi.Input[str] attribute_name: Attribute Name + :param pulumi.Input[str] claim_name: Claim Name + :param pulumi.Input[str] identity_provider_alias: IDP Alias + :param pulumi.Input[str] name: IDP Mapper Name + :param pulumi.Input[str] realm: Realm Name + :param pulumi.Input[str] user_attribute: User Attribute """ if attribute_friendly_name is not None: pulumi.set(__self__, "attribute_friendly_name", attribute_friendly_name) @@ -187,7 +182,7 @@ def __init__(__self__, *, @pulumi.getter(name="attributeFriendlyName") def attribute_friendly_name(self) -> Optional[pulumi.Input[str]]: """ - For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + Attribute Friendly Name """ return pulumi.get(self, "attribute_friendly_name") @@ -199,7 +194,7 @@ def attribute_friendly_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="attributeName") def attribute_name(self) -> Optional[pulumi.Input[str]]: """ - For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + Attribute Name """ return pulumi.get(self, "attribute_name") @@ -211,7 +206,7 @@ def attribute_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="claimName") def claim_name(self) -> Optional[pulumi.Input[str]]: """ - For OIDC based providers, this is the name of the claim to use. + Claim Name """ return pulumi.get(self, "claim_name") @@ -222,9 +217,6 @@ def claim_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="extraConfig") def extra_config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - """ return pulumi.get(self, "extra_config") @extra_config.setter @@ -235,7 +227,7 @@ def extra_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter(name="identityProviderAlias") def identity_provider_alias(self) -> Optional[pulumi.Input[str]]: """ - The alias of the associated identity provider. + IDP Alias """ return pulumi.get(self, "identity_provider_alias") @@ -247,7 +239,7 @@ def identity_provider_alias(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The name of the mapper. + IDP Mapper Name """ return pulumi.get(self, "name") @@ -259,7 +251,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def realm(self) -> Optional[pulumi.Input[str]]: """ - The name of the realm. + Realm Name """ return pulumi.get(self, "realm") @@ -271,7 +263,7 @@ def realm(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="userAttribute") def user_attribute(self) -> Optional[pulumi.Input[str]]: """ - The user attribute or property name to store the mapped result. + User Attribute """ return pulumi.get(self, "user_attribute") @@ -295,66 +287,53 @@ def __init__(__self__, user_attribute: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing an attribute importer identity provider mapper within Keycloak. - - The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user: - - For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user. - - For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user. - - For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user. + ## # AttributeImporterIdentityProviderMapper - > If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper. + Allows to create and manage identity provider mappers within Keycloak. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak - realm = keycloak.Realm("realm", + test_mapper = keycloak.AttributeImporterIdentityProviderMapper("testMapper", + attribute_name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", + identity_provider_alias="idp_alias", realm="my-realm", - enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", - realm=realm.id, - alias="oidc", - authorization_url="https://example.com/auth", - token_url="https://example.com/token", - client_id="example_id", - client_secret="example_token", - default_scopes="openid random profile") - oidc_attribute_importer_identity_provider_mapper = keycloak.AttributeImporterIdentityProviderMapper("oidcAttributeImporterIdentityProviderMapper", - realm=realm.id, - claim_name="my-email-claim", - identity_provider_alias=oidc_identity_provider.alias, - user_attribute="email", - extra_config={ - "syncMode": "INHERIT", - }) + user_attribute="lastName") ``` + - ## Import + ### Argument Reference - Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + - `realm` - (Required) The name of the realm. + - `name` - (Required) The name of the mapper. + - `identity_provider_alias` - (Required) The alias of the associated identity provider. + - `user_attribute` - (Required) The user attribute name to store SAML attribute. + - `attribute_name` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead. + - `attribute_friendly_name` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead. + - `claim_name` - (Optional) The claim name. - Example: + ### Import - bash + Identity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. - ```sh - $ pulumi import keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] attribute_friendly_name: For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. - :param pulumi.Input[str] attribute_name: For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. - :param pulumi.Input[str] claim_name: For OIDC based providers, this is the name of the claim to use. - :param pulumi.Input[Mapping[str, Any]] extra_config: Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - :param pulumi.Input[str] identity_provider_alias: The alias of the associated identity provider. - :param pulumi.Input[str] name: The name of the mapper. - :param pulumi.Input[str] realm: The name of the realm. - :param pulumi.Input[str] user_attribute: The user attribute or property name to store the mapped result. + :param pulumi.Input[str] attribute_friendly_name: Attribute Friendly Name + :param pulumi.Input[str] attribute_name: Attribute Name + :param pulumi.Input[str] claim_name: Claim Name + :param pulumi.Input[str] identity_provider_alias: IDP Alias + :param pulumi.Input[str] name: IDP Mapper Name + :param pulumi.Input[str] realm: Realm Name + :param pulumi.Input[str] user_attribute: User Attribute """ ... @overload @@ -363,55 +342,43 @@ def __init__(__self__, args: AttributeImporterIdentityProviderMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing an attribute importer identity provider mapper within Keycloak. - - The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user: - - For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user. - - For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user. - - For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user. + ## # AttributeImporterIdentityProviderMapper - > If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper. + Allows to create and manage identity provider mappers within Keycloak. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak - realm = keycloak.Realm("realm", + test_mapper = keycloak.AttributeImporterIdentityProviderMapper("testMapper", + attribute_name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", + identity_provider_alias="idp_alias", realm="my-realm", - enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", - realm=realm.id, - alias="oidc", - authorization_url="https://example.com/auth", - token_url="https://example.com/token", - client_id="example_id", - client_secret="example_token", - default_scopes="openid random profile") - oidc_attribute_importer_identity_provider_mapper = keycloak.AttributeImporterIdentityProviderMapper("oidcAttributeImporterIdentityProviderMapper", - realm=realm.id, - claim_name="my-email-claim", - identity_provider_alias=oidc_identity_provider.alias, - user_attribute="email", - extra_config={ - "syncMode": "INHERIT", - }) + user_attribute="lastName") ``` + - ## Import + ### Argument Reference - Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + - `realm` - (Required) The name of the realm. + - `name` - (Required) The name of the mapper. + - `identity_provider_alias` - (Required) The alias of the associated identity provider. + - `user_attribute` - (Required) The user attribute name to store SAML attribute. + - `attribute_name` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead. + - `attribute_friendly_name` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead. + - `claim_name` - (Optional) The claim name. - Example: + ### Import - bash + Identity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak + assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. - ```sh - $ pulumi import keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b - ``` + Example: :param str resource_name: The name of the resource. :param AttributeImporterIdentityProviderMapperArgs args: The arguments to use to populate this resource's properties. @@ -484,14 +451,13 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] attribute_friendly_name: For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. - :param pulumi.Input[str] attribute_name: For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. - :param pulumi.Input[str] claim_name: For OIDC based providers, this is the name of the claim to use. - :param pulumi.Input[Mapping[str, Any]] extra_config: Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - :param pulumi.Input[str] identity_provider_alias: The alias of the associated identity provider. - :param pulumi.Input[str] name: The name of the mapper. - :param pulumi.Input[str] realm: The name of the realm. - :param pulumi.Input[str] user_attribute: The user attribute or property name to store the mapped result. + :param pulumi.Input[str] attribute_friendly_name: Attribute Friendly Name + :param pulumi.Input[str] attribute_name: Attribute Name + :param pulumi.Input[str] claim_name: Claim Name + :param pulumi.Input[str] identity_provider_alias: IDP Alias + :param pulumi.Input[str] name: IDP Mapper Name + :param pulumi.Input[str] realm: Realm Name + :param pulumi.Input[str] user_attribute: User Attribute """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -511,7 +477,7 @@ def get(resource_name: str, @pulumi.getter(name="attributeFriendlyName") def attribute_friendly_name(self) -> pulumi.Output[Optional[str]]: """ - For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`. + Attribute Friendly Name """ return pulumi.get(self, "attribute_friendly_name") @@ -519,7 +485,7 @@ def attribute_friendly_name(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="attributeName") def attribute_name(self) -> pulumi.Output[Optional[str]]: """ - For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`. + Attribute Name """ return pulumi.get(self, "attribute_name") @@ -527,23 +493,20 @@ def attribute_name(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Output[Optional[str]]: """ - For OIDC based providers, this is the name of the claim to use. + Claim Name """ return pulumi.get(self, "claim_name") @property @pulumi.getter(name="extraConfig") def extra_config(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: - """ - Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. - """ return pulumi.get(self, "extra_config") @property @pulumi.getter(name="identityProviderAlias") def identity_provider_alias(self) -> pulumi.Output[str]: """ - The alias of the associated identity provider. + IDP Alias """ return pulumi.get(self, "identity_provider_alias") @@ -551,7 +514,7 @@ def identity_provider_alias(self) -> pulumi.Output[str]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The name of the mapper. + IDP Mapper Name """ return pulumi.get(self, "name") @@ -559,7 +522,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter def realm(self) -> pulumi.Output[str]: """ - The name of the realm. + Realm Name """ return pulumi.get(self, "realm") @@ -567,7 +530,7 @@ def realm(self) -> pulumi.Output[str]: @pulumi.getter(name="userAttribute") def user_attribute(self) -> pulumi.Output[str]: """ - The user attribute or property name to store the mapped result. + User Attribute """ return pulumi.get(self, "user_attribute") diff --git a/sdk/python/pulumi_keycloak/attribute_to_role_identity_mapper.py b/sdk/python/pulumi_keycloak/attribute_to_role_identity_mapper.py index 455f9509..9dc72656 100644 --- a/sdk/python/pulumi_keycloak/attribute_to_role_identity_mapper.py +++ b/sdk/python/pulumi_keycloak/attribute_to_role_identity_mapper.py @@ -367,6 +367,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -395,16 +396,17 @@ def __init__(__self__, "syncMode": "INHERIT", }) ``` + ## Import Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak - assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b @@ -436,6 +438,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -464,16 +467,17 @@ def __init__(__self__, "syncMode": "INHERIT", }) ``` + ## Import Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak - assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/python/pulumi_keycloak/authentication/bindings.py b/sdk/python/pulumi_keycloak/authentication/bindings.py index 7db74166..4855dcc7 100644 --- a/sdk/python/pulumi_keycloak/authentication/bindings.py +++ b/sdk/python/pulumi_keycloak/authentication/bindings.py @@ -280,6 +280,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -307,6 +308,7 @@ def __init__(__self__, realm_id=realm.id, browser_flow=flow.alias) ``` + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -341,6 +343,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -368,6 +371,7 @@ def __init__(__self__, realm_id=realm.id, browser_flow=flow.alias) ``` + :param str resource_name: The name of the resource. :param BindingsArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_keycloak/authentication/execution.py b/sdk/python/pulumi_keycloak/authentication/execution.py index 09bd12aa..cc7a2d4c 100644 --- a/sdk/python/pulumi_keycloak/authentication/execution.py +++ b/sdk/python/pulumi_keycloak/authentication/execution.py @@ -172,6 +172,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -196,14 +197,15 @@ def __init__(__self__, requirement="ALTERNATIVE", opts=pulumi.ResourceOptions(depends_on=[execution_one])) ``` + ## Import Authentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 @@ -232,6 +234,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -256,14 +259,15 @@ def __init__(__self__, requirement="ALTERNATIVE", opts=pulumi.ResourceOptions(depends_on=[execution_one])) ``` + ## Import Authentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/python/pulumi_keycloak/authentication/execution_config.py b/sdk/python/pulumi_keycloak/authentication/execution_config.py index 2ee7c221..5d144847 100644 --- a/sdk/python/pulumi_keycloak/authentication/execution_config.py +++ b/sdk/python/pulumi_keycloak/authentication/execution_config.py @@ -167,6 +167,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -189,18 +190,19 @@ def __init__(__self__, "defaultProvider": "my-config-default-idp", }) ``` + ## Import Configurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`. - If the `authenticationExecutionId` is incorrect, the import will still be successful. + If the `authenticationExecutionId` is incorrect, the import will still be successful. - A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. + A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:authentication/executionConfig:ExecutionConfig config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 @@ -225,6 +227,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -247,18 +250,19 @@ def __init__(__self__, "defaultProvider": "my-config-default-idp", }) ``` + ## Import Configurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`. - If the `authenticationExecutionId` is incorrect, the import will still be successful. + If the `authenticationExecutionId` is incorrect, the import will still be successful. - A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. + A subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:authentication/executionConfig:ExecutionConfig config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17 diff --git a/sdk/python/pulumi_keycloak/authentication/flow.py b/sdk/python/pulumi_keycloak/authentication/flow.py index b96c5f22..e8c28db5 100644 --- a/sdk/python/pulumi_keycloak/authentication/flow.py +++ b/sdk/python/pulumi_keycloak/authentication/flow.py @@ -172,6 +172,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -188,22 +189,23 @@ def __init__(__self__, authenticator="identity-provider-redirector", requirement="REQUIRED") ``` + ## Import Authentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is - typically a GUID which is autogenerated when the flow is created via Keycloak. + typically a GUID which is autogenerated when the flow is created via Keycloak. - Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the + Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the - "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, + "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, - which will be a list of authentication flows. + which will be a list of authentication flows. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:authentication/flow:Flow flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1 @@ -231,6 +233,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -247,22 +250,23 @@ def __init__(__self__, authenticator="identity-provider-redirector", requirement="REQUIRED") ``` + ## Import Authentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is - typically a GUID which is autogenerated when the flow is created via Keycloak. + typically a GUID which is autogenerated when the flow is created via Keycloak. - Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the + Unfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the - "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, + "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`, - which will be a list of authentication flows. + which will be a list of authentication flows. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:authentication/flow:Flow flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1 diff --git a/sdk/python/pulumi_keycloak/authentication/subflow.py b/sdk/python/pulumi_keycloak/authentication/subflow.py index ebf9b7a1..cf3940a2 100644 --- a/sdk/python/pulumi_keycloak/authentication/subflow.py +++ b/sdk/python/pulumi_keycloak/authentication/subflow.py @@ -281,6 +281,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -298,24 +299,25 @@ def __init__(__self__, provider_id="basic-flow", requirement="ALTERNATIVE") ``` + ## Import Authentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`. - The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. + The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. - Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the + Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the - "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to + "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to - `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. + `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. - __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). + __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/"Parent Flow"/3bad1172-bb5c-4a77-9615-c2606eb03081 @@ -348,6 +350,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -365,24 +368,25 @@ def __init__(__self__, provider_id="basic-flow", requirement="ALTERNATIVE") ``` + ## Import Authentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`. - The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. + The authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak. - Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the + Unfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the - "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to + "Authentication" page in Keycloak, and use the network tab of your browser to view the response of the API call to - `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. + `/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be. - __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). + __The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field). - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/"Parent Flow"/3bad1172-bb5c-4a77-9615-c2606eb03081 diff --git a/sdk/python/pulumi_keycloak/custom_identity_provider_mapping.py b/sdk/python/pulumi_keycloak/custom_identity_provider_mapping.py index 019d7a62..a917dbd7 100644 --- a/sdk/python/pulumi_keycloak/custom_identity_provider_mapping.py +++ b/sdk/python/pulumi_keycloak/custom_identity_provider_mapping.py @@ -22,7 +22,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a CustomIdentityProviderMapping resource. :param pulumi.Input[str] identity_provider_alias: The alias of the associated identity provider. - :param pulumi.Input[str] identity_provider_mapper: The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + :param pulumi.Input[str] identity_provider_mapper: The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. :param pulumi.Input[str] realm: The name of the realm. :param pulumi.Input[Mapping[str, Any]] extra_config: Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. :param pulumi.Input[str] name: The name of the mapper. @@ -51,7 +51,7 @@ def identity_provider_alias(self, value: pulumi.Input[str]): @pulumi.getter(name="identityProviderMapper") def identity_provider_mapper(self) -> pulumi.Input[str]: """ - The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. """ return pulumi.get(self, "identity_provider_mapper") @@ -108,7 +108,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering CustomIdentityProviderMapping resources. :param pulumi.Input[Mapping[str, Any]] extra_config: Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. :param pulumi.Input[str] identity_provider_alias: The alias of the associated identity provider. - :param pulumi.Input[str] identity_provider_mapper: The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + :param pulumi.Input[str] identity_provider_mapper: The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. :param pulumi.Input[str] name: The name of the mapper. :param pulumi.Input[str] realm: The name of the realm. """ @@ -151,7 +151,7 @@ def identity_provider_alias(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="identityProviderMapper") def identity_provider_mapper(self) -> Optional[pulumi.Input[str]]: """ - The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. """ return pulumi.get(self, "identity_provider_mapper") @@ -198,6 +198,7 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -223,16 +224,17 @@ def __init__(__self__, "UserAttribute": "email", }) ``` + ## Import Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak - assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b @@ -242,7 +244,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[Mapping[str, Any]] extra_config: Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. :param pulumi.Input[str] identity_provider_alias: The alias of the associated identity provider. - :param pulumi.Input[str] identity_provider_mapper: The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + :param pulumi.Input[str] identity_provider_mapper: The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. :param pulumi.Input[str] name: The name of the mapper. :param pulumi.Input[str] realm: The name of the realm. """ @@ -255,6 +257,7 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -280,16 +283,17 @@ def __init__(__self__, "UserAttribute": "email", }) ``` + ## Import Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak - assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b @@ -359,7 +363,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[Mapping[str, Any]] extra_config: Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. :param pulumi.Input[str] identity_provider_alias: The alias of the associated identity provider. - :param pulumi.Input[str] identity_provider_mapper: The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + :param pulumi.Input[str] identity_provider_mapper: The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. :param pulumi.Input[str] name: The name of the mapper. :param pulumi.Input[str] realm: The name of the realm. """ @@ -394,7 +398,7 @@ def identity_provider_alias(self) -> pulumi.Output[str]: @pulumi.getter(name="identityProviderMapper") def identity_provider_mapper(self) -> pulumi.Output[str]: """ - The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id. + The type of the identity provider mapper. This can be a format string that includes a `%!s(MISSING)` - this will be replaced by the provider id. """ return pulumi.get(self, "identity_provider_mapper") diff --git a/sdk/python/pulumi_keycloak/custom_user_federation.py b/sdk/python/pulumi_keycloak/custom_user_federation.py index 943fa7f3..e2b6323c 100644 --- a/sdk/python/pulumi_keycloak/custom_user_federation.py +++ b/sdk/python/pulumi_keycloak/custom_user_federation.py @@ -26,16 +26,16 @@ def __init__(__self__, *, priority: Optional[pulumi.Input[int]] = None): """ The set of arguments for constructing a CustomUserFederation resource. - :param pulumi.Input[str] provider_id: The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. - :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. - :param pulumi.Input[str] cache_policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[Mapping[str, Any]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + :param pulumi.Input[str] provider_id: The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + interface + :param pulumi.Input[str] realm_id: The realm (name) this provider will provide user federation for. + :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + sync. + :param pulumi.Input[bool] enabled: When false, this provider will not be used when performing queries for users. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. - :param pulumi.Input[str] parent_id: Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. - :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + :param pulumi.Input[str] parent_id: The parent_id of the generated component. will use realm_id if not specified. + :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. """ pulumi.set(__self__, "provider_id", provider_id) pulumi.set(__self__, "realm_id", realm_id) @@ -60,7 +60,8 @@ def __init__(__self__, *, @pulumi.getter(name="providerId") def provider_id(self) -> pulumi.Input[str]: """ - The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + interface """ return pulumi.get(self, "provider_id") @@ -72,7 +73,7 @@ def provider_id(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm that this provider will provide user federation for. + The realm (name) this provider will provide user federation for. """ return pulumi.get(self, "realm_id") @@ -83,9 +84,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="cachePolicy") def cache_policy(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - """ return pulumi.get(self, "cache_policy") @cache_policy.setter @@ -96,7 +94,8 @@ def cache_policy(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="changedSyncPeriod") def changed_sync_period(self) -> Optional[pulumi.Input[int]]: """ - How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + sync. """ return pulumi.get(self, "changed_sync_period") @@ -107,9 +106,6 @@ def changed_sync_period(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter def config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - """ return pulumi.get(self, "config") @config.setter @@ -120,7 +116,7 @@ def config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + When false, this provider will not be used when performing queries for users. """ return pulumi.get(self, "enabled") @@ -156,7 +152,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="parentId") def parent_id(self) -> Optional[pulumi.Input[str]]: """ - Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + The parent_id of the generated component. will use realm_id if not specified. """ return pulumi.get(self, "parent_id") @@ -168,7 +164,7 @@ def parent_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def priority(self) -> Optional[pulumi.Input[int]]: """ - Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + Priority of this provider when looking up users. Lower values are first. """ return pulumi.get(self, "priority") @@ -192,16 +188,16 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering CustomUserFederation resources. - :param pulumi.Input[str] cache_policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[Mapping[str, Any]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + sync. + :param pulumi.Input[bool] enabled: When false, this provider will not be used when performing queries for users. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. - :param pulumi.Input[str] parent_id: Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. - :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. Defaults to `0`. - :param pulumi.Input[str] provider_id: The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. - :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. + :param pulumi.Input[str] parent_id: The parent_id of the generated component. will use realm_id if not specified. + :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. + :param pulumi.Input[str] provider_id: The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + interface + :param pulumi.Input[str] realm_id: The realm (name) this provider will provide user federation for. """ if cache_policy is not None: pulumi.set(__self__, "cache_policy", cache_policy) @@ -227,9 +223,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="cachePolicy") def cache_policy(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - """ return pulumi.get(self, "cache_policy") @cache_policy.setter @@ -240,7 +233,8 @@ def cache_policy(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="changedSyncPeriod") def changed_sync_period(self) -> Optional[pulumi.Input[int]]: """ - How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + sync. """ return pulumi.get(self, "changed_sync_period") @@ -251,9 +245,6 @@ def changed_sync_period(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter def config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - """ return pulumi.get(self, "config") @config.setter @@ -264,7 +255,7 @@ def config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + When false, this provider will not be used when performing queries for users. """ return pulumi.get(self, "enabled") @@ -300,7 +291,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="parentId") def parent_id(self) -> Optional[pulumi.Input[str]]: """ - Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + The parent_id of the generated component. will use realm_id if not specified. """ return pulumi.get(self, "parent_id") @@ -312,7 +303,7 @@ def parent_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def priority(self) -> Optional[pulumi.Input[int]]: """ - Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + Priority of this provider when looking up users. Lower values are first. """ return pulumi.get(self, "priority") @@ -324,7 +315,8 @@ def priority(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="providerId") def provider_id(self) -> Optional[pulumi.Input[str]]: """ - The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + interface """ return pulumi.get(self, "provider_id") @@ -336,7 +328,7 @@ def provider_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm that this provider will provide user federation for. + The realm (name) this provider will provide user federation for. """ return pulumi.get(self, "realm_id") @@ -362,55 +354,59 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # CustomUserFederation + Allows for creating and managing custom user federation providers within Keycloak. - A custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). + A custom user federation provider is an implementation of Keycloak's + [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). An example of this implementation can be found here. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="test", - enabled=True) + enabled=True, + realm="test") custom_user_federation = keycloak.CustomUserFederation("customUserFederation", - realm_id=realm.id, - provider_id="custom", enabled=True, - config={ - "dummyString": "foobar", - "dummyBool": True, - "multivalue": "value1##value2", - }) + provider_id="custom", + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + The following arguments are supported: - The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: + - `realm_id` - (Required) The realm that this provider will provide user federation for. + - `name` - (Required) Display name of the provider when displayed in the console. + - `provider_id` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + - `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - bash + ### Import - ```sh - $ pulumi import keycloak:index/customUserFederation:CustomUserFederation custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - ``` + Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] cache_policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[Mapping[str, Any]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + sync. + :param pulumi.Input[bool] enabled: When false, this provider will not be used when performing queries for users. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. - :param pulumi.Input[str] parent_id: Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. - :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. Defaults to `0`. - :param pulumi.Input[str] provider_id: The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. - :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. + :param pulumi.Input[str] parent_id: The parent_id of the generated component. will use realm_id if not specified. + :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. + :param pulumi.Input[str] provider_id: The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + interface + :param pulumi.Input[str] realm_id: The realm (name) this provider will provide user federation for. """ ... @overload @@ -419,42 +415,46 @@ def __init__(__self__, args: CustomUserFederationArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # CustomUserFederation + Allows for creating and managing custom user federation providers within Keycloak. - A custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). + A custom user federation provider is an implementation of Keycloak's + [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi). An example of this implementation can be found here. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="test", - enabled=True) + enabled=True, + realm="test") custom_user_federation = keycloak.CustomUserFederation("customUserFederation", - realm_id=realm.id, - provider_id="custom", enabled=True, - config={ - "dummyString": "foobar", - "dummyBool": True, - "multivalue": "value1##value2", - }) + provider_id="custom", + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + The following arguments are supported: - The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: + - `realm_id` - (Required) The realm that this provider will provide user federation for. + - `name` - (Required) Display name of the provider when displayed in the console. + - `provider_id` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + - `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - bash + ### Import - ```sh - $ pulumi import keycloak:index/customUserFederation:CustomUserFederation custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - ``` + Custom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`. + The ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID: :param str resource_name: The name of the resource. :param CustomUserFederationArgs args: The arguments to use to populate this resource's properties. @@ -531,16 +531,16 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] cache_policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[Mapping[str, Any]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + sync. + :param pulumi.Input[bool] enabled: When false, this provider will not be used when performing queries for users. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. - :param pulumi.Input[str] parent_id: Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. - :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. Defaults to `0`. - :param pulumi.Input[str] provider_id: The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. - :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. + :param pulumi.Input[str] parent_id: The parent_id of the generated component. will use realm_id if not specified. + :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. + :param pulumi.Input[str] provider_id: The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + interface + :param pulumi.Input[str] realm_id: The realm (name) this provider will provide user federation for. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -561,32 +561,27 @@ def get(resource_name: str, @property @pulumi.getter(name="cachePolicy") def cache_policy(self) -> pulumi.Output[Optional[str]]: - """ - Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - """ return pulumi.get(self, "cache_policy") @property @pulumi.getter(name="changedSyncPeriod") def changed_sync_period(self) -> pulumi.Output[Optional[int]]: """ - How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. + How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users + sync. """ return pulumi.get(self, "changed_sync_period") @property @pulumi.getter def config(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: - """ - The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. - """ return pulumi.get(self, "config") @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: """ - When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + When false, this provider will not be used when performing queries for users. """ return pulumi.get(self, "enabled") @@ -610,7 +605,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="parentId") def parent_id(self) -> pulumi.Output[str]: """ - Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. + The parent_id of the generated component. will use realm_id if not specified. """ return pulumi.get(self, "parent_id") @@ -618,7 +613,7 @@ def parent_id(self) -> pulumi.Output[str]: @pulumi.getter def priority(self) -> pulumi.Output[Optional[int]]: """ - Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + Priority of this provider when looking up users. Lower values are first. """ return pulumi.get(self, "priority") @@ -626,7 +621,8 @@ def priority(self) -> pulumi.Output[Optional[int]]: @pulumi.getter(name="providerId") def provider_id(self) -> pulumi.Output[str]: """ - The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface. + The unique ID of the custom provider, specified in the `getId` implementation for the UserStorageProviderFactory + interface """ return pulumi.get(self, "provider_id") @@ -634,7 +630,7 @@ def provider_id(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm that this provider will provide user federation for. + The realm (name) this provider will provide user federation for. """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/default_groups.py b/sdk/python/pulumi_keycloak/default_groups.py index c19f27c8..ec770857 100644 --- a/sdk/python/pulumi_keycloak/default_groups.py +++ b/sdk/python/pulumi_keycloak/default_groups.py @@ -18,8 +18,6 @@ def __init__(__self__, *, realm_id: pulumi.Input[str]): """ The set of arguments for constructing a DefaultGroups resource. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_ids: A set of group ids that should be default groups on the realm referenced by `realm_id`. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ pulumi.set(__self__, "group_ids", group_ids) pulumi.set(__self__, "realm_id", realm_id) @@ -27,9 +25,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="groupIds") def group_ids(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: - """ - A set of group ids that should be default groups on the realm referenced by `realm_id`. - """ return pulumi.get(self, "group_ids") @group_ids.setter @@ -39,9 +34,6 @@ def group_ids(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -56,8 +48,6 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering DefaultGroups resources. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_ids: A set of group ids that should be default groups on the realm referenced by `realm_id`. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ if group_ids is not None: pulumi.set(__self__, "group_ids", group_ids) @@ -67,9 +57,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="groupIds") def group_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A set of group ids that should be default groups on the realm referenced by `realm_id`. - """ return pulumi.get(self, "group_ids") @group_ids.setter @@ -79,9 +66,6 @@ def group_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -98,41 +82,45 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # DefaultGroups + Allows for managing a realm's default groups. - > You should not use `DefaultGroups` with a group whose members are managed by `GroupMemberships`. + Note that you should not use `DefaultGroups` with a group with memberships managed + by `GroupMemberships`. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") group = keycloak.Group("group", realm_id=realm.id) default = keycloak.DefaultGroups("default", - realm_id=realm.id, - group_ids=[group.id]) + group_ids=[group.id], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Default groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this group exists in. + - `group_ids` - (Required) A set of group ids that should be default groups on the realm referenced by `realm_id`. - bash + ### Import - ```sh - $ pulumi import keycloak:index/defaultGroups:DefaultGroups default my-realm - ``` + Groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_ids: A set of group ids that should be default groups on the realm referenced by `realm_id`. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ ... @overload @@ -141,36 +129,42 @@ def __init__(__self__, args: DefaultGroupsArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # DefaultGroups + Allows for managing a realm's default groups. - > You should not use `DefaultGroups` with a group whose members are managed by `GroupMemberships`. + Note that you should not use `DefaultGroups` with a group with memberships managed + by `GroupMemberships`. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") group = keycloak.Group("group", realm_id=realm.id) default = keycloak.DefaultGroups("default", - realm_id=realm.id, - group_ids=[group.id]) + group_ids=[group.id], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Default groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this group exists in. + - `group_ids` - (Required) A set of group ids that should be default groups on the realm referenced by `realm_id`. - bash + ### Import - ```sh - $ pulumi import keycloak:index/defaultGroups:DefaultGroups default my-realm - ``` + Groups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in. + + Example: :param str resource_name: The name of the resource. :param DefaultGroupsArgs args: The arguments to use to populate this resource's properties. @@ -223,8 +217,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_ids: A set of group ids that should be default groups on the realm referenced by `realm_id`. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -237,16 +229,10 @@ def get(resource_name: str, @property @pulumi.getter(name="groupIds") def group_ids(self) -> pulumi.Output[Sequence[str]]: - """ - A set of group ids that should be default groups on the realm referenced by `realm_id`. - """ return pulumi.get(self, "group_ids") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/default_roles.py b/sdk/python/pulumi_keycloak/default_roles.py index c0e0e3c5..eaccce79 100644 --- a/sdk/python/pulumi_keycloak/default_roles.py +++ b/sdk/python/pulumi_keycloak/default_roles.py @@ -103,8 +103,10 @@ def __init__(__self__, Note: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak. ## Example Usage + ### Realm Role) + ```python import pulumi import pulumi_keycloak as keycloak @@ -116,18 +118,19 @@ def __init__(__self__, realm_id=realm.id, default_roles=["uma_authorization"]) ``` + ## Import Default roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite - role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing + role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing - the default roles. + the default roles. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d @@ -150,8 +153,10 @@ def __init__(__self__, Note: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak. ## Example Usage + ### Realm Role) + ```python import pulumi import pulumi_keycloak as keycloak @@ -163,18 +168,19 @@ def __init__(__self__, realm_id=realm.id, default_roles=["uma_authorization"]) ``` + ## Import Default roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite - role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing + role that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing - the default roles. + the default roles. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d diff --git a/sdk/python/pulumi_keycloak/generic_client_protocol_mapper.py b/sdk/python/pulumi_keycloak/generic_client_protocol_mapper.py index 82393d2f..49248b65 100644 --- a/sdk/python/pulumi_keycloak/generic_client_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/generic_client_protocol_mapper.py @@ -23,13 +23,12 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a GenericClientProtocolMapper resource. - :param pulumi.Input[Mapping[str, Any]] config: A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - :param pulumi.Input[str] protocol: The type of client (either `openid-connect` or `saml`). The type must match the type of the client. - :param pulumi.Input[str] protocol_mapper: The name of the protocol mapper. The protocol mapper must be compatible with the specified client. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] client_id: The client this protocol mapper is attached to. + :param pulumi.Input[str] protocol: The protocol of the client (openid-connect / saml). + :param pulumi.Input[str] protocol_mapper: The type of the protocol mapper. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. """ pulumi.set(__self__, "config", config) pulumi.set(__self__, "protocol", protocol) @@ -45,9 +44,6 @@ def __init__(__self__, *, @property @pulumi.getter def config(self) -> pulumi.Input[Mapping[str, Any]]: - """ - A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - """ return pulumi.get(self, "config") @config.setter @@ -58,7 +54,7 @@ def config(self, value: pulumi.Input[Mapping[str, Any]]): @pulumi.getter def protocol(self) -> pulumi.Input[str]: """ - The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + The protocol of the client (openid-connect / saml). """ return pulumi.get(self, "protocol") @@ -70,7 +66,7 @@ def protocol(self, value: pulumi.Input[str]): @pulumi.getter(name="protocolMapper") def protocol_mapper(self) -> pulumi.Input[str]: """ - The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + The type of the protocol mapper. """ return pulumi.get(self, "protocol_mapper") @@ -82,7 +78,7 @@ def protocol_mapper(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -94,7 +90,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper is attached to. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -118,7 +114,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -139,13 +135,12 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering GenericClientProtocolMapper resources. - :param pulumi.Input[str] client_id: The client this protocol mapper is attached to. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. - :param pulumi.Input[Mapping[str, Any]] config: A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] protocol: The type of client (either `openid-connect` or `saml`). The type must match the type of the client. - :param pulumi.Input[str] protocol_mapper: The name of the protocol mapper. The protocol mapper must be compatible with the specified client. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] protocol: The protocol of the client (openid-connect / saml). + :param pulumi.Input[str] protocol_mapper: The type of the protocol mapper. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ if client_id is not None: pulumi.set(__self__, "client_id", client_id) @@ -166,7 +161,7 @@ def __init__(__self__, *, @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper is attached to. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -189,9 +184,6 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - """ return pulumi.get(self, "config") @config.setter @@ -202,7 +194,7 @@ def config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -214,7 +206,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def protocol(self) -> Optional[pulumi.Input[str]]: """ - The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + The protocol of the client (openid-connect / saml). """ return pulumi.get(self, "protocol") @@ -226,7 +218,7 @@ def protocol(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="protocolMapper") def protocol_mapper(self) -> Optional[pulumi.Input[str]]: """ - The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + The type of the protocol mapper. """ return pulumi.get(self, "protocol_mapper") @@ -238,7 +230,7 @@ def protocol_mapper(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -261,9 +253,9 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ - !> **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `GenericProtocolMapper` instead. + ## # GenericClientProtocolMapper - Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. + Allows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak. There are two uses cases for using this resource: * If you implemented a custom protocol mapper, this resource can be used to configure it @@ -272,52 +264,59 @@ def __init__(__self__, Due to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. Therefore, if possible, a specific mapper should be used. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="test-client") + client_id="test-client", + realm_id=realm.id) saml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", - realm_id=realm.id, client_id=saml_client.id, - protocol="saml", - protocol_mapper="saml-hardcode-attribute-mapper", config={ "attribute.name": "name", "attribute.nameformat": "Basic", "attribute.value": "value", "friendly.name": "display name", - }) + }, + protocol="saml", + protocol_mapper="saml-hardcode-attribute-mapper", + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required) The client this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + - `protocol_mapper` - (Required) The name of the protocol mapper. The protocol mapper must be + compatible with the specified client. + - `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - bash + ### Import - ```sh - $ pulumi import keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The client this protocol mapper is attached to. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. - :param pulumi.Input[Mapping[str, Any]] config: A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] protocol: The type of client (either `openid-connect` or `saml`). The type must match the type of the client. - :param pulumi.Input[str] protocol_mapper: The name of the protocol mapper. The protocol mapper must be compatible with the specified client. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] protocol: The protocol of the client (openid-connect / saml). + :param pulumi.Input[str] protocol_mapper: The type of the protocol mapper. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ ... @overload @@ -326,9 +325,9 @@ def __init__(__self__, args: GenericClientProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - !> **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `GenericProtocolMapper` instead. + ## # GenericClientProtocolMapper - Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. + Allows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak. There are two uses cases for using this resource: * If you implemented a custom protocol mapper, this resource can be used to configure it @@ -337,42 +336,50 @@ def __init__(__self__, Due to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. Therefore, if possible, a specific mapper should be used. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="test-client") + client_id="test-client", + realm_id=realm.id) saml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", - realm_id=realm.id, client_id=saml_client.id, - protocol="saml", - protocol_mapper="saml-hardcode-attribute-mapper", config={ "attribute.name": "name", "attribute.nameformat": "Basic", "attribute.value": "value", "friendly.name": "display name", - }) + }, + protocol="saml", + protocol_mapper="saml-hardcode-attribute-mapper", + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required) The client this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + - `protocol_mapper` - (Required) The name of the protocol mapper. The protocol mapper must be + compatible with the specified client. + - `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - bash + ### Import - ```sh - $ pulumi import keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + + Example: :param str resource_name: The name of the resource. :param GenericClientProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -444,13 +451,12 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The client this protocol mapper is attached to. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. - :param pulumi.Input[Mapping[str, Any]] config: A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] protocol: The type of client (either `openid-connect` or `saml`). The type must match the type of the client. - :param pulumi.Input[str] protocol_mapper: The name of the protocol mapper. The protocol mapper must be compatible with the specified client. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] protocol: The protocol of the client (openid-connect / saml). + :param pulumi.Input[str] protocol_mapper: The type of the protocol mapper. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -469,7 +475,7 @@ def get(resource_name: str, @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper is attached to. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -484,16 +490,13 @@ def client_scope_id(self) -> pulumi.Output[Optional[str]]: @property @pulumi.getter def config(self) -> pulumi.Output[Mapping[str, Any]]: - """ - A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper. - """ return pulumi.get(self, "config") @property @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -501,7 +504,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter def protocol(self) -> pulumi.Output[str]: """ - The type of client (either `openid-connect` or `saml`). The type must match the type of the client. + The protocol of the client (openid-connect / saml). """ return pulumi.get(self, "protocol") @@ -509,7 +512,7 @@ def protocol(self) -> pulumi.Output[str]: @pulumi.getter(name="protocolMapper") def protocol_mapper(self) -> pulumi.Output[str]: """ - The name of the protocol mapper. The protocol mapper must be compatible with the specified client. + The type of the protocol mapper. """ return pulumi.get(self, "protocol_mapper") @@ -517,7 +520,7 @@ def protocol_mapper(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/generic_client_role_mapper.py b/sdk/python/pulumi_keycloak/generic_client_role_mapper.py index fd3af033..014324a3 100644 --- a/sdk/python/pulumi_keycloak/generic_client_role_mapper.py +++ b/sdk/python/pulumi_keycloak/generic_client_role_mapper.py @@ -173,8 +173,10 @@ def __init__(__self__, inside an access token for a client. ## Example Usage + ### Realm Role To Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -195,8 +197,11 @@ def __init__(__self__, client_id=client.id, role_id=realm_role.id) ``` + + ### Client Role To Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -228,8 +233,11 @@ def __init__(__self__, client_id=client_b.id, role_id=client_role_a.id) ``` + + ### Realm Role To Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -246,8 +254,11 @@ def __init__(__self__, client_scope_id=client_scope.id, role_id=realm_role.id) ``` + + ### Client Role To Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -270,18 +281,19 @@ def __init__(__self__, client_scope_id=client_scope.id, role_id=client_role.id) ``` + ## Import Generic client role mappers can be imported using one of the following two formats: - - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` - - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 @@ -310,8 +322,10 @@ def __init__(__self__, inside an access token for a client. ## Example Usage + ### Realm Role To Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -332,8 +346,11 @@ def __init__(__self__, client_id=client.id, role_id=realm_role.id) ``` + + ### Client Role To Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -365,8 +382,11 @@ def __init__(__self__, client_id=client_b.id, role_id=client_role_a.id) ``` + + ### Realm Role To Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -383,8 +403,11 @@ def __init__(__self__, client_scope_id=client_scope.id, role_id=realm_role.id) ``` + + ### Client Role To Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -407,18 +430,19 @@ def __init__(__self__, client_scope_id=client_scope.id, role_id=client_role.id) ``` + ## Import Generic client role mappers can be imported using one of the following two formats: - - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` - - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/python/pulumi_keycloak/generic_protocol_mapper.py b/sdk/python/pulumi_keycloak/generic_protocol_mapper.py index f2f6a9e3..6d87d412 100644 --- a/sdk/python/pulumi_keycloak/generic_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/generic_protocol_mapper.py @@ -272,6 +272,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -294,14 +295,15 @@ def __init__(__self__, "friendly.name": "display name", }) ``` + ## Import Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 @@ -335,6 +337,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -357,14 +360,15 @@ def __init__(__self__, "friendly.name": "display name", }) ``` + ## Import Protocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/python/pulumi_keycloak/generic_role_mapper.py b/sdk/python/pulumi_keycloak/generic_role_mapper.py index 8f05b13e..9dd75e26 100644 --- a/sdk/python/pulumi_keycloak/generic_role_mapper.py +++ b/sdk/python/pulumi_keycloak/generic_role_mapper.py @@ -171,8 +171,10 @@ def __init__(__self__, inside an access token for a client. ## Example Usage + ### Realm Role To Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -193,8 +195,11 @@ def __init__(__self__, client_id=client.id, role_id=realm_role.id) ``` + + ### Client Role To Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -226,8 +231,11 @@ def __init__(__self__, client_id=client_b.id, role_id=client_role_a.id) ``` + + ### Realm Role To Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -244,8 +252,11 @@ def __init__(__self__, client_scope_id=client_scope.id, role_id=realm_role.id) ``` + + ### Client Role To Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -268,18 +279,19 @@ def __init__(__self__, client_scope_id=client_scope.id, role_id=client_role.id) ``` + ## Import Generic client role mappers can be imported using one of the following two formats: - - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` - - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 @@ -306,8 +318,10 @@ def __init__(__self__, inside an access token for a client. ## Example Usage + ### Realm Role To Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -328,8 +342,11 @@ def __init__(__self__, client_id=client.id, role_id=realm_role.id) ``` + + ### Client Role To Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -361,8 +378,11 @@ def __init__(__self__, client_id=client_b.id, role_id=client_role_a.id) ``` + + ### Realm Role To Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -379,8 +399,11 @@ def __init__(__self__, client_scope_id=client_scope.id, role_id=realm_role.id) ``` + + ### Client Role To Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -403,18 +426,19 @@ def __init__(__self__, client_scope_id=client_scope.id, role_id=client_role.id) ``` + ## Import Generic client role mappers can be imported using one of the following two formats: - - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + - When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}` - - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` + - When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3 diff --git a/sdk/python/pulumi_keycloak/get_authentication_execution.py b/sdk/python/pulumi_keycloak/get_authentication_execution.py index 1b214927..3cf249fa 100644 --- a/sdk/python/pulumi_keycloak/get_authentication_execution.py +++ b/sdk/python/pulumi_keycloak/get_authentication_execution.py @@ -80,6 +80,7 @@ def get_authentication_execution(parent_flow_alias: Optional[str] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -91,6 +92,7 @@ def get_authentication_execution(parent_flow_alias: Optional[str] = None, parent_flow_alias="browser", provider_id="auth-cookie") ``` + :param str parent_flow_alias: The alias of the flow this execution is attached to. @@ -121,6 +123,7 @@ def get_authentication_execution_output(parent_flow_alias: Optional[pulumi.Input ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -132,6 +135,7 @@ def get_authentication_execution_output(parent_flow_alias: Optional[pulumi.Input parent_flow_alias="browser", provider_id="auth-cookie") ``` + :param str parent_flow_alias: The alias of the flow this execution is attached to. diff --git a/sdk/python/pulumi_keycloak/get_authentication_flow.py b/sdk/python/pulumi_keycloak/get_authentication_flow.py index b3b8bf34..3f84d9d3 100644 --- a/sdk/python/pulumi_keycloak/get_authentication_flow.py +++ b/sdk/python/pulumi_keycloak/get_authentication_flow.py @@ -70,6 +70,7 @@ def get_authentication_flow(alias: Optional[str] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -80,6 +81,7 @@ def get_authentication_flow(alias: Optional[str] = None, browser_auth_cookie = keycloak.get_authentication_flow_output(realm_id=realm.id, alias="browser") ``` + :param str alias: The alias of the flow. @@ -106,6 +108,7 @@ def get_authentication_flow_output(alias: Optional[pulumi.Input[str]] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -116,6 +119,7 @@ def get_authentication_flow_output(alias: Optional[pulumi.Input[str]] = None, browser_auth_cookie = keycloak.get_authentication_flow_output(realm_id=realm.id, alias="browser") ``` + :param str alias: The alias of the flow. diff --git a/sdk/python/pulumi_keycloak/get_client_description_converter.py b/sdk/python/pulumi_keycloak/get_client_description_converter.py index 3e6410bf..8b6b70f5 100644 --- a/sdk/python/pulumi_keycloak/get_client_description_converter.py +++ b/sdk/python/pulumi_keycloak/get_client_description_converter.py @@ -387,6 +387,7 @@ def get_client_description_converter(body: Optional[str] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -427,6 +428,7 @@ def get_client_description_converter(body: Optional[str] = None, realm_id=realm.id, client_id=saml_client_client_description_converter.client_id) ``` + :param str body: The body of the request to convert. @@ -489,6 +491,7 @@ def get_client_description_converter_output(body: Optional[pulumi.Input[str]] = ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -529,6 +532,7 @@ def get_client_description_converter_output(body: Optional[pulumi.Input[str]] = realm_id=realm.id, client_id=saml_client_client_description_converter.client_id) ``` + :param str body: The body of the request to convert. diff --git a/sdk/python/pulumi_keycloak/get_group.py b/sdk/python/pulumi_keycloak/get_group.py index ff084089..66cb1c0c 100644 --- a/sdk/python/pulumi_keycloak/get_group.py +++ b/sdk/python/pulumi_keycloak/get_group.py @@ -93,31 +93,10 @@ def get_group(name: Optional[str] = None, realm_id: Optional[str] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetGroupResult: """ + ## # Group data source + This data source can be used to fetch properties of a Keycloak group for usage with other resources, such as `GroupRoles`. - - ## Example Usage - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - offline_access = keycloak.get_role_output(realm_id=realm.id, - name="offline_access") - group = keycloak.get_group_output(realm_id=realm.id, - name="group") - group_roles = keycloak.GroupRoles("groupRoles", - realm_id=realm.id, - group_id=group.id, - role_ids=[offline_access.id]) - ``` - - - :param str name: The name of the group. If there are multiple groups match `name`, the first result will be returned. - :param str realm_id: The realm this group exists within. """ __args__ = dict() __args__['name'] = name @@ -139,30 +118,9 @@ def get_group_output(name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGroupResult]: """ + ## # Group data source + This data source can be used to fetch properties of a Keycloak group for usage with other resources, such as `GroupRoles`. - - ## Example Usage - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - offline_access = keycloak.get_role_output(realm_id=realm.id, - name="offline_access") - group = keycloak.get_group_output(realm_id=realm.id, - name="group") - group_roles = keycloak.GroupRoles("groupRoles", - realm_id=realm.id, - group_id=group.id, - role_ids=[offline_access.id]) - ``` - - - :param str name: The name of the group. If there are multiple groups match `name`, the first result will be returned. - :param str realm_id: The realm this group exists within. """ ... diff --git a/sdk/python/pulumi_keycloak/get_realm.py b/sdk/python/pulumi_keycloak/get_realm.py index 0d77c189..36572333 100644 --- a/sdk/python/pulumi_keycloak/get_realm.py +++ b/sdk/python/pulumi_keycloak/get_realm.py @@ -563,21 +563,32 @@ def get_realm(attributes: Optional[Mapping[str, Any]] = None, web_authn_policy: Optional[pulumi.InputType['GetRealmWebAuthnPolicyArgs']] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRealmResult: """ + ## # Realm data source + This data source can be used to fetch properties of a Keycloak realm for usage with other resources. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.get_realm(realm="my-realm") - group = keycloak.Role("group", realm_id=realm.id) + group = keycloak.Role("group", realm_id=data["keycloak_realm"]["id"]) ``` + + + ### Argument Reference + + The following arguments are supported: + + - `realm` - (Required) The realm name. + ### Attributes Reference - :param str realm: The realm name. + See the docs for the `Realm` resource for details on the exported attributes. """ __args__ = dict() __args__['attributes'] = attributes @@ -668,20 +679,31 @@ def get_realm_output(attributes: Optional[pulumi.Input[Optional[Mapping[str, Any web_authn_policy: Optional[pulumi.Input[Optional[pulumi.InputType['GetRealmWebAuthnPolicyArgs']]]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRealmResult]: """ + ## # Realm data source + This data source can be used to fetch properties of a Keycloak realm for usage with other resources. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.get_realm(realm="my-realm") - group = keycloak.Role("group", realm_id=realm.id) + group = keycloak.Role("group", realm_id=data["keycloak_realm"]["id"]) ``` + + + ### Argument Reference + + The following arguments are supported: + + - `realm` - (Required) The realm name. + ### Attributes Reference - :param str realm: The realm name. + See the docs for the `Realm` resource for details on the exported attributes. """ ... diff --git a/sdk/python/pulumi_keycloak/get_realm_keys.py b/sdk/python/pulumi_keycloak/get_realm_keys.py index 84d51afb..8451a269 100644 --- a/sdk/python/pulumi_keycloak/get_realm_keys.py +++ b/sdk/python/pulumi_keycloak/get_realm_keys.py @@ -55,9 +55,6 @@ def id(self) -> str: @property @pulumi.getter def keys(self) -> Sequence['outputs.GetRealmKeysKeyResult']: - """ - (Computed) A list of keys that match the filter criteria. Each key has the following attributes: - """ return pulumi.get(self, "keys") @property @@ -68,9 +65,6 @@ def realm_id(self) -> str: @property @pulumi.getter def statuses(self) -> Optional[Sequence[str]]: - """ - Key status (string) - """ return pulumi.get(self, "statuses") @@ -92,18 +86,15 @@ def get_realm_keys(algorithms: Optional[Sequence[str]] = None, statuses: Optional[Sequence[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRealmKeysResult: """ + ## # get_realm_keys data source + Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. Remarks: - A key must meet all filter criteria - - This data source may return more than one value. - - If no key matches the filter criteria, then an error will be returned. - - - :param Sequence[str] algorithms: When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - :param str realm_id: The realm from which the keys will be retrieved. - :param Sequence[str] statuses: When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. + - This datasource may return more than one value. + - If no key matches the filter criteria, then an error is returned. """ __args__ = dict() __args__['algorithms'] = algorithms @@ -126,17 +117,14 @@ def get_realm_keys_output(algorithms: Optional[pulumi.Input[Optional[Sequence[st statuses: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRealmKeysResult]: """ + ## # get_realm_keys data source + Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status. Remarks: - A key must meet all filter criteria - - This data source may return more than one value. - - If no key matches the filter criteria, then an error will be returned. - - - :param Sequence[str] algorithms: When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc. - :param str realm_id: The realm from which the keys will be retrieved. - :param Sequence[str] statuses: When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. + - This datasource may return more than one value. + - If no key matches the filter criteria, then an error is returned. """ ... diff --git a/sdk/python/pulumi_keycloak/get_role.py b/sdk/python/pulumi_keycloak/get_role.py index 8053b0f2..49d4ddee 100644 --- a/sdk/python/pulumi_keycloak/get_role.py +++ b/sdk/python/pulumi_keycloak/get_role.py @@ -62,9 +62,6 @@ def composite_roles(self) -> Sequence[str]: @property @pulumi.getter def description(self) -> str: - """ - (Computed) The description of the role. - """ return pulumi.get(self, "description") @property @@ -106,31 +103,10 @@ def get_role(client_id: Optional[str] = None, realm_id: Optional[str] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRoleResult: """ + ## # Role data source + This data source can be used to fetch properties of a Keycloak role for usage with other resources, such as `GroupRoles`. - - ## Example Usage - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - offline_access = keycloak.get_role_output(realm_id=realm.id, - name="offline_access") - group = keycloak.Group("group", realm_id=realm.id) - group_roles = keycloak.GroupRoles("groupRoles", - realm_id=realm.id, - group_id=group.id, - role_ids=[offline_access.id]) - ``` - - - :param str client_id: When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - :param str name: The name of the role. - :param str realm_id: The realm this role exists within. """ __args__ = dict() __args__['clientId'] = client_id @@ -155,30 +131,9 @@ def get_role_output(client_id: Optional[pulumi.Input[Optional[str]]] = None, realm_id: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRoleResult]: """ + ## # Role data source + This data source can be used to fetch properties of a Keycloak role for usage with other resources, such as `GroupRoles`. - - ## Example Usage - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - offline_access = keycloak.get_role_output(realm_id=realm.id, - name="offline_access") - group = keycloak.Group("group", realm_id=realm.id) - group_roles = keycloak.GroupRoles("groupRoles", - realm_id=realm.id, - group_id=group.id, - role_ids=[offline_access.id]) - ``` - - - :param str client_id: When specified, this role is assumed to be a client role belonging to the client with the provided ID. The `id` attribute of a `keycloak_client` resource should be used here. - :param str name: The name of the role. - :param str realm_id: The realm this role exists within. """ ... diff --git a/sdk/python/pulumi_keycloak/get_user.py b/sdk/python/pulumi_keycloak/get_user.py index 40fad620..48d2e020 100644 --- a/sdk/python/pulumi_keycloak/get_user.py +++ b/sdk/python/pulumi_keycloak/get_user.py @@ -163,6 +163,7 @@ def get_user(realm_id: Optional[str] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -172,6 +173,7 @@ def get_user(realm_id: Optional[str] = None, username="keycloak") pulumi.export("keycloakUserId", default_admin_user.id) ``` + :param str realm_id: The realm this user belongs to. @@ -206,6 +208,7 @@ def get_user_output(realm_id: Optional[pulumi.Input[str]] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -215,6 +218,7 @@ def get_user_output(realm_id: Optional[pulumi.Input[str]] = None, username="keycloak") pulumi.export("keycloakUserId", default_admin_user.id) ``` + :param str realm_id: The realm this user belongs to. diff --git a/sdk/python/pulumi_keycloak/get_user_realm_roles.py b/sdk/python/pulumi_keycloak/get_user_realm_roles.py index 9c1a5432..34dd342f 100644 --- a/sdk/python/pulumi_keycloak/get_user_realm_roles.py +++ b/sdk/python/pulumi_keycloak/get_user_realm_roles.py @@ -82,6 +82,7 @@ def get_user_realm_roles(realm_id: Optional[str] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -93,6 +94,7 @@ def get_user_realm_roles(realm_id: Optional[str] = None, user_id=default_admin_user.id) pulumi.export("keycloakUserRoleNames", user_realm_roles.role_names) ``` + :param str realm_id: The realm this user belongs to. @@ -120,6 +122,7 @@ def get_user_realm_roles_output(realm_id: Optional[pulumi.Input[str]] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -131,6 +134,7 @@ def get_user_realm_roles_output(realm_id: Optional[pulumi.Input[str]] = None, user_id=default_admin_user.id) pulumi.export("keycloakUserRoleNames", user_realm_roles.role_names) ``` + :param str realm_id: The realm this user belongs to. diff --git a/sdk/python/pulumi_keycloak/group.py b/sdk/python/pulumi_keycloak/group.py index 477ade35..7e882d9e 100644 --- a/sdk/python/pulumi_keycloak/group.py +++ b/sdk/python/pulumi_keycloak/group.py @@ -20,10 +20,6 @@ def __init__(__self__, *, parent_id: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a Group resource. - :param pulumi.Input[str] realm_id: The realm this group exists in. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] name: The name of the group. - :param pulumi.Input[str] parent_id: The ID of this group's parent. If omitted, this group will be defined at the root level. """ pulumi.set(__self__, "realm_id", realm_id) if attributes is not None: @@ -36,9 +32,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -48,9 +41,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @attributes.setter @@ -60,9 +50,6 @@ def attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the group. - """ return pulumi.get(self, "name") @name.setter @@ -72,9 +59,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="parentId") def parent_id(self) -> Optional[pulumi.Input[str]]: - """ - The ID of this group's parent. If omitted, this group will be defined at the root level. - """ return pulumi.get(self, "parent_id") @parent_id.setter @@ -92,11 +76,6 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering Group resources. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] name: The name of the group. - :param pulumi.Input[str] parent_id: The ID of this group's parent. If omitted, this group will be defined at the root level. - :param pulumi.Input[str] path: (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ if attributes is not None: pulumi.set(__self__, "attributes", attributes) @@ -112,9 +91,6 @@ def __init__(__self__, *, @property @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @attributes.setter @@ -124,9 +100,6 @@ def attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the group. - """ return pulumi.get(self, "name") @name.setter @@ -136,9 +109,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="parentId") def parent_id(self) -> Optional[pulumi.Input[str]]: - """ - The ID of this group's parent. If omitted, this group will be defined at the root level. - """ return pulumi.get(self, "parent_id") @parent_id.setter @@ -148,9 +118,6 @@ def parent_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def path(self) -> Optional[pulumi.Input[str]]: - """ - (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - """ return pulumi.get(self, "path") @path.setter @@ -160,9 +127,6 @@ def path(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -181,58 +145,67 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # Group + Allows for creating and managing Groups within Keycloak. - Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and - group membership can be mapped to a claim. + Groups provide a logical wrapping for users within Keycloak. Users within a + group can share attributes and roles, and group membership can be mapped + to a claim. Attributes can also be defined on Groups. - Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource **should not** - be used to manage groups that were created this way. + Groups can also be federated from external data sources, such as LDAP or Active Directory. + This resource **should not** be used to manage groups that were created this way. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") parent_group = keycloak.Group("parentGroup", realm_id=realm.id) child_group = keycloak.Group("childGroup", - realm_id=realm.id, - parent_id=parent_group.id) - child_group_with_optional_attributes = keycloak.Group("childGroupWithOptionalAttributes", - realm_id=realm.id, parent_id=parent_group.id, + realm_id=realm.id) + child_group_with_optional_attributes = keycloak.Group("childGroupWithOptionalAttributes", attributes={ - "foo": "bar", - "multivalue": "value1##value2", - }) + "key1": "value1", + "key2": "value2", + }, + parent_id=parent_group.id, + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + - `realm_id` - (Required) The realm this group exists in. + - `parent_id` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level. + - `name` - (Required) The name of the group. + - `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group. - Example: + ### Attributes Reference - bash + In addition to the arguments listed above, the following computed attributes are exported: - ```sh - $ pulumi import keycloak:index/group:Group child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd - ``` + - `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. + + ### Import + + Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] name: The name of the group. - :param pulumi.Input[str] parent_id: The ID of this group's parent. If omitted, this group will be defined at the root level. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ ... @overload @@ -241,51 +214,64 @@ def __init__(__self__, args: GroupArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # Group + Allows for creating and managing Groups within Keycloak. - Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and - group membership can be mapped to a claim. + Groups provide a logical wrapping for users within Keycloak. Users within a + group can share attributes and roles, and group membership can be mapped + to a claim. Attributes can also be defined on Groups. - Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource **should not** - be used to manage groups that were created this way. + Groups can also be federated from external data sources, such as LDAP or Active Directory. + This resource **should not** be used to manage groups that were created this way. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") parent_group = keycloak.Group("parentGroup", realm_id=realm.id) child_group = keycloak.Group("childGroup", - realm_id=realm.id, - parent_id=parent_group.id) - child_group_with_optional_attributes = keycloak.Group("childGroupWithOptionalAttributes", - realm_id=realm.id, parent_id=parent_group.id, + realm_id=realm.id) + child_group_with_optional_attributes = keycloak.Group("childGroupWithOptionalAttributes", attributes={ - "foo": "bar", - "multivalue": "value1##value2", - }) + "key1": "value1", + "key2": "value2", + }, + parent_id=parent_group.id, + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + - `realm_id` - (Required) The realm this group exists in. + - `parent_id` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level. + - `name` - (Required) The name of the group. + - `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group. - Example: + ### Attributes Reference - bash + In addition to the arguments listed above, the following computed attributes are exported: - ```sh - $ pulumi import keycloak:index/group:Group child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd - ``` + - `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. + + ### Import + + Groups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. + + Example: :param str resource_name: The name of the resource. :param GroupArgs args: The arguments to use to populate this resource's properties. @@ -344,11 +330,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] name: The name of the group. - :param pulumi.Input[str] parent_id: The ID of this group's parent. If omitted, this group will be defined at the root level. - :param pulumi.Input[str] path: (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -364,40 +345,25 @@ def get(resource_name: str, @property @pulumi.getter def attributes(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: - """ - A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @property @pulumi.getter def name(self) -> pulumi.Output[str]: - """ - The name of the group. - """ return pulumi.get(self, "name") @property @pulumi.getter(name="parentId") def parent_id(self) -> pulumi.Output[Optional[str]]: - """ - The ID of this group's parent. If omitted, this group will be defined at the root level. - """ return pulumi.get(self, "parent_id") @property @pulumi.getter def path(self) -> pulumi.Output[str]: - """ - (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. - """ return pulumi.get(self, "path") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/group_memberships.py b/sdk/python/pulumi_keycloak/group_memberships.py index 805b1897..48c7763a 100644 --- a/sdk/python/pulumi_keycloak/group_memberships.py +++ b/sdk/python/pulumi_keycloak/group_memberships.py @@ -19,9 +19,6 @@ def __init__(__self__, *, group_id: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a GroupMemberships resource. - :param pulumi.Input[Sequence[pulumi.Input[str]]] members: A list of usernames that belong to this group. - :param pulumi.Input[str] realm_id: The realm this group exists in. - :param pulumi.Input[str] group_id: The ID of the group this resource should manage memberships for. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "realm_id", realm_id) @@ -31,9 +28,6 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: - """ - A list of usernames that belong to this group. - """ return pulumi.get(self, "members") @members.setter @@ -43,9 +37,6 @@ def members(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -55,9 +46,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="groupId") def group_id(self) -> Optional[pulumi.Input[str]]: - """ - The ID of the group this resource should manage memberships for. - """ return pulumi.get(self, "group_id") @group_id.setter @@ -73,9 +61,6 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering GroupMemberships resources. - :param pulumi.Input[str] group_id: The ID of the group this resource should manage memberships for. - :param pulumi.Input[Sequence[pulumi.Input[str]]] members: A list of usernames that belong to this group. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ if group_id is not None: pulumi.set(__self__, "group_id", group_id) @@ -87,9 +72,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="groupId") def group_id(self) -> Optional[pulumi.Input[str]]: - """ - The ID of the group this resource should manage memberships for. - """ return pulumi.get(self, "group_id") @group_id.setter @@ -99,9 +81,6 @@ def group_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of usernames that belong to this group. - """ return pulumi.get(self, "members") @members.setter @@ -111,9 +90,6 @@ def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -131,54 +107,58 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for managing a Keycloak group's members. - - Note that this resource attempts to be an **authoritative** source over group members. When this resource takes control - over a group's members, users that are manually added to the group will be removed, and users that are manually removed - from the group will be added upon the next run of `pulumi up`. + ## # GroupMemberships - Also note that you should not use `GroupMemberships` with a group has been assigned as a default group via - `DefaultGroups`. + Allows for managing a Keycloak group's members. - This resource **should not** be used to control membership of a group that has its members federated from an external - source via group mapping. + Note that this resource attempts to be an **authoritative** source over group members. + When this resource takes control over a group's members, users that are manually added + to the group will be removed, and users that are manually removed from the group will + be added upon the next run of `pulumi up`. Eventually, a non-authoritative resource + for group membership will be added to this provider. - To non-exclusively manage the group's of a user, see the [`UserGroups` resource][1] + Also note that you should not use `GroupMemberships` with a group has been assigned + as a default group via `DefaultGroups`. - This resource paginates its data loading on refresh by 50 items. + This resource **should not** be used to control membership of a group that has its members + federated from an external source via group mapping. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") group = keycloak.Group("group", realm_id=realm.id) user = keycloak.User("user", realm_id=realm.id, username="my-user") group_members = keycloak.GroupMemberships("groupMembers", - realm_id=realm.id, group_id=group.id, - members=[user.username]) + members=[user.username], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - This resource does not support import. Instead of importing, feel free to create this resource + The following arguments are supported: + + - `realm_id` - (Required) The realm this group exists in. + - `group_id` - (Required) The ID of the group this resource should manage memberships for. + - `members` - (Required) An array of usernames that belong to this group. - as if it did not already exist on the server. + ### Import - [1]: providers/mrparkers/keycloak/latest/docs/resources/group_memberships + This resource does not support import. Instead of importing, feel free to create this resource + as if it did not already exist on the server. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] group_id: The ID of the group this resource should manage memberships for. - :param pulumi.Input[Sequence[pulumi.Input[str]]] members: A list of usernames that belong to this group. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ ... @overload @@ -187,48 +167,55 @@ def __init__(__self__, args: GroupMembershipsArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for managing a Keycloak group's members. + ## # GroupMemberships - Note that this resource attempts to be an **authoritative** source over group members. When this resource takes control - over a group's members, users that are manually added to the group will be removed, and users that are manually removed - from the group will be added upon the next run of `pulumi up`. - - Also note that you should not use `GroupMemberships` with a group has been assigned as a default group via - `DefaultGroups`. + Allows for managing a Keycloak group's members. - This resource **should not** be used to control membership of a group that has its members federated from an external - source via group mapping. + Note that this resource attempts to be an **authoritative** source over group members. + When this resource takes control over a group's members, users that are manually added + to the group will be removed, and users that are manually removed from the group will + be added upon the next run of `pulumi up`. Eventually, a non-authoritative resource + for group membership will be added to this provider. - To non-exclusively manage the group's of a user, see the [`UserGroups` resource][1] + Also note that you should not use `GroupMemberships` with a group has been assigned + as a default group via `DefaultGroups`. - This resource paginates its data loading on refresh by 50 items. + This resource **should not** be used to control membership of a group that has its members + federated from an external source via group mapping. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") group = keycloak.Group("group", realm_id=realm.id) user = keycloak.User("user", realm_id=realm.id, username="my-user") group_members = keycloak.GroupMemberships("groupMembers", - realm_id=realm.id, group_id=group.id, - members=[user.username]) + members=[user.username], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - This resource does not support import. Instead of importing, feel free to create this resource + The following arguments are supported: - as if it did not already exist on the server. + - `realm_id` - (Required) The realm this group exists in. + - `group_id` - (Required) The ID of the group this resource should manage memberships for. + - `members` - (Required) An array of usernames that belong to this group. - [1]: providers/mrparkers/keycloak/latest/docs/resources/group_memberships + ### Import + + This resource does not support import. Instead of importing, feel free to create this resource + as if it did not already exist on the server. :param str resource_name: The name of the resource. :param GroupMembershipsArgs args: The arguments to use to populate this resource's properties. @@ -284,9 +271,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] group_id: The ID of the group this resource should manage memberships for. - :param pulumi.Input[Sequence[pulumi.Input[str]]] members: A list of usernames that belong to this group. - :param pulumi.Input[str] realm_id: The realm this group exists in. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -300,24 +284,15 @@ def get(resource_name: str, @property @pulumi.getter(name="groupId") def group_id(self) -> pulumi.Output[Optional[str]]: - """ - The ID of the group this resource should manage memberships for. - """ return pulumi.get(self, "group_id") @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - """ - A list of usernames that belong to this group. - """ return pulumi.get(self, "members") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/group_roles.py b/sdk/python/pulumi_keycloak/group_roles.py index 6535427b..1a7e3880 100644 --- a/sdk/python/pulumi_keycloak/group_roles.py +++ b/sdk/python/pulumi_keycloak/group_roles.py @@ -20,10 +20,6 @@ def __init__(__self__, *, exhaustive: Optional[pulumi.Input[bool]] = None): """ The set of arguments for constructing a GroupRoles resource. - :param pulumi.Input[str] group_id: The ID of the group this resource should manage roles for. - :param pulumi.Input[str] realm_id: The realm this group exists in. - :param pulumi.Input[Sequence[pulumi.Input[str]]] role_ids: A list of role IDs to map to the group. - :param pulumi.Input[bool] exhaustive: Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. """ pulumi.set(__self__, "group_id", group_id) pulumi.set(__self__, "realm_id", realm_id) @@ -34,9 +30,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="groupId") def group_id(self) -> pulumi.Input[str]: - """ - The ID of the group this resource should manage roles for. - """ return pulumi.get(self, "group_id") @group_id.setter @@ -46,9 +39,6 @@ def group_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -58,9 +48,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="roleIds") def role_ids(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: - """ - A list of role IDs to map to the group. - """ return pulumi.get(self, "role_ids") @role_ids.setter @@ -70,9 +57,6 @@ def role_ids(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): @property @pulumi.getter def exhaustive(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - """ return pulumi.get(self, "exhaustive") @exhaustive.setter @@ -89,10 +73,6 @@ def __init__(__self__, *, role_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ Input properties used for looking up and filtering GroupRoles resources. - :param pulumi.Input[bool] exhaustive: Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - :param pulumi.Input[str] group_id: The ID of the group this resource should manage roles for. - :param pulumi.Input[str] realm_id: The realm this group exists in. - :param pulumi.Input[Sequence[pulumi.Input[str]]] role_ids: A list of role IDs to map to the group. """ if exhaustive is not None: pulumi.set(__self__, "exhaustive", exhaustive) @@ -106,9 +86,6 @@ def __init__(__self__, *, @property @pulumi.getter def exhaustive(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - """ return pulumi.get(self, "exhaustive") @exhaustive.setter @@ -118,9 +95,6 @@ def exhaustive(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="groupId") def group_id(self) -> Optional[pulumi.Input[str]]: - """ - The ID of the group this resource should manage roles for. - """ return pulumi.get(self, "group_id") @group_id.setter @@ -130,9 +104,6 @@ def group_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -142,9 +113,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="roleIds") def role_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of role IDs to map to the group. - """ return pulumi.get(self, "role_ids") @role_ids.setter @@ -163,102 +131,73 @@ def __init__(__self__, role_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): """ + ## # GroupRoles + Allows you to manage roles assigned to a Keycloak group. - If `exhaustive` is true, this resource attempts to be an **authoritative** source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the - group will be added upon the next run of `pulumi up`. - If `exhaustive` is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple `GroupRoles` for the same `group_id`. + Note that this resource attempts to be an **authoritative** source over + group roles. When this resource takes control over a group's roles, + roles that are manually added to the group will be removed, and roles + that are manually removed from the group will be added upon the next run + of `pulumi up`. - Note that when assigning composite roles to a group, you may see a non-empty plan following a `pulumi up` if you - assign a role and a composite that includes that role to the same group. + Note that when assigning composite roles to a group, you may see a + non-empty plan following a `pulumi up` if you assign a role and a + composite that includes that role to the same group. - ## Example Usage - ### Exhaustive Roles) + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") realm_role = keycloak.Role("realmRole", - realm_id=realm.id, - description="My Realm Role") + description="My Realm Role", + realm_id=realm.id) client = keycloak.openid.Client("client", - realm_id=realm.id, + access_type="BEARER-ONLY", client_id="client", enabled=True, - access_type="BEARER-ONLY") + realm_id=realm.id) client_role = keycloak.Role("clientRole", - realm_id=realm.id, client_id=keycloak_client["client"]["id"], - description="My Client Role") + description="My Client Role", + realm_id=realm.id) group = keycloak.Group("group", realm_id=realm.id) group_roles = keycloak.GroupRoles("groupRoles", - realm_id=realm.id, group_id=group.id, + realm_id=realm.id, role_ids=[ realm_role.id, client_role.id, ]) ``` - ### Non Exhaustive Roles) - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - realm_role = keycloak.Role("realmRole", - realm_id=realm.id, - description="My Realm Role") - client = keycloak.openid.Client("client", - realm_id=realm.id, - client_id="client", - enabled=True, - access_type="BEARER-ONLY") - client_role = keycloak.Role("clientRole", - realm_id=realm.id, - client_id=keycloak_client["client"]["id"], - description="My Client Role") - group = keycloak.Group("group", realm_id=realm.id) - group_role_association1 = keycloak.GroupRoles("groupRoleAssociation1", - realm_id=realm.id, - group_id=group.id, - exhaustive=False, - role_ids=[realm_role.id]) - group_role_association2 = keycloak.GroupRoles("groupRoleAssociation2", - realm_id=realm.id, - group_id=group.id, - exhaustive=False, - role_ids=[client_role.id]) - ``` - - ## Import + - This resource can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + ### Argument Reference - assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically + The following arguments are supported: - a GUID. + - `realm_id` - (Required) The realm this group exists in. + - `group_id` - (Required) The ID of the group this resource should + manage roles for. + - `role_ids` - (Required) A list of role IDs to map to the group - Example: + ### Import - bash + This resource can be imported using the format + `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that + Keycloak assigns to the group upon creation. This value can be found in + the URI when editing this group in the GUI, and is typically a GUID. - ```sh - $ pulumi import keycloak:index/groupRoles:GroupRoles group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] exhaustive: Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - :param pulumi.Input[str] group_id: The ID of the group this resource should manage roles for. - :param pulumi.Input[str] realm_id: The realm this group exists in. - :param pulumi.Input[Sequence[pulumi.Input[str]]] role_ids: A list of role IDs to map to the group. """ ... @overload @@ -267,95 +206,70 @@ def __init__(__self__, args: GroupRolesArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # GroupRoles + Allows you to manage roles assigned to a Keycloak group. - If `exhaustive` is true, this resource attempts to be an **authoritative** source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the - group will be added upon the next run of `pulumi up`. - If `exhaustive` is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple `GroupRoles` for the same `group_id`. + Note that this resource attempts to be an **authoritative** source over + group roles. When this resource takes control over a group's roles, + roles that are manually added to the group will be removed, and roles + that are manually removed from the group will be added upon the next run + of `pulumi up`. - Note that when assigning composite roles to a group, you may see a non-empty plan following a `pulumi up` if you - assign a role and a composite that includes that role to the same group. + Note that when assigning composite roles to a group, you may see a + non-empty plan following a `pulumi up` if you assign a role and a + composite that includes that role to the same group. - ## Example Usage - ### Exhaustive Roles) + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") realm_role = keycloak.Role("realmRole", - realm_id=realm.id, - description="My Realm Role") + description="My Realm Role", + realm_id=realm.id) client = keycloak.openid.Client("client", - realm_id=realm.id, + access_type="BEARER-ONLY", client_id="client", enabled=True, - access_type="BEARER-ONLY") + realm_id=realm.id) client_role = keycloak.Role("clientRole", - realm_id=realm.id, client_id=keycloak_client["client"]["id"], - description="My Client Role") + description="My Client Role", + realm_id=realm.id) group = keycloak.Group("group", realm_id=realm.id) group_roles = keycloak.GroupRoles("groupRoles", - realm_id=realm.id, group_id=group.id, + realm_id=realm.id, role_ids=[ realm_role.id, client_role.id, ]) ``` - ### Non Exhaustive Roles) - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - realm_role = keycloak.Role("realmRole", - realm_id=realm.id, - description="My Realm Role") - client = keycloak.openid.Client("client", - realm_id=realm.id, - client_id="client", - enabled=True, - access_type="BEARER-ONLY") - client_role = keycloak.Role("clientRole", - realm_id=realm.id, - client_id=keycloak_client["client"]["id"], - description="My Client Role") - group = keycloak.Group("group", realm_id=realm.id) - group_role_association1 = keycloak.GroupRoles("groupRoleAssociation1", - realm_id=realm.id, - group_id=group.id, - exhaustive=False, - role_ids=[realm_role.id]) - group_role_association2 = keycloak.GroupRoles("groupRoleAssociation2", - realm_id=realm.id, - group_id=group.id, - exhaustive=False, - role_ids=[client_role.id]) - ``` + - ## Import + ### Argument Reference - This resource can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically + - `realm_id` - (Required) The realm this group exists in. + - `group_id` - (Required) The ID of the group this resource should + manage roles for. + - `role_ids` - (Required) A list of role IDs to map to the group - a GUID. + ### Import - Example: + This resource can be imported using the format + `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that + Keycloak assigns to the group upon creation. This value can be found in + the URI when editing this group in the GUI, and is typically a GUID. - bash - - ```sh - $ pulumi import keycloak:index/groupRoles:GroupRoles group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94 - ``` + Example: :param str resource_name: The name of the resource. :param GroupRolesArgs args: The arguments to use to populate this resource's properties. @@ -416,10 +330,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] exhaustive: Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - :param pulumi.Input[str] group_id: The ID of the group this resource should manage roles for. - :param pulumi.Input[str] realm_id: The realm this group exists in. - :param pulumi.Input[Sequence[pulumi.Input[str]]] role_ids: A list of role IDs to map to the group. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -434,32 +344,20 @@ def get(resource_name: str, @property @pulumi.getter def exhaustive(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to `true`. - """ return pulumi.get(self, "exhaustive") @property @pulumi.getter(name="groupId") def group_id(self) -> pulumi.Output[str]: - """ - The ID of the group this resource should manage roles for. - """ return pulumi.get(self, "group_id") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this group exists in. - """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="roleIds") def role_ids(self) -> pulumi.Output[Sequence[str]]: - """ - A list of role IDs to map to the group. - """ return pulumi.get(self, "role_ids") diff --git a/sdk/python/pulumi_keycloak/hardcoded_attribute_identity_provider_mapper.py b/sdk/python/pulumi_keycloak/hardcoded_attribute_identity_provider_mapper.py index 6c4a0a37..c0a351d9 100644 --- a/sdk/python/pulumi_keycloak/hardcoded_attribute_identity_provider_mapper.py +++ b/sdk/python/pulumi_keycloak/hardcoded_attribute_identity_provider_mapper.py @@ -260,6 +260,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -284,6 +285,7 @@ def __init__(__self__, "syncMode": "INHERIT", }) ``` + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -307,6 +309,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -331,6 +334,7 @@ def __init__(__self__, "syncMode": "INHERIT", }) ``` + :param str resource_name: The name of the resource. :param HardcodedAttributeIdentityProviderMapperArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_keycloak/hardcoded_role_identity_mapper.py b/sdk/python/pulumi_keycloak/hardcoded_role_identity_mapper.py index d9ac13f1..d47fab40 100644 --- a/sdk/python/pulumi_keycloak/hardcoded_role_identity_mapper.py +++ b/sdk/python/pulumi_keycloak/hardcoded_role_identity_mapper.py @@ -195,6 +195,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -220,6 +221,7 @@ def __init__(__self__, "syncMode": "INHERIT", }) ``` + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -241,6 +243,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -266,6 +269,7 @@ def __init__(__self__, "syncMode": "INHERIT", }) ``` + :param str resource_name: The name of the resource. :param HardcodedRoleIdentityMapperArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_keycloak/identity_provider_token_exchange_scope_permission.py b/sdk/python/pulumi_keycloak/identity_provider_token_exchange_scope_permission.py index 82441e35..b7ae8218 100644 --- a/sdk/python/pulumi_keycloak/identity_provider_token_exchange_scope_permission.py +++ b/sdk/python/pulumi_keycloak/identity_provider_token_exchange_scope_permission.py @@ -229,6 +229,7 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -259,16 +260,17 @@ def __init__(__self__, policy_type="client", clients=[token_exchange_webapp_client.id]) ``` + ## Import This resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that - you assign to the identity provider upon creation. + you assign to the identity provider upon creation. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp @@ -290,6 +292,7 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -320,16 +323,17 @@ def __init__(__self__, policy_type="client", clients=[token_exchange_webapp_client.id]) ``` + ## Import This resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that - you assign to the identity provider upon creation. + you assign to the identity provider upon creation. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp diff --git a/sdk/python/pulumi_keycloak/ldap/_inputs.py b/sdk/python/pulumi_keycloak/ldap/_inputs.py index 04d5939a..eed09d63 100644 --- a/sdk/python/pulumi_keycloak/ldap/_inputs.py +++ b/sdk/python/pulumi_keycloak/ldap/_inputs.py @@ -23,11 +23,10 @@ def __init__(__self__, *, max_lifespan: Optional[pulumi.Input[str]] = None, policy: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input[int] eviction_day: Day of the week the entry will become invalid on + :param pulumi.Input[int] eviction_day: Day of the week the entry will become invalid on. :param pulumi.Input[int] eviction_hour: Hour of day the entry will become invalid on. :param pulumi.Input[int] eviction_minute: Minute of day the entry will become invalid on. :param pulumi.Input[str] max_lifespan: Max lifespan of cache entry (duration string). - :param pulumi.Input[str] policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. """ if eviction_day is not None: pulumi.set(__self__, "eviction_day", eviction_day) @@ -44,7 +43,7 @@ def __init__(__self__, *, @pulumi.getter(name="evictionDay") def eviction_day(self) -> Optional[pulumi.Input[int]]: """ - Day of the week the entry will become invalid on + Day of the week the entry will become invalid on. """ return pulumi.get(self, "eviction_day") @@ -91,9 +90,6 @@ def max_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def policy(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - """ return pulumi.get(self, "policy") @policy.setter @@ -109,7 +105,7 @@ def __init__(__self__, *, server_principal: pulumi.Input[str], use_kerberos_for_password_authentication: Optional[pulumi.Input[bool]] = None): """ - :param pulumi.Input[str] kerberos_realm: The name of the kerberos realm, e.g. FOO.LOCAL. + :param pulumi.Input[str] kerberos_realm: The name of the kerberos realm, e.g. FOO.LOCAL :param pulumi.Input[str] key_tab: Path to the kerberos keytab file on the server with credentials of the service principal. :param pulumi.Input[str] server_principal: The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'. :param pulumi.Input[bool] use_kerberos_for_password_authentication: Use kerberos login module instead of ldap service api. Defaults to `false`. @@ -124,7 +120,7 @@ def __init__(__self__, *, @pulumi.getter(name="kerberosRealm") def kerberos_realm(self) -> pulumi.Input[str]: """ - The name of the kerberos realm, e.g. FOO.LOCAL. + The name of the kerberos realm, e.g. FOO.LOCAL """ return pulumi.get(self, "kerberos_realm") diff --git a/sdk/python/pulumi_keycloak/ldap/custom_mapper.py b/sdk/python/pulumi_keycloak/ldap/custom_mapper.py index d392f8bb..5ea67ded 100644 --- a/sdk/python/pulumi_keycloak/ldap/custom_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/custom_mapper.py @@ -238,6 +238,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -268,16 +269,17 @@ def __init__(__self__, "attribute.value": "value", }) ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 @@ -309,6 +311,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -339,16 +342,17 @@ def __init__(__self__, "attribute.value": "value", }) ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/python/pulumi_keycloak/ldap/full_name_mapper.py b/sdk/python/pulumi_keycloak/ldap/full_name_mapper.py index d1d15752..d2a487d1 100644 --- a/sdk/python/pulumi_keycloak/ldap/full_name_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/full_name_mapper.py @@ -22,12 +22,9 @@ def __init__(__self__, *, write_only: Optional[pulumi.Input[bool]] = None): """ The set of arguments for constructing a FullNameMapper resource. - :param pulumi.Input[str] ldap_full_name_attribute: The name of the LDAP attribute containing the user's full name. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] read_only: When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - :param pulumi.Input[bool] write_only: When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. """ pulumi.set(__self__, "ldap_full_name_attribute", ldap_full_name_attribute) pulumi.set(__self__, "ldap_user_federation_id", ldap_user_federation_id) @@ -42,9 +39,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="ldapFullNameAttribute") def ldap_full_name_attribute(self) -> pulumi.Input[str]: - """ - The name of the LDAP attribute containing the user's full name. - """ return pulumi.get(self, "ldap_full_name_attribute") @ldap_full_name_attribute.setter @@ -55,7 +49,7 @@ def ldap_full_name_attribute(self, value: pulumi.Input[str]): @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Input[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -67,7 +61,7 @@ def ldap_user_federation_id(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -79,7 +73,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -90,9 +84,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - """ return pulumi.get(self, "read_only") @read_only.setter @@ -102,9 +93,6 @@ def read_only(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="writeOnly") def write_only(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - """ return pulumi.get(self, "write_only") @write_only.setter @@ -123,12 +111,9 @@ def __init__(__self__, *, write_only: Optional[pulumi.Input[bool]] = None): """ Input properties used for looking up and filtering FullNameMapper resources. - :param pulumi.Input[str] ldap_full_name_attribute: The name of the LDAP attribute containing the user's full name. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] read_only: When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[bool] write_only: When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ if ldap_full_name_attribute is not None: pulumi.set(__self__, "ldap_full_name_attribute", ldap_full_name_attribute) @@ -146,9 +131,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="ldapFullNameAttribute") def ldap_full_name_attribute(self) -> Optional[pulumi.Input[str]]: - """ - The name of the LDAP attribute containing the user's full name. - """ return pulumi.get(self, "ldap_full_name_attribute") @ldap_full_name_attribute.setter @@ -159,7 +141,7 @@ def ldap_full_name_attribute(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> Optional[pulumi.Input[str]]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -171,7 +153,7 @@ def ldap_user_federation_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -182,9 +164,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - """ return pulumi.get(self, "read_only") @read_only.setter @@ -195,7 +174,7 @@ def read_only(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -206,9 +185,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="writeOnly") def write_only(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - """ return pulumi.get(self, "write_only") @write_only.setter @@ -229,61 +205,66 @@ def __init__(__self__, write_only: Optional[pulumi.Input[bool]] = None, __props__=None): """ - Allows for creating and managing full name mappers for Keycloak users federated via LDAP. + ## # ldap.FullNameMapper - The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a - Keycloak user. + Allows for creating and managing full name mappers for Keycloak users federated + via LDAP. - ## Example Usage + The LDAP full name mapper can map a user's full name from an LDAP attribute + to the first and last name attributes of a Keycloak user. + ### Example Usage + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_url="ldap://openldap", rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", + realm_id=realm.id, user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - connection_url="ldap://openldap", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") + uuid_ldap_attribute="entryDN") ldap_full_name_mapper = keycloak.ldap.FullNameMapper("ldapFullNameMapper", - realm_id=realm.id, + ldap_full_name_attribute="cn", ldap_user_federation_id=ldap_user_federation.id, - ldap_full_name_attribute="cn") + realm_id=realm.id) ``` + - ## Import - - LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + ### Argument Reference - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `ldap_full_name_attribute` - (Required) The name of the LDAP attribute containing the user's full name. + - `read_only` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. + - `write_only` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - bash + ### Import - ```sh - $ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] ldap_full_name_attribute: The name of the LDAP attribute containing the user's full name. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] read_only: When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[bool] write_only: When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ ... @overload @@ -292,52 +273,60 @@ def __init__(__self__, args: FullNameMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing full name mappers for Keycloak users federated via LDAP. + ## # ldap.FullNameMapper - The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a - Keycloak user. + Allows for creating and managing full name mappers for Keycloak users federated + via LDAP. - ## Example Usage + The LDAP full name mapper can map a user's full name from an LDAP attribute + to the first and last name attributes of a Keycloak user. + ### Example Usage + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_url="ldap://openldap", rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", + realm_id=realm.id, user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - connection_url="ldap://openldap", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") + uuid_ldap_attribute="entryDN") ldap_full_name_mapper = keycloak.ldap.FullNameMapper("ldapFullNameMapper", - realm_id=realm.id, + ldap_full_name_attribute="cn", ldap_user_federation_id=ldap_user_federation.id, - ldap_full_name_attribute="cn") + realm_id=realm.id) ``` + - ## Import - - LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + ### Argument Reference - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `ldap_full_name_attribute` - (Required) The name of the LDAP attribute containing the user's full name. + - `read_only` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. + - `write_only` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - bash + ### Import - ```sh - $ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param FullNameMapperArgs args: The arguments to use to populate this resource's properties. @@ -404,12 +393,9 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] ldap_full_name_attribute: The name of the LDAP attribute containing the user's full name. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] read_only: When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[bool] write_only: When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -426,16 +412,13 @@ def get(resource_name: str, @property @pulumi.getter(name="ldapFullNameAttribute") def ldap_full_name_attribute(self) -> pulumi.Output[str]: - """ - The name of the LDAP attribute containing the user's full name. - """ return pulumi.get(self, "ldap_full_name_attribute") @property @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Output[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -443,31 +426,25 @@ def ldap_user_federation_id(self) -> pulumi.Output[str]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @property @pulumi.getter(name="readOnly") def read_only(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - """ return pulumi.get(self, "read_only") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="writeOnly") def write_only(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. - """ return pulumi.get(self, "write_only") diff --git a/sdk/python/pulumi_keycloak/ldap/group_mapper.py b/sdk/python/pulumi_keycloak/ldap/group_mapper.py index d54fb085..7bf09024 100644 --- a/sdk/python/pulumi_keycloak/ldap/group_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/group_mapper.py @@ -34,24 +34,9 @@ def __init__(__self__, *, user_roles_retrieve_strategy: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a GroupMapper resource. - :param pulumi.Input[str] group_name_ldap_attribute: The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_object_classes: List of strings representing the object classes for the group. Must contain at least one. - :param pulumi.Input[str] ldap_groups_dn: The LDAP DN where groups can be found. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] membership_ldap_attribute: The name of the LDAP attribute that is used for membership mappings. - :param pulumi.Input[str] membership_user_ldap_attribute: The name of the LDAP attribute on a user that is used for membership mappings. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[bool] drop_non_existing_groups_during_sync: When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - :param pulumi.Input[str] groups_ldap_filter: When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - :param pulumi.Input[str] groups_path: Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - :param pulumi.Input[bool] ignore_missing_groups: When `true`, missing groups in the hierarchy will be ignored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] mapped_group_attributes: Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - :param pulumi.Input[str] memberof_ldap_attribute: Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - :param pulumi.Input[str] membership_attribute_type: Can be one of `DN` or `UID`. Defaults to `DN`. - :param pulumi.Input[str] mode: Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] preserve_group_inheritance: When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - :param pulumi.Input[str] user_roles_retrieve_strategy: Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. """ pulumi.set(__self__, "group_name_ldap_attribute", group_name_ldap_attribute) pulumi.set(__self__, "group_object_classes", group_object_classes) @@ -86,9 +71,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="groupNameLdapAttribute") def group_name_ldap_attribute(self) -> pulumi.Input[str]: - """ - The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - """ return pulumi.get(self, "group_name_ldap_attribute") @group_name_ldap_attribute.setter @@ -98,9 +80,6 @@ def group_name_ldap_attribute(self, value: pulumi.Input[str]): @property @pulumi.getter(name="groupObjectClasses") def group_object_classes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: - """ - List of strings representing the object classes for the group. Must contain at least one. - """ return pulumi.get(self, "group_object_classes") @group_object_classes.setter @@ -110,9 +89,6 @@ def group_object_classes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]) @property @pulumi.getter(name="ldapGroupsDn") def ldap_groups_dn(self) -> pulumi.Input[str]: - """ - The LDAP DN where groups can be found. - """ return pulumi.get(self, "ldap_groups_dn") @ldap_groups_dn.setter @@ -123,7 +99,7 @@ def ldap_groups_dn(self, value: pulumi.Input[str]): @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Input[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -134,9 +110,6 @@ def ldap_user_federation_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="membershipLdapAttribute") def membership_ldap_attribute(self) -> pulumi.Input[str]: - """ - The name of the LDAP attribute that is used for membership mappings. - """ return pulumi.get(self, "membership_ldap_attribute") @membership_ldap_attribute.setter @@ -146,9 +119,6 @@ def membership_ldap_attribute(self, value: pulumi.Input[str]): @property @pulumi.getter(name="membershipUserLdapAttribute") def membership_user_ldap_attribute(self) -> pulumi.Input[str]: - """ - The name of the LDAP attribute on a user that is used for membership mappings. - """ return pulumi.get(self, "membership_user_ldap_attribute") @membership_user_ldap_attribute.setter @@ -159,7 +129,7 @@ def membership_user_ldap_attribute(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -170,9 +140,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="dropNonExistingGroupsDuringSync") def drop_non_existing_groups_during_sync(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - """ return pulumi.get(self, "drop_non_existing_groups_during_sync") @drop_non_existing_groups_during_sync.setter @@ -182,9 +149,6 @@ def drop_non_existing_groups_during_sync(self, value: Optional[pulumi.Input[bool @property @pulumi.getter(name="groupsLdapFilter") def groups_ldap_filter(self) -> Optional[pulumi.Input[str]]: - """ - When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - """ return pulumi.get(self, "groups_ldap_filter") @groups_ldap_filter.setter @@ -194,9 +158,6 @@ def groups_ldap_filter(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="groupsPath") def groups_path(self) -> Optional[pulumi.Input[str]]: - """ - Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - """ return pulumi.get(self, "groups_path") @groups_path.setter @@ -206,9 +167,6 @@ def groups_path(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="ignoreMissingGroups") def ignore_missing_groups(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, missing groups in the hierarchy will be ignored. - """ return pulumi.get(self, "ignore_missing_groups") @ignore_missing_groups.setter @@ -218,9 +176,6 @@ def ignore_missing_groups(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="mappedGroupAttributes") def mapped_group_attributes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - """ return pulumi.get(self, "mapped_group_attributes") @mapped_group_attributes.setter @@ -230,9 +185,6 @@ def mapped_group_attributes(self, value: Optional[pulumi.Input[Sequence[pulumi.I @property @pulumi.getter(name="memberofLdapAttribute") def memberof_ldap_attribute(self) -> Optional[pulumi.Input[str]]: - """ - Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - """ return pulumi.get(self, "memberof_ldap_attribute") @memberof_ldap_attribute.setter @@ -242,9 +194,6 @@ def memberof_ldap_attribute(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="membershipAttributeType") def membership_attribute_type(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `DN` or `UID`. Defaults to `DN`. - """ return pulumi.get(self, "membership_attribute_type") @membership_attribute_type.setter @@ -254,9 +203,6 @@ def membership_attribute_type(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def mode(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - """ return pulumi.get(self, "mode") @mode.setter @@ -267,7 +213,7 @@ def mode(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -278,9 +224,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="preserveGroupInheritance") def preserve_group_inheritance(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - """ return pulumi.get(self, "preserve_group_inheritance") @preserve_group_inheritance.setter @@ -290,9 +233,6 @@ def preserve_group_inheritance(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="userRolesRetrieveStrategy") def user_roles_retrieve_strategy(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - """ return pulumi.get(self, "user_roles_retrieve_strategy") @user_roles_retrieve_strategy.setter @@ -323,24 +263,9 @@ def __init__(__self__, *, user_roles_retrieve_strategy: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering GroupMapper resources. - :param pulumi.Input[bool] drop_non_existing_groups_during_sync: When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - :param pulumi.Input[str] group_name_ldap_attribute: The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_object_classes: List of strings representing the object classes for the group. Must contain at least one. - :param pulumi.Input[str] groups_ldap_filter: When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - :param pulumi.Input[str] groups_path: Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - :param pulumi.Input[bool] ignore_missing_groups: When `true`, missing groups in the hierarchy will be ignored. - :param pulumi.Input[str] ldap_groups_dn: The LDAP DN where groups can be found. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[Sequence[pulumi.Input[str]]] mapped_group_attributes: Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - :param pulumi.Input[str] memberof_ldap_attribute: Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - :param pulumi.Input[str] membership_attribute_type: Can be one of `DN` or `UID`. Defaults to `DN`. - :param pulumi.Input[str] membership_ldap_attribute: The name of the LDAP attribute that is used for membership mappings. - :param pulumi.Input[str] membership_user_ldap_attribute: The name of the LDAP attribute on a user that is used for membership mappings. - :param pulumi.Input[str] mode: Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] preserve_group_inheritance: When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] user_roles_retrieve_strategy: Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ if drop_non_existing_groups_during_sync is not None: pulumi.set(__self__, "drop_non_existing_groups_during_sync", drop_non_existing_groups_during_sync) @@ -382,9 +307,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="dropNonExistingGroupsDuringSync") def drop_non_existing_groups_during_sync(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - """ return pulumi.get(self, "drop_non_existing_groups_during_sync") @drop_non_existing_groups_during_sync.setter @@ -394,9 +316,6 @@ def drop_non_existing_groups_during_sync(self, value: Optional[pulumi.Input[bool @property @pulumi.getter(name="groupNameLdapAttribute") def group_name_ldap_attribute(self) -> Optional[pulumi.Input[str]]: - """ - The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - """ return pulumi.get(self, "group_name_ldap_attribute") @group_name_ldap_attribute.setter @@ -406,9 +325,6 @@ def group_name_ldap_attribute(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="groupObjectClasses") def group_object_classes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of strings representing the object classes for the group. Must contain at least one. - """ return pulumi.get(self, "group_object_classes") @group_object_classes.setter @@ -418,9 +334,6 @@ def group_object_classes(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @property @pulumi.getter(name="groupsLdapFilter") def groups_ldap_filter(self) -> Optional[pulumi.Input[str]]: - """ - When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - """ return pulumi.get(self, "groups_ldap_filter") @groups_ldap_filter.setter @@ -430,9 +343,6 @@ def groups_ldap_filter(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="groupsPath") def groups_path(self) -> Optional[pulumi.Input[str]]: - """ - Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - """ return pulumi.get(self, "groups_path") @groups_path.setter @@ -442,9 +352,6 @@ def groups_path(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="ignoreMissingGroups") def ignore_missing_groups(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, missing groups in the hierarchy will be ignored. - """ return pulumi.get(self, "ignore_missing_groups") @ignore_missing_groups.setter @@ -454,9 +361,6 @@ def ignore_missing_groups(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="ldapGroupsDn") def ldap_groups_dn(self) -> Optional[pulumi.Input[str]]: - """ - The LDAP DN where groups can be found. - """ return pulumi.get(self, "ldap_groups_dn") @ldap_groups_dn.setter @@ -467,7 +371,7 @@ def ldap_groups_dn(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> Optional[pulumi.Input[str]]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -478,9 +382,6 @@ def ldap_user_federation_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="mappedGroupAttributes") def mapped_group_attributes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - """ return pulumi.get(self, "mapped_group_attributes") @mapped_group_attributes.setter @@ -490,9 +391,6 @@ def mapped_group_attributes(self, value: Optional[pulumi.Input[Sequence[pulumi.I @property @pulumi.getter(name="memberofLdapAttribute") def memberof_ldap_attribute(self) -> Optional[pulumi.Input[str]]: - """ - Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - """ return pulumi.get(self, "memberof_ldap_attribute") @memberof_ldap_attribute.setter @@ -502,9 +400,6 @@ def memberof_ldap_attribute(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="membershipAttributeType") def membership_attribute_type(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `DN` or `UID`. Defaults to `DN`. - """ return pulumi.get(self, "membership_attribute_type") @membership_attribute_type.setter @@ -514,9 +409,6 @@ def membership_attribute_type(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="membershipLdapAttribute") def membership_ldap_attribute(self) -> Optional[pulumi.Input[str]]: - """ - The name of the LDAP attribute that is used for membership mappings. - """ return pulumi.get(self, "membership_ldap_attribute") @membership_ldap_attribute.setter @@ -526,9 +418,6 @@ def membership_ldap_attribute(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="membershipUserLdapAttribute") def membership_user_ldap_attribute(self) -> Optional[pulumi.Input[str]]: - """ - The name of the LDAP attribute on a user that is used for membership mappings. - """ return pulumi.get(self, "membership_user_ldap_attribute") @membership_user_ldap_attribute.setter @@ -538,9 +427,6 @@ def membership_user_ldap_attribute(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def mode(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - """ return pulumi.get(self, "mode") @mode.setter @@ -551,7 +437,7 @@ def mode(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -562,9 +448,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="preserveGroupInheritance") def preserve_group_inheritance(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - """ return pulumi.get(self, "preserve_group_inheritance") @preserve_group_inheritance.setter @@ -575,7 +458,7 @@ def preserve_group_inheritance(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -586,9 +469,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="userRolesRetrieveStrategy") def user_roles_retrieve_strategy(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - """ return pulumi.get(self, "user_roles_retrieve_strategy") @user_roles_retrieve_strategy.setter @@ -621,79 +501,84 @@ def __init__(__self__, user_roles_retrieve_strategy: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing group mappers for Keycloak users federated via LDAP. + ## # ldap.GroupMapper + + Allows for creating and managing group mappers for Keycloak users federated + via LDAP. - The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also - create the groups within Keycloak if they do not already exist. + The LDAP group mapper can be used to map an LDAP user's groups from some DN + to Keycloak groups. This group mapper will also create the groups within Keycloak + if they do not already exist. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_url="ldap://openldap", rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", + realm_id=realm.id, user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - connection_url="ldap://openldap", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") + uuid_ldap_attribute="entryDN") ldap_group_mapper = keycloak.ldap.GroupMapper("ldapGroupMapper", - realm_id=realm.id, - ldap_user_federation_id=ldap_user_federation.id, - ldap_groups_dn="dc=example,dc=org", group_name_ldap_attribute="cn", group_object_classes=["groupOfNames"], + ldap_groups_dn="dc=example,dc=org", + ldap_user_federation_id=ldap_user_federation.id, + memberof_ldap_attribute="memberOf", membership_attribute_type="DN", membership_ldap_attribute="member", membership_user_ldap_attribute="cn", - memberof_ldap_attribute="memberOf") + realm_id=realm.id) ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `ldap_groups_dn` - (Required) The LDAP DN where groups can be found. + - `group_name_ldap_attribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. + - `group_object_classes` - (Required) Array of strings representing the object classes for the group. Must contain at least one. + - `preserve_group_inheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. + - `ignore_missing_groups` - (Optional) When `true`, missing groups in the hierarchy will be ignored. + - `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings. + - `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. + - `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. + - `groups_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + - `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`. + - `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + - `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. + - `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. + - `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. + + ### Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - - Example: - - bash - - ```sh - $ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] drop_non_existing_groups_during_sync: When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - :param pulumi.Input[str] group_name_ldap_attribute: The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_object_classes: List of strings representing the object classes for the group. Must contain at least one. - :param pulumi.Input[str] groups_ldap_filter: When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - :param pulumi.Input[str] groups_path: Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - :param pulumi.Input[bool] ignore_missing_groups: When `true`, missing groups in the hierarchy will be ignored. - :param pulumi.Input[str] ldap_groups_dn: The LDAP DN where groups can be found. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[Sequence[pulumi.Input[str]]] mapped_group_attributes: Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - :param pulumi.Input[str] memberof_ldap_attribute: Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - :param pulumi.Input[str] membership_attribute_type: Can be one of `DN` or `UID`. Defaults to `DN`. - :param pulumi.Input[str] membership_ldap_attribute: The name of the LDAP attribute that is used for membership mappings. - :param pulumi.Input[str] membership_user_ldap_attribute: The name of the LDAP attribute on a user that is used for membership mappings. - :param pulumi.Input[str] mode: Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] preserve_group_inheritance: When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] user_roles_retrieve_strategy: Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ ... @overload @@ -702,58 +587,78 @@ def __init__(__self__, args: GroupMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing group mappers for Keycloak users federated via LDAP. + ## # ldap.GroupMapper - The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also - create the groups within Keycloak if they do not already exist. + Allows for creating and managing group mappers for Keycloak users federated + via LDAP. - ## Example Usage + The LDAP group mapper can be used to map an LDAP user's groups from some DN + to Keycloak groups. This group mapper will also create the groups within Keycloak + if they do not already exist. + ### Example Usage + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_url="ldap://openldap", rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", + realm_id=realm.id, user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - connection_url="ldap://openldap", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") + uuid_ldap_attribute="entryDN") ldap_group_mapper = keycloak.ldap.GroupMapper("ldapGroupMapper", - realm_id=realm.id, - ldap_user_federation_id=ldap_user_federation.id, - ldap_groups_dn="dc=example,dc=org", group_name_ldap_attribute="cn", group_object_classes=["groupOfNames"], + ldap_groups_dn="dc=example,dc=org", + ldap_user_federation_id=ldap_user_federation.id, + memberof_ldap_attribute="memberOf", membership_attribute_type="DN", membership_ldap_attribute="member", membership_user_ldap_attribute="cn", - memberof_ldap_attribute="memberOf") + realm_id=realm.id) ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `ldap_groups_dn` - (Required) The LDAP DN where groups can be found. + - `group_name_ldap_attribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. + - `group_object_classes` - (Required) Array of strings representing the object classes for the group. Must contain at least one. + - `preserve_group_inheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. + - `ignore_missing_groups` - (Optional) When `true`, missing groups in the hierarchy will be ignored. + - `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings. + - `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. + - `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. + - `groups_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + - `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`. + - `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + - `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. + - `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. + - `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. + + ### Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - - Example: - - bash - - ```sh - $ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param GroupMapperArgs args: The arguments to use to populate this resource's properties. @@ -864,24 +769,9 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] drop_non_existing_groups_during_sync: When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - :param pulumi.Input[str] group_name_ldap_attribute: The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_object_classes: List of strings representing the object classes for the group. Must contain at least one. - :param pulumi.Input[str] groups_ldap_filter: When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - :param pulumi.Input[str] groups_path: Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - :param pulumi.Input[bool] ignore_missing_groups: When `true`, missing groups in the hierarchy will be ignored. - :param pulumi.Input[str] ldap_groups_dn: The LDAP DN where groups can be found. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[Sequence[pulumi.Input[str]]] mapped_group_attributes: Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - :param pulumi.Input[str] memberof_ldap_attribute: Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - :param pulumi.Input[str] membership_attribute_type: Can be one of `DN` or `UID`. Defaults to `DN`. - :param pulumi.Input[str] membership_ldap_attribute: The name of the LDAP attribute that is used for membership mappings. - :param pulumi.Input[str] membership_user_ldap_attribute: The name of the LDAP attribute on a user that is used for membership mappings. - :param pulumi.Input[str] mode: Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] preserve_group_inheritance: When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] user_roles_retrieve_strategy: Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -910,144 +800,99 @@ def get(resource_name: str, @property @pulumi.getter(name="dropNonExistingGroupsDuringSync") def drop_non_existing_groups_during_sync(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - """ return pulumi.get(self, "drop_non_existing_groups_during_sync") @property @pulumi.getter(name="groupNameLdapAttribute") def group_name_ldap_attribute(self) -> pulumi.Output[str]: - """ - The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - """ return pulumi.get(self, "group_name_ldap_attribute") @property @pulumi.getter(name="groupObjectClasses") def group_object_classes(self) -> pulumi.Output[Sequence[str]]: - """ - List of strings representing the object classes for the group. Must contain at least one. - """ return pulumi.get(self, "group_object_classes") @property @pulumi.getter(name="groupsLdapFilter") def groups_ldap_filter(self) -> pulumi.Output[Optional[str]]: - """ - When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - """ return pulumi.get(self, "groups_ldap_filter") @property @pulumi.getter(name="groupsPath") def groups_path(self) -> pulumi.Output[str]: - """ - Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. - """ return pulumi.get(self, "groups_path") @property @pulumi.getter(name="ignoreMissingGroups") def ignore_missing_groups(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, missing groups in the hierarchy will be ignored. - """ return pulumi.get(self, "ignore_missing_groups") @property @pulumi.getter(name="ldapGroupsDn") def ldap_groups_dn(self) -> pulumi.Output[str]: - """ - The LDAP DN where groups can be found. - """ return pulumi.get(self, "ldap_groups_dn") @property @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Output[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @property @pulumi.getter(name="mappedGroupAttributes") def mapped_group_attributes(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - """ return pulumi.get(self, "mapped_group_attributes") @property @pulumi.getter(name="memberofLdapAttribute") def memberof_ldap_attribute(self) -> pulumi.Output[Optional[str]]: - """ - Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - """ return pulumi.get(self, "memberof_ldap_attribute") @property @pulumi.getter(name="membershipAttributeType") def membership_attribute_type(self) -> pulumi.Output[Optional[str]]: - """ - Can be one of `DN` or `UID`. Defaults to `DN`. - """ return pulumi.get(self, "membership_attribute_type") @property @pulumi.getter(name="membershipLdapAttribute") def membership_ldap_attribute(self) -> pulumi.Output[str]: - """ - The name of the LDAP attribute that is used for membership mappings. - """ return pulumi.get(self, "membership_ldap_attribute") @property @pulumi.getter(name="membershipUserLdapAttribute") def membership_user_ldap_attribute(self) -> pulumi.Output[str]: - """ - The name of the LDAP attribute on a user that is used for membership mappings. - """ return pulumi.get(self, "membership_user_ldap_attribute") @property @pulumi.getter def mode(self) -> pulumi.Output[Optional[str]]: - """ - Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - """ return pulumi.get(self, "mode") @property @pulumi.getter def name(self) -> pulumi.Output[str]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @property @pulumi.getter(name="preserveGroupInheritance") def preserve_group_inheritance(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - """ return pulumi.get(self, "preserve_group_inheritance") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="userRolesRetrieveStrategy") def user_roles_retrieve_strategy(self) -> pulumi.Output[Optional[str]]: - """ - Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - """ return pulumi.get(self, "user_roles_retrieve_strategy") diff --git a/sdk/python/pulumi_keycloak/ldap/hardcoded_attribute_mapper.py b/sdk/python/pulumi_keycloak/ldap/hardcoded_attribute_mapper.py index 8b1c6d01..75963c21 100644 --- a/sdk/python/pulumi_keycloak/ldap/hardcoded_attribute_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/hardcoded_attribute_mapper.py @@ -203,6 +203,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -230,16 +231,17 @@ def __init__(__self__, attribute_name="foo", attribute_value="bar") ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 @@ -268,6 +270,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -295,16 +298,17 @@ def __init__(__self__, attribute_name="foo", attribute_value="bar") ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/python/pulumi_keycloak/ldap/hardcoded_group_mapper.py b/sdk/python/pulumi_keycloak/ldap/hardcoded_group_mapper.py index ebed7134..1888f520 100644 --- a/sdk/python/pulumi_keycloak/ldap/hardcoded_group_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/hardcoded_group_mapper.py @@ -169,6 +169,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -195,16 +196,17 @@ def __init__(__self__, ldap_user_federation_id=ldap_user_federation.id, group=realm_group.name) ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 @@ -230,6 +232,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -256,16 +259,17 @@ def __init__(__self__, ldap_user_federation_id=ldap_user_federation.id, group=realm_group.name) ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/python/pulumi_keycloak/ldap/hardcoded_role_mapper.py b/sdk/python/pulumi_keycloak/ldap/hardcoded_role_mapper.py index 378f1db6..fae0fea6 100644 --- a/sdk/python/pulumi_keycloak/ldap/hardcoded_role_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/hardcoded_role_mapper.py @@ -20,10 +20,10 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a HardcodedRoleMapper resource. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] role: The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] role: Role to grant to user. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. """ pulumi.set(__self__, "ldap_user_federation_id", ldap_user_federation_id) pulumi.set(__self__, "realm_id", realm_id) @@ -35,7 +35,7 @@ def __init__(__self__, *, @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Input[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -47,7 +47,7 @@ def ldap_user_federation_id(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -59,7 +59,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter def role(self) -> pulumi.Input[str]: """ - The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + Role to grant to user. """ return pulumi.get(self, "role") @@ -71,7 +71,7 @@ def role(self, value: pulumi.Input[str]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -89,10 +89,10 @@ def __init__(__self__, *, role: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering HardcodedRoleMapper resources. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] role: The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] role: Role to grant to user. """ if ldap_user_federation_id is not None: pulumi.set(__self__, "ldap_user_federation_id", ldap_user_federation_id) @@ -107,7 +107,7 @@ def __init__(__self__, *, @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> Optional[pulumi.Input[str]]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -119,7 +119,7 @@ def ldap_user_federation_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -131,7 +131,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -143,7 +143,7 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def role(self) -> Optional[pulumi.Input[str]]: """ - The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + Role to grant to user. """ return pulumi.get(self, "role") @@ -163,19 +163,19 @@ def __init__(__self__, role: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP. + ## # ldap.HardcodedRoleMapper - The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. + This mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. - ## Example Usage - ### Realm Role) + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", + realm="test", enabled=True) ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", realm_id=realm.id, @@ -190,67 +190,34 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - realm_admin_role = keycloak.Role("realmAdminRole", - realm_id=realm.id, - description="My Realm Role") assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, - role=realm_admin_role.name) + role="admin") ``` - ### Client Role) + - ```python - import pulumi - import pulumi_keycloak as keycloak + ### Argument Reference - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", - rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", - user_object_classes=[ - "simpleSecurityObject", - "organizationalRole", - ], - connection_url="ldap://openldap", - users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") - realm_management = keycloak.openid.get_client_output(realm_id=realm.id, - client_id="realm-management") - create_client = pulumi.Output.all(realm.id, realm_management).apply(lambda id, realm_management: keycloak.get_role_output(realm_id=id, - client_id=realm_management.id, - name="create-client")) - assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", - realm_id=realm.id, - ldap_user_federation_id=ldap_user_federation.id, - role=pulumi.Output.all(realm_management, create_client).apply(lambda realm_management, create_client: f"{realm_management.client_id}.{create_client.name}")) - ``` - - ## Import - - LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The following arguments are supported: - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `role` - (Required) The role which should be assigned to the users. - Example: + ### Import - bash - - ```sh - $ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] role: The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] role: Role to grant to user. """ ... @overload @@ -259,19 +226,19 @@ def __init__(__self__, args: HardcodedRoleMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP. + ## # ldap.HardcodedRoleMapper - The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. + This mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP. - ## Example Usage - ### Realm Role) + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", + realm="test", enabled=True) ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", realm_id=realm.id, @@ -286,60 +253,27 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - realm_admin_role = keycloak.Role("realmAdminRole", - realm_id=realm.id, - description="My Realm Role") assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, - role=realm_admin_role.name) + role="admin") ``` - ### Client Role) + - ```python - import pulumi - import pulumi_keycloak as keycloak + ### Argument Reference - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", - rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", - user_object_classes=[ - "simpleSecurityObject", - "organizationalRole", - ], - connection_url="ldap://openldap", - users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") - realm_management = keycloak.openid.get_client_output(realm_id=realm.id, - client_id="realm-management") - create_client = pulumi.Output.all(realm.id, realm_management).apply(lambda id, realm_management: keycloak.get_role_output(realm_id=id, - client_id=realm_management.id, - name="create-client")) - assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", - realm_id=realm.id, - ldap_user_federation_id=ldap_user_federation.id, - role=pulumi.Output.all(realm_management, create_client).apply(lambda realm_management, create_client: f"{realm_management.client_id}.{create_client.name}")) - ``` - - ## Import - - LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The following arguments are supported: - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `role` - (Required) The role which should be assigned to the users. - Example: + ### Import - bash - - ```sh - $ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param HardcodedRoleMapperArgs args: The arguments to use to populate this resource's properties. @@ -400,10 +334,10 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] role: The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] role: Role to grant to user. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -419,7 +353,7 @@ def get(resource_name: str, @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Output[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -427,7 +361,7 @@ def ldap_user_federation_id(self) -> pulumi.Output[str]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -435,7 +369,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -443,7 +377,7 @@ def realm_id(self) -> pulumi.Output[str]: @pulumi.getter def role(self) -> pulumi.Output[str]: """ - The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. + Role to grant to user. """ return pulumi.get(self, "role") diff --git a/sdk/python/pulumi_keycloak/ldap/msad_lds_user_account_control_mapper.py b/sdk/python/pulumi_keycloak/ldap/msad_lds_user_account_control_mapper.py index 5afc50b4..2751f709 100644 --- a/sdk/python/pulumi_keycloak/ldap/msad_lds_user_account_control_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/msad_lds_user_account_control_mapper.py @@ -141,6 +141,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -166,16 +167,17 @@ def __init__(__self__, realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id) ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 @@ -204,6 +206,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -229,16 +232,17 @@ def __init__(__self__, realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id) ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/python/pulumi_keycloak/ldap/msad_user_account_control_mapper.py b/sdk/python/pulumi_keycloak/ldap/msad_user_account_control_mapper.py index c368c9c5..f0f048e7 100644 --- a/sdk/python/pulumi_keycloak/ldap/msad_user_account_control_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/msad_user_account_control_mapper.py @@ -20,10 +20,9 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a MsadUserAccountControlMapper resource. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[bool] ldap_password_policy_hints_enabled: When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. """ pulumi.set(__self__, "ldap_user_federation_id", ldap_user_federation_id) pulumi.set(__self__, "realm_id", realm_id) @@ -36,7 +35,7 @@ def __init__(__self__, *, @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Input[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -48,7 +47,7 @@ def ldap_user_federation_id(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -59,9 +58,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="ldapPasswordPolicyHintsEnabled") def ldap_password_policy_hints_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - """ return pulumi.get(self, "ldap_password_policy_hints_enabled") @ldap_password_policy_hints_enabled.setter @@ -72,7 +68,7 @@ def ldap_password_policy_hints_enabled(self, value: Optional[pulumi.Input[bool]] @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -90,10 +86,9 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering MsadUserAccountControlMapper resources. - :param pulumi.Input[bool] ldap_password_policy_hints_enabled: When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ if ldap_password_policy_hints_enabled is not None: pulumi.set(__self__, "ldap_password_policy_hints_enabled", ldap_password_policy_hints_enabled) @@ -107,9 +102,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="ldapPasswordPolicyHintsEnabled") def ldap_password_policy_hints_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - """ return pulumi.get(self, "ldap_password_policy_hints_enabled") @ldap_password_policy_hints_enabled.setter @@ -120,7 +112,7 @@ def ldap_password_policy_hints_enabled(self, value: Optional[pulumi.Input[bool]] @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> Optional[pulumi.Input[str]]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -132,7 +124,7 @@ def ldap_user_federation_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -144,7 +136,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -164,6 +156,8 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # ldap.MsadUserAccountControlMapper + Allows for creating and managing MSAD user account control mappers for Keycloak users federated via LDAP. @@ -172,54 +166,56 @@ def __init__(__self__, AD user state to Keycloak in order to enforce settings like expired passwords or disabled accounts. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_url="ldap://my-ad-server", rdn_ldap_attribute="cn", - uuid_ldap_attribute="objectGUID", + realm_id=realm.id, user_object_classes=[ "person", "organizationalPerson", "user", ], - connection_url="ldap://my-ad-server", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") + uuid_ldap_attribute="objectGUID") msad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", - realm_id=realm.id, - ldap_user_federation_id=ldap_user_federation.id) + ldap_user_federation_id=ldap_user_federation.id, + realm_id=realm.id) ``` + - ## Import - - LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + ### Argument Reference - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `ldap_password_policy_hints_enabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - bash + ### Import - ```sh - $ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] ldap_password_policy_hints_enabled: When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ ... @overload @@ -228,6 +224,8 @@ def __init__(__self__, args: MsadUserAccountControlMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # ldap.MsadUserAccountControlMapper + Allows for creating and managing MSAD user account control mappers for Keycloak users federated via LDAP. @@ -236,47 +234,50 @@ def __init__(__self__, AD user state to Keycloak in order to enforce settings like expired passwords or disabled accounts. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_url="ldap://my-ad-server", rdn_ldap_attribute="cn", - uuid_ldap_attribute="objectGUID", + realm_id=realm.id, user_object_classes=[ "person", "organizationalPerson", "user", ], - connection_url="ldap://my-ad-server", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") + uuid_ldap_attribute="objectGUID") msad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", - realm_id=realm.id, - ldap_user_federation_id=ldap_user_federation.id) + ldap_user_federation_id=ldap_user_federation.id, + realm_id=realm.id) ``` + - ## Import - - LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + ### Argument Reference - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `ldap_password_policy_hints_enabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - bash + ### Import - ```sh - $ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param MsadUserAccountControlMapperArgs args: The arguments to use to populate this resource's properties. @@ -335,10 +336,9 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] ldap_password_policy_hints_enabled: When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -353,16 +353,13 @@ def get(resource_name: str, @property @pulumi.getter(name="ldapPasswordPolicyHintsEnabled") def ldap_password_policy_hints_enabled(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. - """ return pulumi.get(self, "ldap_password_policy_hints_enabled") @property @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Output[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -370,7 +367,7 @@ def ldap_user_federation_id(self) -> pulumi.Output[str]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -378,7 +375,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/ldap/outputs.py b/sdk/python/pulumi_keycloak/ldap/outputs.py index 81e849d6..f817790d 100644 --- a/sdk/python/pulumi_keycloak/ldap/outputs.py +++ b/sdk/python/pulumi_keycloak/ldap/outputs.py @@ -46,11 +46,10 @@ def __init__(__self__, *, max_lifespan: Optional[str] = None, policy: Optional[str] = None): """ - :param int eviction_day: Day of the week the entry will become invalid on + :param int eviction_day: Day of the week the entry will become invalid on. :param int eviction_hour: Hour of day the entry will become invalid on. :param int eviction_minute: Minute of day the entry will become invalid on. :param str max_lifespan: Max lifespan of cache entry (duration string). - :param str policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. """ if eviction_day is not None: pulumi.set(__self__, "eviction_day", eviction_day) @@ -67,7 +66,7 @@ def __init__(__self__, *, @pulumi.getter(name="evictionDay") def eviction_day(self) -> Optional[int]: """ - Day of the week the entry will become invalid on + Day of the week the entry will become invalid on. """ return pulumi.get(self, "eviction_day") @@ -98,9 +97,6 @@ def max_lifespan(self) -> Optional[str]: @property @pulumi.getter def policy(self) -> Optional[str]: - """ - Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. - """ return pulumi.get(self, "policy") @@ -135,7 +131,7 @@ def __init__(__self__, *, server_principal: str, use_kerberos_for_password_authentication: Optional[bool] = None): """ - :param str kerberos_realm: The name of the kerberos realm, e.g. FOO.LOCAL. + :param str kerberos_realm: The name of the kerberos realm, e.g. FOO.LOCAL :param str key_tab: Path to the kerberos keytab file on the server with credentials of the service principal. :param str server_principal: The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'. :param bool use_kerberos_for_password_authentication: Use kerberos login module instead of ldap service api. Defaults to `false`. @@ -150,7 +146,7 @@ def __init__(__self__, *, @pulumi.getter(name="kerberosRealm") def kerberos_realm(self) -> str: """ - The name of the kerberos realm, e.g. FOO.LOCAL. + The name of the kerberos realm, e.g. FOO.LOCAL """ return pulumi.get(self, "kerberos_realm") diff --git a/sdk/python/pulumi_keycloak/ldap/role_mapper.py b/sdk/python/pulumi_keycloak/ldap/role_mapper.py index d4182aef..3cdcfe9e 100644 --- a/sdk/python/pulumi_keycloak/ldap/role_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/role_mapper.py @@ -528,6 +528,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -560,16 +561,17 @@ def __init__(__self__, user_roles_retrieve_strategy="GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE", memberof_ldap_attribute="memberOf") ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 @@ -606,6 +608,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -638,16 +641,17 @@ def __init__(__self__, user_roles_retrieve_strategy="GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE", memberof_ldap_attribute="memberOf") ``` + ## Import LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 diff --git a/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py b/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py index e0e451c9..b96a3119 100644 --- a/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py @@ -26,16 +26,16 @@ def __init__(__self__, *, read_only: Optional[pulumi.Input[bool]] = None): """ The set of arguments for constructing a UserAttributeMapper resource. - :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on the LDAP object. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] user_model_attribute: Name of the user property or attribute you want to map the LDAP attribute into. - :param pulumi.Input[bool] always_read_value_from_ldap: When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. - :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. - :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes. - :param pulumi.Input[bool] is_mandatory_in_ldap: When `true`, this attribute must exist in LDAP. Defaults to `false`. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] read_only: When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on LDAP object. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] user_model_attribute: Name of the UserModel property or attribute you want to map the LDAP attribute into. + :param pulumi.Input[bool] always_read_value_from_ldap: When true, the value fetched from LDAP will override the value stored in Keycloak. + :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if is_mandatory_in_ldap and the value is empty + :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes + :param pulumi.Input[bool] is_mandatory_in_ldap: When true, this attribute must exist in LDAP. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[bool] read_only: When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. """ pulumi.set(__self__, "ldap_attribute", ldap_attribute) pulumi.set(__self__, "ldap_user_federation_id", ldap_user_federation_id) @@ -58,7 +58,7 @@ def __init__(__self__, *, @pulumi.getter(name="ldapAttribute") def ldap_attribute(self) -> pulumi.Input[str]: """ - Name of the mapped attribute on the LDAP object. + Name of the mapped attribute on LDAP object. """ return pulumi.get(self, "ldap_attribute") @@ -70,7 +70,7 @@ def ldap_attribute(self, value: pulumi.Input[str]): @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Input[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -82,7 +82,7 @@ def ldap_user_federation_id(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -94,7 +94,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter(name="userModelAttribute") def user_model_attribute(self) -> pulumi.Input[str]: """ - Name of the user property or attribute you want to map the LDAP attribute into. + Name of the UserModel property or attribute you want to map the LDAP attribute into. """ return pulumi.get(self, "user_model_attribute") @@ -106,7 +106,7 @@ def user_model_attribute(self, value: pulumi.Input[str]): @pulumi.getter(name="alwaysReadValueFromLdap") def always_read_value_from_ldap(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + When true, the value fetched from LDAP will override the value stored in Keycloak. """ return pulumi.get(self, "always_read_value_from_ldap") @@ -118,7 +118,7 @@ def always_read_value_from_ldap(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="attributeDefaultValue") def attribute_default_value(self) -> Optional[pulumi.Input[str]]: """ - Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + Default value to set in LDAP if is_mandatory_in_ldap and the value is empty """ return pulumi.get(self, "attribute_default_value") @@ -130,7 +130,7 @@ def attribute_default_value(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="isBinaryAttribute") def is_binary_attribute(self) -> Optional[pulumi.Input[bool]]: """ - Should be true for binary LDAP attributes. + Should be true for binary LDAP attributes """ return pulumi.get(self, "is_binary_attribute") @@ -142,7 +142,7 @@ def is_binary_attribute(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="isMandatoryInLdap") def is_mandatory_in_ldap(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, this attribute must exist in LDAP. Defaults to `false`. + When true, this attribute must exist in LDAP. """ return pulumi.get(self, "is_mandatory_in_ldap") @@ -154,7 +154,7 @@ def is_mandatory_in_ldap(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -166,7 +166,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. """ return pulumi.get(self, "read_only") @@ -190,16 +190,16 @@ def __init__(__self__, *, user_model_attribute: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering UserAttributeMapper resources. - :param pulumi.Input[bool] always_read_value_from_ldap: When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. - :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. - :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes. - :param pulumi.Input[bool] is_mandatory_in_ldap: When `true`, this attribute must exist in LDAP. Defaults to `false`. - :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on the LDAP object. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] read_only: When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] user_model_attribute: Name of the user property or attribute you want to map the LDAP attribute into. + :param pulumi.Input[bool] always_read_value_from_ldap: When true, the value fetched from LDAP will override the value stored in Keycloak. + :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if is_mandatory_in_ldap and the value is empty + :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes + :param pulumi.Input[bool] is_mandatory_in_ldap: When true, this attribute must exist in LDAP. + :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on LDAP object. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[bool] read_only: When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] user_model_attribute: Name of the UserModel property or attribute you want to map the LDAP attribute into. """ if always_read_value_from_ldap is not None: pulumi.set(__self__, "always_read_value_from_ldap", always_read_value_from_ldap) @@ -226,7 +226,7 @@ def __init__(__self__, *, @pulumi.getter(name="alwaysReadValueFromLdap") def always_read_value_from_ldap(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + When true, the value fetched from LDAP will override the value stored in Keycloak. """ return pulumi.get(self, "always_read_value_from_ldap") @@ -238,7 +238,7 @@ def always_read_value_from_ldap(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="attributeDefaultValue") def attribute_default_value(self) -> Optional[pulumi.Input[str]]: """ - Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + Default value to set in LDAP if is_mandatory_in_ldap and the value is empty """ return pulumi.get(self, "attribute_default_value") @@ -250,7 +250,7 @@ def attribute_default_value(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="isBinaryAttribute") def is_binary_attribute(self) -> Optional[pulumi.Input[bool]]: """ - Should be true for binary LDAP attributes. + Should be true for binary LDAP attributes """ return pulumi.get(self, "is_binary_attribute") @@ -262,7 +262,7 @@ def is_binary_attribute(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="isMandatoryInLdap") def is_mandatory_in_ldap(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, this attribute must exist in LDAP. Defaults to `false`. + When true, this attribute must exist in LDAP. """ return pulumi.get(self, "is_mandatory_in_ldap") @@ -274,7 +274,7 @@ def is_mandatory_in_ldap(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="ldapAttribute") def ldap_attribute(self) -> Optional[pulumi.Input[str]]: """ - Name of the mapped attribute on the LDAP object. + Name of the mapped attribute on LDAP object. """ return pulumi.get(self, "ldap_attribute") @@ -286,7 +286,7 @@ def ldap_attribute(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> Optional[pulumi.Input[str]]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -298,7 +298,7 @@ def ldap_user_federation_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -310,7 +310,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. """ return pulumi.get(self, "read_only") @@ -322,7 +322,7 @@ def read_only(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -334,7 +334,7 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="userModelAttribute") def user_model_attribute(self) -> Optional[pulumi.Input[str]]: """ - Name of the user property or attribute you want to map the LDAP attribute into. + Name of the UserModel property or attribute you want to map the LDAP attribute into. """ return pulumi.get(self, "user_model_attribute") @@ -360,67 +360,76 @@ def __init__(__self__, user_model_attribute: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # ldap.UserAttributeMapper + Allows for creating and managing user attribute mappers for Keycloak users federated via LDAP. The LDAP user attribute mapper can be used to map a single LDAP attribute to an attribute on the Keycloak user model. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_url="ldap://openldap", rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", + realm_id=realm.id, user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - connection_url="ldap://openldap", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") + uuid_ldap_attribute="entryDN") ldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper("ldapUserAttributeMapper", - realm_id=realm.id, + ldap_attribute="bar", ldap_user_federation_id=ldap_user_federation.id, - user_model_attribute="foo", - ldap_attribute="bar") + realm_id=realm.id, + user_model_attribute="foo") ``` + - ## Import + ### Argument Reference - LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The following arguments are supported: - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `user_model_attribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into. + - `ldap_attribute` - (Required) Name of the mapped attribute on the LDAP object. + - `read_only` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + - `always_read_value_from_ldap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + - `is_mandatory_in_ldap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`. - Example: + ### Import - bash - - ```sh - $ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] always_read_value_from_ldap: When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. - :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. - :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes. - :param pulumi.Input[bool] is_mandatory_in_ldap: When `true`, this attribute must exist in LDAP. Defaults to `false`. - :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on the LDAP object. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] read_only: When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] user_model_attribute: Name of the user property or attribute you want to map the LDAP attribute into. + :param pulumi.Input[bool] always_read_value_from_ldap: When true, the value fetched from LDAP will override the value stored in Keycloak. + :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if is_mandatory_in_ldap and the value is empty + :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes + :param pulumi.Input[bool] is_mandatory_in_ldap: When true, this attribute must exist in LDAP. + :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on LDAP object. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[bool] read_only: When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] user_model_attribute: Name of the UserModel property or attribute you want to map the LDAP attribute into. """ ... @overload @@ -429,54 +438,63 @@ def __init__(__self__, args: UserAttributeMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # ldap.UserAttributeMapper + Allows for creating and managing user attribute mappers for Keycloak users federated via LDAP. The LDAP user attribute mapper can be used to map a single LDAP attribute to an attribute on the Keycloak user model. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, - username_ldap_attribute="cn", + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_url="ldap://openldap", rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", + realm_id=realm.id, user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - connection_url="ldap://openldap", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin") + uuid_ldap_attribute="entryDN") ldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper("ldapUserAttributeMapper", - realm_id=realm.id, + ldap_attribute="bar", ldap_user_federation_id=ldap_user_federation.id, - user_model_attribute="foo", - ldap_attribute="bar") + realm_id=realm.id, + user_model_attribute="foo") ``` + - ## Import + ### Argument Reference - LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The following arguments are supported: - The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. + - `realm_id` - (Required) The realm that this LDAP mapper will exist in. + - `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to. + - `name` - (Required) Display name of this mapper when displayed in the console. + - `user_model_attribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into. + - `ldap_attribute` - (Required) Name of the mapped attribute on the LDAP object. + - `read_only` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + - `always_read_value_from_ldap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + - `is_mandatory_in_ldap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`. - Example: + ### Import - bash - - ```sh - $ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 - ``` + LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. + The ID of the LDAP user federation provider and the mapper can be found within + the Keycloak GUI, and they are typically GUIDs: :param str resource_name: The name of the resource. :param UserAttributeMapperArgs args: The arguments to use to populate this resource's properties. @@ -557,16 +575,16 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] always_read_value_from_ldap: When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. - :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. - :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes. - :param pulumi.Input[bool] is_mandatory_in_ldap: When `true`, this attribute must exist in LDAP. Defaults to `false`. - :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on the LDAP object. - :param pulumi.Input[str] ldap_user_federation_id: The ID of the LDAP user federation provider to attach this mapper to. - :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[bool] read_only: When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. - :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. - :param pulumi.Input[str] user_model_attribute: Name of the user property or attribute you want to map the LDAP attribute into. + :param pulumi.Input[bool] always_read_value_from_ldap: When true, the value fetched from LDAP will override the value stored in Keycloak. + :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if is_mandatory_in_ldap and the value is empty + :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes + :param pulumi.Input[bool] is_mandatory_in_ldap: When true, this attribute must exist in LDAP. + :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on LDAP object. + :param pulumi.Input[str] ldap_user_federation_id: The ldap user federation provider to attach this mapper to. + :param pulumi.Input[str] name: Display name of the mapper when displayed in the console. + :param pulumi.Input[bool] read_only: When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. + :param pulumi.Input[str] realm_id: The realm in which the ldap user federation provider exists. + :param pulumi.Input[str] user_model_attribute: Name of the UserModel property or attribute you want to map the LDAP attribute into. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -588,7 +606,7 @@ def get(resource_name: str, @pulumi.getter(name="alwaysReadValueFromLdap") def always_read_value_from_ldap(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. + When true, the value fetched from LDAP will override the value stored in Keycloak. """ return pulumi.get(self, "always_read_value_from_ldap") @@ -596,7 +614,7 @@ def always_read_value_from_ldap(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="attributeDefaultValue") def attribute_default_value(self) -> pulumi.Output[Optional[str]]: """ - Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + Default value to set in LDAP if is_mandatory_in_ldap and the value is empty """ return pulumi.get(self, "attribute_default_value") @@ -604,7 +622,7 @@ def attribute_default_value(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="isBinaryAttribute") def is_binary_attribute(self) -> pulumi.Output[Optional[bool]]: """ - Should be true for binary LDAP attributes. + Should be true for binary LDAP attributes """ return pulumi.get(self, "is_binary_attribute") @@ -612,7 +630,7 @@ def is_binary_attribute(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="isMandatoryInLdap") def is_mandatory_in_ldap(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, this attribute must exist in LDAP. Defaults to `false`. + When true, this attribute must exist in LDAP. """ return pulumi.get(self, "is_mandatory_in_ldap") @@ -620,7 +638,7 @@ def is_mandatory_in_ldap(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="ldapAttribute") def ldap_attribute(self) -> pulumi.Output[str]: """ - Name of the mapped attribute on the LDAP object. + Name of the mapped attribute on LDAP object. """ return pulumi.get(self, "ldap_attribute") @@ -628,7 +646,7 @@ def ldap_attribute(self) -> pulumi.Output[str]: @pulumi.getter(name="ldapUserFederationId") def ldap_user_federation_id(self) -> pulumi.Output[str]: """ - The ID of the LDAP user federation provider to attach this mapper to. + The ldap user federation provider to attach this mapper to. """ return pulumi.get(self, "ldap_user_federation_id") @@ -636,7 +654,7 @@ def ldap_user_federation_id(self) -> pulumi.Output[str]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - Display name of this mapper when displayed in the console. + Display name of the mapper when displayed in the console. """ return pulumi.get(self, "name") @@ -644,7 +662,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="readOnly") def read_only(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. + When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. """ return pulumi.get(self, "read_only") @@ -652,7 +670,7 @@ def read_only(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm that this LDAP mapper will exist in. + The realm in which the ldap user federation provider exists. """ return pulumi.get(self, "realm_id") @@ -660,7 +678,7 @@ def realm_id(self) -> pulumi.Output[str]: @pulumi.getter(name="userModelAttribute") def user_model_attribute(self) -> pulumi.Output[str]: """ - Name of the user property or attribute you want to map the LDAP attribute into. + Name of the UserModel property or attribute you want to map the LDAP attribute into. """ return pulumi.get(self, "user_model_attribute") diff --git a/sdk/python/pulumi_keycloak/ldap/user_federation.py b/sdk/python/pulumi_keycloak/ldap/user_federation.py index dec50957..e9accede 100644 --- a/sdk/python/pulumi_keycloak/ldap/user_federation.py +++ b/sdk/python/pulumi_keycloak/ldap/user_federation.py @@ -52,36 +52,37 @@ def __init__(__self__, *, The set of arguments for constructing a UserFederation resource. :param pulumi.Input[str] connection_url: Connection URL to the LDAP server. :param pulumi.Input[str] rdn_ldap_attribute: Name of the LDAP attribute to use as the relative distinguished name. - :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. - :param pulumi.Input[Sequence[pulumi.Input[str]]] user_object_classes: Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + :param pulumi.Input[str] realm_id: The realm this provider will provide user federation for. + :param pulumi.Input[Sequence[pulumi.Input[str]]] user_object_classes: All values of LDAP objectClass attribute for users in LDAP. :param pulumi.Input[str] username_ldap_attribute: Name of the LDAP attribute to use as the Keycloak username. :param pulumi.Input[str] users_dn: Full DN of LDAP tree where your users are. :param pulumi.Input[str] uuid_ldap_attribute: Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. - :param pulumi.Input[int] batch_size_for_sync: The number of users to sync within a single transaction. Defaults to `1000`. - :param pulumi.Input[str] bind_credential: Password of LDAP admin. This attribute must be set if `bind_dn` is set. - :param pulumi.Input[str] bind_dn: DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. - :param pulumi.Input['UserFederationCacheArgs'] cache: A block containing the cache settings. - :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[str] connection_timeout: LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). - :param pulumi.Input[str] custom_user_search_filter: Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. - :param pulumi.Input[bool] delete_default_mappers: When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. - :param pulumi.Input[str] edit_mode: Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. - :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + :param pulumi.Input[int] batch_size_for_sync: The number of users to sync within a single transaction. + :param pulumi.Input[str] bind_credential: Password of LDAP admin. + :param pulumi.Input[str] bind_dn: DN of LDAP admin, which will be used by Keycloak to access LDAP server. + :param pulumi.Input['UserFederationCacheArgs'] cache: Settings regarding cache policy for this realm. + :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + sync. + :param pulumi.Input[str] connection_timeout: LDAP connection timeout (duration string) + :param pulumi.Input[str] custom_user_search_filter: Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + :param pulumi.Input[bool] delete_default_mappers: When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + user federation provider. + :param pulumi.Input[str] edit_mode: READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. + :param pulumi.Input[bool] enabled: When false, this provider will not be used when performing queries for users. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. - :param pulumi.Input[bool] import_enabled: When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. - :param pulumi.Input['UserFederationKerberosArgs'] kerberos: A block containing the kerberos settings. + :param pulumi.Input[bool] import_enabled: When true, LDAP users will be imported into the Keycloak database. + :param pulumi.Input['UserFederationKerberosArgs'] kerberos: Settings regarding kerberos authentication for this realm. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. - :param pulumi.Input[bool] pagination: When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. - :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. Defaults to `0`. - :param pulumi.Input[str] read_timeout: LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). - :param pulumi.Input[str] search_scope: Can be one of `ONE_LEVEL` or `SUBTREE`: - :param pulumi.Input[bool] start_tls: When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. - :param pulumi.Input[bool] sync_registrations: When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + :param pulumi.Input[bool] pagination: When true, Keycloak assumes the LDAP server supports pagination. + :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. + :param pulumi.Input[str] read_timeout: LDAP read timeout (duration string) + :param pulumi.Input[str] search_scope: ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. + :param pulumi.Input[bool] start_tls: When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + :param pulumi.Input[bool] sync_registrations: When true, newly created users will be synced back to LDAP. :param pulumi.Input[bool] trust_email: If enabled, email provided by this provider is not verified even if verification is enabled for the realm. :param pulumi.Input[bool] use_password_modify_extended_op: When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). - :param pulumi.Input[str] use_truststore_spi: Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - :param pulumi.Input[bool] validate_password_policy: When `true`, Keycloak will validate passwords using the realm policy before updating it. - :param pulumi.Input[str] vendor: Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + :param pulumi.Input[bool] validate_password_policy: When true, Keycloak will validate passwords using the realm policy before updating it. + :param pulumi.Input[str] vendor: LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. """ pulumi.set(__self__, "connection_url", connection_url) pulumi.set(__self__, "rdn_ldap_attribute", rdn_ldap_attribute) @@ -169,7 +170,7 @@ def rdn_ldap_attribute(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm that this provider will provide user federation for. + The realm this provider will provide user federation for. """ return pulumi.get(self, "realm_id") @@ -181,7 +182,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter(name="userObjectClasses") def user_object_classes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: """ - Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + All values of LDAP objectClass attribute for users in LDAP. """ return pulumi.get(self, "user_object_classes") @@ -229,7 +230,7 @@ def uuid_ldap_attribute(self, value: pulumi.Input[str]): @pulumi.getter(name="batchSizeForSync") def batch_size_for_sync(self) -> Optional[pulumi.Input[int]]: """ - The number of users to sync within a single transaction. Defaults to `1000`. + The number of users to sync within a single transaction. """ return pulumi.get(self, "batch_size_for_sync") @@ -241,7 +242,7 @@ def batch_size_for_sync(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="bindCredential") def bind_credential(self) -> Optional[pulumi.Input[str]]: """ - Password of LDAP admin. This attribute must be set if `bind_dn` is set. + Password of LDAP admin. """ return pulumi.get(self, "bind_credential") @@ -253,7 +254,7 @@ def bind_credential(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="bindDn") def bind_dn(self) -> Optional[pulumi.Input[str]]: """ - DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + DN of LDAP admin, which will be used by Keycloak to access LDAP server. """ return pulumi.get(self, "bind_dn") @@ -265,7 +266,7 @@ def bind_dn(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def cache(self) -> Optional[pulumi.Input['UserFederationCacheArgs']]: """ - A block containing the cache settings. + Settings regarding cache policy for this realm. """ return pulumi.get(self, "cache") @@ -277,7 +278,8 @@ def cache(self, value: Optional[pulumi.Input['UserFederationCacheArgs']]): @pulumi.getter(name="changedSyncPeriod") def changed_sync_period(self) -> Optional[pulumi.Input[int]]: """ - How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + sync. """ return pulumi.get(self, "changed_sync_period") @@ -289,7 +291,7 @@ def changed_sync_period(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="connectionTimeout") def connection_timeout(self) -> Optional[pulumi.Input[str]]: """ - LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + LDAP connection timeout (duration string) """ return pulumi.get(self, "connection_timeout") @@ -301,7 +303,7 @@ def connection_timeout(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="customUserSearchFilter") def custom_user_search_filter(self) -> Optional[pulumi.Input[str]]: """ - Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. """ return pulumi.get(self, "custom_user_search_filter") @@ -313,7 +315,8 @@ def custom_user_search_filter(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="deleteDefaultMappers") def delete_default_mappers(self) -> Optional[pulumi.Input[bool]]: """ - When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + user federation provider. """ return pulumi.get(self, "delete_default_mappers") @@ -325,7 +328,7 @@ def delete_default_mappers(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="editMode") def edit_mode(self) -> Optional[pulumi.Input[str]]: """ - Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. """ return pulumi.get(self, "edit_mode") @@ -337,7 +340,7 @@ def edit_mode(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + When false, this provider will not be used when performing queries for users. """ return pulumi.get(self, "enabled") @@ -361,7 +364,7 @@ def full_sync_period(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="importEnabled") def import_enabled(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + When true, LDAP users will be imported into the Keycloak database. """ return pulumi.get(self, "import_enabled") @@ -373,7 +376,7 @@ def import_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def kerberos(self) -> Optional[pulumi.Input['UserFederationKerberosArgs']]: """ - A block containing the kerberos settings. + Settings regarding kerberos authentication for this realm. """ return pulumi.get(self, "kerberos") @@ -397,7 +400,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def pagination(self) -> Optional[pulumi.Input[bool]]: """ - When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + When true, Keycloak assumes the LDAP server supports pagination. """ return pulumi.get(self, "pagination") @@ -409,7 +412,7 @@ def pagination(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def priority(self) -> Optional[pulumi.Input[int]]: """ - Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + Priority of this provider when looking up users. Lower values are first. """ return pulumi.get(self, "priority") @@ -421,7 +424,7 @@ def priority(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="readTimeout") def read_timeout(self) -> Optional[pulumi.Input[str]]: """ - LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + LDAP read timeout (duration string) """ return pulumi.get(self, "read_timeout") @@ -433,7 +436,7 @@ def read_timeout(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="searchScope") def search_scope(self) -> Optional[pulumi.Input[str]]: """ - Can be one of `ONE_LEVEL` or `SUBTREE`: + ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. """ return pulumi.get(self, "search_scope") @@ -445,7 +448,7 @@ def search_scope(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="startTls") def start_tls(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. """ return pulumi.get(self, "start_tls") @@ -457,7 +460,7 @@ def start_tls(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="syncRegistrations") def sync_registrations(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + When true, newly created users will be synced back to LDAP. """ return pulumi.get(self, "sync_registrations") @@ -492,9 +495,6 @@ def use_password_modify_extended_op(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="useTruststoreSpi") def use_truststore_spi(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - """ return pulumi.get(self, "use_truststore_spi") @use_truststore_spi.setter @@ -505,7 +505,7 @@ def use_truststore_spi(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="validatePasswordPolicy") def validate_password_policy(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, Keycloak will validate passwords using the realm policy before updating it. + When true, Keycloak will validate passwords using the realm policy before updating it. """ return pulumi.get(self, "validate_password_policy") @@ -517,7 +517,7 @@ def validate_password_policy(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def vendor(self) -> Optional[pulumi.Input[str]]: """ - Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. """ return pulumi.get(self, "vendor") @@ -563,38 +563,39 @@ def __init__(__self__, *, vendor: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering UserFederation resources. - :param pulumi.Input[int] batch_size_for_sync: The number of users to sync within a single transaction. Defaults to `1000`. - :param pulumi.Input[str] bind_credential: Password of LDAP admin. This attribute must be set if `bind_dn` is set. - :param pulumi.Input[str] bind_dn: DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. - :param pulumi.Input['UserFederationCacheArgs'] cache: A block containing the cache settings. - :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[str] connection_timeout: LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + :param pulumi.Input[int] batch_size_for_sync: The number of users to sync within a single transaction. + :param pulumi.Input[str] bind_credential: Password of LDAP admin. + :param pulumi.Input[str] bind_dn: DN of LDAP admin, which will be used by Keycloak to access LDAP server. + :param pulumi.Input['UserFederationCacheArgs'] cache: Settings regarding cache policy for this realm. + :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + sync. + :param pulumi.Input[str] connection_timeout: LDAP connection timeout (duration string) :param pulumi.Input[str] connection_url: Connection URL to the LDAP server. - :param pulumi.Input[str] custom_user_search_filter: Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. - :param pulumi.Input[bool] delete_default_mappers: When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. - :param pulumi.Input[str] edit_mode: Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. - :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + :param pulumi.Input[str] custom_user_search_filter: Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + :param pulumi.Input[bool] delete_default_mappers: When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + user federation provider. + :param pulumi.Input[str] edit_mode: READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. + :param pulumi.Input[bool] enabled: When false, this provider will not be used when performing queries for users. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. - :param pulumi.Input[bool] import_enabled: When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. - :param pulumi.Input['UserFederationKerberosArgs'] kerberos: A block containing the kerberos settings. + :param pulumi.Input[bool] import_enabled: When true, LDAP users will be imported into the Keycloak database. + :param pulumi.Input['UserFederationKerberosArgs'] kerberos: Settings regarding kerberos authentication for this realm. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. - :param pulumi.Input[bool] pagination: When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. - :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + :param pulumi.Input[bool] pagination: When true, Keycloak assumes the LDAP server supports pagination. + :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. :param pulumi.Input[str] rdn_ldap_attribute: Name of the LDAP attribute to use as the relative distinguished name. - :param pulumi.Input[str] read_timeout: LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). - :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. - :param pulumi.Input[str] search_scope: Can be one of `ONE_LEVEL` or `SUBTREE`: - :param pulumi.Input[bool] start_tls: When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. - :param pulumi.Input[bool] sync_registrations: When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + :param pulumi.Input[str] read_timeout: LDAP read timeout (duration string) + :param pulumi.Input[str] realm_id: The realm this provider will provide user federation for. + :param pulumi.Input[str] search_scope: ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. + :param pulumi.Input[bool] start_tls: When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + :param pulumi.Input[bool] sync_registrations: When true, newly created users will be synced back to LDAP. :param pulumi.Input[bool] trust_email: If enabled, email provided by this provider is not verified even if verification is enabled for the realm. :param pulumi.Input[bool] use_password_modify_extended_op: When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). - :param pulumi.Input[str] use_truststore_spi: Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - :param pulumi.Input[Sequence[pulumi.Input[str]]] user_object_classes: Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + :param pulumi.Input[Sequence[pulumi.Input[str]]] user_object_classes: All values of LDAP objectClass attribute for users in LDAP. :param pulumi.Input[str] username_ldap_attribute: Name of the LDAP attribute to use as the Keycloak username. :param pulumi.Input[str] users_dn: Full DN of LDAP tree where your users are. :param pulumi.Input[str] uuid_ldap_attribute: Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. - :param pulumi.Input[bool] validate_password_policy: When `true`, Keycloak will validate passwords using the realm policy before updating it. - :param pulumi.Input[str] vendor: Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + :param pulumi.Input[bool] validate_password_policy: When true, Keycloak will validate passwords using the realm policy before updating it. + :param pulumi.Input[str] vendor: LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. """ if batch_size_for_sync is not None: pulumi.set(__self__, "batch_size_for_sync", batch_size_for_sync) @@ -665,7 +666,7 @@ def __init__(__self__, *, @pulumi.getter(name="batchSizeForSync") def batch_size_for_sync(self) -> Optional[pulumi.Input[int]]: """ - The number of users to sync within a single transaction. Defaults to `1000`. + The number of users to sync within a single transaction. """ return pulumi.get(self, "batch_size_for_sync") @@ -677,7 +678,7 @@ def batch_size_for_sync(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="bindCredential") def bind_credential(self) -> Optional[pulumi.Input[str]]: """ - Password of LDAP admin. This attribute must be set if `bind_dn` is set. + Password of LDAP admin. """ return pulumi.get(self, "bind_credential") @@ -689,7 +690,7 @@ def bind_credential(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="bindDn") def bind_dn(self) -> Optional[pulumi.Input[str]]: """ - DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + DN of LDAP admin, which will be used by Keycloak to access LDAP server. """ return pulumi.get(self, "bind_dn") @@ -701,7 +702,7 @@ def bind_dn(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def cache(self) -> Optional[pulumi.Input['UserFederationCacheArgs']]: """ - A block containing the cache settings. + Settings regarding cache policy for this realm. """ return pulumi.get(self, "cache") @@ -713,7 +714,8 @@ def cache(self, value: Optional[pulumi.Input['UserFederationCacheArgs']]): @pulumi.getter(name="changedSyncPeriod") def changed_sync_period(self) -> Optional[pulumi.Input[int]]: """ - How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + sync. """ return pulumi.get(self, "changed_sync_period") @@ -725,7 +727,7 @@ def changed_sync_period(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="connectionTimeout") def connection_timeout(self) -> Optional[pulumi.Input[str]]: """ - LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + LDAP connection timeout (duration string) """ return pulumi.get(self, "connection_timeout") @@ -749,7 +751,7 @@ def connection_url(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="customUserSearchFilter") def custom_user_search_filter(self) -> Optional[pulumi.Input[str]]: """ - Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. """ return pulumi.get(self, "custom_user_search_filter") @@ -761,7 +763,8 @@ def custom_user_search_filter(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="deleteDefaultMappers") def delete_default_mappers(self) -> Optional[pulumi.Input[bool]]: """ - When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + user federation provider. """ return pulumi.get(self, "delete_default_mappers") @@ -773,7 +776,7 @@ def delete_default_mappers(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="editMode") def edit_mode(self) -> Optional[pulumi.Input[str]]: """ - Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. """ return pulumi.get(self, "edit_mode") @@ -785,7 +788,7 @@ def edit_mode(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + When false, this provider will not be used when performing queries for users. """ return pulumi.get(self, "enabled") @@ -809,7 +812,7 @@ def full_sync_period(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="importEnabled") def import_enabled(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + When true, LDAP users will be imported into the Keycloak database. """ return pulumi.get(self, "import_enabled") @@ -821,7 +824,7 @@ def import_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def kerberos(self) -> Optional[pulumi.Input['UserFederationKerberosArgs']]: """ - A block containing the kerberos settings. + Settings regarding kerberos authentication for this realm. """ return pulumi.get(self, "kerberos") @@ -845,7 +848,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def pagination(self) -> Optional[pulumi.Input[bool]]: """ - When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + When true, Keycloak assumes the LDAP server supports pagination. """ return pulumi.get(self, "pagination") @@ -857,7 +860,7 @@ def pagination(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def priority(self) -> Optional[pulumi.Input[int]]: """ - Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + Priority of this provider when looking up users. Lower values are first. """ return pulumi.get(self, "priority") @@ -881,7 +884,7 @@ def rdn_ldap_attribute(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="readTimeout") def read_timeout(self) -> Optional[pulumi.Input[str]]: """ - LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + LDAP read timeout (duration string) """ return pulumi.get(self, "read_timeout") @@ -893,7 +896,7 @@ def read_timeout(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm that this provider will provide user federation for. + The realm this provider will provide user federation for. """ return pulumi.get(self, "realm_id") @@ -905,7 +908,7 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="searchScope") def search_scope(self) -> Optional[pulumi.Input[str]]: """ - Can be one of `ONE_LEVEL` or `SUBTREE`: + ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. """ return pulumi.get(self, "search_scope") @@ -917,7 +920,7 @@ def search_scope(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="startTls") def start_tls(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. """ return pulumi.get(self, "start_tls") @@ -929,7 +932,7 @@ def start_tls(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="syncRegistrations") def sync_registrations(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + When true, newly created users will be synced back to LDAP. """ return pulumi.get(self, "sync_registrations") @@ -964,9 +967,6 @@ def use_password_modify_extended_op(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="useTruststoreSpi") def use_truststore_spi(self) -> Optional[pulumi.Input[str]]: - """ - Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - """ return pulumi.get(self, "use_truststore_spi") @use_truststore_spi.setter @@ -977,7 +977,7 @@ def use_truststore_spi(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="userObjectClasses") def user_object_classes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + All values of LDAP objectClass attribute for users in LDAP. """ return pulumi.get(self, "user_object_classes") @@ -1025,7 +1025,7 @@ def uuid_ldap_attribute(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="validatePasswordPolicy") def validate_password_policy(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, Keycloak will validate passwords using the realm policy before updating it. + When true, Keycloak will validate passwords using the realm policy before updating it. """ return pulumi.get(self, "validate_password_policy") @@ -1037,7 +1037,7 @@ def validate_password_policy(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def vendor(self) -> Optional[pulumi.Input[str]]: """ - Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. """ return pulumi.get(self, "vendor") @@ -1085,6 +1085,8 @@ def __init__(__self__, vendor: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # ldap.UserFederation + Allows for creating and managing LDAP user federation providers within Keycloak. Keycloak can use an LDAP user federation provider to federate users to Keycloak @@ -1092,84 +1094,112 @@ def __init__(__self__, will exist within the realm and will be able to log in to clients. Federated users can have their attributes defined using mappers. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_timeout="5s", + connection_url="ldap://openldap", enabled=True, - username_ldap_attribute="cn", rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", + read_timeout="10s", + realm_id=realm.id, user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - connection_url="ldap://openldap", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin", - connection_timeout="5s", - read_timeout="10s", - kerberos=keycloak.ldap.UserFederationKerberosArgs( - kerberos_realm="FOO.LOCAL", - server_principal="HTTP/host.foo.com@FOO.LOCAL", - key_tab="/etc/host.keytab", - )) + uuid_ldap_attribute="entryDN") ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm that this provider will provide user federation for. + - `name` - (Required) Display name of the provider when displayed in the console. + - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + - `import_enabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + - `edit_mode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + - `sync_registrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + - `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`. + - `username_ldap_attribute` - (Required) Name of the LDAP attribute to use as the Keycloak username. + - `rdn_ldap_attribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name. + - `uuid_ldap_attribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. + - `user_object_classes` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + - `connection_url` - (Required) Connection URL to the LDAP server. + - `users_dn` - (Required) Full DN of LDAP tree where your users are. + - `bind_dn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + - `bind_credential` - (Optional) Password of LDAP admin. This attribute must be set if `bind_dn` is set. + - `custom_user_search_filter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + - `search_scope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`: + - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`. + - `SUBTREE`: Search entire LDAP subtree. + - `validate_password_policy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it. + - `use_truststore_spi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: + - `ALWAYS` - Always use the truststore SPI for LDAP connections. + - `NEVER` - Never use the truststore SPI for LDAP connections. + - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol. + - `connection_timeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + - `read_timeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + - `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + - `batch_size_for_sync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`. + - `full_sync_period` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. + - `changed_sync_period` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + - `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. + + ### Import LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. - - The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: - - bash - - ```sh - $ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - ``` + The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[int] batch_size_for_sync: The number of users to sync within a single transaction. Defaults to `1000`. - :param pulumi.Input[str] bind_credential: Password of LDAP admin. This attribute must be set if `bind_dn` is set. - :param pulumi.Input[str] bind_dn: DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. - :param pulumi.Input[pulumi.InputType['UserFederationCacheArgs']] cache: A block containing the cache settings. - :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[str] connection_timeout: LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + :param pulumi.Input[int] batch_size_for_sync: The number of users to sync within a single transaction. + :param pulumi.Input[str] bind_credential: Password of LDAP admin. + :param pulumi.Input[str] bind_dn: DN of LDAP admin, which will be used by Keycloak to access LDAP server. + :param pulumi.Input[pulumi.InputType['UserFederationCacheArgs']] cache: Settings regarding cache policy for this realm. + :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + sync. + :param pulumi.Input[str] connection_timeout: LDAP connection timeout (duration string) :param pulumi.Input[str] connection_url: Connection URL to the LDAP server. - :param pulumi.Input[str] custom_user_search_filter: Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. - :param pulumi.Input[bool] delete_default_mappers: When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. - :param pulumi.Input[str] edit_mode: Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. - :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + :param pulumi.Input[str] custom_user_search_filter: Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + :param pulumi.Input[bool] delete_default_mappers: When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + user federation provider. + :param pulumi.Input[str] edit_mode: READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. + :param pulumi.Input[bool] enabled: When false, this provider will not be used when performing queries for users. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. - :param pulumi.Input[bool] import_enabled: When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. - :param pulumi.Input[pulumi.InputType['UserFederationKerberosArgs']] kerberos: A block containing the kerberos settings. + :param pulumi.Input[bool] import_enabled: When true, LDAP users will be imported into the Keycloak database. + :param pulumi.Input[pulumi.InputType['UserFederationKerberosArgs']] kerberos: Settings regarding kerberos authentication for this realm. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. - :param pulumi.Input[bool] pagination: When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. - :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + :param pulumi.Input[bool] pagination: When true, Keycloak assumes the LDAP server supports pagination. + :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. :param pulumi.Input[str] rdn_ldap_attribute: Name of the LDAP attribute to use as the relative distinguished name. - :param pulumi.Input[str] read_timeout: LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). - :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. - :param pulumi.Input[str] search_scope: Can be one of `ONE_LEVEL` or `SUBTREE`: - :param pulumi.Input[bool] start_tls: When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. - :param pulumi.Input[bool] sync_registrations: When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + :param pulumi.Input[str] read_timeout: LDAP read timeout (duration string) + :param pulumi.Input[str] realm_id: The realm this provider will provide user federation for. + :param pulumi.Input[str] search_scope: ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. + :param pulumi.Input[bool] start_tls: When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + :param pulumi.Input[bool] sync_registrations: When true, newly created users will be synced back to LDAP. :param pulumi.Input[bool] trust_email: If enabled, email provided by this provider is not verified even if verification is enabled for the realm. :param pulumi.Input[bool] use_password_modify_extended_op: When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). - :param pulumi.Input[str] use_truststore_spi: Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - :param pulumi.Input[Sequence[pulumi.Input[str]]] user_object_classes: Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + :param pulumi.Input[Sequence[pulumi.Input[str]]] user_object_classes: All values of LDAP objectClass attribute for users in LDAP. :param pulumi.Input[str] username_ldap_attribute: Name of the LDAP attribute to use as the Keycloak username. :param pulumi.Input[str] users_dn: Full DN of LDAP tree where your users are. :param pulumi.Input[str] uuid_ldap_attribute: Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. - :param pulumi.Input[bool] validate_password_policy: When `true`, Keycloak will validate passwords using the realm policy before updating it. - :param pulumi.Input[str] vendor: Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + :param pulumi.Input[bool] validate_password_policy: When true, Keycloak will validate passwords using the realm policy before updating it. + :param pulumi.Input[str] vendor: LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. """ ... @overload @@ -1178,6 +1208,8 @@ def __init__(__self__, args: UserFederationArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # ldap.UserFederation + Allows for creating and managing LDAP user federation providers within Keycloak. Keycloak can use an LDAP user federation provider to federate users to Keycloak @@ -1185,49 +1217,76 @@ def __init__(__self__, will exist within the realm and will be able to log in to clients. Federated users can have their attributes defined using mappers. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="test") ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - realm_id=realm.id, + bind_credential="admin", + bind_dn="cn=admin,dc=example,dc=org", + connection_timeout="5s", + connection_url="ldap://openldap", enabled=True, - username_ldap_attribute="cn", rdn_ldap_attribute="cn", - uuid_ldap_attribute="entryDN", + read_timeout="10s", + realm_id=realm.id, user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - connection_url="ldap://openldap", + username_ldap_attribute="cn", users_dn="dc=example,dc=org", - bind_dn="cn=admin,dc=example,dc=org", - bind_credential="admin", - connection_timeout="5s", - read_timeout="10s", - kerberos=keycloak.ldap.UserFederationKerberosArgs( - kerberos_realm="FOO.LOCAL", - server_principal="HTTP/host.foo.com@FOO.LOCAL", - key_tab="/etc/host.keytab", - )) + uuid_ldap_attribute="entryDN") ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm that this provider will provide user federation for. + - `name` - (Required) Display name of the provider when displayed in the console. + - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + - `import_enabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + - `edit_mode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + - `sync_registrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + - `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`. + - `username_ldap_attribute` - (Required) Name of the LDAP attribute to use as the Keycloak username. + - `rdn_ldap_attribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name. + - `uuid_ldap_attribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. + - `user_object_classes` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + - `connection_url` - (Required) Connection URL to the LDAP server. + - `users_dn` - (Required) Full DN of LDAP tree where your users are. + - `bind_dn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + - `bind_credential` - (Optional) Password of LDAP admin. This attribute must be set if `bind_dn` is set. + - `custom_user_search_filter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + - `search_scope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`: + - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`. + - `SUBTREE`: Search entire LDAP subtree. + - `validate_password_policy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it. + - `use_truststore_spi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: + - `ALWAYS` - Always use the truststore SPI for LDAP connections. + - `NEVER` - Never use the truststore SPI for LDAP connections. + - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol. + - `connection_timeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + - `read_timeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + - `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + - `batch_size_for_sync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`. + - `full_sync_period` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. + - `changed_sync_period` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + - `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. + + ### Import LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. - - The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: - - bash - - ```sh - $ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860 - ``` + The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID: :param str resource_name: The name of the resource. :param UserFederationArgs args: The arguments to use to populate this resource's properties. @@ -1382,38 +1441,39 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[int] batch_size_for_sync: The number of users to sync within a single transaction. Defaults to `1000`. - :param pulumi.Input[str] bind_credential: Password of LDAP admin. This attribute must be set if `bind_dn` is set. - :param pulumi.Input[str] bind_dn: DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. - :param pulumi.Input[pulumi.InputType['UserFederationCacheArgs']] cache: A block containing the cache settings. - :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[str] connection_timeout: LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + :param pulumi.Input[int] batch_size_for_sync: The number of users to sync within a single transaction. + :param pulumi.Input[str] bind_credential: Password of LDAP admin. + :param pulumi.Input[str] bind_dn: DN of LDAP admin, which will be used by Keycloak to access LDAP server. + :param pulumi.Input[pulumi.InputType['UserFederationCacheArgs']] cache: Settings regarding cache policy for this realm. + :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + sync. + :param pulumi.Input[str] connection_timeout: LDAP connection timeout (duration string) :param pulumi.Input[str] connection_url: Connection URL to the LDAP server. - :param pulumi.Input[str] custom_user_search_filter: Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. - :param pulumi.Input[bool] delete_default_mappers: When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. - :param pulumi.Input[str] edit_mode: Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. - :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + :param pulumi.Input[str] custom_user_search_filter: Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + :param pulumi.Input[bool] delete_default_mappers: When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + user federation provider. + :param pulumi.Input[str] edit_mode: READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. + :param pulumi.Input[bool] enabled: When false, this provider will not be used when performing queries for users. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. - :param pulumi.Input[bool] import_enabled: When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. - :param pulumi.Input[pulumi.InputType['UserFederationKerberosArgs']] kerberos: A block containing the kerberos settings. + :param pulumi.Input[bool] import_enabled: When true, LDAP users will be imported into the Keycloak database. + :param pulumi.Input[pulumi.InputType['UserFederationKerberosArgs']] kerberos: Settings regarding kerberos authentication for this realm. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. - :param pulumi.Input[bool] pagination: When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. - :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + :param pulumi.Input[bool] pagination: When true, Keycloak assumes the LDAP server supports pagination. + :param pulumi.Input[int] priority: Priority of this provider when looking up users. Lower values are first. :param pulumi.Input[str] rdn_ldap_attribute: Name of the LDAP attribute to use as the relative distinguished name. - :param pulumi.Input[str] read_timeout: LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). - :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. - :param pulumi.Input[str] search_scope: Can be one of `ONE_LEVEL` or `SUBTREE`: - :param pulumi.Input[bool] start_tls: When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. - :param pulumi.Input[bool] sync_registrations: When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + :param pulumi.Input[str] read_timeout: LDAP read timeout (duration string) + :param pulumi.Input[str] realm_id: The realm this provider will provide user federation for. + :param pulumi.Input[str] search_scope: ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. + :param pulumi.Input[bool] start_tls: When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + :param pulumi.Input[bool] sync_registrations: When true, newly created users will be synced back to LDAP. :param pulumi.Input[bool] trust_email: If enabled, email provided by this provider is not verified even if verification is enabled for the realm. :param pulumi.Input[bool] use_password_modify_extended_op: When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). - :param pulumi.Input[str] use_truststore_spi: Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - :param pulumi.Input[Sequence[pulumi.Input[str]]] user_object_classes: Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + :param pulumi.Input[Sequence[pulumi.Input[str]]] user_object_classes: All values of LDAP objectClass attribute for users in LDAP. :param pulumi.Input[str] username_ldap_attribute: Name of the LDAP attribute to use as the Keycloak username. :param pulumi.Input[str] users_dn: Full DN of LDAP tree where your users are. :param pulumi.Input[str] uuid_ldap_attribute: Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. - :param pulumi.Input[bool] validate_password_policy: When `true`, Keycloak will validate passwords using the realm policy before updating it. - :param pulumi.Input[str] vendor: Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + :param pulumi.Input[bool] validate_password_policy: When true, Keycloak will validate passwords using the realm policy before updating it. + :param pulumi.Input[str] vendor: LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -1457,7 +1517,7 @@ def get(resource_name: str, @pulumi.getter(name="batchSizeForSync") def batch_size_for_sync(self) -> pulumi.Output[Optional[int]]: """ - The number of users to sync within a single transaction. Defaults to `1000`. + The number of users to sync within a single transaction. """ return pulumi.get(self, "batch_size_for_sync") @@ -1465,7 +1525,7 @@ def batch_size_for_sync(self) -> pulumi.Output[Optional[int]]: @pulumi.getter(name="bindCredential") def bind_credential(self) -> pulumi.Output[Optional[str]]: """ - Password of LDAP admin. This attribute must be set if `bind_dn` is set. + Password of LDAP admin. """ return pulumi.get(self, "bind_credential") @@ -1473,7 +1533,7 @@ def bind_credential(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="bindDn") def bind_dn(self) -> pulumi.Output[Optional[str]]: """ - DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set. + DN of LDAP admin, which will be used by Keycloak to access LDAP server. """ return pulumi.get(self, "bind_dn") @@ -1481,7 +1541,7 @@ def bind_dn(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def cache(self) -> pulumi.Output[Optional['outputs.UserFederationCache']]: """ - A block containing the cache settings. + Settings regarding cache policy for this realm. """ return pulumi.get(self, "cache") @@ -1489,7 +1549,8 @@ def cache(self) -> pulumi.Output[Optional['outputs.UserFederationCache']]: @pulumi.getter(name="changedSyncPeriod") def changed_sync_period(self) -> pulumi.Output[Optional[int]]: """ - How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users + sync. """ return pulumi.get(self, "changed_sync_period") @@ -1497,7 +1558,7 @@ def changed_sync_period(self) -> pulumi.Output[Optional[int]]: @pulumi.getter(name="connectionTimeout") def connection_timeout(self) -> pulumi.Output[Optional[str]]: """ - LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + LDAP connection timeout (duration string) """ return pulumi.get(self, "connection_timeout") @@ -1513,7 +1574,7 @@ def connection_url(self) -> pulumi.Output[str]: @pulumi.getter(name="customUserSearchFilter") def custom_user_search_filter(self) -> pulumi.Output[Optional[str]]: """ - Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. + Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. """ return pulumi.get(self, "custom_user_search_filter") @@ -1521,7 +1582,8 @@ def custom_user_search_filter(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="deleteDefaultMappers") def delete_default_mappers(self) -> pulumi.Output[Optional[bool]]: """ - When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to `false`. + When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP + user federation provider. """ return pulumi.get(self, "delete_default_mappers") @@ -1529,7 +1591,7 @@ def delete_default_mappers(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="editMode") def edit_mode(self) -> pulumi.Output[Optional[str]]: """ - Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. + READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP. """ return pulumi.get(self, "edit_mode") @@ -1537,7 +1599,7 @@ def edit_mode(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: """ - When `false`, this provider will not be used when performing queries for users. Defaults to `true`. + When false, this provider will not be used when performing queries for users. """ return pulumi.get(self, "enabled") @@ -1553,7 +1615,7 @@ def full_sync_period(self) -> pulumi.Output[Optional[int]]: @pulumi.getter(name="importEnabled") def import_enabled(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. + When true, LDAP users will be imported into the Keycloak database. """ return pulumi.get(self, "import_enabled") @@ -1561,7 +1623,7 @@ def import_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def kerberos(self) -> pulumi.Output[Optional['outputs.UserFederationKerberos']]: """ - A block containing the kerberos settings. + Settings regarding kerberos authentication for this realm. """ return pulumi.get(self, "kerberos") @@ -1577,7 +1639,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter def pagination(self) -> pulumi.Output[Optional[bool]]: """ - When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. + When true, Keycloak assumes the LDAP server supports pagination. """ return pulumi.get(self, "pagination") @@ -1585,7 +1647,7 @@ def pagination(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def priority(self) -> pulumi.Output[Optional[int]]: """ - Priority of this provider when looking up users. Lower values are first. Defaults to `0`. + Priority of this provider when looking up users. Lower values are first. """ return pulumi.get(self, "priority") @@ -1601,7 +1663,7 @@ def rdn_ldap_attribute(self) -> pulumi.Output[str]: @pulumi.getter(name="readTimeout") def read_timeout(self) -> pulumi.Output[Optional[str]]: """ - LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). + LDAP read timeout (duration string) """ return pulumi.get(self, "read_timeout") @@ -1609,7 +1671,7 @@ def read_timeout(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm that this provider will provide user federation for. + The realm this provider will provide user federation for. """ return pulumi.get(self, "realm_id") @@ -1617,7 +1679,7 @@ def realm_id(self) -> pulumi.Output[str]: @pulumi.getter(name="searchScope") def search_scope(self) -> pulumi.Output[Optional[str]]: """ - Can be one of `ONE_LEVEL` or `SUBTREE`: + ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree. """ return pulumi.get(self, "search_scope") @@ -1625,7 +1687,7 @@ def search_scope(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="startTls") def start_tls(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. + When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. """ return pulumi.get(self, "start_tls") @@ -1633,7 +1695,7 @@ def start_tls(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="syncRegistrations") def sync_registrations(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, newly created users will be synced back to LDAP. Defaults to `false`. + When true, newly created users will be synced back to LDAP. """ return pulumi.get(self, "sync_registrations") @@ -1656,16 +1718,13 @@ def use_password_modify_extended_op(self) -> pulumi.Output[Optional[bool]]: @property @pulumi.getter(name="useTruststoreSpi") def use_truststore_spi(self) -> pulumi.Output[Optional[str]]: - """ - Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: - """ return pulumi.get(self, "use_truststore_spi") @property @pulumi.getter(name="userObjectClasses") def user_object_classes(self) -> pulumi.Output[Sequence[str]]: """ - Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. + All values of LDAP objectClass attribute for users in LDAP. """ return pulumi.get(self, "user_object_classes") @@ -1697,7 +1756,7 @@ def uuid_ldap_attribute(self) -> pulumi.Output[str]: @pulumi.getter(name="validatePasswordPolicy") def validate_password_policy(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, Keycloak will validate passwords using the realm policy before updating it. + When true, Keycloak will validate passwords using the realm policy before updating it. """ return pulumi.get(self, "validate_password_policy") @@ -1705,7 +1764,7 @@ def validate_password_policy(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def vendor(self) -> pulumi.Output[Optional[str]]: """ - Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. + LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required. """ return pulumi.get(self, "vendor") diff --git a/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py b/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py index 68225979..2d28a4dd 100644 --- a/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py +++ b/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py @@ -803,6 +803,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -821,14 +822,15 @@ def __init__(__self__, "myCustomConfigKey": "myValue", }) ``` + ## Import Google Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp @@ -871,6 +873,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -889,14 +892,15 @@ def __init__(__self__, "myCustomConfigKey": "myValue", }) ``` + ## Import Google Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp diff --git a/sdk/python/pulumi_keycloak/oidc/identity_provider.py b/sdk/python/pulumi_keycloak/oidc/identity_provider.py index d5013fad..259cbd59 100644 --- a/sdk/python/pulumi_keycloak/oidc/identity_provider.py +++ b/sdk/python/pulumi_keycloak/oidc/identity_provider.py @@ -1065,6 +1065,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -1083,14 +1084,15 @@ def __init__(__self__, "clientAuthMethod": "client_secret_post", }) ``` + ## Import Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp @@ -1142,6 +1144,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -1160,14 +1163,15 @@ def __init__(__self__, "clientAuthMethod": "client_secret_post", }) ``` + ## Import Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp diff --git a/sdk/python/pulumi_keycloak/openid/_inputs.py b/sdk/python/pulumi_keycloak/openid/_inputs.py index 29addd19..4c2387cc 100644 --- a/sdk/python/pulumi_keycloak/openid/_inputs.py +++ b/sdk/python/pulumi_keycloak/openid/_inputs.py @@ -28,10 +28,6 @@ class ClientAuthenticationFlowBindingOverridesArgs: def __init__(__self__, *, browser_id: Optional[pulumi.Input[str]] = None, direct_grant_id: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[str] browser_id: Browser flow id, (flow needs to exist) - :param pulumi.Input[str] direct_grant_id: Direct grant flow id (flow needs to exist) - """ if browser_id is not None: pulumi.set(__self__, "browser_id", browser_id) if direct_grant_id is not None: @@ -40,9 +36,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="browserId") def browser_id(self) -> Optional[pulumi.Input[str]]: - """ - Browser flow id, (flow needs to exist) - """ return pulumi.get(self, "browser_id") @browser_id.setter @@ -52,9 +45,6 @@ def browser_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="directGrantId") def direct_grant_id(self) -> Optional[pulumi.Input[str]]: - """ - Direct grant flow id (flow needs to exist) - """ return pulumi.get(self, "direct_grant_id") @direct_grant_id.setter @@ -69,12 +59,6 @@ def __init__(__self__, *, allow_remote_resource_management: Optional[pulumi.Input[bool]] = None, decision_strategy: Optional[pulumi.Input[str]] = None, keep_defaults: Optional[pulumi.Input[bool]] = None): - """ - :param pulumi.Input[str] policy_enforcement_mode: Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - :param pulumi.Input[bool] allow_remote_resource_management: When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - :param pulumi.Input[str] decision_strategy: Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - :param pulumi.Input[bool] keep_defaults: When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - """ pulumi.set(__self__, "policy_enforcement_mode", policy_enforcement_mode) if allow_remote_resource_management is not None: pulumi.set(__self__, "allow_remote_resource_management", allow_remote_resource_management) @@ -86,9 +70,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="policyEnforcementMode") def policy_enforcement_mode(self) -> pulumi.Input[str]: - """ - Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - """ return pulumi.get(self, "policy_enforcement_mode") @policy_enforcement_mode.setter @@ -98,9 +79,6 @@ def policy_enforcement_mode(self, value: pulumi.Input[str]): @property @pulumi.getter(name="allowRemoteResourceManagement") def allow_remote_resource_management(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - """ return pulumi.get(self, "allow_remote_resource_management") @allow_remote_resource_management.setter @@ -110,9 +88,6 @@ def allow_remote_resource_management(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="decisionStrategy") def decision_strategy(self) -> Optional[pulumi.Input[str]]: - """ - Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - """ return pulumi.get(self, "decision_strategy") @decision_strategy.setter @@ -122,9 +97,6 @@ def decision_strategy(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="keepDefaults") def keep_defaults(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - """ return pulumi.get(self, "keep_defaults") @keep_defaults.setter diff --git a/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py index 898bfcbd..9356f091 100644 --- a/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py @@ -24,14 +24,14 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a AudienceProtocolMapper resource. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[bool] add_to_access_token: Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] included_client_audience: A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. - :param pulumi.Input[str] included_custom_audience: A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[bool] add_to_access_token: Indicates if this claim should be added to the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if this claim should be added to the id token. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] included_client_audience: A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience + :param pulumi.Input[str] included_custom_audience: A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. """ pulumi.set(__self__, "realm_id", realm_id) if add_to_access_token is not None: @@ -53,7 +53,7 @@ def __init__(__self__, *, @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -65,7 +65,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + Indicates if this claim should be added to the access token. """ return pulumi.get(self, "add_to_access_token") @@ -77,7 +77,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + Indicates if this claim should be added to the id token. """ return pulumi.get(self, "add_to_id_token") @@ -89,7 +89,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -101,7 +101,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -113,7 +113,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="includedClientAudience") def included_client_audience(self) -> Optional[pulumi.Input[str]]: """ - A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience """ return pulumi.get(self, "included_client_audience") @@ -125,7 +125,7 @@ def included_client_audience(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="includedCustomAudience") def included_custom_audience(self) -> Optional[pulumi.Input[str]]: """ - A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience """ return pulumi.get(self, "included_custom_audience") @@ -137,7 +137,7 @@ def included_custom_audience(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -159,14 +159,14 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering AudienceProtocolMapper resources. - :param pulumi.Input[bool] add_to_access_token: Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] included_client_audience: A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. - :param pulumi.Input[str] included_custom_audience: A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[bool] add_to_access_token: Indicates if this claim should be added to the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if this claim should be added to the id token. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] included_client_audience: A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience + :param pulumi.Input[str] included_custom_audience: A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -189,7 +189,7 @@ def __init__(__self__, *, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + Indicates if this claim should be added to the access token. """ return pulumi.get(self, "add_to_access_token") @@ -201,7 +201,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + Indicates if this claim should be added to the id token. """ return pulumi.get(self, "add_to_id_token") @@ -213,7 +213,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -225,7 +225,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -237,7 +237,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="includedClientAudience") def included_client_audience(self) -> Optional[pulumi.Input[str]]: """ - A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience """ return pulumi.get(self, "included_client_audience") @@ -249,7 +249,7 @@ def included_client_audience(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="includedCustomAudience") def included_custom_audience(self) -> Optional[pulumi.Input[str]]: """ - A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience """ return pulumi.get(self, "included_custom_audience") @@ -261,7 +261,7 @@ def included_custom_audience(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -273,7 +273,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -297,78 +297,87 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing audience protocol mappers within Keycloak. + ## # openid.AudienceProtocolMapper - Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom - string, or it can be mapped to the ID of a pre-existing client. + Allows for creating and managing audience protocol mappers within + Keycloak. This mapper was added in Keycloak v4.6.0.Final. - ## Example Usage - ### Client) + Audience protocol mappers allow you add audiences to the `aud` claim + within issued tokens. The audience can be a custom string, or it can be + mapped to the ID of a pre-existing client. + ### Example Usage (Client) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", - realm_id=realm.id, client_id=openid_client.id, - included_custom_audience="foo") + included_custom_audience="foo", + realm_id=realm.id) ``` - ### Client Scope) + + + ### Example Usage (Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", - realm_id=realm.id, client_scope_id=client_scope.id, - included_custom_audience="foo") + included_custom_audience="foo", + realm_id=realm.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `included_client_audience` - (Required if `included_custom_audience` is not specified) A client ID to include within the token's `aud` claim. + - `included_custom_audience` - (Required if `included_client_audience` is not specified) A custom audience to include within the token's `aud` claim. + - `add_to_id_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] included_client_audience: A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. - :param pulumi.Input[str] included_custom_audience: A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[bool] add_to_access_token: Indicates if this claim should be added to the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if this claim should be added to the id token. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] included_client_audience: A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience + :param pulumi.Input[str] included_custom_audience: A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ ... @overload @@ -377,67 +386,76 @@ def __init__(__self__, args: AudienceProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing audience protocol mappers within Keycloak. + ## # openid.AudienceProtocolMapper - Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom - string, or it can be mapped to the ID of a pre-existing client. + Allows for creating and managing audience protocol mappers within + Keycloak. This mapper was added in Keycloak v4.6.0.Final. - ## Example Usage - ### Client) + Audience protocol mappers allow you add audiences to the `aud` claim + within issued tokens. The audience can be a custom string, or it can be + mapped to the ID of a pre-existing client. + ### Example Usage (Client) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", - realm_id=realm.id, client_id=openid_client.id, - included_custom_audience="foo") + included_custom_audience="foo", + realm_id=realm.id) ``` - ### Client Scope) + + + ### Example Usage (Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", - realm_id=realm.id, client_scope_id=client_scope.id, - included_custom_audience="foo") + included_custom_audience="foo", + realm_id=realm.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `included_client_audience` - (Required if `included_custom_audience` is not specified) A client ID to include within the token's `aud` claim. + - `included_custom_audience` - (Required if `included_client_audience` is not specified) A custom audience to include within the token's `aud` claim. + - `add_to_id_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param AudienceProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -506,14 +524,14 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] included_client_audience: A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. - :param pulumi.Input[str] included_custom_audience: A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[bool] add_to_access_token: Indicates if this claim should be added to the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if this claim should be added to the id token. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] included_client_audience: A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience + :param pulumi.Input[str] included_custom_audience: A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -533,7 +551,7 @@ def get(resource_name: str, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + Indicates if this claim should be added to the access token. """ return pulumi.get(self, "add_to_access_token") @@ -541,7 +559,7 @@ def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`. + Indicates if this claim should be added to the id token. """ return pulumi.get(self, "add_to_id_token") @@ -549,7 +567,7 @@ def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -557,7 +575,7 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -565,7 +583,7 @@ def client_scope_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="includedClientAudience") def included_client_audience(self) -> pulumi.Output[Optional[str]]: """ - A client ID to include within the token's `aud` claim. Conflicts with `included_custom_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + A client ID to include within the token's `aud` claim. Cannot be used with included_custom_audience """ return pulumi.get(self, "included_client_audience") @@ -573,7 +591,7 @@ def included_client_audience(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="includedCustomAudience") def included_custom_audience(self) -> pulumi.Output[Optional[str]]: """ - A custom audience to include within the token's `aud` claim. Conflicts with `included_client_audience`. One of `included_client_audience` or `included_custom_audience` must be specified. + A custom audience to include within the token's `aud` claim. Cannot be used with included_custom_audience """ return pulumi.get(self, "included_custom_audience") @@ -581,7 +599,7 @@ def included_custom_audience(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -589,7 +607,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mapper.py index aad94e06..bc185d82 100644 --- a/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mapper.py @@ -172,8 +172,10 @@ def __init__(__self__, [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -191,8 +193,11 @@ def __init__(__self__, realm_id=realm.id, client_id=openid_client.id) ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -205,18 +210,19 @@ def __init__(__self__, realm_id=realm.id, client_scope_id=client_scope.id) ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 @@ -247,8 +253,10 @@ def __init__(__self__, [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -266,8 +274,11 @@ def __init__(__self__, realm_id=realm.id, client_id=openid_client.id) ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -280,18 +291,19 @@ def __init__(__self__, realm_id=realm.id, client_scope_id=client_scope.id) ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mappter.py b/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mappter.py index 71635161..508c44cc 100644 --- a/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mappter.py +++ b/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mappter.py @@ -177,8 +177,10 @@ def __init__(__self__, [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -196,8 +198,11 @@ def __init__(__self__, realm_id=realm.id, client_id=openid_client.id) ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -210,18 +215,19 @@ def __init__(__self__, realm_id=realm.id, client_scope_id=client_scope.id) ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 @@ -252,8 +258,10 @@ def __init__(__self__, [Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -271,8 +279,11 @@ def __init__(__self__, realm_id=realm.id, client_id=openid_client.id) ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -285,18 +296,19 @@ def __init__(__self__, realm_id=realm.id, client_scope_id=client_scope.id) ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/python/pulumi_keycloak/openid/client.py b/sdk/python/pulumi_keycloak/openid/client.py index f07c038e..ae2d6774 100644 --- a/sdk/python/pulumi_keycloak/openid/client.py +++ b/sdk/python/pulumi_keycloak/openid/client.py @@ -62,55 +62,6 @@ def __init__(__self__, *, web_origins: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ The set of arguments for constructing a Client resource. - :param pulumi.Input[str] access_type: Specifies the type of client, which can be one of the following: - :param pulumi.Input[str] client_id: The Client ID for this client, referenced in the URI during authentication and in issued tokens. - :param pulumi.Input[str] realm_id: The realm this client is attached to. - :param pulumi.Input[str] access_token_lifespan: The amount of time in seconds before an access token expires. This will override the default for the realm. - :param pulumi.Input[str] admin_url: URL to the admin interface of the client. - :param pulumi.Input['ClientAuthenticationFlowBindingOverridesArgs'] authentication_flow_binding_overrides: Override realm authentication flow bindings - :param pulumi.Input['ClientAuthorizationArgs'] authorization: When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - :param pulumi.Input[bool] backchannel_logout_revoke_offline_sessions: Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - :param pulumi.Input[bool] backchannel_logout_session_required: When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - :param pulumi.Input[str] backchannel_logout_url: The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - :param pulumi.Input[str] base_url: Default URL to use when the auth server needs to redirect or link back to the client. - :param pulumi.Input[str] client_authenticator_type: Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - - `client-secret` (Default) Use client id and client secret to authenticate client. - - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = ` - - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - :param pulumi.Input[str] client_offline_session_idle_timeout: Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - :param pulumi.Input[str] client_offline_session_max_lifespan: Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - :param pulumi.Input[str] client_secret: The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - :param pulumi.Input[str] client_session_idle_timeout: Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - :param pulumi.Input[str] client_session_max_lifespan: Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - :param pulumi.Input[bool] consent_required: When `true`, users have to consent to client access. Defaults to `false`. - :param pulumi.Input[str] consent_screen_text: The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - :param pulumi.Input[str] description: The description of this client in the GUI. - :param pulumi.Input[bool] direct_access_grants_enabled: When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] display_on_consent_screen: When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - :param pulumi.Input[bool] enabled: When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - :param pulumi.Input[bool] exclude_session_state_from_auth_response: When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - :param pulumi.Input[bool] frontchannel_logout_enabled: When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - :param pulumi.Input[str] frontchannel_logout_url: The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - :param pulumi.Input[bool] full_scope_allowed: Allow to include all roles mappings in the access token. - :param pulumi.Input[bool] implicit_flow_enabled: When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] import_: When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - :param pulumi.Input[str] login_theme: The client login theme. This will override the default theme for the realm. - :param pulumi.Input[str] name: The display name of this client in the GUI. - :param pulumi.Input[bool] oauth2_device_authorization_grant_enabled: Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - :param pulumi.Input[str] oauth2_device_code_lifespan: The maximum amount of time a client has to finish the device code flow before it expires. - :param pulumi.Input[str] oauth2_device_polling_interval: The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - :param pulumi.Input[str] pkce_code_challenge_method: The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - :param pulumi.Input[str] root_url: When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - :param pulumi.Input[bool] service_accounts_enabled: When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] standard_flow_enabled: When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] use_refresh_tokens: If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - :param pulumi.Input[bool] use_refresh_tokens_client_credentials: If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_post_logout_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful logout. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - is set to `true`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." """ pulumi.set(__self__, "access_type", access_type) pulumi.set(__self__, "client_id", client_id) @@ -201,9 +152,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="accessType") def access_type(self) -> pulumi.Input[str]: - """ - Specifies the type of client, which can be one of the following: - """ return pulumi.get(self, "access_type") @access_type.setter @@ -213,9 +161,6 @@ def access_type(self, value: pulumi.Input[str]): @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Input[str]: - """ - The Client ID for this client, referenced in the URI during authentication and in issued tokens. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -225,9 +170,6 @@ def client_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this client is attached to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -237,9 +179,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="accessTokenLifespan") def access_token_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time in seconds before an access token expires. This will override the default for the realm. - """ return pulumi.get(self, "access_token_lifespan") @access_token_lifespan.setter @@ -249,9 +188,6 @@ def access_token_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="adminUrl") def admin_url(self) -> Optional[pulumi.Input[str]]: - """ - URL to the admin interface of the client. - """ return pulumi.get(self, "admin_url") @admin_url.setter @@ -261,9 +197,6 @@ def admin_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="authenticationFlowBindingOverrides") def authentication_flow_binding_overrides(self) -> Optional[pulumi.Input['ClientAuthenticationFlowBindingOverridesArgs']]: - """ - Override realm authentication flow bindings - """ return pulumi.get(self, "authentication_flow_binding_overrides") @authentication_flow_binding_overrides.setter @@ -273,9 +206,6 @@ def authentication_flow_binding_overrides(self, value: Optional[pulumi.Input['Cl @property @pulumi.getter def authorization(self) -> Optional[pulumi.Input['ClientAuthorizationArgs']]: - """ - When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - """ return pulumi.get(self, "authorization") @authorization.setter @@ -285,9 +215,6 @@ def authorization(self, value: Optional[pulumi.Input['ClientAuthorizationArgs']] @property @pulumi.getter(name="backchannelLogoutRevokeOfflineSessions") def backchannel_logout_revoke_offline_sessions(self) -> Optional[pulumi.Input[bool]]: - """ - Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - """ return pulumi.get(self, "backchannel_logout_revoke_offline_sessions") @backchannel_logout_revoke_offline_sessions.setter @@ -297,9 +224,6 @@ def backchannel_logout_revoke_offline_sessions(self, value: Optional[pulumi.Inpu @property @pulumi.getter(name="backchannelLogoutSessionRequired") def backchannel_logout_session_required(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - """ return pulumi.get(self, "backchannel_logout_session_required") @backchannel_logout_session_required.setter @@ -309,9 +233,6 @@ def backchannel_logout_session_required(self, value: Optional[pulumi.Input[bool] @property @pulumi.getter(name="backchannelLogoutUrl") def backchannel_logout_url(self) -> Optional[pulumi.Input[str]]: - """ - The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - """ return pulumi.get(self, "backchannel_logout_url") @backchannel_logout_url.setter @@ -321,9 +242,6 @@ def backchannel_logout_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="baseUrl") def base_url(self) -> Optional[pulumi.Input[str]]: - """ - Default URL to use when the auth server needs to redirect or link back to the client. - """ return pulumi.get(self, "base_url") @base_url.setter @@ -333,13 +251,6 @@ def base_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientAuthenticatorType") def client_authenticator_type(self) -> Optional[pulumi.Input[str]]: - """ - Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - - `client-secret` (Default) Use client id and client secret to authenticate client. - - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = ` - - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - """ return pulumi.get(self, "client_authenticator_type") @client_authenticator_type.setter @@ -349,9 +260,6 @@ def client_authenticator_type(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientOfflineSessionIdleTimeout") def client_offline_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - """ return pulumi.get(self, "client_offline_session_idle_timeout") @client_offline_session_idle_timeout.setter @@ -361,9 +269,6 @@ def client_offline_session_idle_timeout(self, value: Optional[pulumi.Input[str]] @property @pulumi.getter(name="clientOfflineSessionMaxLifespan") def client_offline_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - """ return pulumi.get(self, "client_offline_session_max_lifespan") @client_offline_session_max_lifespan.setter @@ -373,9 +278,6 @@ def client_offline_session_max_lifespan(self, value: Optional[pulumi.Input[str]] @property @pulumi.getter(name="clientSecret") def client_secret(self) -> Optional[pulumi.Input[str]]: - """ - The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - """ return pulumi.get(self, "client_secret") @client_secret.setter @@ -385,9 +287,6 @@ def client_secret(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSessionIdleTimeout") def client_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - """ return pulumi.get(self, "client_session_idle_timeout") @client_session_idle_timeout.setter @@ -397,9 +296,6 @@ def client_session_idle_timeout(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSessionMaxLifespan") def client_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - """ return pulumi.get(self, "client_session_max_lifespan") @client_session_max_lifespan.setter @@ -409,9 +305,6 @@ def client_session_max_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="consentRequired") def consent_required(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, users have to consent to client access. Defaults to `false`. - """ return pulumi.get(self, "consent_required") @consent_required.setter @@ -421,9 +314,6 @@ def consent_required(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="consentScreenText") def consent_screen_text(self) -> Optional[pulumi.Input[str]]: - """ - The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - """ return pulumi.get(self, "consent_screen_text") @consent_screen_text.setter @@ -433,9 +323,6 @@ def consent_screen_text(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: - """ - The description of this client in the GUI. - """ return pulumi.get(self, "description") @description.setter @@ -445,9 +332,6 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="directAccessGrantsEnabled") def direct_access_grants_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "direct_access_grants_enabled") @direct_access_grants_enabled.setter @@ -457,9 +341,6 @@ def direct_access_grants_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="displayOnConsentScreen") def display_on_consent_screen(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - """ return pulumi.get(self, "display_on_consent_screen") @display_on_consent_screen.setter @@ -469,9 +350,6 @@ def display_on_consent_screen(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - """ return pulumi.get(self, "enabled") @enabled.setter @@ -481,9 +359,6 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="excludeSessionStateFromAuthResponse") def exclude_session_state_from_auth_response(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - """ return pulumi.get(self, "exclude_session_state_from_auth_response") @exclude_session_state_from_auth_response.setter @@ -502,9 +377,6 @@ def extra_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter(name="frontchannelLogoutEnabled") def frontchannel_logout_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - """ return pulumi.get(self, "frontchannel_logout_enabled") @frontchannel_logout_enabled.setter @@ -514,9 +386,6 @@ def frontchannel_logout_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="frontchannelLogoutUrl") def frontchannel_logout_url(self) -> Optional[pulumi.Input[str]]: - """ - The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - """ return pulumi.get(self, "frontchannel_logout_url") @frontchannel_logout_url.setter @@ -526,9 +395,6 @@ def frontchannel_logout_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="fullScopeAllowed") def full_scope_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - Allow to include all roles mappings in the access token. - """ return pulumi.get(self, "full_scope_allowed") @full_scope_allowed.setter @@ -538,9 +404,6 @@ def full_scope_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="implicitFlowEnabled") def implicit_flow_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "implicit_flow_enabled") @implicit_flow_enabled.setter @@ -550,9 +413,6 @@ def implicit_flow_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="import") def import_(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - """ return pulumi.get(self, "import_") @import_.setter @@ -562,9 +422,6 @@ def import_(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="loginTheme") def login_theme(self) -> Optional[pulumi.Input[str]]: - """ - The client login theme. This will override the default theme for the realm. - """ return pulumi.get(self, "login_theme") @login_theme.setter @@ -574,9 +431,6 @@ def login_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this client in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -586,9 +440,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="oauth2DeviceAuthorizationGrantEnabled") def oauth2_device_authorization_grant_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - """ return pulumi.get(self, "oauth2_device_authorization_grant_enabled") @oauth2_device_authorization_grant_enabled.setter @@ -598,9 +449,6 @@ def oauth2_device_authorization_grant_enabled(self, value: Optional[pulumi.Input @property @pulumi.getter(name="oauth2DeviceCodeLifespan") def oauth2_device_code_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a client has to finish the device code flow before it expires. - """ return pulumi.get(self, "oauth2_device_code_lifespan") @oauth2_device_code_lifespan.setter @@ -610,9 +458,6 @@ def oauth2_device_code_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="oauth2DevicePollingInterval") def oauth2_device_polling_interval(self) -> Optional[pulumi.Input[str]]: - """ - The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - """ return pulumi.get(self, "oauth2_device_polling_interval") @oauth2_device_polling_interval.setter @@ -622,9 +467,6 @@ def oauth2_device_polling_interval(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="pkceCodeChallengeMethod") def pkce_code_challenge_method(self) -> Optional[pulumi.Input[str]]: - """ - The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - """ return pulumi.get(self, "pkce_code_challenge_method") @pkce_code_challenge_method.setter @@ -634,9 +476,6 @@ def pkce_code_challenge_method(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="rootUrl") def root_url(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - """ return pulumi.get(self, "root_url") @root_url.setter @@ -646,9 +485,6 @@ def root_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="serviceAccountsEnabled") def service_accounts_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "service_accounts_enabled") @service_accounts_enabled.setter @@ -658,9 +494,6 @@ def service_accounts_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="standardFlowEnabled") def standard_flow_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "standard_flow_enabled") @standard_flow_enabled.setter @@ -670,9 +503,6 @@ def standard_flow_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="useRefreshTokens") def use_refresh_tokens(self) -> Optional[pulumi.Input[bool]]: - """ - If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - """ return pulumi.get(self, "use_refresh_tokens") @use_refresh_tokens.setter @@ -682,9 +512,6 @@ def use_refresh_tokens(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="useRefreshTokensClientCredentials") def use_refresh_tokens_client_credentials(self) -> Optional[pulumi.Input[bool]]: - """ - If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - """ return pulumi.get(self, "use_refresh_tokens_client_credentials") @use_refresh_tokens_client_credentials.setter @@ -694,9 +521,6 @@ def use_refresh_tokens_client_credentials(self, value: Optional[pulumi.Input[boo @property @pulumi.getter(name="validPostLogoutRedirectUris") def valid_post_logout_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of valid URIs a browser is permitted to redirect to after a successful logout. - """ return pulumi.get(self, "valid_post_logout_redirect_uris") @valid_post_logout_redirect_uris.setter @@ -706,11 +530,6 @@ def valid_post_logout_redirect_uris(self, value: Optional[pulumi.Input[Sequence[ @property @pulumi.getter(name="validRedirectUris") def valid_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - is set to `true`. - """ return pulumi.get(self, "valid_redirect_uris") @valid_redirect_uris.setter @@ -720,9 +539,6 @@ def valid_redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input @property @pulumi.getter(name="webOrigins") def web_origins(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - """ return pulumi.get(self, "web_origins") @web_origins.setter @@ -781,57 +597,6 @@ def __init__(__self__, *, web_origins: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ Input properties used for looking up and filtering Client resources. - :param pulumi.Input[str] access_token_lifespan: The amount of time in seconds before an access token expires. This will override the default for the realm. - :param pulumi.Input[str] access_type: Specifies the type of client, which can be one of the following: - :param pulumi.Input[str] admin_url: URL to the admin interface of the client. - :param pulumi.Input['ClientAuthenticationFlowBindingOverridesArgs'] authentication_flow_binding_overrides: Override realm authentication flow bindings - :param pulumi.Input['ClientAuthorizationArgs'] authorization: When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - :param pulumi.Input[bool] backchannel_logout_revoke_offline_sessions: Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - :param pulumi.Input[bool] backchannel_logout_session_required: When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - :param pulumi.Input[str] backchannel_logout_url: The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - :param pulumi.Input[str] base_url: Default URL to use when the auth server needs to redirect or link back to the client. - :param pulumi.Input[str] client_authenticator_type: Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - - `client-secret` (Default) Use client id and client secret to authenticate client. - - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = ` - - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - :param pulumi.Input[str] client_id: The Client ID for this client, referenced in the URI during authentication and in issued tokens. - :param pulumi.Input[str] client_offline_session_idle_timeout: Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - :param pulumi.Input[str] client_offline_session_max_lifespan: Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - :param pulumi.Input[str] client_secret: The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - :param pulumi.Input[str] client_session_idle_timeout: Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - :param pulumi.Input[str] client_session_max_lifespan: Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - :param pulumi.Input[bool] consent_required: When `true`, users have to consent to client access. Defaults to `false`. - :param pulumi.Input[str] consent_screen_text: The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - :param pulumi.Input[str] description: The description of this client in the GUI. - :param pulumi.Input[bool] direct_access_grants_enabled: When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] display_on_consent_screen: When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - :param pulumi.Input[bool] enabled: When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - :param pulumi.Input[bool] exclude_session_state_from_auth_response: When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - :param pulumi.Input[bool] frontchannel_logout_enabled: When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - :param pulumi.Input[str] frontchannel_logout_url: The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - :param pulumi.Input[bool] full_scope_allowed: Allow to include all roles mappings in the access token. - :param pulumi.Input[bool] implicit_flow_enabled: When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] import_: When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - :param pulumi.Input[str] login_theme: The client login theme. This will override the default theme for the realm. - :param pulumi.Input[str] name: The display name of this client in the GUI. - :param pulumi.Input[bool] oauth2_device_authorization_grant_enabled: Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - :param pulumi.Input[str] oauth2_device_code_lifespan: The maximum amount of time a client has to finish the device code flow before it expires. - :param pulumi.Input[str] oauth2_device_polling_interval: The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - :param pulumi.Input[str] pkce_code_challenge_method: The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - :param pulumi.Input[str] realm_id: The realm this client is attached to. - :param pulumi.Input[str] resource_server_id: (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - :param pulumi.Input[str] root_url: When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - :param pulumi.Input[str] service_account_user_id: (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - :param pulumi.Input[bool] service_accounts_enabled: When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] standard_flow_enabled: When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] use_refresh_tokens: If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - :param pulumi.Input[bool] use_refresh_tokens_client_credentials: If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_post_logout_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful logout. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - is set to `true`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." """ if access_token_lifespan is not None: pulumi.set(__self__, "access_token_lifespan", access_token_lifespan) @@ -929,9 +694,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="accessTokenLifespan") def access_token_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time in seconds before an access token expires. This will override the default for the realm. - """ return pulumi.get(self, "access_token_lifespan") @access_token_lifespan.setter @@ -941,9 +703,6 @@ def access_token_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessType") def access_type(self) -> Optional[pulumi.Input[str]]: - """ - Specifies the type of client, which can be one of the following: - """ return pulumi.get(self, "access_type") @access_type.setter @@ -953,9 +712,6 @@ def access_type(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="adminUrl") def admin_url(self) -> Optional[pulumi.Input[str]]: - """ - URL to the admin interface of the client. - """ return pulumi.get(self, "admin_url") @admin_url.setter @@ -965,9 +721,6 @@ def admin_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="authenticationFlowBindingOverrides") def authentication_flow_binding_overrides(self) -> Optional[pulumi.Input['ClientAuthenticationFlowBindingOverridesArgs']]: - """ - Override realm authentication flow bindings - """ return pulumi.get(self, "authentication_flow_binding_overrides") @authentication_flow_binding_overrides.setter @@ -977,9 +730,6 @@ def authentication_flow_binding_overrides(self, value: Optional[pulumi.Input['Cl @property @pulumi.getter def authorization(self) -> Optional[pulumi.Input['ClientAuthorizationArgs']]: - """ - When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - """ return pulumi.get(self, "authorization") @authorization.setter @@ -989,9 +739,6 @@ def authorization(self, value: Optional[pulumi.Input['ClientAuthorizationArgs']] @property @pulumi.getter(name="backchannelLogoutRevokeOfflineSessions") def backchannel_logout_revoke_offline_sessions(self) -> Optional[pulumi.Input[bool]]: - """ - Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - """ return pulumi.get(self, "backchannel_logout_revoke_offline_sessions") @backchannel_logout_revoke_offline_sessions.setter @@ -1001,9 +748,6 @@ def backchannel_logout_revoke_offline_sessions(self, value: Optional[pulumi.Inpu @property @pulumi.getter(name="backchannelLogoutSessionRequired") def backchannel_logout_session_required(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - """ return pulumi.get(self, "backchannel_logout_session_required") @backchannel_logout_session_required.setter @@ -1013,9 +757,6 @@ def backchannel_logout_session_required(self, value: Optional[pulumi.Input[bool] @property @pulumi.getter(name="backchannelLogoutUrl") def backchannel_logout_url(self) -> Optional[pulumi.Input[str]]: - """ - The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - """ return pulumi.get(self, "backchannel_logout_url") @backchannel_logout_url.setter @@ -1025,9 +766,6 @@ def backchannel_logout_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="baseUrl") def base_url(self) -> Optional[pulumi.Input[str]]: - """ - Default URL to use when the auth server needs to redirect or link back to the client. - """ return pulumi.get(self, "base_url") @base_url.setter @@ -1037,13 +775,6 @@ def base_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientAuthenticatorType") def client_authenticator_type(self) -> Optional[pulumi.Input[str]]: - """ - Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - - `client-secret` (Default) Use client id and client secret to authenticate client. - - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = ` - - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - """ return pulumi.get(self, "client_authenticator_type") @client_authenticator_type.setter @@ -1053,9 +784,6 @@ def client_authenticator_type(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - The Client ID for this client, referenced in the URI during authentication and in issued tokens. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -1065,9 +793,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientOfflineSessionIdleTimeout") def client_offline_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - """ return pulumi.get(self, "client_offline_session_idle_timeout") @client_offline_session_idle_timeout.setter @@ -1077,9 +802,6 @@ def client_offline_session_idle_timeout(self, value: Optional[pulumi.Input[str]] @property @pulumi.getter(name="clientOfflineSessionMaxLifespan") def client_offline_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - """ return pulumi.get(self, "client_offline_session_max_lifespan") @client_offline_session_max_lifespan.setter @@ -1089,9 +811,6 @@ def client_offline_session_max_lifespan(self, value: Optional[pulumi.Input[str]] @property @pulumi.getter(name="clientSecret") def client_secret(self) -> Optional[pulumi.Input[str]]: - """ - The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - """ return pulumi.get(self, "client_secret") @client_secret.setter @@ -1101,9 +820,6 @@ def client_secret(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSessionIdleTimeout") def client_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - """ return pulumi.get(self, "client_session_idle_timeout") @client_session_idle_timeout.setter @@ -1113,9 +829,6 @@ def client_session_idle_timeout(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSessionMaxLifespan") def client_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - """ return pulumi.get(self, "client_session_max_lifespan") @client_session_max_lifespan.setter @@ -1125,9 +838,6 @@ def client_session_max_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="consentRequired") def consent_required(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, users have to consent to client access. Defaults to `false`. - """ return pulumi.get(self, "consent_required") @consent_required.setter @@ -1137,9 +847,6 @@ def consent_required(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="consentScreenText") def consent_screen_text(self) -> Optional[pulumi.Input[str]]: - """ - The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - """ return pulumi.get(self, "consent_screen_text") @consent_screen_text.setter @@ -1149,9 +856,6 @@ def consent_screen_text(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: - """ - The description of this client in the GUI. - """ return pulumi.get(self, "description") @description.setter @@ -1161,9 +865,6 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="directAccessGrantsEnabled") def direct_access_grants_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "direct_access_grants_enabled") @direct_access_grants_enabled.setter @@ -1173,9 +874,6 @@ def direct_access_grants_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="displayOnConsentScreen") def display_on_consent_screen(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - """ return pulumi.get(self, "display_on_consent_screen") @display_on_consent_screen.setter @@ -1185,9 +883,6 @@ def display_on_consent_screen(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - """ return pulumi.get(self, "enabled") @enabled.setter @@ -1197,9 +892,6 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="excludeSessionStateFromAuthResponse") def exclude_session_state_from_auth_response(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - """ return pulumi.get(self, "exclude_session_state_from_auth_response") @exclude_session_state_from_auth_response.setter @@ -1218,9 +910,6 @@ def extra_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter(name="frontchannelLogoutEnabled") def frontchannel_logout_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - """ return pulumi.get(self, "frontchannel_logout_enabled") @frontchannel_logout_enabled.setter @@ -1230,9 +919,6 @@ def frontchannel_logout_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="frontchannelLogoutUrl") def frontchannel_logout_url(self) -> Optional[pulumi.Input[str]]: - """ - The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - """ return pulumi.get(self, "frontchannel_logout_url") @frontchannel_logout_url.setter @@ -1242,9 +928,6 @@ def frontchannel_logout_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="fullScopeAllowed") def full_scope_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - Allow to include all roles mappings in the access token. - """ return pulumi.get(self, "full_scope_allowed") @full_scope_allowed.setter @@ -1254,9 +937,6 @@ def full_scope_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="implicitFlowEnabled") def implicit_flow_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "implicit_flow_enabled") @implicit_flow_enabled.setter @@ -1266,9 +946,6 @@ def implicit_flow_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="import") def import_(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - """ return pulumi.get(self, "import_") @import_.setter @@ -1278,9 +955,6 @@ def import_(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="loginTheme") def login_theme(self) -> Optional[pulumi.Input[str]]: - """ - The client login theme. This will override the default theme for the realm. - """ return pulumi.get(self, "login_theme") @login_theme.setter @@ -1290,9 +964,6 @@ def login_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this client in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -1302,9 +973,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="oauth2DeviceAuthorizationGrantEnabled") def oauth2_device_authorization_grant_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - """ return pulumi.get(self, "oauth2_device_authorization_grant_enabled") @oauth2_device_authorization_grant_enabled.setter @@ -1314,9 +982,6 @@ def oauth2_device_authorization_grant_enabled(self, value: Optional[pulumi.Input @property @pulumi.getter(name="oauth2DeviceCodeLifespan") def oauth2_device_code_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a client has to finish the device code flow before it expires. - """ return pulumi.get(self, "oauth2_device_code_lifespan") @oauth2_device_code_lifespan.setter @@ -1326,9 +991,6 @@ def oauth2_device_code_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="oauth2DevicePollingInterval") def oauth2_device_polling_interval(self) -> Optional[pulumi.Input[str]]: - """ - The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - """ return pulumi.get(self, "oauth2_device_polling_interval") @oauth2_device_polling_interval.setter @@ -1338,9 +1000,6 @@ def oauth2_device_polling_interval(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="pkceCodeChallengeMethod") def pkce_code_challenge_method(self) -> Optional[pulumi.Input[str]]: - """ - The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - """ return pulumi.get(self, "pkce_code_challenge_method") @pkce_code_challenge_method.setter @@ -1350,9 +1009,6 @@ def pkce_code_challenge_method(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this client is attached to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -1362,9 +1018,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="resourceServerId") def resource_server_id(self) -> Optional[pulumi.Input[str]]: - """ - (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - """ return pulumi.get(self, "resource_server_id") @resource_server_id.setter @@ -1374,9 +1027,6 @@ def resource_server_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="rootUrl") def root_url(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - """ return pulumi.get(self, "root_url") @root_url.setter @@ -1386,9 +1036,6 @@ def root_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="serviceAccountUserId") def service_account_user_id(self) -> Optional[pulumi.Input[str]]: - """ - (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - """ return pulumi.get(self, "service_account_user_id") @service_account_user_id.setter @@ -1398,9 +1045,6 @@ def service_account_user_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="serviceAccountsEnabled") def service_accounts_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "service_accounts_enabled") @service_accounts_enabled.setter @@ -1410,9 +1054,6 @@ def service_accounts_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="standardFlowEnabled") def standard_flow_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "standard_flow_enabled") @standard_flow_enabled.setter @@ -1422,9 +1063,6 @@ def standard_flow_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="useRefreshTokens") def use_refresh_tokens(self) -> Optional[pulumi.Input[bool]]: - """ - If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - """ return pulumi.get(self, "use_refresh_tokens") @use_refresh_tokens.setter @@ -1434,9 +1072,6 @@ def use_refresh_tokens(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="useRefreshTokensClientCredentials") def use_refresh_tokens_client_credentials(self) -> Optional[pulumi.Input[bool]]: - """ - If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - """ return pulumi.get(self, "use_refresh_tokens_client_credentials") @use_refresh_tokens_client_credentials.setter @@ -1446,9 +1081,6 @@ def use_refresh_tokens_client_credentials(self, value: Optional[pulumi.Input[boo @property @pulumi.getter(name="validPostLogoutRedirectUris") def valid_post_logout_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of valid URIs a browser is permitted to redirect to after a successful logout. - """ return pulumi.get(self, "valid_post_logout_redirect_uris") @valid_post_logout_redirect_uris.setter @@ -1458,11 +1090,6 @@ def valid_post_logout_redirect_uris(self, value: Optional[pulumi.Input[Sequence[ @property @pulumi.getter(name="validRedirectUris") def valid_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - is set to `true`. - """ return pulumi.get(self, "valid_redirect_uris") @valid_redirect_uris.setter @@ -1472,9 +1099,6 @@ def valid_redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input @property @pulumi.getter(name="webOrigins") def web_origins(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - """ return pulumi.get(self, "web_origins") @web_origins.setter @@ -1533,99 +1157,78 @@ def __init__(__self__, web_origins: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): """ + ## # openid.Client + Allows for creating and managing Keycloak clients that use the OpenID Connect protocol. Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, + access_type="CONFIDENTIAL", client_id="test-client", enabled=True, - access_type="CONFIDENTIAL", - valid_redirect_uris=["http://localhost:8080/openid-callback"], - login_theme="keycloak", - extra_config={ - "key1": "value1", - "key2": "value2", - }) + realm_id=realm.id, + valid_redirect_uris=["http://localhost:8080/openid-callback"]) ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm this client is attached to. + - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + - `name` - (Optional) The display name of this client in the GUI. + - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + - `description` - (Optional) The description of this client in the GUI. + - `access_type` - (Required) Specifies the type of client, which can be one of the following: + - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating. + This client should be used for applications using the Authorization Code or Client Credentials grant flows. + - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect + URIs for security. This client should be used for applications using the Implicit grant flow. + - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests. + - `client_secret` - (Optional) The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and + should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute. + - `standard_flow_enabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. + - `implicit_flow_enabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. + - `direct_access_grants_enabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. + - `service_accounts_enabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. + - `valid_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple + wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` + is set to `true`. + - `web_origins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins. + - `admin_url` - (Optional) URL to the admin interface of the client. + - `base_url` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client. + - `pkce_code_challenge_method` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. + - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token. + + ### Attributes Reference + + In addition to the arguments listed above, the following computed attributes are exported: + + - `service_account_user_id` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. + + ### Import Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. - assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. - - Example: - - bash - - ```sh - $ pulumi import keycloak:openid/client:Client openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] access_token_lifespan: The amount of time in seconds before an access token expires. This will override the default for the realm. - :param pulumi.Input[str] access_type: Specifies the type of client, which can be one of the following: - :param pulumi.Input[str] admin_url: URL to the admin interface of the client. - :param pulumi.Input[pulumi.InputType['ClientAuthenticationFlowBindingOverridesArgs']] authentication_flow_binding_overrides: Override realm authentication flow bindings - :param pulumi.Input[pulumi.InputType['ClientAuthorizationArgs']] authorization: When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - :param pulumi.Input[bool] backchannel_logout_revoke_offline_sessions: Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - :param pulumi.Input[bool] backchannel_logout_session_required: When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - :param pulumi.Input[str] backchannel_logout_url: The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - :param pulumi.Input[str] base_url: Default URL to use when the auth server needs to redirect or link back to the client. - :param pulumi.Input[str] client_authenticator_type: Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - - `client-secret` (Default) Use client id and client secret to authenticate client. - - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = ` - - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - :param pulumi.Input[str] client_id: The Client ID for this client, referenced in the URI during authentication and in issued tokens. - :param pulumi.Input[str] client_offline_session_idle_timeout: Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - :param pulumi.Input[str] client_offline_session_max_lifespan: Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - :param pulumi.Input[str] client_secret: The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - :param pulumi.Input[str] client_session_idle_timeout: Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - :param pulumi.Input[str] client_session_max_lifespan: Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - :param pulumi.Input[bool] consent_required: When `true`, users have to consent to client access. Defaults to `false`. - :param pulumi.Input[str] consent_screen_text: The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - :param pulumi.Input[str] description: The description of this client in the GUI. - :param pulumi.Input[bool] direct_access_grants_enabled: When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] display_on_consent_screen: When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - :param pulumi.Input[bool] enabled: When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - :param pulumi.Input[bool] exclude_session_state_from_auth_response: When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - :param pulumi.Input[bool] frontchannel_logout_enabled: When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - :param pulumi.Input[str] frontchannel_logout_url: The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - :param pulumi.Input[bool] full_scope_allowed: Allow to include all roles mappings in the access token. - :param pulumi.Input[bool] implicit_flow_enabled: When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] import_: When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - :param pulumi.Input[str] login_theme: The client login theme. This will override the default theme for the realm. - :param pulumi.Input[str] name: The display name of this client in the GUI. - :param pulumi.Input[bool] oauth2_device_authorization_grant_enabled: Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - :param pulumi.Input[str] oauth2_device_code_lifespan: The maximum amount of time a client has to finish the device code flow before it expires. - :param pulumi.Input[str] oauth2_device_polling_interval: The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - :param pulumi.Input[str] pkce_code_challenge_method: The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - :param pulumi.Input[str] realm_id: The realm this client is attached to. - :param pulumi.Input[str] root_url: When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - :param pulumi.Input[bool] service_accounts_enabled: When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] standard_flow_enabled: When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] use_refresh_tokens: If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - :param pulumi.Input[bool] use_refresh_tokens_client_credentials: If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_post_logout_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful logout. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - is set to `true`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." """ ... @overload @@ -1634,47 +1237,75 @@ def __init__(__self__, args: ClientArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # openid.Client + Allows for creating and managing Keycloak clients that use the OpenID Connect protocol. Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, + access_type="CONFIDENTIAL", client_id="test-client", enabled=True, - access_type="CONFIDENTIAL", - valid_redirect_uris=["http://localhost:8080/openid-callback"], - login_theme="keycloak", - extra_config={ - "key1": "value1", - "key2": "value2", - }) + realm_id=realm.id, + valid_redirect_uris=["http://localhost:8080/openid-callback"]) ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm this client is attached to. + - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + - `name` - (Optional) The display name of this client in the GUI. + - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + - `description` - (Optional) The description of this client in the GUI. + - `access_type` - (Required) Specifies the type of client, which can be one of the following: + - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating. + This client should be used for applications using the Authorization Code or Client Credentials grant flows. + - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect + URIs for security. This client should be used for applications using the Implicit grant flow. + - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests. + - `client_secret` - (Optional) The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and + should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute. + - `standard_flow_enabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. + - `implicit_flow_enabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. + - `direct_access_grants_enabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. + - `service_accounts_enabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. + - `valid_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple + wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` + is set to `true`. + - `web_origins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins. + - `admin_url` - (Optional) URL to the admin interface of the client. + - `base_url` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client. + - `pkce_code_challenge_method` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. + - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token. + + ### Attributes Reference + + In addition to the arguments listed above, the following computed attributes are exported: + + - `service_account_user_id` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. + + ### Import Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. - assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. - - Example: - - bash - - ```sh - $ pulumi import keycloak:openid/client:Client openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - ``` + Example: :param str resource_name: The name of the resource. :param ClientArgs args: The arguments to use to populate this resource's properties. @@ -1861,57 +1492,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] access_token_lifespan: The amount of time in seconds before an access token expires. This will override the default for the realm. - :param pulumi.Input[str] access_type: Specifies the type of client, which can be one of the following: - :param pulumi.Input[str] admin_url: URL to the admin interface of the client. - :param pulumi.Input[pulumi.InputType['ClientAuthenticationFlowBindingOverridesArgs']] authentication_flow_binding_overrides: Override realm authentication flow bindings - :param pulumi.Input[pulumi.InputType['ClientAuthorizationArgs']] authorization: When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - :param pulumi.Input[bool] backchannel_logout_revoke_offline_sessions: Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - :param pulumi.Input[bool] backchannel_logout_session_required: When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - :param pulumi.Input[str] backchannel_logout_url: The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - :param pulumi.Input[str] base_url: Default URL to use when the auth server needs to redirect or link back to the client. - :param pulumi.Input[str] client_authenticator_type: Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - - `client-secret` (Default) Use client id and client secret to authenticate client. - - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = ` - - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - :param pulumi.Input[str] client_id: The Client ID for this client, referenced in the URI during authentication and in issued tokens. - :param pulumi.Input[str] client_offline_session_idle_timeout: Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - :param pulumi.Input[str] client_offline_session_max_lifespan: Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - :param pulumi.Input[str] client_secret: The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - :param pulumi.Input[str] client_session_idle_timeout: Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - :param pulumi.Input[str] client_session_max_lifespan: Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - :param pulumi.Input[bool] consent_required: When `true`, users have to consent to client access. Defaults to `false`. - :param pulumi.Input[str] consent_screen_text: The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - :param pulumi.Input[str] description: The description of this client in the GUI. - :param pulumi.Input[bool] direct_access_grants_enabled: When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] display_on_consent_screen: When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - :param pulumi.Input[bool] enabled: When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - :param pulumi.Input[bool] exclude_session_state_from_auth_response: When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - :param pulumi.Input[bool] frontchannel_logout_enabled: When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - :param pulumi.Input[str] frontchannel_logout_url: The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - :param pulumi.Input[bool] full_scope_allowed: Allow to include all roles mappings in the access token. - :param pulumi.Input[bool] implicit_flow_enabled: When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] import_: When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - :param pulumi.Input[str] login_theme: The client login theme. This will override the default theme for the realm. - :param pulumi.Input[str] name: The display name of this client in the GUI. - :param pulumi.Input[bool] oauth2_device_authorization_grant_enabled: Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - :param pulumi.Input[str] oauth2_device_code_lifespan: The maximum amount of time a client has to finish the device code flow before it expires. - :param pulumi.Input[str] oauth2_device_polling_interval: The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - :param pulumi.Input[str] pkce_code_challenge_method: The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - :param pulumi.Input[str] realm_id: The realm this client is attached to. - :param pulumi.Input[str] resource_server_id: (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - :param pulumi.Input[str] root_url: When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - :param pulumi.Input[str] service_account_user_id: (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - :param pulumi.Input[bool] service_accounts_enabled: When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] standard_flow_enabled: When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - :param pulumi.Input[bool] use_refresh_tokens: If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - :param pulumi.Input[bool] use_refresh_tokens_client_credentials: If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_post_logout_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful logout. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - is set to `true`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -1968,189 +1548,116 @@ def get(resource_name: str, @property @pulumi.getter(name="accessTokenLifespan") def access_token_lifespan(self) -> pulumi.Output[str]: - """ - The amount of time in seconds before an access token expires. This will override the default for the realm. - """ return pulumi.get(self, "access_token_lifespan") @property @pulumi.getter(name="accessType") def access_type(self) -> pulumi.Output[str]: - """ - Specifies the type of client, which can be one of the following: - """ return pulumi.get(self, "access_type") @property @pulumi.getter(name="adminUrl") def admin_url(self) -> pulumi.Output[str]: - """ - URL to the admin interface of the client. - """ return pulumi.get(self, "admin_url") @property @pulumi.getter(name="authenticationFlowBindingOverrides") def authentication_flow_binding_overrides(self) -> pulumi.Output[Optional['outputs.ClientAuthenticationFlowBindingOverrides']]: - """ - Override realm authentication flow bindings - """ return pulumi.get(self, "authentication_flow_binding_overrides") @property @pulumi.getter def authorization(self) -> pulumi.Output[Optional['outputs.ClientAuthorization']]: - """ - When this block is present, fine-grained authorization will be enabled for this client. The client's `access_type` must be `CONFIDENTIAL`, and `service_accounts_enabled` must be `true`. This block has the following arguments: - """ return pulumi.get(self, "authorization") @property @pulumi.getter(name="backchannelLogoutRevokeOfflineSessions") def backchannel_logout_revoke_offline_sessions(self) -> pulumi.Output[Optional[bool]]: - """ - Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event. - """ return pulumi.get(self, "backchannel_logout_revoke_offline_sessions") @property @pulumi.getter(name="backchannelLogoutSessionRequired") def backchannel_logout_session_required(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to `true`. - """ return pulumi.get(self, "backchannel_logout_session_required") @property @pulumi.getter(name="backchannelLogoutUrl") def backchannel_logout_url(self) -> pulumi.Output[Optional[str]]: - """ - The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case. - """ return pulumi.get(self, "backchannel_logout_url") @property @pulumi.getter(name="baseUrl") def base_url(self) -> pulumi.Output[str]: - """ - Default URL to use when the auth server needs to redirect or link back to the client. - """ return pulumi.get(self, "base_url") @property @pulumi.getter(name="clientAuthenticatorType") def client_authenticator_type(self) -> pulumi.Output[Optional[str]]: - """ - Defaults to `client-secret`. The authenticator type for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types: - - `client-secret` (Default) Use client id and client secret to authenticate client. - - `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - - `client-x509` Use x509 certificate to authenticate client. Set Subject DN in `extra_config` with `attributes.x509.subjectdn = ` - - `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in `extra_config` with `attributes.token.endpoint.auth.signing.alg = ` - """ return pulumi.get(self, "client_authenticator_type") @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[str]: - """ - The Client ID for this client, referenced in the URI during authentication and in issued tokens. - """ return pulumi.get(self, "client_id") @property @pulumi.getter(name="clientOfflineSessionIdleTimeout") def client_offline_session_idle_timeout(self) -> pulumi.Output[str]: - """ - Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. - """ return pulumi.get(self, "client_offline_session_idle_timeout") @property @pulumi.getter(name="clientOfflineSessionMaxLifespan") def client_offline_session_max_lifespan(self) -> pulumi.Output[str]: - """ - Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value. - """ return pulumi.get(self, "client_offline_session_max_lifespan") @property @pulumi.getter(name="clientSecret") def client_secret(self) -> pulumi.Output[str]: - """ - The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. - """ return pulumi.get(self, "client_secret") @property @pulumi.getter(name="clientSessionIdleTimeout") def client_session_idle_timeout(self) -> pulumi.Output[str]: - """ - Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value. - """ return pulumi.get(self, "client_session_idle_timeout") @property @pulumi.getter(name="clientSessionMaxLifespan") def client_session_max_lifespan(self) -> pulumi.Output[str]: - """ - Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value. - """ return pulumi.get(self, "client_session_max_lifespan") @property @pulumi.getter(name="consentRequired") def consent_required(self) -> pulumi.Output[bool]: - """ - When `true`, users have to consent to client access. Defaults to `false`. - """ return pulumi.get(self, "consent_required") @property @pulumi.getter(name="consentScreenText") def consent_screen_text(self) -> pulumi.Output[str]: - """ - The text to display on the consent screen about permissions specific to this client. This is applicable only when `display_on_consent_screen` is `true`. - """ return pulumi.get(self, "consent_screen_text") @property @pulumi.getter def description(self) -> pulumi.Output[str]: - """ - The description of this client in the GUI. - """ return pulumi.get(self, "description") @property @pulumi.getter(name="directAccessGrantsEnabled") def direct_access_grants_enabled(self) -> pulumi.Output[bool]: - """ - When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "direct_access_grants_enabled") @property @pulumi.getter(name="displayOnConsentScreen") def display_on_consent_screen(self) -> pulumi.Output[bool]: - """ - When `true`, the consent screen will display information about the client itself. Defaults to `false`. This is applicable only when `consent_required` is `true`. - """ return pulumi.get(self, "display_on_consent_screen") @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: - """ - When `false`, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - """ return pulumi.get(self, "enabled") @property @pulumi.getter(name="excludeSessionStateFromAuthResponse") def exclude_session_state_from_auth_response(self) -> pulumi.Output[bool]: - """ - When `true`, the parameter `session_state` will not be included in OpenID Connect Authentication Response. - """ return pulumi.get(self, "exclude_session_state_from_auth_response") @property @@ -2161,178 +1668,110 @@ def extra_config(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: @property @pulumi.getter(name="frontchannelLogoutEnabled") def frontchannel_logout_enabled(self) -> pulumi.Output[bool]: - """ - When `true`, frontchannel logout will be enabled for this client. Specify the url with `frontchannel_logout_url`. Defaults to `false`. - """ return pulumi.get(self, "frontchannel_logout_enabled") @property @pulumi.getter(name="frontchannelLogoutUrl") def frontchannel_logout_url(self) -> pulumi.Output[Optional[str]]: - """ - The frontchannel logout url. This is applicable only when `frontchannel_logout_enabled` is `true`. - """ return pulumi.get(self, "frontchannel_logout_url") @property @pulumi.getter(name="fullScopeAllowed") def full_scope_allowed(self) -> pulumi.Output[Optional[bool]]: - """ - Allow to include all roles mappings in the access token. - """ return pulumi.get(self, "full_scope_allowed") @property @pulumi.getter(name="implicitFlowEnabled") def implicit_flow_enabled(self) -> pulumi.Output[bool]: - """ - When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "implicit_flow_enabled") @property @pulumi.getter(name="import") def import_(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, the client with the specified `client_id` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as `account` and `admin-cli`. Note, that the client will not be removed during destruction if `import` is `true`. - """ return pulumi.get(self, "import_") @property @pulumi.getter(name="loginTheme") def login_theme(self) -> pulumi.Output[Optional[str]]: - """ - The client login theme. This will override the default theme for the realm. - """ return pulumi.get(self, "login_theme") @property @pulumi.getter def name(self) -> pulumi.Output[str]: - """ - The display name of this client in the GUI. - """ return pulumi.get(self, "name") @property @pulumi.getter(name="oauth2DeviceAuthorizationGrantEnabled") def oauth2_device_authorization_grant_enabled(self) -> pulumi.Output[Optional[bool]]: - """ - Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser. - """ return pulumi.get(self, "oauth2_device_authorization_grant_enabled") @property @pulumi.getter(name="oauth2DeviceCodeLifespan") def oauth2_device_code_lifespan(self) -> pulumi.Output[Optional[str]]: - """ - The maximum amount of time a client has to finish the device code flow before it expires. - """ return pulumi.get(self, "oauth2_device_code_lifespan") @property @pulumi.getter(name="oauth2DevicePollingInterval") def oauth2_device_polling_interval(self) -> pulumi.Output[Optional[str]]: - """ - The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - """ return pulumi.get(self, "oauth2_device_polling_interval") @property @pulumi.getter(name="pkceCodeChallengeMethod") def pkce_code_challenge_method(self) -> pulumi.Output[Optional[str]]: - """ - The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - """ return pulumi.get(self, "pkce_code_challenge_method") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this client is attached to. - """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="resourceServerId") def resource_server_id(self) -> pulumi.Output[str]: - """ - (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute). - """ return pulumi.get(self, "resource_server_id") @property @pulumi.getter(name="rootUrl") def root_url(self) -> pulumi.Output[str]: - """ - When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - """ return pulumi.get(self, "root_url") @property @pulumi.getter(name="serviceAccountUserId") def service_account_user_id(self) -> pulumi.Output[str]: - """ - (Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account. - """ return pulumi.get(self, "service_account_user_id") @property @pulumi.getter(name="serviceAccountsEnabled") def service_accounts_enabled(self) -> pulumi.Output[bool]: - """ - When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "service_accounts_enabled") @property @pulumi.getter(name="standardFlowEnabled") def standard_flow_enabled(self) -> pulumi.Output[bool]: - """ - When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`. - """ return pulumi.get(self, "standard_flow_enabled") @property @pulumi.getter(name="useRefreshTokens") def use_refresh_tokens(self) -> pulumi.Output[Optional[bool]]: - """ - If this is `true`, a refresh_token will be created and added to the token response. If this is `false` then no refresh_token will be generated. Defaults to `true`. - """ return pulumi.get(self, "use_refresh_tokens") @property @pulumi.getter(name="useRefreshTokensClientCredentials") def use_refresh_tokens_client_credentials(self) -> pulumi.Output[Optional[bool]]: - """ - If this is `true`, a refresh_token will be created and added to the token response if the client_credentials grant is used and a user session will be created. If this is `false` then no refresh_token will be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to `false`. - """ return pulumi.get(self, "use_refresh_tokens_client_credentials") @property @pulumi.getter(name="validPostLogoutRedirectUris") def valid_post_logout_redirect_uris(self) -> pulumi.Output[Sequence[str]]: - """ - A list of valid URIs a browser is permitted to redirect to after a successful logout. - """ return pulumi.get(self, "valid_post_logout_redirect_uris") @property @pulumi.getter(name="validRedirectUris") def valid_redirect_uris(self) -> pulumi.Output[Sequence[str]]: - """ - A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple - wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` - is set to `true`. - """ return pulumi.get(self, "valid_redirect_uris") @property @pulumi.getter(name="webOrigins") def web_origins(self) -> pulumi.Output[Sequence[str]]: - """ - A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." - """ return pulumi.get(self, "web_origins") diff --git a/sdk/python/pulumi_keycloak/openid/client_authorization_permission.py b/sdk/python/pulumi_keycloak/openid/client_authorization_permission.py index b19d24d7..602cb459 100644 --- a/sdk/python/pulumi_keycloak/openid/client_authorization_permission.py +++ b/sdk/python/pulumi_keycloak/openid/client_authorization_permission.py @@ -288,9 +288,9 @@ def __init__(__self__, Client authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9 @@ -312,9 +312,9 @@ def __init__(__self__, Client authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9 diff --git a/sdk/python/pulumi_keycloak/openid/client_default_scopes.py b/sdk/python/pulumi_keycloak/openid/client_default_scopes.py index 18edc26e..3b2e8134 100644 --- a/sdk/python/pulumi_keycloak/openid/client_default_scopes.py +++ b/sdk/python/pulumi_keycloak/openid/client_default_scopes.py @@ -19,9 +19,6 @@ def __init__(__self__, *, realm_id: pulumi.Input[str]): """ The set of arguments for constructing a ClientDefaultScopes resource. - :param pulumi.Input[str] client_id: The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - :param pulumi.Input[Sequence[pulumi.Input[str]]] default_scopes: An array of client scope names to attach to this client. - :param pulumi.Input[str] realm_id: The realm this client and scopes exists in. """ pulumi.set(__self__, "client_id", client_id) pulumi.set(__self__, "default_scopes", default_scopes) @@ -30,9 +27,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Input[str]: - """ - The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -42,9 +36,6 @@ def client_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="defaultScopes") def default_scopes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: - """ - An array of client scope names to attach to this client. - """ return pulumi.get(self, "default_scopes") @default_scopes.setter @@ -54,9 +45,6 @@ def default_scopes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this client and scopes exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -72,9 +60,6 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering ClientDefaultScopes resources. - :param pulumi.Input[str] client_id: The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - :param pulumi.Input[Sequence[pulumi.Input[str]]] default_scopes: An array of client scope names to attach to this client. - :param pulumi.Input[str] realm_id: The realm this client and scopes exists in. """ if client_id is not None: pulumi.set(__self__, "client_id", client_id) @@ -86,9 +71,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -98,9 +80,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="defaultScopes") def default_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - An array of client scope names to attach to this client. - """ return pulumi.get(self, "default_scopes") @default_scopes.setter @@ -110,9 +89,6 @@ def default_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str] @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this client and scopes exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -132,20 +108,20 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client = keycloak.openid.Client("client", - realm_id=realm.id, + access_type="CONFIDENTIAL", client_id="test-client", - access_type="CONFIDENTIAL") + realm_id=realm.id) client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) client_default_scopes = keycloak.openid.ClientDefaultScopes("clientDefaultScopes", - realm_id=realm.id, client_id=client.id, default_scopes=[ "profile", @@ -153,20 +129,26 @@ def __init__(__self__, "roles", "web-origins", client_scope.name, - ]) + ], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - This resource does not support import. Instead of importing, feel free to create this resource + The following arguments are supported: - as if it did not already exist on the server. + - `realm_id` - (Required) The realm this client and scopes exists in. + - `client_id` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. + - `default_scopes` - (Required) An array of client scope names to attach to this client. + + ### Import + + This resource does not support import. Instead of importing, feel free to create this resource + as if it did not already exist on the server. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - :param pulumi.Input[Sequence[pulumi.Input[str]]] default_scopes: An array of client scope names to attach to this client. - :param pulumi.Input[str] realm_id: The realm this client and scopes exists in. """ ... @overload @@ -177,20 +159,20 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client = keycloak.openid.Client("client", - realm_id=realm.id, + access_type="CONFIDENTIAL", client_id="test-client", - access_type="CONFIDENTIAL") + realm_id=realm.id) client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) client_default_scopes = keycloak.openid.ClientDefaultScopes("clientDefaultScopes", - realm_id=realm.id, client_id=client.id, default_scopes=[ "profile", @@ -198,14 +180,23 @@ def __init__(__self__, "roles", "web-origins", client_scope.name, - ]) + ], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - This resource does not support import. Instead of importing, feel free to create this resource + The following arguments are supported: - as if it did not already exist on the server. + - `realm_id` - (Required) The realm this client and scopes exists in. + - `client_id` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. + - `default_scopes` - (Required) An array of client scope names to attach to this client. + + ### Import + + This resource does not support import. Instead of importing, feel free to create this resource + as if it did not already exist on the server. :param str resource_name: The name of the resource. :param ClientDefaultScopesArgs args: The arguments to use to populate this resource's properties. @@ -263,9 +254,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - :param pulumi.Input[Sequence[pulumi.Input[str]]] default_scopes: An array of client scope names to attach to this client. - :param pulumi.Input[str] realm_id: The realm this client and scopes exists in. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -279,24 +267,15 @@ def get(resource_name: str, @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[str]: - """ - The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. - """ return pulumi.get(self, "client_id") @property @pulumi.getter(name="defaultScopes") def default_scopes(self) -> pulumi.Output[Sequence[str]]: - """ - An array of client scope names to attach to this client. - """ return pulumi.get(self, "default_scopes") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this client and scopes exists in. - """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/openid/client_optional_scopes.py b/sdk/python/pulumi_keycloak/openid/client_optional_scopes.py index 97e08b3e..6757c578 100644 --- a/sdk/python/pulumi_keycloak/openid/client_optional_scopes.py +++ b/sdk/python/pulumi_keycloak/openid/client_optional_scopes.py @@ -19,9 +19,6 @@ def __init__(__self__, *, realm_id: pulumi.Input[str]): """ The set of arguments for constructing a ClientOptionalScopes resource. - :param pulumi.Input[str] client_id: The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - :param pulumi.Input[Sequence[pulumi.Input[str]]] optional_scopes: An array of client scope names to attach to this client as optional scopes. - :param pulumi.Input[str] realm_id: The realm this client and scopes exists in. """ pulumi.set(__self__, "client_id", client_id) pulumi.set(__self__, "optional_scopes", optional_scopes) @@ -30,9 +27,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Input[str]: - """ - The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -42,9 +36,6 @@ def client_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="optionalScopes") def optional_scopes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: - """ - An array of client scope names to attach to this client as optional scopes. - """ return pulumi.get(self, "optional_scopes") @optional_scopes.setter @@ -54,9 +45,6 @@ def optional_scopes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this client and scopes exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -72,9 +60,6 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering ClientOptionalScopes resources. - :param pulumi.Input[str] client_id: The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - :param pulumi.Input[Sequence[pulumi.Input[str]]] optional_scopes: An array of client scope names to attach to this client as optional scopes. - :param pulumi.Input[str] realm_id: The realm this client and scopes exists in. """ if client_id is not None: pulumi.set(__self__, "client_id", client_id) @@ -86,9 +71,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -98,9 +80,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="optionalScopes") def optional_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - An array of client scope names to attach to this client as optional scopes. - """ return pulumi.get(self, "optional_scopes") @optional_scopes.setter @@ -110,9 +89,6 @@ def optional_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this client and scopes exists in. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -132,41 +108,46 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client = keycloak.openid.Client("client", - realm_id=realm.id, + access_type="CONFIDENTIAL", client_id="test-client", - access_type="CONFIDENTIAL") + realm_id=realm.id) client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) client_optional_scopes = keycloak.openid.ClientOptionalScopes("clientOptionalScopes", - realm_id=realm.id, client_id=client.id, optional_scopes=[ "address", "phone", "offline_access", - "microprofile-jwt", client_scope.name, - ]) + ], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - This resource does not support import. Instead of importing, feel free to create this resource + The following arguments are supported: - as if it did not already exist on the server. + - `realm_id` - (Required) The realm this client and scopes exists in. + - `client_id` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. + - `optional_scopes` - (Required) An array of client scope names to attach to this client as optional scopes. + + ### Import + + This resource does not support import. Instead of importing, feel free to create this resource + as if it did not already exist on the server. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - :param pulumi.Input[Sequence[pulumi.Input[str]]] optional_scopes: An array of client scope names to attach to this client as optional scopes. - :param pulumi.Input[str] realm_id: The realm this client and scopes exists in. """ ... @overload @@ -177,35 +158,43 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client = keycloak.openid.Client("client", - realm_id=realm.id, + access_type="CONFIDENTIAL", client_id="test-client", - access_type="CONFIDENTIAL") + realm_id=realm.id) client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) client_optional_scopes = keycloak.openid.ClientOptionalScopes("clientOptionalScopes", - realm_id=realm.id, client_id=client.id, optional_scopes=[ "address", "phone", "offline_access", - "microprofile-jwt", client_scope.name, - ]) + ], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - This resource does not support import. Instead of importing, feel free to create this resource + The following arguments are supported: - as if it did not already exist on the server. + - `realm_id` - (Required) The realm this client and scopes exists in. + - `client_id` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. + - `optional_scopes` - (Required) An array of client scope names to attach to this client as optional scopes. + + ### Import + + This resource does not support import. Instead of importing, feel free to create this resource + as if it did not already exist on the server. :param str resource_name: The name of the resource. :param ClientOptionalScopesArgs args: The arguments to use to populate this resource's properties. @@ -263,9 +252,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - :param pulumi.Input[Sequence[pulumi.Input[str]]] optional_scopes: An array of client scope names to attach to this client as optional scopes. - :param pulumi.Input[str] realm_id: The realm this client and scopes exists in. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -279,24 +265,15 @@ def get(resource_name: str, @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[str]: - """ - The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak. - """ return pulumi.get(self, "client_id") @property @pulumi.getter(name="optionalScopes") def optional_scopes(self) -> pulumi.Output[Sequence[str]]: - """ - An array of client scope names to attach to this client as optional scopes. - """ return pulumi.get(self, "optional_scopes") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this client and scopes exists in. - """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/openid/client_policy.py b/sdk/python/pulumi_keycloak/openid/client_policy.py index 9668ddea..9c0294fb 100644 --- a/sdk/python/pulumi_keycloak/openid/client_policy.py +++ b/sdk/python/pulumi_keycloak/openid/client_policy.py @@ -268,6 +268,7 @@ def __init__(__self__, In this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id. + ```python import pulumi import pulumi_keycloak as keycloak @@ -292,6 +293,7 @@ def __init__(__self__, decision_strategy="UNANIMOUS", clients=[openid_client.id]) ``` + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -316,6 +318,7 @@ def __init__(__self__, In this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id. + ```python import pulumi import pulumi_keycloak as keycloak @@ -340,6 +343,7 @@ def __init__(__self__, decision_strategy="UNANIMOUS", clients=[openid_client.id]) ``` + :param str resource_name: The name of the resource. :param ClientPolicyArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_keycloak/openid/client_scope.py b/sdk/python/pulumi_keycloak/openid/client_scope.py index b111cd2b..4fa19353 100644 --- a/sdk/python/pulumi_keycloak/openid/client_scope.py +++ b/sdk/python/pulumi_keycloak/openid/client_scope.py @@ -22,12 +22,6 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ClientScope resource. - :param pulumi.Input[str] realm_id: The realm this client scope belongs to. - :param pulumi.Input[str] consent_screen_text: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - :param pulumi.Input[str] description: The description of this client scope in the GUI. - :param pulumi.Input[int] gui_order: Specify order of the client scope in GUI (such as in Consent page) as integer. - :param pulumi.Input[bool] include_in_token_scope: When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - :param pulumi.Input[str] name: The display name of this client scope in the GUI. """ pulumi.set(__self__, "realm_id", realm_id) if consent_screen_text is not None: @@ -44,9 +38,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this client scope belongs to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -56,9 +47,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="consentScreenText") def consent_screen_text(self) -> Optional[pulumi.Input[str]]: - """ - When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - """ return pulumi.get(self, "consent_screen_text") @consent_screen_text.setter @@ -68,9 +56,6 @@ def consent_screen_text(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: - """ - The description of this client scope in the GUI. - """ return pulumi.get(self, "description") @description.setter @@ -80,9 +65,6 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="guiOrder") def gui_order(self) -> Optional[pulumi.Input[int]]: - """ - Specify order of the client scope in GUI (such as in Consent page) as integer. - """ return pulumi.get(self, "gui_order") @gui_order.setter @@ -92,9 +74,6 @@ def gui_order(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="includeInTokenScope") def include_in_token_scope(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - """ return pulumi.get(self, "include_in_token_scope") @include_in_token_scope.setter @@ -104,9 +83,6 @@ def include_in_token_scope(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this client scope in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -125,12 +101,6 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering ClientScope resources. - :param pulumi.Input[str] consent_screen_text: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - :param pulumi.Input[str] description: The description of this client scope in the GUI. - :param pulumi.Input[int] gui_order: Specify order of the client scope in GUI (such as in Consent page) as integer. - :param pulumi.Input[bool] include_in_token_scope: When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - :param pulumi.Input[str] name: The display name of this client scope in the GUI. - :param pulumi.Input[str] realm_id: The realm this client scope belongs to. """ if consent_screen_text is not None: pulumi.set(__self__, "consent_screen_text", consent_screen_text) @@ -148,9 +118,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="consentScreenText") def consent_screen_text(self) -> Optional[pulumi.Input[str]]: - """ - When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - """ return pulumi.get(self, "consent_screen_text") @consent_screen_text.setter @@ -160,9 +127,6 @@ def consent_screen_text(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: - """ - The description of this client scope in the GUI. - """ return pulumi.get(self, "description") @description.setter @@ -172,9 +136,6 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="guiOrder") def gui_order(self) -> Optional[pulumi.Input[int]]: - """ - Specify order of the client scope in GUI (such as in Consent page) as integer. - """ return pulumi.get(self, "gui_order") @gui_order.setter @@ -184,9 +145,6 @@ def gui_order(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="includeInTokenScope") def include_in_token_scope(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - """ return pulumi.get(self, "include_in_token_scope") @include_in_token_scope.setter @@ -196,9 +154,6 @@ def include_in_token_scope(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this client scope in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -208,9 +163,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this client scope belongs to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -231,49 +183,51 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol. + ## # openid.ClientScope + + Allows for creating and managing Keycloak client scopes that can be attached to + clients that use the OpenID Connect protocol. - Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also - be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 `scope` parameter. + Client Scopes can be used to share common protocol and role mappings between multiple + clients within a realm. They can also be used by clients to conditionally request + claims or roles for a user based on the OAuth 2.0 `scope` parameter. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") openid_client_scope = keycloak.openid.ClientScope("openidClientScope", - realm_id=realm.id, description="When requested, this scope will map a user's group memberships to a claim", - include_in_token_scope=True, - gui_order=1) + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + - `realm_id` - (Required) The realm this client scope belongs to. + - `name` - (Required) The display name of this client scope in the GUI. + - `description` - (Optional) The description of this client scope in the GUI. + - `consent_screen_text` - (Optional) When set, a consent screen will be displayed to users + authenticating to clients with this scope attached. The consent screen will display the string + value of this attribute. - Example: + ### Import - bash + Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. - ```sh - $ pulumi import keycloak:openid/clientScope:ClientScope openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] consent_screen_text: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - :param pulumi.Input[str] description: The description of this client scope in the GUI. - :param pulumi.Input[int] gui_order: Specify order of the client scope in GUI (such as in Consent page) as integer. - :param pulumi.Input[bool] include_in_token_scope: When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - :param pulumi.Input[str] name: The display name of this client scope in the GUI. - :param pulumi.Input[str] realm_id: The realm this client scope belongs to. """ ... @overload @@ -282,40 +236,48 @@ def __init__(__self__, args: ClientScopeArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol. + ## # openid.ClientScope - Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also - be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 `scope` parameter. + Allows for creating and managing Keycloak client scopes that can be attached to + clients that use the OpenID Connect protocol. - ## Example Usage + Client Scopes can be used to share common protocol and role mappings between multiple + clients within a realm. They can also be used by clients to conditionally request + claims or roles for a user based on the OAuth 2.0 `scope` parameter. + ### Example Usage + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") openid_client_scope = keycloak.openid.ClientScope("openidClientScope", - realm_id=realm.id, description="When requested, this scope will map a user's group memberships to a claim", - include_in_token_scope=True, - gui_order=1) + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + - `realm_id` - (Required) The realm this client scope belongs to. + - `name` - (Required) The display name of this client scope in the GUI. + - `description` - (Optional) The description of this client scope in the GUI. + - `consent_screen_text` - (Optional) When set, a consent screen will be displayed to users + authenticating to clients with this scope attached. The consent screen will display the string + value of this attribute. - Example: + ### Import - bash + Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak + assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. - ```sh - $ pulumi import keycloak:openid/clientScope:ClientScope openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52 - ``` + Example: :param str resource_name: The name of the resource. :param ClientScopeArgs args: The arguments to use to populate this resource's properties. @@ -378,12 +340,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] consent_screen_text: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - :param pulumi.Input[str] description: The description of this client scope in the GUI. - :param pulumi.Input[int] gui_order: Specify order of the client scope in GUI (such as in Consent page) as integer. - :param pulumi.Input[bool] include_in_token_scope: When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - :param pulumi.Input[str] name: The display name of this client scope in the GUI. - :param pulumi.Input[str] realm_id: The realm this client scope belongs to. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -400,48 +356,30 @@ def get(resource_name: str, @property @pulumi.getter(name="consentScreenText") def consent_screen_text(self) -> pulumi.Output[Optional[str]]: - """ - When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. - """ return pulumi.get(self, "consent_screen_text") @property @pulumi.getter def description(self) -> pulumi.Output[Optional[str]]: - """ - The description of this client scope in the GUI. - """ return pulumi.get(self, "description") @property @pulumi.getter(name="guiOrder") def gui_order(self) -> pulumi.Output[Optional[int]]: - """ - Specify order of the client scope in GUI (such as in Consent page) as integer. - """ return pulumi.get(self, "gui_order") @property @pulumi.getter(name="includeInTokenScope") def include_in_token_scope(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. - """ return pulumi.get(self, "include_in_token_scope") @property @pulumi.getter def name(self) -> pulumi.Output[str]: - """ - The display name of this client scope in the GUI. - """ return pulumi.get(self, "name") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this client scope belongs to. - """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/openid/client_service_account_realm_role.py b/sdk/python/pulumi_keycloak/openid/client_service_account_realm_role.py index f49cfa27..3b27f6be 100644 --- a/sdk/python/pulumi_keycloak/openid/client_service_account_realm_role.py +++ b/sdk/python/pulumi_keycloak/openid/client_service_account_realm_role.py @@ -138,6 +138,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -154,14 +155,15 @@ def __init__(__self__, service_account_user_id=client.service_account_user_id, role=realm_role.name) ``` + ## Import This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8 @@ -188,6 +190,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -204,14 +207,15 @@ def __init__(__self__, service_account_user_id=client.service_account_user_id, role=realm_role.name) ``` + ## Import This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/python/pulumi_keycloak/openid/client_service_account_role.py b/sdk/python/pulumi_keycloak/openid/client_service_account_role.py index cd3861c1..0daf6222 100644 --- a/sdk/python/pulumi_keycloak/openid/client_service_account_role.py +++ b/sdk/python/pulumi_keycloak/openid/client_service_account_role.py @@ -170,6 +170,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -193,14 +194,15 @@ def __init__(__self__, client_id=client1.id, role=client1_role.name) ``` + ## Import This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8 @@ -228,6 +230,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -251,14 +254,15 @@ def __init__(__self__, client_id=client1.id, role=client1_role.name) ``` + ## Import This resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8 diff --git a/sdk/python/pulumi_keycloak/openid/full_name_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/full_name_protocol_mapper.py index 2095bbea..43597ed3 100644 --- a/sdk/python/pulumi_keycloak/openid/full_name_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/full_name_protocol_mapper.py @@ -23,13 +23,10 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a FullNameProtocolMapper resource. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[bool] add_to_access_token: Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. """ pulumi.set(__self__, "realm_id", realm_id) if add_to_access_token is not None: @@ -49,7 +46,7 @@ def __init__(__self__, *, @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -60,9 +57,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - """ return pulumi.get(self, "add_to_access_token") @add_to_access_token.setter @@ -72,9 +66,6 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - """ return pulumi.get(self, "add_to_id_token") @add_to_id_token.setter @@ -84,9 +75,6 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - """ return pulumi.get(self, "add_to_userinfo") @add_to_userinfo.setter @@ -97,7 +85,7 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -109,7 +97,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -121,7 +109,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -142,13 +130,10 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering FullNameProtocolMapper resources. - :param pulumi.Input[bool] add_to_access_token: Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -168,9 +153,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - """ return pulumi.get(self, "add_to_access_token") @add_to_access_token.setter @@ -180,9 +162,6 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - """ return pulumi.get(self, "add_to_id_token") @add_to_id_token.setter @@ -192,9 +171,6 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - """ return pulumi.get(self, "add_to_userinfo") @add_to_userinfo.setter @@ -205,7 +181,7 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -217,7 +193,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -229,7 +205,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -241,7 +217,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -264,77 +240,81 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing full name protocol mappers within Keycloak. + ## # openid.FullNameProtocolMapper - Full name protocol mappers allow you to map a user's first and last name to the OpenID Connect `name` claim in a token. + Allows for creating and managing full name protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + Full name protocol mappers allow you to map a user's first and last name + to the OpenID Connect `name` claim in a token. Protocol mappers can be defined + for a single client, or they can be defined for a client scope which can + be shared between multiple different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper", - realm_id=realm.id, - client_id=openid_client.id) + client_id=openid_client.id, + realm_id=realm.id) ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper", - realm_id=realm.id, - client_scope_id=client_scope.id) + client_scope_id=client_scope.id, + realm_id=realm.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `add_to_id_token` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ ... @overload @@ -343,67 +323,74 @@ def __init__(__self__, args: FullNameProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing full name protocol mappers within Keycloak. + ## # openid.FullNameProtocolMapper - Full name protocol mappers allow you to map a user's first and last name to the OpenID Connect `name` claim in a token. + Allows for creating and managing full name protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + Full name protocol mappers allow you to map a user's first and last name + to the OpenID Connect `name` claim in a token. Protocol mappers can be defined + for a single client, or they can be defined for a client scope which can + be shared between multiple different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper", - realm_id=realm.id, - client_id=openid_client.id) + client_id=openid_client.id, + realm_id=realm.id) ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper", - realm_id=realm.id, - client_scope_id=client_scope.id) + client_scope_id=client_scope.id, + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `add_to_id_token` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param FullNameProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -469,13 +456,10 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -493,32 +477,23 @@ def get(resource_name: str, @property @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`. - """ return pulumi.get(self, "add_to_access_token") @property @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`. - """ return pulumi.get(self, "add_to_id_token") @property @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`. - """ return pulumi.get(self, "add_to_userinfo") @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -526,7 +501,7 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -534,7 +509,7 @@ def client_scope_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -542,7 +517,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/openid/get_client.py b/sdk/python/pulumi_keycloak/openid/get_client.py index 877e215a..f471f708 100644 --- a/sdk/python/pulumi_keycloak/openid/get_client.py +++ b/sdk/python/pulumi_keycloak/openid/get_client.py @@ -460,10 +460,13 @@ def get_client(client_id: Optional[str] = None, realm_id: Optional[str] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetClientResult: """ + ## # openid.Client data source + This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -474,10 +477,18 @@ def get_client(client_id: Optional[str] = None, client_id=realm_management.id, name="realm-admin") ``` + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm id. + - `client_id` - (Required) The client id. + ### Attributes Reference - :param str client_id: The client id (not its unique ID). - :param str realm_id: The realm id. + See the docs for the `openid.Client` resource for details on the exported attributes. """ __args__ = dict() __args__['clientId'] = client_id @@ -551,10 +562,13 @@ def get_client_output(client_id: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetClientResult]: """ + ## # openid.Client data source + This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -565,9 +579,17 @@ def get_client_output(client_id: Optional[pulumi.Input[str]] = None, client_id=realm_management.id, name="realm-admin") ``` + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm id. + - `client_id` - (Required) The client id. + ### Attributes Reference - :param str client_id: The client id (not its unique ID). - :param str realm_id: The realm id. + See the docs for the `openid.Client` resource for details on the exported attributes. """ ... diff --git a/sdk/python/pulumi_keycloak/openid/get_client_authorization_policy.py b/sdk/python/pulumi_keycloak/openid/get_client_authorization_policy.py index 9e7a280a..ad8c452e 100644 --- a/sdk/python/pulumi_keycloak/openid/get_client_authorization_policy.py +++ b/sdk/python/pulumi_keycloak/openid/get_client_authorization_policy.py @@ -168,6 +168,7 @@ def get_client_authorization_policy(name: Optional[str] = None, permission for this client called "Default Permission". We'll use the `openid_get_client_authorization_policy` data source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. + ```python import pulumi import pulumi_keycloak as keycloak @@ -199,6 +200,7 @@ def get_client_authorization_policy(name: Optional[str] = None, policies=[default_permission.id], resources=[resource.id]) ``` + :param str name: The name of the authorization policy. @@ -240,6 +242,7 @@ def get_client_authorization_policy_output(name: Optional[pulumi.Input[str]] = N permission for this client called "Default Permission". We'll use the `openid_get_client_authorization_policy` data source to fetch information about this permission, so we can use it to create a new resource-based authorization permission. + ```python import pulumi import pulumi_keycloak as keycloak @@ -271,6 +274,7 @@ def get_client_authorization_policy_output(name: Optional[pulumi.Input[str]] = N policies=[default_permission.id], resources=[resource.id]) ``` + :param str name: The name of the authorization policy. diff --git a/sdk/python/pulumi_keycloak/openid/get_client_scope.py b/sdk/python/pulumi_keycloak/openid/get_client_scope.py index bb3beb93..74f7c5d0 100644 --- a/sdk/python/pulumi_keycloak/openid/get_client_scope.py +++ b/sdk/python/pulumi_keycloak/openid/get_client_scope.py @@ -106,6 +106,7 @@ def get_client_scope(name: Optional[str] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -118,6 +119,7 @@ def get_client_scope(name: Optional[str] = None, client_scope_id=offline_access.id, included_custom_audience="foo") ``` + :param str name: The name of the client scope. @@ -148,6 +150,7 @@ def get_client_scope_output(name: Optional[pulumi.Input[str]] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -160,6 +163,7 @@ def get_client_scope_output(name: Optional[pulumi.Input[str]] = None, client_scope_id=offline_access.id, included_custom_audience="foo") ``` + :param str name: The name of the client scope. diff --git a/sdk/python/pulumi_keycloak/openid/get_client_service_account_user.py b/sdk/python/pulumi_keycloak/openid/get_client_service_account_user.py index ac6c7249..5bf62ba8 100644 --- a/sdk/python/pulumi_keycloak/openid/get_client_service_account_user.py +++ b/sdk/python/pulumi_keycloak/openid/get_client_service_account_user.py @@ -157,6 +157,7 @@ def get_client_service_account_user(client_id: Optional[str] = None, that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this user, using the `UserRoles` resource. + ```python import pulumi import pulumi_keycloak as keycloak @@ -178,6 +179,7 @@ def get_client_service_account_user(client_id: Optional[str] = None, user_id=service_account_user.id, role_ids=[offline_access.id]) ``` + :param str client_id: The ID of the OpenID client with service accounts enabled. @@ -218,6 +220,7 @@ def get_client_service_account_user_output(client_id: Optional[pulumi.Input[str] that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this user, using the `UserRoles` resource. + ```python import pulumi import pulumi_keycloak as keycloak @@ -239,6 +242,7 @@ def get_client_service_account_user_output(client_id: Optional[pulumi.Input[str] user_id=service_account_user.id, role_ids=[offline_access.id]) ``` + :param str client_id: The ID of the OpenID client with service accounts enabled. diff --git a/sdk/python/pulumi_keycloak/openid/group_membership_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/group_membership_protocol_mapper.py index f835cf08..014e8438 100644 --- a/sdk/python/pulumi_keycloak/openid/group_membership_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/group_membership_protocol_mapper.py @@ -25,15 +25,10 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a GroupMembershipProtocolMapper resource. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] full_path: Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. """ pulumi.set(__self__, "claim_name", claim_name) pulumi.set(__self__, "realm_id", realm_id) @@ -55,9 +50,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Input[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -68,7 +60,7 @@ def claim_name(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -79,9 +71,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. - """ return pulumi.get(self, "add_to_access_token") @add_to_access_token.setter @@ -91,9 +80,6 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. - """ return pulumi.get(self, "add_to_id_token") @add_to_id_token.setter @@ -103,9 +89,6 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - """ return pulumi.get(self, "add_to_userinfo") @add_to_userinfo.setter @@ -116,7 +99,7 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -128,7 +111,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -139,9 +122,6 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="fullPath") def full_path(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - """ return pulumi.get(self, "full_path") @full_path.setter @@ -152,7 +132,7 @@ def full_path(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -175,15 +155,10 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering GroupMembershipProtocolMapper resources. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] full_path: Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -207,9 +182,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. - """ return pulumi.get(self, "add_to_access_token") @add_to_access_token.setter @@ -219,9 +191,6 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. - """ return pulumi.get(self, "add_to_id_token") @add_to_id_token.setter @@ -231,9 +200,6 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - """ return pulumi.get(self, "add_to_userinfo") @add_to_userinfo.setter @@ -243,9 +209,6 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="claimName") def claim_name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -256,7 +219,7 @@ def claim_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -268,7 +231,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -279,9 +242,6 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="fullPath") def full_path(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - """ return pulumi.get(self, "full_path") @full_path.setter @@ -292,7 +252,7 @@ def full_path(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -304,7 +264,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -329,81 +289,85 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing group membership protocol mappers within Keycloak. + ## # openid.GroupMembershipProtocolMapper - Group membership protocol mappers allow you to map a user's group memberships to a claim in a token. + Allows for creating and managing group membership protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + Group membership protocol mappers allow you to map a user's group memberships + to a claim in a token. Protocol mappers can be defined for a single client, + or they can be defined for a client scope which can be shared between multiple + different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", - realm_id=realm.id, + claim_name="groups", client_id=openid_client.id, - claim_name="groups") + realm_id=realm.id) ``` - ### Client Scope) + + + ### Example Usage (Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", - realm_id=realm.id, + claim_name="groups", client_scope_id=client_scope.id, - claim_name="groups") + realm_id=realm.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `full_path` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`. + - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] full_path: Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ ... @overload @@ -412,69 +376,78 @@ def __init__(__self__, args: GroupMembershipProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing group membership protocol mappers within Keycloak. + ## # openid.GroupMembershipProtocolMapper - Group membership protocol mappers allow you to map a user's group memberships to a claim in a token. + Allows for creating and managing group membership protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + Group membership protocol mappers allow you to map a user's group memberships + to a claim in a token. Protocol mappers can be defined for a single client, + or they can be defined for a client scope which can be shared between multiple + different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", - realm_id=realm.id, + claim_name="groups", client_id=openid_client.id, - claim_name="groups") + realm_id=realm.id) ``` - ### Client Scope) + + + ### Example Usage (Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", - realm_id=realm.id, + claim_name="groups", client_scope_id=client_scope.id, - claim_name="groups") + realm_id=realm.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `full_path` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`. + - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param GroupMembershipProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -548,15 +521,10 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] full_path: Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -576,40 +544,28 @@ def get(resource_name: str, @property @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. - """ return pulumi.get(self, "add_to_access_token") @property @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. - """ return pulumi.get(self, "add_to_id_token") @property @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - """ return pulumi.get(self, "add_to_userinfo") @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Output[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -617,23 +573,20 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @property @pulumi.getter(name="fullPath") def full_path(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates whether the full path of the group including its parents will be used. Defaults to `true`. - """ return pulumi.get(self, "full_path") @property @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -641,7 +594,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/openid/hardcoded_claim_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/hardcoded_claim_protocol_mapper.py index 12ccb245..f3d3e327 100644 --- a/sdk/python/pulumi_keycloak/openid/hardcoded_claim_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/hardcoded_claim_protocol_mapper.py @@ -26,16 +26,14 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a HardcodedClaimProtocolMapper resource. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value: The hardcoded value of the claim. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. """ pulumi.set(__self__, "claim_name", claim_name) pulumi.set(__self__, "claim_value", claim_value) @@ -58,9 +56,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Input[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -70,9 +65,6 @@ def claim_name(self, value: pulumi.Input[str]): @property @pulumi.getter(name="claimValue") def claim_value(self) -> pulumi.Input[str]: - """ - The hardcoded value of the claim. - """ return pulumi.get(self, "claim_value") @claim_value.setter @@ -83,7 +75,7 @@ def claim_value(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -95,7 +87,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -107,7 +99,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -119,7 +111,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -131,7 +123,7 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="claimValueType") def claim_value_type(self) -> Optional[pulumi.Input[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -143,7 +135,7 @@ def claim_value_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -155,7 +147,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -167,7 +159,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -191,16 +183,14 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering HardcodedClaimProtocolMapper resources. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value: The hardcoded value of the claim. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -227,7 +217,7 @@ def __init__(__self__, *, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -239,7 +229,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -251,7 +241,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -262,9 +252,6 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="claimName") def claim_name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -274,9 +261,6 @@ def claim_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="claimValue") def claim_value(self) -> Optional[pulumi.Input[str]]: - """ - The hardcoded value of the claim. - """ return pulumi.get(self, "claim_value") @claim_value.setter @@ -287,7 +271,7 @@ def claim_value(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="claimValueType") def claim_value_type(self) -> Optional[pulumi.Input[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -299,7 +283,7 @@ def claim_value_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -311,7 +295,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -323,7 +307,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -335,7 +319,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -361,84 +345,92 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing hardcoded claim protocol mappers within Keycloak. + ## # openid.HardcodedClaimProtocolMapper - Hardcoded claim protocol mappers allow you to define a claim with a hardcoded value. + Allows for creating and managing hardcoded claim protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + Hardcoded claim protocol mappers allow you to define a claim with a hardcoded + value. Protocol mappers can be defined for a single client, or they can + be defined for a client scope which can be shared between multiple different + clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", - realm_id=realm.id, - client_id=openid_client.id, claim_name="foo", - claim_value="bar") + claim_value="bar", + client_id=openid_client.id, + realm_id=realm.id) ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", - realm_id=realm.id, - client_scope_id=client_scope.id, claim_name="foo", - claim_value="bar") + claim_value="bar", + client_scope_id=client_scope.id, + realm_id=realm.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `claim_value` - (Required) The hardcoded value of the claim. + - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value: The hardcoded value of the claim. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ ... @overload @@ -447,71 +439,81 @@ def __init__(__self__, args: HardcodedClaimProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing hardcoded claim protocol mappers within Keycloak. + ## # openid.HardcodedClaimProtocolMapper - Hardcoded claim protocol mappers allow you to define a claim with a hardcoded value. + Allows for creating and managing hardcoded claim protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + Hardcoded claim protocol mappers allow you to define a claim with a hardcoded + value. Protocol mappers can be defined for a single client, or they can + be defined for a client scope which can be shared between multiple different + clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", - realm_id=realm.id, - client_id=openid_client.id, claim_name="foo", - claim_value="bar") + claim_value="bar", + client_id=openid_client.id, + realm_id=realm.id) ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", - realm_id=realm.id, - client_scope_id=client_scope.id, claim_name="foo", - claim_value="bar") + claim_value="bar", + client_scope_id=client_scope.id, + realm_id=realm.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `claim_value` - (Required) The hardcoded value of the claim. + - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param HardcodedClaimProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -590,16 +592,14 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value: The hardcoded value of the claim. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -621,7 +621,7 @@ def get(resource_name: str, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -629,7 +629,7 @@ def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -637,31 +637,25 @@ def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Output[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @property @pulumi.getter(name="claimValue") def claim_value(self) -> pulumi.Output[str]: - """ - The hardcoded value of the claim. - """ return pulumi.get(self, "claim_value") @property @pulumi.getter(name="claimValueType") def claim_value_type(self) -> pulumi.Output[Optional[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -669,7 +663,7 @@ def claim_value_type(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -677,7 +671,7 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -685,7 +679,7 @@ def client_scope_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -693,7 +687,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/openid/hardcoded_role_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/hardcoded_role_protocol_mapper.py index 29aae4c7..9a1b620f 100644 --- a/sdk/python/pulumi_keycloak/openid/hardcoded_role_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/hardcoded_role_protocol_mapper.py @@ -21,11 +21,10 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a HardcodedRoleProtocolMapper resource. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] role_id: The ID of the role to map to an access token. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. """ pulumi.set(__self__, "realm_id", realm_id) pulumi.set(__self__, "role_id", role_id) @@ -40,7 +39,7 @@ def __init__(__self__, *, @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -51,9 +50,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="roleId") def role_id(self) -> pulumi.Input[str]: - """ - The ID of the role to map to an access token. - """ return pulumi.get(self, "role_id") @role_id.setter @@ -64,7 +60,7 @@ def role_id(self, value: pulumi.Input[str]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -76,7 +72,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -88,7 +84,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -107,11 +103,10 @@ def __init__(__self__, *, role_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering HardcodedRoleProtocolMapper resources. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] role_id: The ID of the role to map to an access token. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ if client_id is not None: pulumi.set(__self__, "client_id", client_id) @@ -128,7 +123,7 @@ def __init__(__self__, *, @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -140,7 +135,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -152,7 +147,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -164,7 +159,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -175,9 +170,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="roleId") def role_id(self) -> Optional[pulumi.Input[str]]: - """ - The ID of the role to map to an access token. - """ return pulumi.get(self, "role_id") @role_id.setter @@ -197,79 +189,84 @@ def __init__(__self__, role_id: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing hardcoded role protocol mappers within Keycloak. + ## # openid.HardcodedRoleProtocolMapper - Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. + Allows for creating and managing hardcoded role protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + Hardcoded role protocol mappers allow you to specify a single role to + always map to an access token for a client. Protocol mappers can be + defined for a single client, or they can be defined for a client scope + which can be shared between multiple different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") role = keycloak.Role("role", realm_id=realm.id) openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", - enabled=True, access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", - realm_id=realm.id, client_id=openid_client.id, + realm_id=realm.id, role_id=role.id) ``` - ### Client Scope) + + + ### Example Usage (Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") role = keycloak.Role("role", realm_id=realm.id) client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", - realm_id=realm.id, client_scope_id=client_scope.id, + realm_id=realm.id, role_id=role.id) ``` + - ## Import + ### Argument Reference - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the + GUI. + - `role_id` - (Required) The ID of the role to map to an access token. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] role_id: The ID of the role to map to an access token. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ ... @overload @@ -278,71 +275,77 @@ def __init__(__self__, args: HardcodedRoleProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing hardcoded role protocol mappers within Keycloak. + ## # openid.HardcodedRoleProtocolMapper - Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. + Allows for creating and managing hardcoded role protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + Hardcoded role protocol mappers allow you to specify a single role to + always map to an access token for a client. Protocol mappers can be + defined for a single client, or they can be defined for a client scope + which can be shared between multiple different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") role = keycloak.Role("role", realm_id=realm.id) openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", - enabled=True, access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", - realm_id=realm.id, client_id=openid_client.id, + realm_id=realm.id, role_id=role.id) ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") role = keycloak.Role("role", realm_id=realm.id) client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", - realm_id=realm.id, client_scope_id=client_scope.id, + realm_id=realm.id, role_id=role.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the + GUI. + - `role_id` - (Required) The ID of the role to map to an access token. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param HardcodedRoleProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -404,11 +407,10 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] role_id: The ID of the role to map to an access token. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -425,7 +427,7 @@ def get(resource_name: str, @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -433,7 +435,7 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -441,7 +443,7 @@ def client_scope_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -449,15 +451,12 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="roleId") def role_id(self) -> pulumi.Output[str]: - """ - The ID of the role to map to an access token. - """ return pulumi.get(self, "role_id") diff --git a/sdk/python/pulumi_keycloak/openid/outputs.py b/sdk/python/pulumi_keycloak/openid/outputs.py index 047fef56..00e99ff5 100644 --- a/sdk/python/pulumi_keycloak/openid/outputs.py +++ b/sdk/python/pulumi_keycloak/openid/outputs.py @@ -50,10 +50,6 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, browser_id: Optional[str] = None, direct_grant_id: Optional[str] = None): - """ - :param str browser_id: Browser flow id, (flow needs to exist) - :param str direct_grant_id: Direct grant flow id (flow needs to exist) - """ if browser_id is not None: pulumi.set(__self__, "browser_id", browser_id) if direct_grant_id is not None: @@ -62,17 +58,11 @@ def __init__(__self__, *, @property @pulumi.getter(name="browserId") def browser_id(self) -> Optional[str]: - """ - Browser flow id, (flow needs to exist) - """ return pulumi.get(self, "browser_id") @property @pulumi.getter(name="directGrantId") def direct_grant_id(self) -> Optional[str]: - """ - Direct grant flow id (flow needs to exist) - """ return pulumi.get(self, "direct_grant_id") @@ -106,12 +96,6 @@ def __init__(__self__, *, allow_remote_resource_management: Optional[bool] = None, decision_strategy: Optional[str] = None, keep_defaults: Optional[bool] = None): - """ - :param str policy_enforcement_mode: Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - :param bool allow_remote_resource_management: When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - :param str decision_strategy: Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - :param bool keep_defaults: When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - """ pulumi.set(__self__, "policy_enforcement_mode", policy_enforcement_mode) if allow_remote_resource_management is not None: pulumi.set(__self__, "allow_remote_resource_management", allow_remote_resource_management) @@ -123,33 +107,21 @@ def __init__(__self__, *, @property @pulumi.getter(name="policyEnforcementMode") def policy_enforcement_mode(self) -> str: - """ - Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`. - """ return pulumi.get(self, "policy_enforcement_mode") @property @pulumi.getter(name="allowRemoteResourceManagement") def allow_remote_resource_management(self) -> Optional[bool]: - """ - When `true`, resources can be managed remotely by the resource server. Defaults to `false`. - """ return pulumi.get(self, "allow_remote_resource_management") @property @pulumi.getter(name="decisionStrategy") def decision_strategy(self) -> Optional[str]: - """ - Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions. - """ return pulumi.get(self, "decision_strategy") @property @pulumi.getter(name="keepDefaults") def keep_defaults(self) -> Optional[bool]: - """ - When `true`, defaults set by Keycloak will be respected. Defaults to `false`. - """ return pulumi.get(self, "keep_defaults") diff --git a/sdk/python/pulumi_keycloak/openid/script_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/script_protocol_mapper.py index fca24305..c410b42b 100644 --- a/sdk/python/pulumi_keycloak/openid/script_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/script_protocol_mapper.py @@ -404,8 +404,10 @@ def __init__(__self__, > Support for this protocol mapper was removed in Keycloak 18. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -425,8 +427,11 @@ def __init__(__self__, claim_name="foo", script="exports = 'foo';") ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -441,18 +446,19 @@ def __init__(__self__, claim_name="foo", script="exports = 'foo';") ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 @@ -493,8 +499,10 @@ def __init__(__self__, > Support for this protocol mapper was removed in Keycloak 18. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -514,8 +522,11 @@ def __init__(__self__, claim_name="foo", script="exports = 'foo';") ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -530,18 +541,19 @@ def __init__(__self__, claim_name="foo", script="exports = 'foo';") ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/python/pulumi_keycloak/openid/user_attribute_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_attribute_protocol_mapper.py index 79b1f95f..28204be0 100644 --- a/sdk/python/pulumi_keycloak/openid/user_attribute_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_attribute_protocol_mapper.py @@ -28,18 +28,16 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a UserAttributeProtocolMapper resource. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_attribute: The custom user attribute to map a claim for. - :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[bool] aggregate_attributes: Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[bool] aggregate_attributes: Indicates if attribute values should be aggregated within the group attributes + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. """ pulumi.set(__self__, "claim_name", claim_name) pulumi.set(__self__, "realm_id", realm_id) @@ -66,9 +64,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Input[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -79,7 +74,7 @@ def claim_name(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -90,9 +85,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="userAttribute") def user_attribute(self) -> pulumi.Input[str]: - """ - The custom user attribute to map a claim for. - """ return pulumi.get(self, "user_attribute") @user_attribute.setter @@ -103,7 +95,7 @@ def user_attribute(self, value: pulumi.Input[str]): @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -115,7 +107,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -127,7 +119,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -139,7 +131,7 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="aggregateAttributes") def aggregate_attributes(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + Indicates if attribute values should be aggregated within the group attributes """ return pulumi.get(self, "aggregate_attributes") @@ -151,7 +143,7 @@ def aggregate_attributes(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="claimValueType") def claim_value_type(self) -> Optional[pulumi.Input[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -163,7 +155,7 @@ def claim_value_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -175,7 +167,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -187,7 +179,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def multivalued(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + Indicates whether this attribute is a single value or an array of values. """ return pulumi.get(self, "multivalued") @@ -199,7 +191,7 @@ def multivalued(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -225,18 +217,16 @@ def __init__(__self__, *, user_attribute: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering UserAttributeProtocolMapper resources. - :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[bool] aggregate_attributes: Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_attribute: The custom user attribute to map a claim for. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[bool] aggregate_attributes: Indicates if attribute values should be aggregated within the group attributes + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -267,7 +257,7 @@ def __init__(__self__, *, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -279,7 +269,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -291,7 +281,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -303,7 +293,7 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="aggregateAttributes") def aggregate_attributes(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + Indicates if attribute values should be aggregated within the group attributes """ return pulumi.get(self, "aggregate_attributes") @@ -314,9 +304,6 @@ def aggregate_attributes(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="claimName") def claim_name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -327,7 +314,7 @@ def claim_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="claimValueType") def claim_value_type(self) -> Optional[pulumi.Input[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -339,7 +326,7 @@ def claim_value_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -351,7 +338,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -363,7 +350,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def multivalued(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + Indicates whether this attribute is a single value or an array of values. """ return pulumi.get(self, "multivalued") @@ -375,7 +362,7 @@ def multivalued(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -387,7 +374,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -398,9 +385,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="userAttribute") def user_attribute(self) -> Optional[pulumi.Input[str]]: - """ - The custom user attribute to map a claim for. - """ return pulumi.get(self, "user_attribute") @user_attribute.setter @@ -427,86 +411,95 @@ def __init__(__self__, user_attribute: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing user attribute protocol mappers within Keycloak. + ## # openid.UserAttributeProtocolMapper - User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. + Allows for creating and managing user attribute protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + User attribute protocol mappers allow you to map custom attributes defined + for a user within Keycloak to a claim in a token. Protocol mappers can be + defined for a single client, or they can be defined for a client scope which + can be shared between multiple different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", - realm_id=realm.id, + claim_name="bar", client_id=openid_client.id, - user_attribute="foo", - claim_name="bar") + realm_id=realm.id, + user_attribute="foo") ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", - realm_id=realm.id, + claim_name="bar", client_scope_id=client_scope.id, - user_attribute="foo", - claim_name="bar") + realm_id=realm.id, + user_attribute="foo") ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: + ### Argument Reference - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `user_attribute` - (Required) The custom user attribute to map a claim for. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + - `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + - `add_to_id_token` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. - Example: + ### Import - bash - - ```sh - $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[bool] aggregate_attributes: Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_attribute: The custom user attribute to map a claim for. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[bool] aggregate_attributes: Indicates if attribute values should be aggregated within the group attributes + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ ... @overload @@ -515,71 +508,82 @@ def __init__(__self__, args: UserAttributeProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing user attribute protocol mappers within Keycloak. + ## # openid.UserAttributeProtocolMapper - User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. + Allows for creating and managing user attribute protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + User attribute protocol mappers allow you to map custom attributes defined + for a user within Keycloak to a claim in a token. Protocol mappers can be + defined for a single client, or they can be defined for a client scope which + can be shared between multiple different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", - realm_id=realm.id, + claim_name="bar", client_id=openid_client.id, - user_attribute="foo", - claim_name="bar") + realm_id=realm.id, + user_attribute="foo") ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", - realm_id=realm.id, + claim_name="bar", client_scope_id=client_scope.id, - user_attribute="foo", - claim_name="bar") + realm_id=realm.id, + user_attribute="foo") ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: + ### Argument Reference - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `user_attribute` - (Required) The custom user attribute to map a claim for. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + - `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + - `add_to_id_token` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. - Example: + ### Import - bash + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` - - ```sh - $ pulumi import keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param UserAttributeProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -664,18 +668,16 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[bool] aggregate_attributes: Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. Defaults to `false`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_attribute: The custom user attribute to map a claim for. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[bool] aggregate_attributes: Indicates if attribute values should be aggregated within the group attributes + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -699,7 +701,7 @@ def get(resource_name: str, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the attribute should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -707,7 +709,7 @@ def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the attribute should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -715,7 +717,7 @@ def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -723,23 +725,20 @@ def add_to_userinfo(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="aggregateAttributes") def aggregate_attributes(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + Indicates if attribute values should be aggregated within the group attributes """ return pulumi.get(self, "aggregate_attributes") @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Output[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @property @pulumi.getter(name="claimValueType") def claim_value_type(self) -> pulumi.Output[Optional[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -747,7 +746,7 @@ def claim_value_type(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -755,7 +754,7 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -763,7 +762,7 @@ def client_scope_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def multivalued(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether this attribute is a single value or an array of values. Defaults to `false`. + Indicates whether this attribute is a single value or an array of values. """ return pulumi.get(self, "multivalued") @@ -771,7 +770,7 @@ def multivalued(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -779,15 +778,12 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="userAttribute") def user_attribute(self) -> pulumi.Output[str]: - """ - The custom user attribute to map a claim for. - """ return pulumi.get(self, "user_attribute") diff --git a/sdk/python/pulumi_keycloak/openid/user_client_role_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_client_role_protocol_mapper.py index 08b070e8..ac30ce63 100644 --- a/sdk/python/pulumi_keycloak/openid/user_client_role_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_client_role_protocol_mapper.py @@ -436,8 +436,10 @@ def __init__(__self__, multiple different clients. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -456,8 +458,11 @@ def __init__(__self__, client_id=openid_client.id, claim_name="foo") ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -471,18 +476,19 @@ def __init__(__self__, client_scope_id=client_scope.id, claim_name="foo") ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 @@ -522,8 +528,10 @@ def __init__(__self__, multiple different clients. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -542,8 +550,11 @@ def __init__(__self__, client_id=openid_client.id, claim_name="foo") ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -557,18 +568,19 @@ def __init__(__self__, client_scope_id=client_scope.id, claim_name="foo") ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py index 4b0360a1..dcdee9b0 100644 --- a/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py @@ -26,16 +26,14 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a UserPropertyProtocolMapper resource. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_property: The built in user property (such as email) to map a claim for. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. """ pulumi.set(__self__, "claim_name", claim_name) pulumi.set(__self__, "realm_id", realm_id) @@ -58,9 +56,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Input[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -71,7 +66,7 @@ def claim_name(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -82,9 +77,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="userProperty") def user_property(self) -> pulumi.Input[str]: - """ - The built in user property (such as email) to map a claim for. - """ return pulumi.get(self, "user_property") @user_property.setter @@ -95,7 +87,7 @@ def user_property(self, value: pulumi.Input[str]): @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the property should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -107,7 +99,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the property should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -119,7 +111,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the property should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -131,7 +123,7 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="claimValueType") def claim_value_type(self) -> Optional[pulumi.Input[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -143,7 +135,7 @@ def claim_value_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -155,7 +147,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -167,7 +159,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -191,16 +183,14 @@ def __init__(__self__, *, user_property: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering UserPropertyProtocolMapper resources. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_property: The built in user property (such as email) to map a claim for. + :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -227,7 +217,7 @@ def __init__(__self__, *, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the property should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -239,7 +229,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the property should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -251,7 +241,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the property should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -262,9 +252,6 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="claimName") def claim_name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -275,7 +262,7 @@ def claim_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="claimValueType") def claim_value_type(self) -> Optional[pulumi.Input[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -287,7 +274,7 @@ def claim_value_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -299,7 +286,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -311,7 +298,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -323,7 +310,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -334,9 +321,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="userProperty") def user_property(self) -> Optional[pulumi.Input[str]]: - """ - The built in user property (such as email) to map a claim for. - """ return pulumi.get(self, "user_property") @user_property.setter @@ -361,85 +345,92 @@ def __init__(__self__, user_property: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing user property protocol mappers within Keycloak. + ## # openid.UserPropertyProtocolMapper - User property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in - a token. + Allows for creating and managing user property protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + User property protocol mappers allow you to map built in properties defined + on the Keycloak user interface to a claim in a token. Protocol mappers can be + defined for a single client, or they can be defined for a client scope which + can be shared between multiple different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", - realm_id=realm.id, + claim_name="email", client_id=openid_client.id, - user_property="email", - claim_name="email") + realm_id=realm.id, + user_property="email") ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", - realm_id=realm.id, + claim_name="email", client_scope_id=client_scope.id, - user_property="email", - claim_name="email") + realm_id=realm.id, + user_property="email") ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: + ### Argument Reference - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `user_property` - (Required) The built in user property (such as email) to map a claim for. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - Example: + ### Import - bash - - ```sh - $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_property: The built in user property (such as email) to map a claim for. + :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ ... @overload @@ -448,72 +439,81 @@ def __init__(__self__, args: UserPropertyProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing user property protocol mappers within Keycloak. + ## # openid.UserPropertyProtocolMapper - User property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in - a token. + Allows for creating and managing user property protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + User property protocol mappers allow you to map built in properties defined + on the Keycloak user interface to a claim in a token. Protocol mappers can be + defined for a single client, or they can be defined for a client scope which + can be shared between multiple different clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", - realm_id=realm.id, + claim_name="email", client_id=openid_client.id, - user_property="email", - claim_name="email") + realm_id=realm.id, + user_property="email") ``` - ### Client Scope) + + ### Example Usage (Client Scope) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", - realm_id=realm.id, + claim_name="email", client_scope_id=client_scope.id, - user_property="email", - claim_name="email") + realm_id=realm.id, + user_property="email") ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: + ### Argument Reference - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `user_property` - (Required) The built in user property (such as email) to map a claim for. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - Example: + ### Import - bash + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` - - ```sh - $ pulumi import keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param UserPropertyProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -592,16 +592,14 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_property: The built in user property (such as email) to map a claim for. + :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -623,7 +621,7 @@ def get(resource_name: str, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the property should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -631,7 +629,7 @@ def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the property should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -639,23 +637,20 @@ def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the property should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Output[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @property @pulumi.getter(name="claimValueType") def claim_value_type(self) -> pulumi.Output[Optional[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -663,7 +658,7 @@ def claim_value_type(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -671,7 +666,7 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -679,7 +674,7 @@ def client_scope_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -687,15 +682,12 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="userProperty") def user_property(self) -> pulumi.Output[str]: - """ - The built in user property (such as email) to map a claim for. - """ return pulumi.get(self, "user_property") diff --git a/sdk/python/pulumi_keycloak/openid/user_realm_role_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_realm_role_protocol_mapper.py index 7cc1e83f..f3206a0b 100644 --- a/sdk/python/pulumi_keycloak/openid/user_realm_role_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_realm_role_protocol_mapper.py @@ -27,17 +27,16 @@ def __init__(__self__, *, realm_role_prefix: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a UserRealmRoleProtocolMapper resource. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] multivalued: Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_role_prefix: A prefix for each Realm Role. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_role_prefix: Prefix that will be added to each realm role. """ pulumi.set(__self__, "claim_name", claim_name) pulumi.set(__self__, "realm_id", realm_id) @@ -63,9 +62,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Input[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -76,7 +72,7 @@ def claim_name(self, value: pulumi.Input[str]): @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -88,7 +84,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -100,7 +96,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -112,7 +108,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -124,7 +120,7 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="claimValueType") def claim_value_type(self) -> Optional[pulumi.Input[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -136,7 +132,7 @@ def claim_value_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -148,7 +144,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -160,7 +156,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def multivalued(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + Indicates whether this attribute is a single value or an array of values. """ return pulumi.get(self, "multivalued") @@ -172,7 +168,7 @@ def multivalued(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -184,7 +180,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmRolePrefix") def realm_role_prefix(self) -> Optional[pulumi.Input[str]]: """ - A prefix for each Realm Role. + Prefix that will be added to each realm role. """ return pulumi.get(self, "realm_role_prefix") @@ -209,17 +205,16 @@ def __init__(__self__, *, realm_role_prefix: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering UserRealmRoleProtocolMapper resources. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] multivalued: Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] realm_role_prefix: A prefix for each Realm Role. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[str] realm_role_prefix: Prefix that will be added to each realm role. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -248,7 +243,7 @@ def __init__(__self__, *, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -260,7 +255,7 @@ def add_to_access_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -272,7 +267,7 @@ def add_to_id_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @@ -283,9 +278,6 @@ def add_to_userinfo(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="claimName") def claim_name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @claim_name.setter @@ -296,7 +288,7 @@ def claim_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="claimValueType") def claim_value_type(self) -> Optional[pulumi.Input[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -308,7 +300,7 @@ def claim_value_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -320,7 +312,7 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -332,7 +324,7 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def multivalued(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + Indicates whether this attribute is a single value or an array of values. """ return pulumi.get(self, "multivalued") @@ -344,7 +336,7 @@ def multivalued(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -356,7 +348,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -368,7 +360,7 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="realmRolePrefix") def realm_role_prefix(self) -> Optional[pulumi.Input[str]]: """ - A prefix for each Realm Role. + Prefix that will be added to each realm role. """ return pulumi.get(self, "realm_role_prefix") @@ -395,83 +387,93 @@ def __init__(__self__, realm_role_prefix: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing user realm role protocol mappers within Keycloak. + ## # openid.UserRealmRoleProtocolMapper - User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + Allows for creating and managing user realm role protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + Protocol mappers can be defined for a single client, or they can + be defined for a client scope which can be shared between multiple different + clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", - realm_id=realm.id, + claim_name="foo", client_id=openid_client.id, - claim_name="foo") + realm_id=realm.id) ``` - ### Client Scope) + + + ### Example Usage (Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", - realm_id=realm.id, + claim_name="foo", client_scope_id=client_scope.id, - claim_name="foo") + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + - `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`. + - `realm_role_prefix` - (Optional) A prefix for each Realm Role. + - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] multivalued: Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] realm_role_prefix: A prefix for each Realm Role. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[str] realm_role_prefix: Prefix that will be added to each realm role. """ ... @overload @@ -480,69 +482,80 @@ def __init__(__self__, args: UserRealmRoleProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing user realm role protocol mappers within Keycloak. + ## # openid.UserRealmRoleProtocolMapper - User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + Allows for creating and managing user realm role protocol mappers within + Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + User realm role protocol mappers allow you to define a claim containing the list of the realm roles. + Protocol mappers can be defined for a single client, or they can + be defined for a client scope which can be shared between multiple different + clients. - ## Example Usage - ### Client) + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, - client_id="client", enabled=True, + realm="my-realm") + openid_client = keycloak.openid.Client("openidClient", access_type="CONFIDENTIAL", + client_id="test-client", + enabled=True, + realm_id=realm.id, valid_redirect_uris=["http://localhost:8080/openid-callback"]) user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", - realm_id=realm.id, + claim_name="foo", client_id=openid_client.id, - claim_name="foo") + realm_id=realm.id) ``` - ### Client Scope) + + + ### Example Usage (Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", - realm_id=realm.id, + claim_name="foo", client_scope_id=client_scope.id, - claim_name="foo") + realm_id=realm.id) ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `claim_name` - (Required) The name of the claim to insert into a token. + - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`. + - `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`. + - `realm_role_prefix` - (Optional) A prefix for each Realm Role. + - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. + - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. + - `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - bash + ### Import - ```sh - $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param UserRealmRoleProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -622,17 +635,16 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. - :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. - :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. - :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. - :param pulumi.Input[str] claim_value_type: The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[bool] multivalued: Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] realm_role_prefix: A prefix for each Realm Role. + :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. + :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. + :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. + :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. + :param pulumi.Input[str] client_id: The mapper's associated client. Cannot be used at the same time as client_scope_id. + :param pulumi.Input[str] client_scope_id: The mapper's associated client scope. Cannot be used at the same time as client_id. + :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. + :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. + :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists. + :param pulumi.Input[str] realm_role_prefix: Prefix that will be added to each realm role. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -655,7 +667,7 @@ def get(resource_name: str, @pulumi.getter(name="addToAccessToken") def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the access token. Defaults to `true`. + Indicates if the attribute should be a claim in the access token. """ return pulumi.get(self, "add_to_access_token") @@ -663,7 +675,7 @@ def add_to_access_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToIdToken") def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the id token. Defaults to `true`. + Indicates if the attribute should be a claim in the id token. """ return pulumi.get(self, "add_to_id_token") @@ -671,23 +683,20 @@ def add_to_id_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="addToUserinfo") def add_to_userinfo(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. + Indicates if the attribute should appear in the userinfo response body. """ return pulumi.get(self, "add_to_userinfo") @property @pulumi.getter(name="claimName") def claim_name(self) -> pulumi.Output[str]: - """ - The name of the claim to insert into a token. - """ return pulumi.get(self, "claim_name") @property @pulumi.getter(name="claimValueType") def claim_value_type(self) -> pulumi.Output[Optional[str]]: """ - The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. + Claim type used when serializing tokens. """ return pulumi.get(self, "claim_value_type") @@ -695,7 +704,7 @@ def claim_value_type(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client. Cannot be used at the same time as client_scope_id. """ return pulumi.get(self, "client_id") @@ -703,7 +712,7 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ return pulumi.get(self, "client_scope_id") @@ -711,7 +720,7 @@ def client_scope_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def multivalued(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + Indicates whether this attribute is a single value or an array of values. """ return pulumi.get(self, "multivalued") @@ -719,7 +728,7 @@ def multivalued(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The display name of this protocol mapper in the GUI. + A human-friendly name that will appear in the Keycloak console. """ return pulumi.get(self, "name") @@ -727,7 +736,7 @@ def name(self) -> pulumi.Output[str]: @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: """ - The realm this protocol mapper exists within. + The realm id where the associated client or client scope exists. """ return pulumi.get(self, "realm_id") @@ -735,7 +744,7 @@ def realm_id(self) -> pulumi.Output[str]: @pulumi.getter(name="realmRolePrefix") def realm_role_prefix(self) -> pulumi.Output[Optional[str]]: """ - A prefix for each Realm Role. + Prefix that will be added to each realm role. """ return pulumi.get(self, "realm_role_prefix") diff --git a/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py index b02645f2..09f0fc3e 100644 --- a/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py @@ -337,8 +337,10 @@ def __init__(__self__, multiple different clients. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -359,8 +361,11 @@ def __init__(__self__, claim_value_type="String", session_note="bar") ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -376,18 +381,19 @@ def __init__(__self__, claim_value_type="String", session_note="bar") ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 @@ -424,8 +430,10 @@ def __init__(__self__, multiple different clients. ## Example Usage + ### Client) + ```python import pulumi import pulumi_keycloak as keycloak @@ -446,8 +454,11 @@ def __init__(__self__, claim_value_type="String", session_note="bar") ``` + + ### Client Scope) + ```python import pulumi import pulumi_keycloak as keycloak @@ -463,18 +474,19 @@ def __init__(__self__, claim_value_type="String", session_note="bar") ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/python/pulumi_keycloak/outputs.py b/sdk/python/pulumi_keycloak/outputs.py index e8bd84d5..6dd07642 100644 --- a/sdk/python/pulumi_keycloak/outputs.py +++ b/sdk/python/pulumi_keycloak/outputs.py @@ -304,27 +304,17 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, default_locale: str, supported_locales: Sequence[str]): - """ - :param str default_locale: The locale to use by default. This locale code must be present within the `supported_locales` list. - :param Sequence[str] supported_locales: A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - """ pulumi.set(__self__, "default_locale", default_locale) pulumi.set(__self__, "supported_locales", supported_locales) @property @pulumi.getter(name="defaultLocale") def default_locale(self) -> str: - """ - The locale to use by default. This locale code must be present within the `supported_locales` list. - """ return pulumi.get(self, "default_locale") @property @pulumi.getter(name="supportedLocales") def supported_locales(self) -> Sequence[str]: - """ - A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support. - """ return pulumi.get(self, "supported_locales") @@ -357,12 +347,8 @@ def __init__(__self__, *, period: Optional[int] = None, type: Optional[str] = None): """ - :param str algorithm: What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. - :param int digits: How many digits the OTP have. Defaults to `6`. - :param int initial_counter: What should the initial counter value be. Defaults to `2`. - :param int look_ahead_window: How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - :param int period: How many seconds should an OTP token be valid. Defaults to `30`. - :param str type: One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + :param str algorithm: What hashing algorithm should be used to generate the OTP. + :param str type: OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password """ if algorithm is not None: pulumi.set(__self__, "algorithm", algorithm) @@ -381,47 +367,35 @@ def __init__(__self__, *, @pulumi.getter def algorithm(self) -> Optional[str]: """ - What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`. + What hashing algorithm should be used to generate the OTP. """ return pulumi.get(self, "algorithm") @property @pulumi.getter def digits(self) -> Optional[int]: - """ - How many digits the OTP have. Defaults to `6`. - """ return pulumi.get(self, "digits") @property @pulumi.getter(name="initialCounter") def initial_counter(self) -> Optional[int]: - """ - What should the initial counter value be. Defaults to `2`. - """ return pulumi.get(self, "initial_counter") @property @pulumi.getter(name="lookAheadWindow") def look_ahead_window(self) -> Optional[int]: - """ - How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to `1`. - """ return pulumi.get(self, "look_ahead_window") @property @pulumi.getter def period(self) -> Optional[int]: - """ - How many seconds should an OTP token be valid. Defaults to `30`. - """ return pulumi.get(self, "period") @property @pulumi.getter def type(self) -> Optional[str]: """ - One Time Password Type, supported Values are `totp` for Time-Based One Time Password and `hotp` for Counter Based. Defaults to `totp`. + OTP Type, totp for Time-Based One Time Password or hotp for counter base one time password """ return pulumi.get(self, "type") @@ -503,15 +477,6 @@ def __init__(__self__, *, permanent_lockout: Optional[bool] = None, quick_login_check_milli_seconds: Optional[int] = None, wait_increment_seconds: Optional[int] = None): - """ - :param int failure_reset_time_seconds: When will failure count be reset? - :param int max_login_failures: How many failures before wait is triggered. - :param int minimum_quick_login_wait_seconds: How long to wait after a quick login failure. - - `max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - :param bool permanent_lockout: When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - :param int quick_login_check_milli_seconds: Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - :param int wait_increment_seconds: This represents the amount of time a user should be locked out when the login failure threshold has been met. - """ if failure_reset_time_seconds is not None: pulumi.set(__self__, "failure_reset_time_seconds", failure_reset_time_seconds) if max_failure_wait_seconds is not None: @@ -530,9 +495,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="failureResetTimeSeconds") def failure_reset_time_seconds(self) -> Optional[int]: - """ - When will failure count be reset? - """ return pulumi.get(self, "failure_reset_time_seconds") @property @@ -543,42 +505,26 @@ def max_failure_wait_seconds(self) -> Optional[int]: @property @pulumi.getter(name="maxLoginFailures") def max_login_failures(self) -> Optional[int]: - """ - How many failures before wait is triggered. - """ return pulumi.get(self, "max_login_failures") @property @pulumi.getter(name="minimumQuickLoginWaitSeconds") def minimum_quick_login_wait_seconds(self) -> Optional[int]: - """ - How long to wait after a quick login failure. - - `max_failure_wait_seconds ` - (Optional) Max. time a user will be locked out. - """ return pulumi.get(self, "minimum_quick_login_wait_seconds") @property @pulumi.getter(name="permanentLockout") def permanent_lockout(self) -> Optional[bool]: - """ - When `true`, this will lock the user permanently when the user exceeds the maximum login failures. - """ return pulumi.get(self, "permanent_lockout") @property @pulumi.getter(name="quickLoginCheckMilliSeconds") def quick_login_check_milli_seconds(self) -> Optional[int]: - """ - Configures the amount of time, in milliseconds, for consecutive failures to lock a user out. - """ return pulumi.get(self, "quick_login_check_milli_seconds") @property @pulumi.getter(name="waitIncrementSeconds") def wait_increment_seconds(self) -> Optional[int]: - """ - This represents the amount of time a user should be locked out when the login failure threshold has been met. - """ return pulumi.get(self, "wait_increment_seconds") @@ -624,16 +570,6 @@ def __init__(__self__, *, x_frame_options: Optional[str] = None, x_robots_tag: Optional[str] = None, x_xss_protection: Optional[str] = None): - """ - :param str content_security_policy: Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - :param str content_security_policy_report_only: Used for testing Content Security Policies. - :param str referrer_policy: The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - :param str strict_transport_security: The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - :param str x_content_type_options: Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - :param str x_frame_options: Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - :param str x_robots_tag: Prevent pages from appearing in search engines. - :param str x_xss_protection: This header configures the Cross-site scripting (XSS) filter in your browser. - """ if content_security_policy is not None: pulumi.set(__self__, "content_security_policy", content_security_policy) if content_security_policy_report_only is not None: @@ -654,65 +590,41 @@ def __init__(__self__, *, @property @pulumi.getter(name="contentSecurityPolicy") def content_security_policy(self) -> Optional[str]: - """ - Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract. - """ return pulumi.get(self, "content_security_policy") @property @pulumi.getter(name="contentSecurityPolicyReportOnly") def content_security_policy_report_only(self) -> Optional[str]: - """ - Used for testing Content Security Policies. - """ return pulumi.get(self, "content_security_policy_report_only") @property @pulumi.getter(name="referrerPolicy") def referrer_policy(self) -> Optional[str]: - """ - The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. - """ return pulumi.get(self, "referrer_policy") @property @pulumi.getter(name="strictTransportSecurity") def strict_transport_security(self) -> Optional[str]: - """ - The Script-Transport-Security HTTP header tells browsers to always use HTTPS. - """ return pulumi.get(self, "strict_transport_security") @property @pulumi.getter(name="xContentTypeOptions") def x_content_type_options(self) -> Optional[str]: - """ - Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type - """ return pulumi.get(self, "x_content_type_options") @property @pulumi.getter(name="xFrameOptions") def x_frame_options(self) -> Optional[str]: - """ - Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034) - """ return pulumi.get(self, "x_frame_options") @property @pulumi.getter(name="xRobotsTag") def x_robots_tag(self) -> Optional[str]: - """ - Prevent pages from appearing in search engines. - """ return pulumi.get(self, "x_robots_tag") @property @pulumi.getter(name="xXssProtection") def x_xss_protection(self) -> Optional[str]: - """ - This header configures the Cross-site scripting (XSS) filter in your browser. - """ return pulumi.get(self, "x_xss_protection") @@ -754,18 +666,6 @@ def __init__(__self__, *, reply_to_display_name: Optional[str] = None, ssl: Optional[bool] = None, starttls: Optional[bool] = None): - """ - :param str from_: The email address for the sender. - :param str host: The host of the SMTP server. - :param 'RealmSmtpServerAuthArgs' auth: Enables authentication to the SMTP server. This block supports the following arguments: - :param str envelope_from: The email address uses for bounces. - :param str from_display_name: The display name of the sender email address. - :param str port: The port of the SMTP server (defaults to 25). - :param str reply_to: The "reply to" email address. - :param str reply_to_display_name: The display name of the "reply to" email address. - :param bool ssl: When `true`, enables SSL. Defaults to `false`. - :param bool starttls: When `true`, enables StartTLS. Defaults to `false`. - """ pulumi.set(__self__, "from_", from_) pulumi.set(__self__, "host", host) if auth is not None: @@ -788,81 +688,51 @@ def __init__(__self__, *, @property @pulumi.getter(name="from") def from_(self) -> str: - """ - The email address for the sender. - """ return pulumi.get(self, "from_") @property @pulumi.getter def host(self) -> str: - """ - The host of the SMTP server. - """ return pulumi.get(self, "host") @property @pulumi.getter def auth(self) -> Optional['outputs.RealmSmtpServerAuth']: - """ - Enables authentication to the SMTP server. This block supports the following arguments: - """ return pulumi.get(self, "auth") @property @pulumi.getter(name="envelopeFrom") def envelope_from(self) -> Optional[str]: - """ - The email address uses for bounces. - """ return pulumi.get(self, "envelope_from") @property @pulumi.getter(name="fromDisplayName") def from_display_name(self) -> Optional[str]: - """ - The display name of the sender email address. - """ return pulumi.get(self, "from_display_name") @property @pulumi.getter def port(self) -> Optional[str]: - """ - The port of the SMTP server (defaults to 25). - """ return pulumi.get(self, "port") @property @pulumi.getter(name="replyTo") def reply_to(self) -> Optional[str]: - """ - The "reply to" email address. - """ return pulumi.get(self, "reply_to") @property @pulumi.getter(name="replyToDisplayName") def reply_to_display_name(self) -> Optional[str]: - """ - The display name of the "reply to" email address. - """ return pulumi.get(self, "reply_to_display_name") @property @pulumi.getter def ssl(self) -> Optional[bool]: - """ - When `true`, enables SSL. Defaults to `false`. - """ return pulumi.get(self, "ssl") @property @pulumi.getter def starttls(self) -> Optional[bool]: - """ - When `true`, enables StartTLS. Defaults to `false`. - """ return pulumi.get(self, "starttls") @@ -871,27 +741,17 @@ class RealmSmtpServerAuth(dict): def __init__(__self__, *, password: str, username: str): - """ - :param str password: The SMTP server password. - :param str username: The SMTP server username. - """ pulumi.set(__self__, "password", password) pulumi.set(__self__, "username", username) @property @pulumi.getter def password(self) -> str: - """ - The SMTP server password. - """ return pulumi.get(self, "password") @property @pulumi.getter def username(self) -> str: - """ - The SMTP server username. - """ return pulumi.get(self, "username") @@ -1213,16 +1073,11 @@ def __init__(__self__, *, signature_algorithms: Optional[Sequence[str]] = None, user_verification_requirement: Optional[str] = None): """ - :param Sequence[str] acceptable_aaguids: A set of AAGUIDs for which an authenticator can be registered. - :param str attestation_conveyance_preference: The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. - :param str authenticator_attachment: The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. - :param bool avoid_same_authenticator_register: When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - :param int create_timeout: The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - :param str relying_party_entity_name: A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - :param str relying_party_id: The WebAuthn relying party ID. - :param str require_resident_key: Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. - :param Sequence[str] signature_algorithms: A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. - :param str user_verification_requirement: Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + :param str attestation_conveyance_preference: Either none, indirect or direct + :param str authenticator_attachment: Either platform or cross-platform + :param str require_resident_key: Either Yes or No + :param Sequence[str] signature_algorithms: Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing + :param str user_verification_requirement: Either required, preferred or discouraged """ if acceptable_aaguids is not None: pulumi.set(__self__, "acceptable_aaguids", acceptable_aaguids) @@ -1248,16 +1103,13 @@ def __init__(__self__, *, @property @pulumi.getter(name="acceptableAaguids") def acceptable_aaguids(self) -> Optional[Sequence[str]]: - """ - A set of AAGUIDs for which an authenticator can be registered. - """ return pulumi.get(self, "acceptable_aaguids") @property @pulumi.getter(name="attestationConveyancePreference") def attestation_conveyance_preference(self) -> Optional[str]: """ - The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + Either none, indirect or direct """ return pulumi.get(self, "attestation_conveyance_preference") @@ -1265,47 +1117,35 @@ def attestation_conveyance_preference(self) -> Optional[str]: @pulumi.getter(name="authenticatorAttachment") def authenticator_attachment(self) -> Optional[str]: """ - The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + Either platform or cross-platform """ return pulumi.get(self, "authenticator_attachment") @property @pulumi.getter(name="avoidSameAuthenticatorRegister") def avoid_same_authenticator_register(self) -> Optional[bool]: - """ - When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - """ return pulumi.get(self, "avoid_same_authenticator_register") @property @pulumi.getter(name="createTimeout") def create_timeout(self) -> Optional[int]: - """ - The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - """ return pulumi.get(self, "create_timeout") @property @pulumi.getter(name="relyingPartyEntityName") def relying_party_entity_name(self) -> Optional[str]: - """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - """ return pulumi.get(self, "relying_party_entity_name") @property @pulumi.getter(name="relyingPartyId") def relying_party_id(self) -> Optional[str]: - """ - The WebAuthn relying party ID. - """ return pulumi.get(self, "relying_party_id") @property @pulumi.getter(name="requireResidentKey") def require_resident_key(self) -> Optional[str]: """ - Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + Either Yes or No """ return pulumi.get(self, "require_resident_key") @@ -1313,7 +1153,7 @@ def require_resident_key(self) -> Optional[str]: @pulumi.getter(name="signatureAlgorithms") def signature_algorithms(self) -> Optional[Sequence[str]]: """ - A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing """ return pulumi.get(self, "signature_algorithms") @@ -1321,7 +1161,7 @@ def signature_algorithms(self) -> Optional[Sequence[str]]: @pulumi.getter(name="userVerificationRequirement") def user_verification_requirement(self) -> Optional[str]: """ - Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + Either required, preferred or discouraged """ return pulumi.get(self, "user_verification_requirement") @@ -1375,16 +1215,11 @@ def __init__(__self__, *, signature_algorithms: Optional[Sequence[str]] = None, user_verification_requirement: Optional[str] = None): """ - :param Sequence[str] acceptable_aaguids: A set of AAGUIDs for which an authenticator can be registered. - :param str attestation_conveyance_preference: The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. - :param str authenticator_attachment: The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. - :param bool avoid_same_authenticator_register: When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - :param int create_timeout: The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - :param str relying_party_entity_name: A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - :param str relying_party_id: The WebAuthn relying party ID. - :param str require_resident_key: Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. - :param Sequence[str] signature_algorithms: A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. - :param str user_verification_requirement: Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + :param str attestation_conveyance_preference: Either none, indirect or direct + :param str authenticator_attachment: Either platform or cross-platform + :param str require_resident_key: Either Yes or No + :param Sequence[str] signature_algorithms: Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing + :param str user_verification_requirement: Either required, preferred or discouraged """ if acceptable_aaguids is not None: pulumi.set(__self__, "acceptable_aaguids", acceptable_aaguids) @@ -1410,16 +1245,13 @@ def __init__(__self__, *, @property @pulumi.getter(name="acceptableAaguids") def acceptable_aaguids(self) -> Optional[Sequence[str]]: - """ - A set of AAGUIDs for which an authenticator can be registered. - """ return pulumi.get(self, "acceptable_aaguids") @property @pulumi.getter(name="attestationConveyancePreference") def attestation_conveyance_preference(self) -> Optional[str]: """ - The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. + Either none, indirect or direct """ return pulumi.get(self, "attestation_conveyance_preference") @@ -1427,47 +1259,35 @@ def attestation_conveyance_preference(self) -> Optional[str]: @pulumi.getter(name="authenticatorAttachment") def authenticator_attachment(self) -> Optional[str]: """ - The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. + Either platform or cross-platform """ return pulumi.get(self, "authenticator_attachment") @property @pulumi.getter(name="avoidSameAuthenticatorRegister") def avoid_same_authenticator_register(self) -> Optional[bool]: - """ - When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. - """ return pulumi.get(self, "avoid_same_authenticator_register") @property @pulumi.getter(name="createTimeout") def create_timeout(self) -> Optional[int]: - """ - The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - """ return pulumi.get(self, "create_timeout") @property @pulumi.getter(name="relyingPartyEntityName") def relying_party_entity_name(self) -> Optional[str]: - """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - """ return pulumi.get(self, "relying_party_entity_name") @property @pulumi.getter(name="relyingPartyId") def relying_party_id(self) -> Optional[str]: - """ - The WebAuthn relying party ID. - """ return pulumi.get(self, "relying_party_id") @property @pulumi.getter(name="requireResidentKey") def require_resident_key(self) -> Optional[str]: """ - Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. + Either Yes or No """ return pulumi.get(self, "require_resident_key") @@ -1475,7 +1295,7 @@ def require_resident_key(self) -> Optional[str]: @pulumi.getter(name="signatureAlgorithms") def signature_algorithms(self) -> Optional[Sequence[str]]: """ - A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. + Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing """ return pulumi.get(self, "signature_algorithms") @@ -1483,7 +1303,7 @@ def signature_algorithms(self) -> Optional[Sequence[str]]: @pulumi.getter(name="userVerificationRequirement") def user_verification_requirement(self) -> Optional[str]: """ - Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. + Either required, preferred or discouraged """ return pulumi.get(self, "user_verification_requirement") @@ -1515,11 +1335,6 @@ def __init__(__self__, *, identity_provider: str, user_id: str, user_name: str): - """ - :param str identity_provider: The name of the identity provider - :param str user_id: The ID of the user defined in the identity provider - :param str user_name: The user name of the user defined in the identity provider - """ pulumi.set(__self__, "identity_provider", identity_provider) pulumi.set(__self__, "user_id", user_id) pulumi.set(__self__, "user_name", user_name) @@ -1527,25 +1342,16 @@ def __init__(__self__, *, @property @pulumi.getter(name="identityProvider") def identity_provider(self) -> str: - """ - The name of the identity provider - """ return pulumi.get(self, "identity_provider") @property @pulumi.getter(name="userId") def user_id(self) -> str: - """ - The ID of the user defined in the identity provider - """ return pulumi.get(self, "user_id") @property @pulumi.getter(name="userName") def user_name(self) -> str: - """ - The user name of the user defined in the identity provider - """ return pulumi.get(self, "user_name") @@ -1554,10 +1360,6 @@ class UserInitialPassword(dict): def __init__(__self__, *, value: str, temporary: Optional[bool] = None): - """ - :param str value: The initial password. - :param bool temporary: If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - """ pulumi.set(__self__, "value", value) if temporary is not None: pulumi.set(__self__, "temporary", temporary) @@ -1565,17 +1367,11 @@ def __init__(__self__, *, @property @pulumi.getter def value(self) -> str: - """ - The initial password. - """ return pulumi.get(self, "value") @property @pulumi.getter def temporary(self) -> Optional[bool]: - """ - If set to `true`, the initial password is set up for renewal on first use. Default to `false`. - """ return pulumi.get(self, "temporary") @@ -1925,16 +1721,6 @@ def __init__(__self__, *, public_key: str, status: str, type: str): - """ - :param str algorithm: Key algorithm (string) - :param str certificate: Key certificate (string) - :param str kid: Key ID (string) - :param str provider_id: Key provider ID (string) - :param int provider_priority: Key provider priority (int64) - :param str public_key: Key public key (string) - :param str status: When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - :param str type: Key type (string) - """ pulumi.set(__self__, "algorithm", algorithm) pulumi.set(__self__, "certificate", certificate) pulumi.set(__self__, "kid", kid) @@ -1947,65 +1733,41 @@ def __init__(__self__, *, @property @pulumi.getter def algorithm(self) -> str: - """ - Key algorithm (string) - """ return pulumi.get(self, "algorithm") @property @pulumi.getter def certificate(self) -> str: - """ - Key certificate (string) - """ return pulumi.get(self, "certificate") @property @pulumi.getter def kid(self) -> str: - """ - Key ID (string) - """ return pulumi.get(self, "kid") @property @pulumi.getter(name="providerId") def provider_id(self) -> str: - """ - Key provider ID (string) - """ return pulumi.get(self, "provider_id") @property @pulumi.getter(name="providerPriority") def provider_priority(self) -> int: - """ - Key provider priority (int64) - """ return pulumi.get(self, "provider_priority") @property @pulumi.getter(name="publicKey") def public_key(self) -> str: - """ - Key public key (string) - """ return pulumi.get(self, "public_key") @property @pulumi.getter def status(self) -> str: - """ - When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`. - """ return pulumi.get(self, "status") @property @pulumi.getter def type(self) -> str: - """ - Key type (string) - """ return pulumi.get(self, "type") diff --git a/sdk/python/pulumi_keycloak/realm.py b/sdk/python/pulumi_keycloak/realm.py index 44237f4d..6eca97e5 100644 --- a/sdk/python/pulumi_keycloak/realm.py +++ b/sdk/python/pulumi_keycloak/realm.py @@ -74,64 +74,16 @@ def __init__(__self__, *, web_authn_policy: Optional[pulumi.Input['RealmWebAuthnPolicyArgs']] = None): """ The set of arguments for constructing a Realm resource. - :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - :param pulumi.Input[str] access_code_lifespan: The maximum amount of time a client has to finish the authorization code flow. - :param pulumi.Input[str] access_code_lifespan_login: The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - :param pulumi.Input[str] access_code_lifespan_user_action: The maximum amount of time a user has to complete login related actions, such as updating a password. - :param pulumi.Input[str] access_token_lifespan: The amount of time an access token can be used before it expires. - :param pulumi.Input[str] access_token_lifespan_for_implicit_flow: The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - :param pulumi.Input[str] account_theme: Used for account management pages. - :param pulumi.Input[str] action_token_generated_by_admin_lifespan: The maximum time a user has to use an admin-generated permit before it expires. - :param pulumi.Input[str] action_token_generated_by_user_lifespan: The maximum time a user has to use a user-generated permit before it expires. - :param pulumi.Input[str] admin_theme: Used for the admin console. - :param pulumi.Input[Mapping[str, Any]] attributes: A map of custom attributes to add to the realm. - :param pulumi.Input[str] browser_flow: The desired flow for browser authentication. Defaults to `browser`. - :param pulumi.Input[str] client_authentication_flow: The desired flow for client authentication. Defaults to `clients`. - :param pulumi.Input[str] client_session_idle_timeout: The amount of time a session can be idle before it expires. Users can override it for individual clients. - :param pulumi.Input[str] client_session_max_lifespan: The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - :param pulumi.Input[str] default_signature_algorithm: Default algorithm used to sign tokens for the realm. - :param pulumi.Input[str] direct_grant_flow: The desired flow for direct access authentication. Defaults to `direct grant`. - :param pulumi.Input[str] display_name: The display name for the realm that is shown when logging in to the admin console. - :param pulumi.Input[str] display_name_html: The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - :param pulumi.Input[str] docker_authentication_flow: The desired flow for Docker authentication. Defaults to `docker auth`. - :param pulumi.Input[bool] duplicate_emails_allowed: When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - :param pulumi.Input[bool] edit_username_allowed: When true, the username field is editable. - :param pulumi.Input[str] email_theme: Used for emails that are sent by Keycloak. - :param pulumi.Input[bool] enabled: When `false`, users and clients will not be able to access this realm. Defaults to `true`. - :param pulumi.Input[str] internal_id: When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - :param pulumi.Input[str] login_theme: Used for the login, forgot password, and registration pages. - :param pulumi.Input[bool] login_with_email_allowed: When true, users may log in with their email address. - :param pulumi.Input[str] oauth2_device_code_lifespan: The maximum amount of time a client has to finish the device code flow before it expires. - - The attributes below should be specified in seconds. - :param pulumi.Input[int] oauth2_device_polling_interval: The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - :param pulumi.Input[str] offline_session_idle_timeout: The amount of time an offline session can be idle before it expires. - :param pulumi.Input[str] offline_session_max_lifespan: The maximum amount of time before an offline session expires regardless of activity. - :param pulumi.Input[bool] offline_session_max_lifespan_enabled: Enable `offline_session_max_lifespan`. - :param pulumi.Input[str] password_policy: The password policy for users within the realm. - - The arguments below can be used to configure authentication flow bindings: - :param pulumi.Input[int] refresh_token_max_reuse: Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - - The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - :param pulumi.Input[bool] registration_allowed: When true, user registration will be enabled, and a link for registration will be displayed on the login page. - :param pulumi.Input[bool] registration_email_as_username: When true, the user's email will be used as their username during registration. - :param pulumi.Input[str] registration_flow: The desired flow for user registration. Defaults to `registration`. - :param pulumi.Input[bool] remember_me: When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - :param pulumi.Input[str] reset_credentials_flow: The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. - :param pulumi.Input[bool] reset_password_allowed: When true, a "forgot password" link will be displayed on the login page. - :param pulumi.Input[bool] revoke_refresh_token: If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - :param pulumi.Input[str] ssl_required: Can be one of following values: 'none, 'external' or 'all' - :param pulumi.Input[str] sso_session_idle_timeout: The amount of time a session can be idle before it expires. - :param pulumi.Input[str] sso_session_idle_timeout_remember_me: Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - :param pulumi.Input[str] sso_session_max_lifespan: The maximum amount of time before a session expires regardless of activity. - :param pulumi.Input[str] sso_session_max_lifespan_remember_me: Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - :param pulumi.Input[bool] user_managed_access: When `true`, users are allowed to manage their own resources. Defaults to `false`. - :param pulumi.Input[bool] verify_email: When true, users are required to verify their email address after registration and after email address changes. - :param pulumi.Input['RealmWebAuthnPasswordlessPolicyArgs'] web_authn_passwordless_policy: Configuration for WebAuthn Passwordless Policy authentication. - - Each of these attributes are blocks with the following attributes: - :param pulumi.Input['RealmWebAuthnPolicyArgs'] web_authn_policy: Configuration for WebAuthn Policy authentication. + :param pulumi.Input[str] browser_flow: Which flow should be used for BrowserFlow + :param pulumi.Input[str] client_authentication_flow: Which flow should be used for ClientAuthenticationFlow + :param pulumi.Input[str] direct_grant_flow: Which flow should be used for DirectGrantFlow + :param pulumi.Input[str] docker_authentication_flow: Which flow should be used for DockerAuthenticationFlow + :param pulumi.Input[str] password_policy: String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + and notUsername(undefined)" + :param pulumi.Input[str] registration_flow: Which flow should be used for RegistrationFlow + :param pulumi.Input[str] reset_credentials_flow: Which flow should be used for ResetCredentialsFlow + :param pulumi.Input[str] ssl_required: SSL Required: Values can be 'none', 'external' or 'all'. """ pulumi.set(__self__, "realm", realm) if access_code_lifespan is not None: @@ -248,9 +200,6 @@ def __init__(__self__, *, @property @pulumi.getter def realm(self) -> pulumi.Input[str]: - """ - The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - """ return pulumi.get(self, "realm") @realm.setter @@ -260,9 +209,6 @@ def realm(self, value: pulumi.Input[str]): @property @pulumi.getter(name="accessCodeLifespan") def access_code_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a client has to finish the authorization code flow. - """ return pulumi.get(self, "access_code_lifespan") @access_code_lifespan.setter @@ -272,9 +218,6 @@ def access_code_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessCodeLifespanLogin") def access_code_lifespan_login(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - """ return pulumi.get(self, "access_code_lifespan_login") @access_code_lifespan_login.setter @@ -284,9 +227,6 @@ def access_code_lifespan_login(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessCodeLifespanUserAction") def access_code_lifespan_user_action(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a user has to complete login related actions, such as updating a password. - """ return pulumi.get(self, "access_code_lifespan_user_action") @access_code_lifespan_user_action.setter @@ -296,9 +236,6 @@ def access_code_lifespan_user_action(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessTokenLifespan") def access_token_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time an access token can be used before it expires. - """ return pulumi.get(self, "access_token_lifespan") @access_token_lifespan.setter @@ -308,9 +245,6 @@ def access_token_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessTokenLifespanForImplicitFlow") def access_token_lifespan_for_implicit_flow(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - """ return pulumi.get(self, "access_token_lifespan_for_implicit_flow") @access_token_lifespan_for_implicit_flow.setter @@ -320,9 +254,6 @@ def access_token_lifespan_for_implicit_flow(self, value: Optional[pulumi.Input[s @property @pulumi.getter(name="accountTheme") def account_theme(self) -> Optional[pulumi.Input[str]]: - """ - Used for account management pages. - """ return pulumi.get(self, "account_theme") @account_theme.setter @@ -332,9 +263,6 @@ def account_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="actionTokenGeneratedByAdminLifespan") def action_token_generated_by_admin_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum time a user has to use an admin-generated permit before it expires. - """ return pulumi.get(self, "action_token_generated_by_admin_lifespan") @action_token_generated_by_admin_lifespan.setter @@ -344,9 +272,6 @@ def action_token_generated_by_admin_lifespan(self, value: Optional[pulumi.Input[ @property @pulumi.getter(name="actionTokenGeneratedByUserLifespan") def action_token_generated_by_user_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum time a user has to use a user-generated permit before it expires. - """ return pulumi.get(self, "action_token_generated_by_user_lifespan") @action_token_generated_by_user_lifespan.setter @@ -356,9 +281,6 @@ def action_token_generated_by_user_lifespan(self, value: Optional[pulumi.Input[s @property @pulumi.getter(name="adminTheme") def admin_theme(self) -> Optional[pulumi.Input[str]]: - """ - Used for the admin console. - """ return pulumi.get(self, "admin_theme") @admin_theme.setter @@ -368,9 +290,6 @@ def admin_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map of custom attributes to add to the realm. - """ return pulumi.get(self, "attributes") @attributes.setter @@ -381,7 +300,7 @@ def attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter(name="browserFlow") def browser_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for browser authentication. Defaults to `browser`. + Which flow should be used for BrowserFlow """ return pulumi.get(self, "browser_flow") @@ -393,7 +312,7 @@ def browser_flow(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientAuthenticationFlow") def client_authentication_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for client authentication. Defaults to `clients`. + Which flow should be used for ClientAuthenticationFlow """ return pulumi.get(self, "client_authentication_flow") @@ -404,9 +323,6 @@ def client_authentication_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSessionIdleTimeout") def client_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time a session can be idle before it expires. Users can override it for individual clients. - """ return pulumi.get(self, "client_session_idle_timeout") @client_session_idle_timeout.setter @@ -416,9 +332,6 @@ def client_session_idle_timeout(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSessionMaxLifespan") def client_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - """ return pulumi.get(self, "client_session_max_lifespan") @client_session_max_lifespan.setter @@ -446,9 +359,6 @@ def default_optional_client_scopes(self, value: Optional[pulumi.Input[Sequence[p @property @pulumi.getter(name="defaultSignatureAlgorithm") def default_signature_algorithm(self) -> Optional[pulumi.Input[str]]: - """ - Default algorithm used to sign tokens for the realm. - """ return pulumi.get(self, "default_signature_algorithm") @default_signature_algorithm.setter @@ -459,7 +369,7 @@ def default_signature_algorithm(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="directGrantFlow") def direct_grant_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for direct access authentication. Defaults to `direct grant`. + Which flow should be used for DirectGrantFlow """ return pulumi.get(self, "direct_grant_flow") @@ -470,9 +380,6 @@ def direct_grant_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="displayName") def display_name(self) -> Optional[pulumi.Input[str]]: - """ - The display name for the realm that is shown when logging in to the admin console. - """ return pulumi.get(self, "display_name") @display_name.setter @@ -482,9 +389,6 @@ def display_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="displayNameHtml") def display_name_html(self) -> Optional[pulumi.Input[str]]: - """ - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - """ return pulumi.get(self, "display_name_html") @display_name_html.setter @@ -495,7 +399,7 @@ def display_name_html(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="dockerAuthenticationFlow") def docker_authentication_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for Docker authentication. Defaults to `docker auth`. + Which flow should be used for DockerAuthenticationFlow """ return pulumi.get(self, "docker_authentication_flow") @@ -506,9 +410,6 @@ def docker_authentication_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="duplicateEmailsAllowed") def duplicate_emails_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - """ return pulumi.get(self, "duplicate_emails_allowed") @duplicate_emails_allowed.setter @@ -518,9 +419,6 @@ def duplicate_emails_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="editUsernameAllowed") def edit_username_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, the username field is editable. - """ return pulumi.get(self, "edit_username_allowed") @edit_username_allowed.setter @@ -530,9 +428,6 @@ def edit_username_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="emailTheme") def email_theme(self) -> Optional[pulumi.Input[str]]: - """ - Used for emails that are sent by Keycloak. - """ return pulumi.get(self, "email_theme") @email_theme.setter @@ -542,9 +437,6 @@ def email_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `false`, users and clients will not be able to access this realm. Defaults to `true`. - """ return pulumi.get(self, "enabled") @enabled.setter @@ -554,9 +446,6 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="internalId") def internal_id(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - """ return pulumi.get(self, "internal_id") @internal_id.setter @@ -575,9 +464,6 @@ def internationalization(self, value: Optional[pulumi.Input['RealmInternationali @property @pulumi.getter(name="loginTheme") def login_theme(self) -> Optional[pulumi.Input[str]]: - """ - Used for the login, forgot password, and registration pages. - """ return pulumi.get(self, "login_theme") @login_theme.setter @@ -587,9 +473,6 @@ def login_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="loginWithEmailAllowed") def login_with_email_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, users may log in with their email address. - """ return pulumi.get(self, "login_with_email_allowed") @login_with_email_allowed.setter @@ -599,11 +482,6 @@ def login_with_email_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="oauth2DeviceCodeLifespan") def oauth2_device_code_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a client has to finish the device code flow before it expires. - - The attributes below should be specified in seconds. - """ return pulumi.get(self, "oauth2_device_code_lifespan") @oauth2_device_code_lifespan.setter @@ -613,9 +491,6 @@ def oauth2_device_code_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="oauth2DevicePollingInterval") def oauth2_device_polling_interval(self) -> Optional[pulumi.Input[int]]: - """ - The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - """ return pulumi.get(self, "oauth2_device_polling_interval") @oauth2_device_polling_interval.setter @@ -625,9 +500,6 @@ def oauth2_device_polling_interval(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="offlineSessionIdleTimeout") def offline_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time an offline session can be idle before it expires. - """ return pulumi.get(self, "offline_session_idle_timeout") @offline_session_idle_timeout.setter @@ -637,9 +509,6 @@ def offline_session_idle_timeout(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="offlineSessionMaxLifespan") def offline_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time before an offline session expires regardless of activity. - """ return pulumi.get(self, "offline_session_max_lifespan") @offline_session_max_lifespan.setter @@ -649,9 +518,6 @@ def offline_session_max_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="offlineSessionMaxLifespanEnabled") def offline_session_max_lifespan_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - Enable `offline_session_max_lifespan`. - """ return pulumi.get(self, "offline_session_max_lifespan_enabled") @offline_session_max_lifespan_enabled.setter @@ -671,9 +537,9 @@ def otp_policy(self, value: Optional[pulumi.Input['RealmOtpPolicyArgs']]): @pulumi.getter(name="passwordPolicy") def password_policy(self) -> Optional[pulumi.Input[str]]: """ - The password policy for users within the realm. - - The arguments below can be used to configure authentication flow bindings: + String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + and notUsername(undefined)" """ return pulumi.get(self, "password_policy") @@ -684,11 +550,6 @@ def password_policy(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="refreshTokenMaxReuse") def refresh_token_max_reuse(self) -> Optional[pulumi.Input[int]]: - """ - Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - - The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - """ return pulumi.get(self, "refresh_token_max_reuse") @refresh_token_max_reuse.setter @@ -698,9 +559,6 @@ def refresh_token_max_reuse(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="registrationAllowed") def registration_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, user registration will be enabled, and a link for registration will be displayed on the login page. - """ return pulumi.get(self, "registration_allowed") @registration_allowed.setter @@ -710,9 +568,6 @@ def registration_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="registrationEmailAsUsername") def registration_email_as_username(self) -> Optional[pulumi.Input[bool]]: - """ - When true, the user's email will be used as their username during registration. - """ return pulumi.get(self, "registration_email_as_username") @registration_email_as_username.setter @@ -723,7 +578,7 @@ def registration_email_as_username(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="registrationFlow") def registration_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for user registration. Defaults to `registration`. + Which flow should be used for RegistrationFlow """ return pulumi.get(self, "registration_flow") @@ -734,9 +589,6 @@ def registration_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="rememberMe") def remember_me(self) -> Optional[pulumi.Input[bool]]: - """ - When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - """ return pulumi.get(self, "remember_me") @remember_me.setter @@ -747,7 +599,7 @@ def remember_me(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="resetCredentialsFlow") def reset_credentials_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + Which flow should be used for ResetCredentialsFlow """ return pulumi.get(self, "reset_credentials_flow") @@ -758,9 +610,6 @@ def reset_credentials_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="resetPasswordAllowed") def reset_password_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, a "forgot password" link will be displayed on the login page. - """ return pulumi.get(self, "reset_password_allowed") @reset_password_allowed.setter @@ -770,9 +619,6 @@ def reset_password_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="revokeRefreshToken") def revoke_refresh_token(self) -> Optional[pulumi.Input[bool]]: - """ - If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - """ return pulumi.get(self, "revoke_refresh_token") @revoke_refresh_token.setter @@ -801,7 +647,7 @@ def smtp_server(self, value: Optional[pulumi.Input['RealmSmtpServerArgs']]): @pulumi.getter(name="sslRequired") def ssl_required(self) -> Optional[pulumi.Input[str]]: """ - Can be one of following values: 'none, 'external' or 'all' + SSL Required: Values can be 'none', 'external' or 'all'. """ return pulumi.get(self, "ssl_required") @@ -812,9 +658,6 @@ def ssl_required(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="ssoSessionIdleTimeout") def sso_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time a session can be idle before it expires. - """ return pulumi.get(self, "sso_session_idle_timeout") @sso_session_idle_timeout.setter @@ -824,9 +667,6 @@ def sso_session_idle_timeout(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="ssoSessionIdleTimeoutRememberMe") def sso_session_idle_timeout_remember_me(self) -> Optional[pulumi.Input[str]]: - """ - Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - """ return pulumi.get(self, "sso_session_idle_timeout_remember_me") @sso_session_idle_timeout_remember_me.setter @@ -836,9 +676,6 @@ def sso_session_idle_timeout_remember_me(self, value: Optional[pulumi.Input[str] @property @pulumi.getter(name="ssoSessionMaxLifespan") def sso_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time before a session expires regardless of activity. - """ return pulumi.get(self, "sso_session_max_lifespan") @sso_session_max_lifespan.setter @@ -848,9 +685,6 @@ def sso_session_max_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="ssoSessionMaxLifespanRememberMe") def sso_session_max_lifespan_remember_me(self) -> Optional[pulumi.Input[str]]: - """ - Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - """ return pulumi.get(self, "sso_session_max_lifespan_remember_me") @sso_session_max_lifespan_remember_me.setter @@ -860,9 +694,6 @@ def sso_session_max_lifespan_remember_me(self, value: Optional[pulumi.Input[str] @property @pulumi.getter(name="userManagedAccess") def user_managed_access(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, users are allowed to manage their own resources. Defaults to `false`. - """ return pulumi.get(self, "user_managed_access") @user_managed_access.setter @@ -872,9 +703,6 @@ def user_managed_access(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="verifyEmail") def verify_email(self) -> Optional[pulumi.Input[bool]]: - """ - When true, users are required to verify their email address after registration and after email address changes. - """ return pulumi.get(self, "verify_email") @verify_email.setter @@ -884,11 +712,6 @@ def verify_email(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="webAuthnPasswordlessPolicy") def web_authn_passwordless_policy(self) -> Optional[pulumi.Input['RealmWebAuthnPasswordlessPolicyArgs']]: - """ - Configuration for WebAuthn Passwordless Policy authentication. - - Each of these attributes are blocks with the following attributes: - """ return pulumi.get(self, "web_authn_passwordless_policy") @web_authn_passwordless_policy.setter @@ -898,9 +721,6 @@ def web_authn_passwordless_policy(self, value: Optional[pulumi.Input['RealmWebAu @property @pulumi.getter(name="webAuthnPolicy") def web_authn_policy(self) -> Optional[pulumi.Input['RealmWebAuthnPolicyArgs']]: - """ - Configuration for WebAuthn Policy authentication. - """ return pulumi.get(self, "web_authn_policy") @web_authn_policy.setter @@ -969,64 +789,16 @@ def __init__(__self__, *, web_authn_policy: Optional[pulumi.Input['RealmWebAuthnPolicyArgs']] = None): """ Input properties used for looking up and filtering Realm resources. - :param pulumi.Input[str] access_code_lifespan: The maximum amount of time a client has to finish the authorization code flow. - :param pulumi.Input[str] access_code_lifespan_login: The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - :param pulumi.Input[str] access_code_lifespan_user_action: The maximum amount of time a user has to complete login related actions, such as updating a password. - :param pulumi.Input[str] access_token_lifespan: The amount of time an access token can be used before it expires. - :param pulumi.Input[str] access_token_lifespan_for_implicit_flow: The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - :param pulumi.Input[str] account_theme: Used for account management pages. - :param pulumi.Input[str] action_token_generated_by_admin_lifespan: The maximum time a user has to use an admin-generated permit before it expires. - :param pulumi.Input[str] action_token_generated_by_user_lifespan: The maximum time a user has to use a user-generated permit before it expires. - :param pulumi.Input[str] admin_theme: Used for the admin console. - :param pulumi.Input[Mapping[str, Any]] attributes: A map of custom attributes to add to the realm. - :param pulumi.Input[str] browser_flow: The desired flow for browser authentication. Defaults to `browser`. - :param pulumi.Input[str] client_authentication_flow: The desired flow for client authentication. Defaults to `clients`. - :param pulumi.Input[str] client_session_idle_timeout: The amount of time a session can be idle before it expires. Users can override it for individual clients. - :param pulumi.Input[str] client_session_max_lifespan: The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - :param pulumi.Input[str] default_signature_algorithm: Default algorithm used to sign tokens for the realm. - :param pulumi.Input[str] direct_grant_flow: The desired flow for direct access authentication. Defaults to `direct grant`. - :param pulumi.Input[str] display_name: The display name for the realm that is shown when logging in to the admin console. - :param pulumi.Input[str] display_name_html: The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - :param pulumi.Input[str] docker_authentication_flow: The desired flow for Docker authentication. Defaults to `docker auth`. - :param pulumi.Input[bool] duplicate_emails_allowed: When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - :param pulumi.Input[bool] edit_username_allowed: When true, the username field is editable. - :param pulumi.Input[str] email_theme: Used for emails that are sent by Keycloak. - :param pulumi.Input[bool] enabled: When `false`, users and clients will not be able to access this realm. Defaults to `true`. - :param pulumi.Input[str] internal_id: When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - :param pulumi.Input[str] login_theme: Used for the login, forgot password, and registration pages. - :param pulumi.Input[bool] login_with_email_allowed: When true, users may log in with their email address. - :param pulumi.Input[str] oauth2_device_code_lifespan: The maximum amount of time a client has to finish the device code flow before it expires. - - The attributes below should be specified in seconds. - :param pulumi.Input[int] oauth2_device_polling_interval: The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - :param pulumi.Input[str] offline_session_idle_timeout: The amount of time an offline session can be idle before it expires. - :param pulumi.Input[str] offline_session_max_lifespan: The maximum amount of time before an offline session expires regardless of activity. - :param pulumi.Input[bool] offline_session_max_lifespan_enabled: Enable `offline_session_max_lifespan`. - :param pulumi.Input[str] password_policy: The password policy for users within the realm. - - The arguments below can be used to configure authentication flow bindings: - :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - :param pulumi.Input[int] refresh_token_max_reuse: Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - - The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - :param pulumi.Input[bool] registration_allowed: When true, user registration will be enabled, and a link for registration will be displayed on the login page. - :param pulumi.Input[bool] registration_email_as_username: When true, the user's email will be used as their username during registration. - :param pulumi.Input[str] registration_flow: The desired flow for user registration. Defaults to `registration`. - :param pulumi.Input[bool] remember_me: When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - :param pulumi.Input[str] reset_credentials_flow: The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. - :param pulumi.Input[bool] reset_password_allowed: When true, a "forgot password" link will be displayed on the login page. - :param pulumi.Input[bool] revoke_refresh_token: If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - :param pulumi.Input[str] ssl_required: Can be one of following values: 'none, 'external' or 'all' - :param pulumi.Input[str] sso_session_idle_timeout: The amount of time a session can be idle before it expires. - :param pulumi.Input[str] sso_session_idle_timeout_remember_me: Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - :param pulumi.Input[str] sso_session_max_lifespan: The maximum amount of time before a session expires regardless of activity. - :param pulumi.Input[str] sso_session_max_lifespan_remember_me: Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - :param pulumi.Input[bool] user_managed_access: When `true`, users are allowed to manage their own resources. Defaults to `false`. - :param pulumi.Input[bool] verify_email: When true, users are required to verify their email address after registration and after email address changes. - :param pulumi.Input['RealmWebAuthnPasswordlessPolicyArgs'] web_authn_passwordless_policy: Configuration for WebAuthn Passwordless Policy authentication. - - Each of these attributes are blocks with the following attributes: - :param pulumi.Input['RealmWebAuthnPolicyArgs'] web_authn_policy: Configuration for WebAuthn Policy authentication. + :param pulumi.Input[str] browser_flow: Which flow should be used for BrowserFlow + :param pulumi.Input[str] client_authentication_flow: Which flow should be used for ClientAuthenticationFlow + :param pulumi.Input[str] direct_grant_flow: Which flow should be used for DirectGrantFlow + :param pulumi.Input[str] docker_authentication_flow: Which flow should be used for DockerAuthenticationFlow + :param pulumi.Input[str] password_policy: String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + and notUsername(undefined)" + :param pulumi.Input[str] registration_flow: Which flow should be used for RegistrationFlow + :param pulumi.Input[str] reset_credentials_flow: Which flow should be used for ResetCredentialsFlow + :param pulumi.Input[str] ssl_required: SSL Required: Values can be 'none', 'external' or 'all'. """ if access_code_lifespan is not None: pulumi.set(__self__, "access_code_lifespan", access_code_lifespan) @@ -1144,9 +916,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="accessCodeLifespan") def access_code_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a client has to finish the authorization code flow. - """ return pulumi.get(self, "access_code_lifespan") @access_code_lifespan.setter @@ -1156,9 +925,6 @@ def access_code_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessCodeLifespanLogin") def access_code_lifespan_login(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - """ return pulumi.get(self, "access_code_lifespan_login") @access_code_lifespan_login.setter @@ -1168,9 +934,6 @@ def access_code_lifespan_login(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessCodeLifespanUserAction") def access_code_lifespan_user_action(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a user has to complete login related actions, such as updating a password. - """ return pulumi.get(self, "access_code_lifespan_user_action") @access_code_lifespan_user_action.setter @@ -1180,9 +943,6 @@ def access_code_lifespan_user_action(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessTokenLifespan") def access_token_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time an access token can be used before it expires. - """ return pulumi.get(self, "access_token_lifespan") @access_token_lifespan.setter @@ -1192,9 +952,6 @@ def access_token_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="accessTokenLifespanForImplicitFlow") def access_token_lifespan_for_implicit_flow(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - """ return pulumi.get(self, "access_token_lifespan_for_implicit_flow") @access_token_lifespan_for_implicit_flow.setter @@ -1204,9 +961,6 @@ def access_token_lifespan_for_implicit_flow(self, value: Optional[pulumi.Input[s @property @pulumi.getter(name="accountTheme") def account_theme(self) -> Optional[pulumi.Input[str]]: - """ - Used for account management pages. - """ return pulumi.get(self, "account_theme") @account_theme.setter @@ -1216,9 +970,6 @@ def account_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="actionTokenGeneratedByAdminLifespan") def action_token_generated_by_admin_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum time a user has to use an admin-generated permit before it expires. - """ return pulumi.get(self, "action_token_generated_by_admin_lifespan") @action_token_generated_by_admin_lifespan.setter @@ -1228,9 +979,6 @@ def action_token_generated_by_admin_lifespan(self, value: Optional[pulumi.Input[ @property @pulumi.getter(name="actionTokenGeneratedByUserLifespan") def action_token_generated_by_user_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum time a user has to use a user-generated permit before it expires. - """ return pulumi.get(self, "action_token_generated_by_user_lifespan") @action_token_generated_by_user_lifespan.setter @@ -1240,9 +988,6 @@ def action_token_generated_by_user_lifespan(self, value: Optional[pulumi.Input[s @property @pulumi.getter(name="adminTheme") def admin_theme(self) -> Optional[pulumi.Input[str]]: - """ - Used for the admin console. - """ return pulumi.get(self, "admin_theme") @admin_theme.setter @@ -1252,9 +997,6 @@ def admin_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map of custom attributes to add to the realm. - """ return pulumi.get(self, "attributes") @attributes.setter @@ -1265,7 +1007,7 @@ def attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter(name="browserFlow") def browser_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for browser authentication. Defaults to `browser`. + Which flow should be used for BrowserFlow """ return pulumi.get(self, "browser_flow") @@ -1277,7 +1019,7 @@ def browser_flow(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientAuthenticationFlow") def client_authentication_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for client authentication. Defaults to `clients`. + Which flow should be used for ClientAuthenticationFlow """ return pulumi.get(self, "client_authentication_flow") @@ -1288,9 +1030,6 @@ def client_authentication_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSessionIdleTimeout") def client_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time a session can be idle before it expires. Users can override it for individual clients. - """ return pulumi.get(self, "client_session_idle_timeout") @client_session_idle_timeout.setter @@ -1300,9 +1039,6 @@ def client_session_idle_timeout(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSessionMaxLifespan") def client_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - """ return pulumi.get(self, "client_session_max_lifespan") @client_session_max_lifespan.setter @@ -1330,9 +1066,6 @@ def default_optional_client_scopes(self, value: Optional[pulumi.Input[Sequence[p @property @pulumi.getter(name="defaultSignatureAlgorithm") def default_signature_algorithm(self) -> Optional[pulumi.Input[str]]: - """ - Default algorithm used to sign tokens for the realm. - """ return pulumi.get(self, "default_signature_algorithm") @default_signature_algorithm.setter @@ -1343,7 +1076,7 @@ def default_signature_algorithm(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="directGrantFlow") def direct_grant_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for direct access authentication. Defaults to `direct grant`. + Which flow should be used for DirectGrantFlow """ return pulumi.get(self, "direct_grant_flow") @@ -1354,9 +1087,6 @@ def direct_grant_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="displayName") def display_name(self) -> Optional[pulumi.Input[str]]: - """ - The display name for the realm that is shown when logging in to the admin console. - """ return pulumi.get(self, "display_name") @display_name.setter @@ -1366,9 +1096,6 @@ def display_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="displayNameHtml") def display_name_html(self) -> Optional[pulumi.Input[str]]: - """ - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - """ return pulumi.get(self, "display_name_html") @display_name_html.setter @@ -1379,7 +1106,7 @@ def display_name_html(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="dockerAuthenticationFlow") def docker_authentication_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for Docker authentication. Defaults to `docker auth`. + Which flow should be used for DockerAuthenticationFlow """ return pulumi.get(self, "docker_authentication_flow") @@ -1390,9 +1117,6 @@ def docker_authentication_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="duplicateEmailsAllowed") def duplicate_emails_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - """ return pulumi.get(self, "duplicate_emails_allowed") @duplicate_emails_allowed.setter @@ -1402,9 +1126,6 @@ def duplicate_emails_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="editUsernameAllowed") def edit_username_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, the username field is editable. - """ return pulumi.get(self, "edit_username_allowed") @edit_username_allowed.setter @@ -1414,9 +1135,6 @@ def edit_username_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="emailTheme") def email_theme(self) -> Optional[pulumi.Input[str]]: - """ - Used for emails that are sent by Keycloak. - """ return pulumi.get(self, "email_theme") @email_theme.setter @@ -1426,9 +1144,6 @@ def email_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `false`, users and clients will not be able to access this realm. Defaults to `true`. - """ return pulumi.get(self, "enabled") @enabled.setter @@ -1438,9 +1153,6 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="internalId") def internal_id(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - """ return pulumi.get(self, "internal_id") @internal_id.setter @@ -1459,9 +1171,6 @@ def internationalization(self, value: Optional[pulumi.Input['RealmInternationali @property @pulumi.getter(name="loginTheme") def login_theme(self) -> Optional[pulumi.Input[str]]: - """ - Used for the login, forgot password, and registration pages. - """ return pulumi.get(self, "login_theme") @login_theme.setter @@ -1471,9 +1180,6 @@ def login_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="loginWithEmailAllowed") def login_with_email_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, users may log in with their email address. - """ return pulumi.get(self, "login_with_email_allowed") @login_with_email_allowed.setter @@ -1483,11 +1189,6 @@ def login_with_email_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="oauth2DeviceCodeLifespan") def oauth2_device_code_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time a client has to finish the device code flow before it expires. - - The attributes below should be specified in seconds. - """ return pulumi.get(self, "oauth2_device_code_lifespan") @oauth2_device_code_lifespan.setter @@ -1497,9 +1198,6 @@ def oauth2_device_code_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="oauth2DevicePollingInterval") def oauth2_device_polling_interval(self) -> Optional[pulumi.Input[int]]: - """ - The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - """ return pulumi.get(self, "oauth2_device_polling_interval") @oauth2_device_polling_interval.setter @@ -1509,9 +1207,6 @@ def oauth2_device_polling_interval(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="offlineSessionIdleTimeout") def offline_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time an offline session can be idle before it expires. - """ return pulumi.get(self, "offline_session_idle_timeout") @offline_session_idle_timeout.setter @@ -1521,9 +1216,6 @@ def offline_session_idle_timeout(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="offlineSessionMaxLifespan") def offline_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time before an offline session expires regardless of activity. - """ return pulumi.get(self, "offline_session_max_lifespan") @offline_session_max_lifespan.setter @@ -1533,9 +1225,6 @@ def offline_session_max_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="offlineSessionMaxLifespanEnabled") def offline_session_max_lifespan_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - Enable `offline_session_max_lifespan`. - """ return pulumi.get(self, "offline_session_max_lifespan_enabled") @offline_session_max_lifespan_enabled.setter @@ -1555,9 +1244,9 @@ def otp_policy(self, value: Optional[pulumi.Input['RealmOtpPolicyArgs']]): @pulumi.getter(name="passwordPolicy") def password_policy(self) -> Optional[pulumi.Input[str]]: """ - The password policy for users within the realm. - - The arguments below can be used to configure authentication flow bindings: + String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + and notUsername(undefined)" """ return pulumi.get(self, "password_policy") @@ -1568,9 +1257,6 @@ def password_policy(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def realm(self) -> Optional[pulumi.Input[str]]: - """ - The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - """ return pulumi.get(self, "realm") @realm.setter @@ -1580,11 +1266,6 @@ def realm(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="refreshTokenMaxReuse") def refresh_token_max_reuse(self) -> Optional[pulumi.Input[int]]: - """ - Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - - The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - """ return pulumi.get(self, "refresh_token_max_reuse") @refresh_token_max_reuse.setter @@ -1594,9 +1275,6 @@ def refresh_token_max_reuse(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="registrationAllowed") def registration_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, user registration will be enabled, and a link for registration will be displayed on the login page. - """ return pulumi.get(self, "registration_allowed") @registration_allowed.setter @@ -1606,9 +1284,6 @@ def registration_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="registrationEmailAsUsername") def registration_email_as_username(self) -> Optional[pulumi.Input[bool]]: - """ - When true, the user's email will be used as their username during registration. - """ return pulumi.get(self, "registration_email_as_username") @registration_email_as_username.setter @@ -1619,7 +1294,7 @@ def registration_email_as_username(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="registrationFlow") def registration_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow for user registration. Defaults to `registration`. + Which flow should be used for RegistrationFlow """ return pulumi.get(self, "registration_flow") @@ -1630,9 +1305,6 @@ def registration_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="rememberMe") def remember_me(self) -> Optional[pulumi.Input[bool]]: - """ - When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - """ return pulumi.get(self, "remember_me") @remember_me.setter @@ -1643,7 +1315,7 @@ def remember_me(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="resetCredentialsFlow") def reset_credentials_flow(self) -> Optional[pulumi.Input[str]]: """ - The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + Which flow should be used for ResetCredentialsFlow """ return pulumi.get(self, "reset_credentials_flow") @@ -1654,9 +1326,6 @@ def reset_credentials_flow(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="resetPasswordAllowed") def reset_password_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - When true, a "forgot password" link will be displayed on the login page. - """ return pulumi.get(self, "reset_password_allowed") @reset_password_allowed.setter @@ -1666,9 +1335,6 @@ def reset_password_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="revokeRefreshToken") def revoke_refresh_token(self) -> Optional[pulumi.Input[bool]]: - """ - If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - """ return pulumi.get(self, "revoke_refresh_token") @revoke_refresh_token.setter @@ -1697,7 +1363,7 @@ def smtp_server(self, value: Optional[pulumi.Input['RealmSmtpServerArgs']]): @pulumi.getter(name="sslRequired") def ssl_required(self) -> Optional[pulumi.Input[str]]: """ - Can be one of following values: 'none, 'external' or 'all' + SSL Required: Values can be 'none', 'external' or 'all'. """ return pulumi.get(self, "ssl_required") @@ -1708,9 +1374,6 @@ def ssl_required(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="ssoSessionIdleTimeout") def sso_session_idle_timeout(self) -> Optional[pulumi.Input[str]]: - """ - The amount of time a session can be idle before it expires. - """ return pulumi.get(self, "sso_session_idle_timeout") @sso_session_idle_timeout.setter @@ -1720,9 +1383,6 @@ def sso_session_idle_timeout(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="ssoSessionIdleTimeoutRememberMe") def sso_session_idle_timeout_remember_me(self) -> Optional[pulumi.Input[str]]: - """ - Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - """ return pulumi.get(self, "sso_session_idle_timeout_remember_me") @sso_session_idle_timeout_remember_me.setter @@ -1732,9 +1392,6 @@ def sso_session_idle_timeout_remember_me(self, value: Optional[pulumi.Input[str] @property @pulumi.getter(name="ssoSessionMaxLifespan") def sso_session_max_lifespan(self) -> Optional[pulumi.Input[str]]: - """ - The maximum amount of time before a session expires regardless of activity. - """ return pulumi.get(self, "sso_session_max_lifespan") @sso_session_max_lifespan.setter @@ -1744,9 +1401,6 @@ def sso_session_max_lifespan(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="ssoSessionMaxLifespanRememberMe") def sso_session_max_lifespan_remember_me(self) -> Optional[pulumi.Input[str]]: - """ - Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - """ return pulumi.get(self, "sso_session_max_lifespan_remember_me") @sso_session_max_lifespan_remember_me.setter @@ -1756,9 +1410,6 @@ def sso_session_max_lifespan_remember_me(self, value: Optional[pulumi.Input[str] @property @pulumi.getter(name="userManagedAccess") def user_managed_access(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, users are allowed to manage their own resources. Defaults to `false`. - """ return pulumi.get(self, "user_managed_access") @user_managed_access.setter @@ -1768,9 +1419,6 @@ def user_managed_access(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="verifyEmail") def verify_email(self) -> Optional[pulumi.Input[bool]]: - """ - When true, users are required to verify their email address after registration and after email address changes. - """ return pulumi.get(self, "verify_email") @verify_email.setter @@ -1780,11 +1428,6 @@ def verify_email(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="webAuthnPasswordlessPolicy") def web_authn_passwordless_policy(self) -> Optional[pulumi.Input['RealmWebAuthnPasswordlessPolicyArgs']]: - """ - Configuration for WebAuthn Passwordless Policy authentication. - - Each of these attributes are blocks with the following attributes: - """ return pulumi.get(self, "web_authn_passwordless_policy") @web_authn_passwordless_policy.setter @@ -1794,9 +1437,6 @@ def web_authn_passwordless_policy(self, value: Optional[pulumi.Input['RealmWebAu @property @pulumi.getter(name="webAuthnPolicy") def web_authn_policy(self) -> Optional[pulumi.Input['RealmWebAuthnPolicyArgs']]: - """ - Configuration for WebAuthn Policy authentication. - """ return pulumi.get(self, "web_authn_policy") @web_authn_policy.setter @@ -1867,151 +1507,19 @@ def __init__(__self__, web_authn_policy: Optional[pulumi.Input[pulumi.InputType['RealmWebAuthnPolicyArgs']]] = None, __props__=None): """ - Allows for creating and managing Realms within Keycloak. - - A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated - from multiple sources. - - ## Example Usage - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - access_code_lifespan="1h", - attributes={ - "mycustomAttribute": "myCustomValue", - }, - display_name="my realm", - display_name_html="my realm", - enabled=True, - internationalization=keycloak.RealmInternationalizationArgs( - default_locale="en", - supported_locales=[ - "en", - "de", - "es", - ], - ), - login_theme="base", - password_policy="upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername", - realm="my-realm", - security_defenses=keycloak.RealmSecurityDefensesArgs( - brute_force_detection=keycloak.RealmSecurityDefensesBruteForceDetectionArgs( - failure_reset_time_seconds=43200, - max_failure_wait_seconds=900, - max_login_failures=30, - minimum_quick_login_wait_seconds=60, - permanent_lockout=False, - quick_login_check_milli_seconds=1000, - wait_increment_seconds=60, - ), - headers=keycloak.RealmSecurityDefensesHeadersArgs( - content_security_policy="frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - content_security_policy_report_only="", - strict_transport_security="max-age=31536000; includeSubDomains", - x_content_type_options="nosniff", - x_frame_options="DENY", - x_robots_tag="none", - x_xss_protection="1; mode=block", - ), - ), - smtp_server=keycloak.RealmSmtpServerArgs( - auth=keycloak.RealmSmtpServerAuthArgs( - password="password", - username="tom", - ), - from_="example@example.com", - host="smtp.example.com", - ), - ssl_required="external", - web_authn_policy=keycloak.RealmWebAuthnPolicyArgs( - relying_party_entity_name="Example", - relying_party_id="keycloak.example.com", - signature_algorithms=[ - "ES256", - "RS256", - ], - )) - ``` - ## Default Client Scopes - - - `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - - `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. - - ## Import - - Realms can be imported using their name. - - Example: - - bash - - ```sh - $ pulumi import keycloak:index/realm:Realm realm my-realm - ``` - + Create a Realm resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] access_code_lifespan: The maximum amount of time a client has to finish the authorization code flow. - :param pulumi.Input[str] access_code_lifespan_login: The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - :param pulumi.Input[str] access_code_lifespan_user_action: The maximum amount of time a user has to complete login related actions, such as updating a password. - :param pulumi.Input[str] access_token_lifespan: The amount of time an access token can be used before it expires. - :param pulumi.Input[str] access_token_lifespan_for_implicit_flow: The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - :param pulumi.Input[str] account_theme: Used for account management pages. - :param pulumi.Input[str] action_token_generated_by_admin_lifespan: The maximum time a user has to use an admin-generated permit before it expires. - :param pulumi.Input[str] action_token_generated_by_user_lifespan: The maximum time a user has to use a user-generated permit before it expires. - :param pulumi.Input[str] admin_theme: Used for the admin console. - :param pulumi.Input[Mapping[str, Any]] attributes: A map of custom attributes to add to the realm. - :param pulumi.Input[str] browser_flow: The desired flow for browser authentication. Defaults to `browser`. - :param pulumi.Input[str] client_authentication_flow: The desired flow for client authentication. Defaults to `clients`. - :param pulumi.Input[str] client_session_idle_timeout: The amount of time a session can be idle before it expires. Users can override it for individual clients. - :param pulumi.Input[str] client_session_max_lifespan: The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - :param pulumi.Input[str] default_signature_algorithm: Default algorithm used to sign tokens for the realm. - :param pulumi.Input[str] direct_grant_flow: The desired flow for direct access authentication. Defaults to `direct grant`. - :param pulumi.Input[str] display_name: The display name for the realm that is shown when logging in to the admin console. - :param pulumi.Input[str] display_name_html: The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - :param pulumi.Input[str] docker_authentication_flow: The desired flow for Docker authentication. Defaults to `docker auth`. - :param pulumi.Input[bool] duplicate_emails_allowed: When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - :param pulumi.Input[bool] edit_username_allowed: When true, the username field is editable. - :param pulumi.Input[str] email_theme: Used for emails that are sent by Keycloak. - :param pulumi.Input[bool] enabled: When `false`, users and clients will not be able to access this realm. Defaults to `true`. - :param pulumi.Input[str] internal_id: When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - :param pulumi.Input[str] login_theme: Used for the login, forgot password, and registration pages. - :param pulumi.Input[bool] login_with_email_allowed: When true, users may log in with their email address. - :param pulumi.Input[str] oauth2_device_code_lifespan: The maximum amount of time a client has to finish the device code flow before it expires. - - The attributes below should be specified in seconds. - :param pulumi.Input[int] oauth2_device_polling_interval: The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - :param pulumi.Input[str] offline_session_idle_timeout: The amount of time an offline session can be idle before it expires. - :param pulumi.Input[str] offline_session_max_lifespan: The maximum amount of time before an offline session expires regardless of activity. - :param pulumi.Input[bool] offline_session_max_lifespan_enabled: Enable `offline_session_max_lifespan`. - :param pulumi.Input[str] password_policy: The password policy for users within the realm. - - The arguments below can be used to configure authentication flow bindings: - :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - :param pulumi.Input[int] refresh_token_max_reuse: Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - - The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - :param pulumi.Input[bool] registration_allowed: When true, user registration will be enabled, and a link for registration will be displayed on the login page. - :param pulumi.Input[bool] registration_email_as_username: When true, the user's email will be used as their username during registration. - :param pulumi.Input[str] registration_flow: The desired flow for user registration. Defaults to `registration`. - :param pulumi.Input[bool] remember_me: When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - :param pulumi.Input[str] reset_credentials_flow: The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. - :param pulumi.Input[bool] reset_password_allowed: When true, a "forgot password" link will be displayed on the login page. - :param pulumi.Input[bool] revoke_refresh_token: If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - :param pulumi.Input[str] ssl_required: Can be one of following values: 'none, 'external' or 'all' - :param pulumi.Input[str] sso_session_idle_timeout: The amount of time a session can be idle before it expires. - :param pulumi.Input[str] sso_session_idle_timeout_remember_me: Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - :param pulumi.Input[str] sso_session_max_lifespan: The maximum amount of time before a session expires regardless of activity. - :param pulumi.Input[str] sso_session_max_lifespan_remember_me: Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - :param pulumi.Input[bool] user_managed_access: When `true`, users are allowed to manage their own resources. Defaults to `false`. - :param pulumi.Input[bool] verify_email: When true, users are required to verify their email address after registration and after email address changes. - :param pulumi.Input[pulumi.InputType['RealmWebAuthnPasswordlessPolicyArgs']] web_authn_passwordless_policy: Configuration for WebAuthn Passwordless Policy authentication. - - Each of these attributes are blocks with the following attributes: - :param pulumi.Input[pulumi.InputType['RealmWebAuthnPolicyArgs']] web_authn_policy: Configuration for WebAuthn Policy authentication. + :param pulumi.Input[str] browser_flow: Which flow should be used for BrowserFlow + :param pulumi.Input[str] client_authentication_flow: Which flow should be used for ClientAuthenticationFlow + :param pulumi.Input[str] direct_grant_flow: Which flow should be used for DirectGrantFlow + :param pulumi.Input[str] docker_authentication_flow: Which flow should be used for DockerAuthenticationFlow + :param pulumi.Input[str] password_policy: String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + and notUsername(undefined)" + :param pulumi.Input[str] registration_flow: Which flow should be used for RegistrationFlow + :param pulumi.Input[str] reset_credentials_flow: Which flow should be used for ResetCredentialsFlow + :param pulumi.Input[str] ssl_required: SSL Required: Values can be 'none', 'external' or 'all'. """ ... @overload @@ -2020,91 +1528,7 @@ def __init__(__self__, args: RealmArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing Realms within Keycloak. - - A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated - from multiple sources. - - ## Example Usage - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - access_code_lifespan="1h", - attributes={ - "mycustomAttribute": "myCustomValue", - }, - display_name="my realm", - display_name_html="my realm", - enabled=True, - internationalization=keycloak.RealmInternationalizationArgs( - default_locale="en", - supported_locales=[ - "en", - "de", - "es", - ], - ), - login_theme="base", - password_policy="upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername", - realm="my-realm", - security_defenses=keycloak.RealmSecurityDefensesArgs( - brute_force_detection=keycloak.RealmSecurityDefensesBruteForceDetectionArgs( - failure_reset_time_seconds=43200, - max_failure_wait_seconds=900, - max_login_failures=30, - minimum_quick_login_wait_seconds=60, - permanent_lockout=False, - quick_login_check_milli_seconds=1000, - wait_increment_seconds=60, - ), - headers=keycloak.RealmSecurityDefensesHeadersArgs( - content_security_policy="frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - content_security_policy_report_only="", - strict_transport_security="max-age=31536000; includeSubDomains", - x_content_type_options="nosniff", - x_frame_options="DENY", - x_robots_tag="none", - x_xss_protection="1; mode=block", - ), - ), - smtp_server=keycloak.RealmSmtpServerArgs( - auth=keycloak.RealmSmtpServerAuthArgs( - password="password", - username="tom", - ), - from_="example@example.com", - host="smtp.example.com", - ), - ssl_required="external", - web_authn_policy=keycloak.RealmWebAuthnPolicyArgs( - relying_party_entity_name="Example", - relying_party_id="keycloak.example.com", - signature_algorithms=[ - "ES256", - "RS256", - ], - )) - ``` - ## Default Client Scopes - - - `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - - `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. - - ## Import - - Realms can be imported using their name. - - Example: - - bash - - ```sh - $ pulumi import keycloak:index/realm:Realm realm my-realm - ``` - + Create a Realm resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param RealmArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -2316,64 +1740,16 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] access_code_lifespan: The maximum amount of time a client has to finish the authorization code flow. - :param pulumi.Input[str] access_code_lifespan_login: The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - :param pulumi.Input[str] access_code_lifespan_user_action: The maximum amount of time a user has to complete login related actions, such as updating a password. - :param pulumi.Input[str] access_token_lifespan: The amount of time an access token can be used before it expires. - :param pulumi.Input[str] access_token_lifespan_for_implicit_flow: The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - :param pulumi.Input[str] account_theme: Used for account management pages. - :param pulumi.Input[str] action_token_generated_by_admin_lifespan: The maximum time a user has to use an admin-generated permit before it expires. - :param pulumi.Input[str] action_token_generated_by_user_lifespan: The maximum time a user has to use a user-generated permit before it expires. - :param pulumi.Input[str] admin_theme: Used for the admin console. - :param pulumi.Input[Mapping[str, Any]] attributes: A map of custom attributes to add to the realm. - :param pulumi.Input[str] browser_flow: The desired flow for browser authentication. Defaults to `browser`. - :param pulumi.Input[str] client_authentication_flow: The desired flow for client authentication. Defaults to `clients`. - :param pulumi.Input[str] client_session_idle_timeout: The amount of time a session can be idle before it expires. Users can override it for individual clients. - :param pulumi.Input[str] client_session_max_lifespan: The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - :param pulumi.Input[str] default_signature_algorithm: Default algorithm used to sign tokens for the realm. - :param pulumi.Input[str] direct_grant_flow: The desired flow for direct access authentication. Defaults to `direct grant`. - :param pulumi.Input[str] display_name: The display name for the realm that is shown when logging in to the admin console. - :param pulumi.Input[str] display_name_html: The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - :param pulumi.Input[str] docker_authentication_flow: The desired flow for Docker authentication. Defaults to `docker auth`. - :param pulumi.Input[bool] duplicate_emails_allowed: When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - :param pulumi.Input[bool] edit_username_allowed: When true, the username field is editable. - :param pulumi.Input[str] email_theme: Used for emails that are sent by Keycloak. - :param pulumi.Input[bool] enabled: When `false`, users and clients will not be able to access this realm. Defaults to `true`. - :param pulumi.Input[str] internal_id: When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - :param pulumi.Input[str] login_theme: Used for the login, forgot password, and registration pages. - :param pulumi.Input[bool] login_with_email_allowed: When true, users may log in with their email address. - :param pulumi.Input[str] oauth2_device_code_lifespan: The maximum amount of time a client has to finish the device code flow before it expires. - - The attributes below should be specified in seconds. - :param pulumi.Input[int] oauth2_device_polling_interval: The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - :param pulumi.Input[str] offline_session_idle_timeout: The amount of time an offline session can be idle before it expires. - :param pulumi.Input[str] offline_session_max_lifespan: The maximum amount of time before an offline session expires regardless of activity. - :param pulumi.Input[bool] offline_session_max_lifespan_enabled: Enable `offline_session_max_lifespan`. - :param pulumi.Input[str] password_policy: The password policy for users within the realm. - - The arguments below can be used to configure authentication flow bindings: - :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - :param pulumi.Input[int] refresh_token_max_reuse: Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - - The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - :param pulumi.Input[bool] registration_allowed: When true, user registration will be enabled, and a link for registration will be displayed on the login page. - :param pulumi.Input[bool] registration_email_as_username: When true, the user's email will be used as their username during registration. - :param pulumi.Input[str] registration_flow: The desired flow for user registration. Defaults to `registration`. - :param pulumi.Input[bool] remember_me: When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - :param pulumi.Input[str] reset_credentials_flow: The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. - :param pulumi.Input[bool] reset_password_allowed: When true, a "forgot password" link will be displayed on the login page. - :param pulumi.Input[bool] revoke_refresh_token: If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - :param pulumi.Input[str] ssl_required: Can be one of following values: 'none, 'external' or 'all' - :param pulumi.Input[str] sso_session_idle_timeout: The amount of time a session can be idle before it expires. - :param pulumi.Input[str] sso_session_idle_timeout_remember_me: Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - :param pulumi.Input[str] sso_session_max_lifespan: The maximum amount of time before a session expires regardless of activity. - :param pulumi.Input[str] sso_session_max_lifespan_remember_me: Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - :param pulumi.Input[bool] user_managed_access: When `true`, users are allowed to manage their own resources. Defaults to `false`. - :param pulumi.Input[bool] verify_email: When true, users are required to verify their email address after registration and after email address changes. - :param pulumi.Input[pulumi.InputType['RealmWebAuthnPasswordlessPolicyArgs']] web_authn_passwordless_policy: Configuration for WebAuthn Passwordless Policy authentication. - - Each of these attributes are blocks with the following attributes: - :param pulumi.Input[pulumi.InputType['RealmWebAuthnPolicyArgs']] web_authn_policy: Configuration for WebAuthn Policy authentication. + :param pulumi.Input[str] browser_flow: Which flow should be used for BrowserFlow + :param pulumi.Input[str] client_authentication_flow: Which flow should be used for ClientAuthenticationFlow + :param pulumi.Input[str] direct_grant_flow: Which flow should be used for DirectGrantFlow + :param pulumi.Input[str] docker_authentication_flow: Which flow should be used for DockerAuthenticationFlow + :param pulumi.Input[str] password_policy: String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + and notUsername(undefined)" + :param pulumi.Input[str] registration_flow: Which flow should be used for RegistrationFlow + :param pulumi.Input[str] reset_credentials_flow: Which flow should be used for ResetCredentialsFlow + :param pulumi.Input[str] ssl_required: SSL Required: Values can be 'none', 'external' or 'all'. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -2440,88 +1816,58 @@ def get(resource_name: str, @property @pulumi.getter(name="accessCodeLifespan") def access_code_lifespan(self) -> pulumi.Output[str]: - """ - The maximum amount of time a client has to finish the authorization code flow. - """ return pulumi.get(self, "access_code_lifespan") @property @pulumi.getter(name="accessCodeLifespanLogin") def access_code_lifespan_login(self) -> pulumi.Output[str]: - """ - The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted. - """ return pulumi.get(self, "access_code_lifespan_login") @property @pulumi.getter(name="accessCodeLifespanUserAction") def access_code_lifespan_user_action(self) -> pulumi.Output[str]: - """ - The maximum amount of time a user has to complete login related actions, such as updating a password. - """ return pulumi.get(self, "access_code_lifespan_user_action") @property @pulumi.getter(name="accessTokenLifespan") def access_token_lifespan(self) -> pulumi.Output[str]: - """ - The amount of time an access token can be used before it expires. - """ return pulumi.get(self, "access_token_lifespan") @property @pulumi.getter(name="accessTokenLifespanForImplicitFlow") def access_token_lifespan_for_implicit_flow(self) -> pulumi.Output[str]: - """ - The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires. - """ return pulumi.get(self, "access_token_lifespan_for_implicit_flow") @property @pulumi.getter(name="accountTheme") def account_theme(self) -> pulumi.Output[Optional[str]]: - """ - Used for account management pages. - """ return pulumi.get(self, "account_theme") @property @pulumi.getter(name="actionTokenGeneratedByAdminLifespan") def action_token_generated_by_admin_lifespan(self) -> pulumi.Output[str]: - """ - The maximum time a user has to use an admin-generated permit before it expires. - """ return pulumi.get(self, "action_token_generated_by_admin_lifespan") @property @pulumi.getter(name="actionTokenGeneratedByUserLifespan") def action_token_generated_by_user_lifespan(self) -> pulumi.Output[str]: - """ - The maximum time a user has to use a user-generated permit before it expires. - """ return pulumi.get(self, "action_token_generated_by_user_lifespan") @property @pulumi.getter(name="adminTheme") def admin_theme(self) -> pulumi.Output[Optional[str]]: - """ - Used for the admin console. - """ return pulumi.get(self, "admin_theme") @property @pulumi.getter def attributes(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: - """ - A map of custom attributes to add to the realm. - """ return pulumi.get(self, "attributes") @property @pulumi.getter(name="browserFlow") def browser_flow(self) -> pulumi.Output[str]: """ - The desired flow for browser authentication. Defaults to `browser`. + Which flow should be used for BrowserFlow """ return pulumi.get(self, "browser_flow") @@ -2529,24 +1875,18 @@ def browser_flow(self) -> pulumi.Output[str]: @pulumi.getter(name="clientAuthenticationFlow") def client_authentication_flow(self) -> pulumi.Output[str]: """ - The desired flow for client authentication. Defaults to `clients`. + Which flow should be used for ClientAuthenticationFlow """ return pulumi.get(self, "client_authentication_flow") @property @pulumi.getter(name="clientSessionIdleTimeout") def client_session_idle_timeout(self) -> pulumi.Output[str]: - """ - The amount of time a session can be idle before it expires. Users can override it for individual clients. - """ return pulumi.get(self, "client_session_idle_timeout") @property @pulumi.getter(name="clientSessionMaxLifespan") def client_session_max_lifespan(self) -> pulumi.Output[str]: - """ - The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients. - """ return pulumi.get(self, "client_session_max_lifespan") @property @@ -2562,81 +1902,57 @@ def default_optional_client_scopes(self) -> pulumi.Output[Optional[Sequence[str] @property @pulumi.getter(name="defaultSignatureAlgorithm") def default_signature_algorithm(self) -> pulumi.Output[Optional[str]]: - """ - Default algorithm used to sign tokens for the realm. - """ return pulumi.get(self, "default_signature_algorithm") @property @pulumi.getter(name="directGrantFlow") def direct_grant_flow(self) -> pulumi.Output[str]: """ - The desired flow for direct access authentication. Defaults to `direct grant`. + Which flow should be used for DirectGrantFlow """ return pulumi.get(self, "direct_grant_flow") @property @pulumi.getter(name="displayName") def display_name(self) -> pulumi.Output[Optional[str]]: - """ - The display name for the realm that is shown when logging in to the admin console. - """ return pulumi.get(self, "display_name") @property @pulumi.getter(name="displayNameHtml") def display_name_html(self) -> pulumi.Output[Optional[str]]: - """ - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console. - """ return pulumi.get(self, "display_name_html") @property @pulumi.getter(name="dockerAuthenticationFlow") def docker_authentication_flow(self) -> pulumi.Output[str]: """ - The desired flow for Docker authentication. Defaults to `docker auth`. + Which flow should be used for DockerAuthenticationFlow """ return pulumi.get(self, "docker_authentication_flow") @property @pulumi.getter(name="duplicateEmailsAllowed") def duplicate_emails_allowed(self) -> pulumi.Output[bool]: - """ - When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `login_with_email_allowed` is set to `true`. - """ return pulumi.get(self, "duplicate_emails_allowed") @property @pulumi.getter(name="editUsernameAllowed") def edit_username_allowed(self) -> pulumi.Output[bool]: - """ - When true, the username field is editable. - """ return pulumi.get(self, "edit_username_allowed") @property @pulumi.getter(name="emailTheme") def email_theme(self) -> pulumi.Output[Optional[str]]: - """ - Used for emails that are sent by Keycloak. - """ return pulumi.get(self, "email_theme") @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: - """ - When `false`, users and clients will not be able to access this realm. Defaults to `true`. - """ return pulumi.get(self, "enabled") @property @pulumi.getter(name="internalId") def internal_id(self) -> pulumi.Output[str]: - """ - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. - """ return pulumi.get(self, "internal_id") @property @@ -2647,59 +1963,36 @@ def internationalization(self) -> pulumi.Output[Optional['outputs.RealmInternati @property @pulumi.getter(name="loginTheme") def login_theme(self) -> pulumi.Output[Optional[str]]: - """ - Used for the login, forgot password, and registration pages. - """ return pulumi.get(self, "login_theme") @property @pulumi.getter(name="loginWithEmailAllowed") def login_with_email_allowed(self) -> pulumi.Output[bool]: - """ - When true, users may log in with their email address. - """ return pulumi.get(self, "login_with_email_allowed") @property @pulumi.getter(name="oauth2DeviceCodeLifespan") def oauth2_device_code_lifespan(self) -> pulumi.Output[str]: - """ - The maximum amount of time a client has to finish the device code flow before it expires. - - The attributes below should be specified in seconds. - """ return pulumi.get(self, "oauth2_device_code_lifespan") @property @pulumi.getter(name="oauth2DevicePollingInterval") def oauth2_device_polling_interval(self) -> pulumi.Output[int]: - """ - The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint. - """ return pulumi.get(self, "oauth2_device_polling_interval") @property @pulumi.getter(name="offlineSessionIdleTimeout") def offline_session_idle_timeout(self) -> pulumi.Output[str]: - """ - The amount of time an offline session can be idle before it expires. - """ return pulumi.get(self, "offline_session_idle_timeout") @property @pulumi.getter(name="offlineSessionMaxLifespan") def offline_session_max_lifespan(self) -> pulumi.Output[str]: - """ - The maximum amount of time before an offline session expires regardless of activity. - """ return pulumi.get(self, "offline_session_max_lifespan") @property @pulumi.getter(name="offlineSessionMaxLifespanEnabled") def offline_session_max_lifespan_enabled(self) -> pulumi.Output[Optional[bool]]: - """ - Enable `offline_session_max_lifespan`. - """ return pulumi.get(self, "offline_session_max_lifespan_enabled") @property @@ -2711,84 +2004,61 @@ def otp_policy(self) -> pulumi.Output['outputs.RealmOtpPolicy']: @pulumi.getter(name="passwordPolicy") def password_policy(self) -> pulumi.Output[Optional[str]]: """ - The password policy for users within the realm. - - The arguments below can be used to configure authentication flow bindings: + String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies + can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) + and notUsername(undefined)" """ return pulumi.get(self, "password_policy") @property @pulumi.getter def realm(self) -> pulumi.Output[str]: - """ - The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak. - """ return pulumi.get(self, "realm") @property @pulumi.getter(name="refreshTokenMaxReuse") def refresh_token_max_reuse(self) -> pulumi.Output[Optional[int]]: - """ - Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused. - - The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings. - """ return pulumi.get(self, "refresh_token_max_reuse") @property @pulumi.getter(name="registrationAllowed") def registration_allowed(self) -> pulumi.Output[bool]: - """ - When true, user registration will be enabled, and a link for registration will be displayed on the login page. - """ return pulumi.get(self, "registration_allowed") @property @pulumi.getter(name="registrationEmailAsUsername") def registration_email_as_username(self) -> pulumi.Output[bool]: - """ - When true, the user's email will be used as their username during registration. - """ return pulumi.get(self, "registration_email_as_username") @property @pulumi.getter(name="registrationFlow") def registration_flow(self) -> pulumi.Output[str]: """ - The desired flow for user registration. Defaults to `registration`. + Which flow should be used for RegistrationFlow """ return pulumi.get(self, "registration_flow") @property @pulumi.getter(name="rememberMe") def remember_me(self) -> pulumi.Output[bool]: - """ - When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts. - """ return pulumi.get(self, "remember_me") @property @pulumi.getter(name="resetCredentialsFlow") def reset_credentials_flow(self) -> pulumi.Output[str]: """ - The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`. + Which flow should be used for ResetCredentialsFlow """ return pulumi.get(self, "reset_credentials_flow") @property @pulumi.getter(name="resetPasswordAllowed") def reset_password_allowed(self) -> pulumi.Output[bool]: - """ - When true, a "forgot password" link will be displayed on the login page. - """ return pulumi.get(self, "reset_password_allowed") @property @pulumi.getter(name="revokeRefreshToken") def revoke_refresh_token(self) -> pulumi.Output[Optional[bool]]: - """ - If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused. - """ return pulumi.get(self, "revoke_refresh_token") @property @@ -2805,73 +2075,47 @@ def smtp_server(self) -> pulumi.Output[Optional['outputs.RealmSmtpServer']]: @pulumi.getter(name="sslRequired") def ssl_required(self) -> pulumi.Output[Optional[str]]: """ - Can be one of following values: 'none, 'external' or 'all' + SSL Required: Values can be 'none', 'external' or 'all'. """ return pulumi.get(self, "ssl_required") @property @pulumi.getter(name="ssoSessionIdleTimeout") def sso_session_idle_timeout(self) -> pulumi.Output[str]: - """ - The amount of time a session can be idle before it expires. - """ return pulumi.get(self, "sso_session_idle_timeout") @property @pulumi.getter(name="ssoSessionIdleTimeoutRememberMe") def sso_session_idle_timeout_remember_me(self) -> pulumi.Output[str]: - """ - Similar to `sso_session_idle_timeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_idle_timeout`. - """ return pulumi.get(self, "sso_session_idle_timeout_remember_me") @property @pulumi.getter(name="ssoSessionMaxLifespan") def sso_session_max_lifespan(self) -> pulumi.Output[str]: - """ - The maximum amount of time before a session expires regardless of activity. - """ return pulumi.get(self, "sso_session_max_lifespan") @property @pulumi.getter(name="ssoSessionMaxLifespanRememberMe") def sso_session_max_lifespan_remember_me(self) -> pulumi.Output[str]: - """ - Similar to `sso_session_max_lifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `sso_session_max_lifespan`. - """ return pulumi.get(self, "sso_session_max_lifespan_remember_me") @property @pulumi.getter(name="userManagedAccess") def user_managed_access(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, users are allowed to manage their own resources. Defaults to `false`. - """ return pulumi.get(self, "user_managed_access") @property @pulumi.getter(name="verifyEmail") def verify_email(self) -> pulumi.Output[bool]: - """ - When true, users are required to verify their email address after registration and after email address changes. - """ return pulumi.get(self, "verify_email") @property @pulumi.getter(name="webAuthnPasswordlessPolicy") def web_authn_passwordless_policy(self) -> pulumi.Output['outputs.RealmWebAuthnPasswordlessPolicy']: - """ - Configuration for WebAuthn Passwordless Policy authentication. - - Each of these attributes are blocks with the following attributes: - """ return pulumi.get(self, "web_authn_passwordless_policy") @property @pulumi.getter(name="webAuthnPolicy") def web_authn_policy(self) -> pulumi.Output['outputs.RealmWebAuthnPolicy']: - """ - Configuration for WebAuthn Policy authentication. - """ return pulumi.get(self, "web_authn_policy") diff --git a/sdk/python/pulumi_keycloak/realm_events.py b/sdk/python/pulumi_keycloak/realm_events.py index 72ac20ac..1cb9e7fe 100644 --- a/sdk/python/pulumi_keycloak/realm_events.py +++ b/sdk/python/pulumi_keycloak/realm_events.py @@ -23,13 +23,6 @@ def __init__(__self__, *, events_listeners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ The set of arguments for constructing a RealmEvents resource. - :param pulumi.Input[str] realm_id: The name of the realm the event settings apply to. - :param pulumi.Input[bool] admin_events_details_enabled: When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - :param pulumi.Input[bool] admin_events_enabled: When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] enabled_event_types: The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - :param pulumi.Input[bool] events_enabled: When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - :param pulumi.Input[int] events_expiration: The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - :param pulumi.Input[Sequence[pulumi.Input[str]]] events_listeners: The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. """ pulumi.set(__self__, "realm_id", realm_id) if admin_events_details_enabled is not None: @@ -48,9 +41,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The name of the realm the event settings apply to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -60,9 +50,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="adminEventsDetailsEnabled") def admin_events_details_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - """ return pulumi.get(self, "admin_events_details_enabled") @admin_events_details_enabled.setter @@ -72,9 +59,6 @@ def admin_events_details_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="adminEventsEnabled") def admin_events_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - """ return pulumi.get(self, "admin_events_enabled") @admin_events_enabled.setter @@ -84,9 +68,6 @@ def admin_events_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="enabledEventTypes") def enabled_event_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - """ return pulumi.get(self, "enabled_event_types") @enabled_event_types.setter @@ -96,9 +77,6 @@ def enabled_event_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input @property @pulumi.getter(name="eventsEnabled") def events_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - """ return pulumi.get(self, "events_enabled") @events_enabled.setter @@ -108,9 +86,6 @@ def events_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="eventsExpiration") def events_expiration(self) -> Optional[pulumi.Input[int]]: - """ - The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - """ return pulumi.get(self, "events_expiration") @events_expiration.setter @@ -120,9 +95,6 @@ def events_expiration(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="eventsListeners") def events_listeners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - """ return pulumi.get(self, "events_listeners") @events_listeners.setter @@ -142,13 +114,6 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering RealmEvents resources. - :param pulumi.Input[bool] admin_events_details_enabled: When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - :param pulumi.Input[bool] admin_events_enabled: When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] enabled_event_types: The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - :param pulumi.Input[bool] events_enabled: When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - :param pulumi.Input[int] events_expiration: The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - :param pulumi.Input[Sequence[pulumi.Input[str]]] events_listeners: The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - :param pulumi.Input[str] realm_id: The name of the realm the event settings apply to. """ if admin_events_details_enabled is not None: pulumi.set(__self__, "admin_events_details_enabled", admin_events_details_enabled) @@ -168,9 +133,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="adminEventsDetailsEnabled") def admin_events_details_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - """ return pulumi.get(self, "admin_events_details_enabled") @admin_events_details_enabled.setter @@ -180,9 +142,6 @@ def admin_events_details_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="adminEventsEnabled") def admin_events_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - """ return pulumi.get(self, "admin_events_enabled") @admin_events_enabled.setter @@ -192,9 +151,6 @@ def admin_events_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="enabledEventTypes") def enabled_event_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - """ return pulumi.get(self, "enabled_event_types") @enabled_event_types.setter @@ -204,9 +160,6 @@ def enabled_event_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input @property @pulumi.getter(name="eventsEnabled") def events_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - """ return pulumi.get(self, "events_enabled") @events_enabled.setter @@ -216,9 +169,6 @@ def events_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="eventsExpiration") def events_expiration(self) -> Optional[pulumi.Input[int]]: - """ - The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - """ return pulumi.get(self, "events_expiration") @events_expiration.setter @@ -228,9 +178,6 @@ def events_expiration(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter(name="eventsListeners") def events_listeners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - """ return pulumi.get(self, "events_listeners") @events_listeners.setter @@ -240,9 +187,6 @@ def events_listeners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The name of the realm the event settings apply to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -264,43 +208,46 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # RealmEvents + Allows for managing Realm Events settings within Keycloak. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + realm = keycloak.Realm("realm", realm="test") realm_events = keycloak.RealmEvents("realmEvents", - realm_id=realm.id, - events_enabled=True, - events_expiration=3600, - admin_events_enabled=True, admin_events_details_enabled=True, + admin_events_enabled=True, enabled_event_types=[ "LOGIN", "LOGOUT", ], - events_listeners=["jboss-logging"]) + events_enabled=True, + events_expiration=3600, + events_listeners=["jboss-logging"], + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - This resource currently does not support importing. + The following arguments are supported: + + - `realm_id` - (Required) The name of the realm the event settings apply to. + - `admin_events_enabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`. + - `admin_events_details_enabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`. + - `events_enabled` - (Optional) When true, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. + - `events_expiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never. + - `enabled_event_types` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. + - `events_listeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] admin_events_details_enabled: When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - :param pulumi.Input[bool] admin_events_enabled: When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] enabled_event_types: The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - :param pulumi.Input[bool] events_enabled: When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - :param pulumi.Input[int] events_expiration: The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - :param pulumi.Input[Sequence[pulumi.Input[str]]] events_listeners: The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - :param pulumi.Input[str] realm_id: The name of the realm the event settings apply to. """ ... @overload @@ -309,33 +256,43 @@ def __init__(__self__, args: RealmEventsArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # RealmEvents + Allows for managing Realm Events settings within Keycloak. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + realm = keycloak.Realm("realm", realm="test") realm_events = keycloak.RealmEvents("realmEvents", - realm_id=realm.id, - events_enabled=True, - events_expiration=3600, - admin_events_enabled=True, admin_events_details_enabled=True, + admin_events_enabled=True, enabled_event_types=[ "LOGIN", "LOGOUT", ], - events_listeners=["jboss-logging"]) + events_enabled=True, + events_expiration=3600, + events_listeners=["jboss-logging"], + realm_id=realm.id) ``` + + + ### Argument Reference - ## Import + The following arguments are supported: - This resource currently does not support importing. + - `realm_id` - (Required) The name of the realm the event settings apply to. + - `admin_events_enabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`. + - `admin_events_details_enabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`. + - `events_enabled` - (Optional) When true, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. + - `events_expiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never. + - `enabled_event_types` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. + - `events_listeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. :param str resource_name: The name of the resource. :param RealmEventsArgs args: The arguments to use to populate this resource's properties. @@ -401,13 +358,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] admin_events_details_enabled: When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - :param pulumi.Input[bool] admin_events_enabled: When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] enabled_event_types: The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - :param pulumi.Input[bool] events_enabled: When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - :param pulumi.Input[int] events_expiration: The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - :param pulumi.Input[Sequence[pulumi.Input[str]]] events_listeners: The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - :param pulumi.Input[str] realm_id: The name of the realm the event settings apply to. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -425,56 +375,35 @@ def get(resource_name: str, @property @pulumi.getter(name="adminEventsDetailsEnabled") def admin_events_details_enabled(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, saved admin events will included detailed information for create/update requests. Defaults to `false`. - """ return pulumi.get(self, "admin_events_details_enabled") @property @pulumi.getter(name="adminEventsEnabled") def admin_events_enabled(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, admin events are saved to the database, making them available through the admin console. Defaults to `false`. - """ return pulumi.get(self, "admin_events_enabled") @property @pulumi.getter(name="enabledEventTypes") def enabled_event_types(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types. - """ return pulumi.get(self, "enabled_event_types") @property @pulumi.getter(name="eventsEnabled") def events_enabled(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`. - """ return pulumi.get(self, "events_enabled") @property @pulumi.getter(name="eventsExpiration") def events_expiration(self) -> pulumi.Output[Optional[int]]: - """ - The amount of time in seconds events will be saved in the database. Defaults to `0` or never. - """ return pulumi.get(self, "events_expiration") @property @pulumi.getter(name="eventsListeners") def events_listeners(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified. - """ return pulumi.get(self, "events_listeners") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The name of the realm the event settings apply to. - """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/realm_keystore_aes_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_aes_generated.py index e39ef874..3847c39b 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_aes_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_aes_generated.py @@ -237,6 +237,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -249,14 +250,15 @@ def __init__(__self__, priority=100, secret_size=16) ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b @@ -284,6 +286,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -296,14 +299,15 @@ def __init__(__self__, priority=100, secret_size=16) ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/python/pulumi_keycloak/realm_keystore_ecdsa_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_ecdsa_generated.py index 46732060..7ffc14c5 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_ecdsa_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_ecdsa_generated.py @@ -237,6 +237,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -249,14 +250,15 @@ def __init__(__self__, priority=100, elliptic_curve_key="P-256") ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b @@ -284,6 +286,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -296,14 +299,15 @@ def __init__(__self__, priority=100, elliptic_curve_key="P-256") ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/python/pulumi_keycloak/realm_keystore_hmac_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_hmac_generated.py index b267f14f..ba7cbe44 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_hmac_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_hmac_generated.py @@ -270,6 +270,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -283,14 +284,15 @@ def __init__(__self__, algorithm="HS256", secret_size=64) ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b @@ -319,6 +321,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -332,14 +335,15 @@ def __init__(__self__, algorithm="HS256", secret_size=64) ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/python/pulumi_keycloak/realm_keystore_java_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_java_generated.py index 63992403..ef439d83 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_java_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_java_generated.py @@ -365,6 +365,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -381,14 +382,15 @@ def __init__(__self__, priority=100, algorithm="RS256") ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b @@ -420,6 +422,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -436,14 +439,15 @@ def __init__(__self__, priority=100, algorithm="RS256") ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/python/pulumi_keycloak/realm_keystore_rsa.py b/sdk/python/pulumi_keycloak/realm_keystore_rsa.py index 5e0a48ee..04159d01 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_rsa.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_rsa.py @@ -336,9 +336,9 @@ def __init__(__self__, Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b @@ -371,9 +371,9 @@ def __init__(__self__, Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/python/pulumi_keycloak/realm_keystore_rsa_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_rsa_generated.py index a75afa9e..b12a0669 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_rsa_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_rsa_generated.py @@ -270,6 +270,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -283,14 +284,15 @@ def __init__(__self__, algorithm="RS256", key_size=2048) ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b @@ -319,6 +321,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -332,14 +335,15 @@ def __init__(__self__, algorithm="RS256", key_size=2048) ``` + ## Import Realm keys can be imported using realm name and keystore id, you can find it in web UI. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b diff --git a/sdk/python/pulumi_keycloak/realm_user_profile.py b/sdk/python/pulumi_keycloak/realm_user_profile.py index 25039c72..000092ad 100644 --- a/sdk/python/pulumi_keycloak/realm_user_profile.py +++ b/sdk/python/pulumi_keycloak/realm_user_profile.py @@ -147,6 +147,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import json @@ -225,6 +226,7 @@ def __init__(__self__, ), ]) ``` + ## Import @@ -256,6 +258,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import json @@ -334,6 +337,7 @@ def __init__(__self__, ), ]) ``` + ## Import diff --git a/sdk/python/pulumi_keycloak/required_action.py b/sdk/python/pulumi_keycloak/required_action.py index a32c93fe..b4007137 100644 --- a/sdk/python/pulumi_keycloak/required_action.py +++ b/sdk/python/pulumi_keycloak/required_action.py @@ -236,6 +236,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -248,14 +249,15 @@ def __init__(__self__, alias="webauthn-register", enabled=True) ``` + ## Import Authentication executions can be imported using the formats: `{{realm}}/{{alias}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias @@ -283,6 +285,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -295,14 +298,15 @@ def __init__(__self__, alias="webauthn-register", enabled=True) ``` + ## Import Authentication executions can be imported using the formats: `{{realm}}/{{alias}}`. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias diff --git a/sdk/python/pulumi_keycloak/role.py b/sdk/python/pulumi_keycloak/role.py index c85a5593..a17b4c23 100644 --- a/sdk/python/pulumi_keycloak/role.py +++ b/sdk/python/pulumi_keycloak/role.py @@ -22,12 +22,6 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a Role resource. - :param pulumi.Input[str] realm_id: The realm this role exists within. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] client_id: When specified, this role will be created as a client role attached to the client with the provided ID - :param pulumi.Input[Sequence[pulumi.Input[str]]] composite_roles: When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - :param pulumi.Input[str] description: The description of the role - :param pulumi.Input[str] name: The name of the role """ pulumi.set(__self__, "realm_id", realm_id) if attributes is not None: @@ -44,9 +38,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this role exists within. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -56,9 +47,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @attributes.setter @@ -68,9 +56,6 @@ def attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this role will be created as a client role attached to the client with the provided ID - """ return pulumi.get(self, "client_id") @client_id.setter @@ -80,9 +65,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="compositeRoles") def composite_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - """ return pulumi.get(self, "composite_roles") @composite_roles.setter @@ -92,9 +74,6 @@ def composite_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: - """ - The description of the role - """ return pulumi.get(self, "description") @description.setter @@ -104,9 +83,6 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the role - """ return pulumi.get(self, "name") @name.setter @@ -125,12 +101,6 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering Role resources. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] client_id: When specified, this role will be created as a client role attached to the client with the provided ID - :param pulumi.Input[Sequence[pulumi.Input[str]]] composite_roles: When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - :param pulumi.Input[str] description: The description of the role - :param pulumi.Input[str] name: The name of the role - :param pulumi.Input[str] realm_id: The realm this role exists within. """ if attributes is not None: pulumi.set(__self__, "attributes", attributes) @@ -148,9 +118,6 @@ def __init__(__self__, *, @property @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @attributes.setter @@ -160,9 +127,6 @@ def attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this role will be created as a client role attached to the client with the provided ID - """ return pulumi.get(self, "client_id") @client_id.setter @@ -172,9 +136,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="compositeRoles") def composite_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - """ return pulumi.get(self, "composite_roles") @composite_roles.setter @@ -184,9 +145,6 @@ def composite_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: - """ - The description of the role - """ return pulumi.get(self, "description") @description.setter @@ -196,9 +154,6 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the role - """ return pulumi.get(self, "name") @name.setter @@ -208,9 +163,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this role exists within. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -231,131 +183,110 @@ def __init__(__self__, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # Role + Allows for creating and managing roles within Keycloak. - Roles allow you define privileges within Keycloak and map them to users and groups. + Roles allow you define privileges within Keycloak and map them to users + and groups. - ## Example Usage - ### Realm Role) + ### Example Usage (Realm role) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") realm_role = keycloak.Role("realmRole", - realm_id=realm.id, description="My Realm Role", - attributes={ - "key": "value", - "multivalue": "value1##value2", - }) + realm_id=realm.id) ``` - ### Client Role) + + + ### Example Usage (Client role) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, + enabled=True, + realm="my-realm") + client = keycloak.openid.Client("client", + access_type="BEARER-ONLY", client_id="client", enabled=True, - access_type="CONFIDENTIAL", - valid_redirect_uris=["http://localhost:8080/openid-callback"]) + realm_id=realm.id) client_role = keycloak.Role("clientRole", - realm_id=realm.id, - client_id=keycloak_client["openid_client"]["id"], + client_id=keycloak_client["client"]["id"], description="My Client Role", - attributes={ - "key": "value", - }) + realm_id=realm.id) ``` - ### Composite Role) + + + ### Example Usage (Composite role) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - # realm roles - create_role = keycloak.Role("createRole", - realm_id=realm.id, - attributes={ - "key": "value", - }) - read_role = keycloak.Role("readRole", - realm_id=realm.id, - attributes={ - "key": "value", - }) - update_role = keycloak.Role("updateRole", - realm_id=realm.id, - attributes={ - "key": "value", - }) - delete_role = keycloak.Role("deleteRole", - realm_id=realm.id, - attributes={ - "key": "value", - }) - # client role - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, + enabled=True, + realm="my-realm") + create_role = keycloak.Role("createRole", realm_id=realm.id) + read_role = keycloak.Role("readRole", realm_id=realm.id) + update_role = keycloak.Role("updateRole", realm_id=realm.id) + delete_role = keycloak.Role("deleteRole", realm_id=realm.id) + client = keycloak.openid.Client("client", + access_type="BEARER-ONLY", client_id="client", enabled=True, - access_type="CONFIDENTIAL", - valid_redirect_uris=["http://localhost:8080/openid-callback"]) + realm_id=realm.id) client_role = keycloak.Role("clientRole", - realm_id=realm.id, - client_id=keycloak_client["openid_client"]["id"], + client_id=keycloak_client["client"]["id"], description="My Client Role", - attributes={ - "key": "value", - }) + realm_id=realm.id) admin_role = keycloak.Role("adminRole", - realm_id=realm.id, composite_roles=[ - create_role.id, - read_role.id, - update_role.id, - delete_role.id, - client_role.id, + "{keycloak_role.create_role.id}", + "{keycloak_role.read_role.id}", + "{keycloak_role.update_role.id}", + "{keycloak_role.delete_role.id}", + "{keycloak_role.client_role.id}", ], - attributes={ - "key": "value", - }) + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns + The following arguments are supported: - to the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role. + - `realm_id` - (Required) The realm this role exists within. + - `client_id` - (Optional) When specified, this role will be created as + a client role attached to the client with the provided ID + - `name` - (Required) The name of the role + - `description` - (Optional) The description of the role + - `composite_roles` - (Optional) When specified, this role will be a + composite role, composed of all roles that have an ID present within + this list. - Example: + ### Import - bash + Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where + `role_id` is the unique ID that Keycloak assigns to the role. The ID is + not easy to find in the GUI, but it appears in the URL when editing the + role. - ```sh - $ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] client_id: When specified, this role will be created as a client role attached to the client with the provided ID - :param pulumi.Input[Sequence[pulumi.Input[str]]] composite_roles: When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - :param pulumi.Input[str] description: The description of the role - :param pulumi.Input[str] name: The name of the role - :param pulumi.Input[str] realm_id: The realm this role exists within. """ ... @overload @@ -364,122 +295,107 @@ def __init__(__self__, args: RoleArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # Role + Allows for creating and managing roles within Keycloak. - Roles allow you define privileges within Keycloak and map them to users and groups. + Roles allow you define privileges within Keycloak and map them to users + and groups. - ## Example Usage - ### Realm Role) + ### Example Usage (Realm role) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") realm_role = keycloak.Role("realmRole", - realm_id=realm.id, description="My Realm Role", - attributes={ - "key": "value", - "multivalue": "value1##value2", - }) + realm_id=realm.id) ``` - ### Client Role) + + + ### Example Usage (Client role) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, + enabled=True, + realm="my-realm") + client = keycloak.openid.Client("client", + access_type="BEARER-ONLY", client_id="client", enabled=True, - access_type="CONFIDENTIAL", - valid_redirect_uris=["http://localhost:8080/openid-callback"]) + realm_id=realm.id) client_role = keycloak.Role("clientRole", - realm_id=realm.id, - client_id=keycloak_client["openid_client"]["id"], + client_id=keycloak_client["client"]["id"], description="My Client Role", - attributes={ - "key": "value", - }) + realm_id=realm.id) ``` - ### Composite Role) + + ### Example Usage (Composite role) + + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - # realm roles - create_role = keycloak.Role("createRole", - realm_id=realm.id, - attributes={ - "key": "value", - }) - read_role = keycloak.Role("readRole", - realm_id=realm.id, - attributes={ - "key": "value", - }) - update_role = keycloak.Role("updateRole", - realm_id=realm.id, - attributes={ - "key": "value", - }) - delete_role = keycloak.Role("deleteRole", - realm_id=realm.id, - attributes={ - "key": "value", - }) - # client role - openid_client = keycloak.openid.Client("openidClient", - realm_id=realm.id, + enabled=True, + realm="my-realm") + create_role = keycloak.Role("createRole", realm_id=realm.id) + read_role = keycloak.Role("readRole", realm_id=realm.id) + update_role = keycloak.Role("updateRole", realm_id=realm.id) + delete_role = keycloak.Role("deleteRole", realm_id=realm.id) + client = keycloak.openid.Client("client", + access_type="BEARER-ONLY", client_id="client", enabled=True, - access_type="CONFIDENTIAL", - valid_redirect_uris=["http://localhost:8080/openid-callback"]) + realm_id=realm.id) client_role = keycloak.Role("clientRole", - realm_id=realm.id, - client_id=keycloak_client["openid_client"]["id"], + client_id=keycloak_client["client"]["id"], description="My Client Role", - attributes={ - "key": "value", - }) + realm_id=realm.id) admin_role = keycloak.Role("adminRole", - realm_id=realm.id, composite_roles=[ - create_role.id, - read_role.id, - update_role.id, - delete_role.id, - client_role.id, + "{keycloak_role.create_role.id}", + "{keycloak_role.read_role.id}", + "{keycloak_role.update_role.id}", + "{keycloak_role.delete_role.id}", + "{keycloak_role.client_role.id}", ], - attributes={ - "key": "value", - }) + realm_id=realm.id) ``` + - ## Import + ### Argument Reference - Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns + The following arguments are supported: - to the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role. + - `realm_id` - (Required) The realm this role exists within. + - `client_id` - (Optional) When specified, this role will be created as + a client role attached to the client with the provided ID + - `name` - (Required) The name of the role + - `description` - (Optional) The description of the role + - `composite_roles` - (Optional) When specified, this role will be a + composite role, composed of all roles that have an ID present within + this list. - Example: + ### Import - bash + Roles can be imported using the format `{{realm_id}}/{{role_id}}`, where + `role_id` is the unique ID that Keycloak assigns to the role. The ID is + not easy to find in the GUI, but it appears in the URL when editing the + role. - ```sh - $ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad - ``` + Example: :param str resource_name: The name of the resource. :param RoleArgs args: The arguments to use to populate this resource's properties. @@ -542,12 +458,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] client_id: When specified, this role will be created as a client role attached to the client with the provided ID - :param pulumi.Input[Sequence[pulumi.Input[str]]] composite_roles: When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - :param pulumi.Input[str] description: The description of the role - :param pulumi.Input[str] name: The name of the role - :param pulumi.Input[str] realm_id: The realm this role exists within. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -564,48 +474,30 @@ def get(resource_name: str, @property @pulumi.getter def attributes(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: - """ - A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: - """ - When specified, this role will be created as a client role attached to the client with the provided ID - """ return pulumi.get(self, "client_id") @property @pulumi.getter(name="compositeRoles") def composite_roles(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - When specified, this role will be a composite role, composed of all roles that have an ID present within this list. - """ return pulumi.get(self, "composite_roles") @property @pulumi.getter def description(self) -> pulumi.Output[Optional[str]]: - """ - The description of the role - """ return pulumi.get(self, "description") @property @pulumi.getter def name(self) -> pulumi.Output[str]: - """ - The name of the role - """ return pulumi.get(self, "name") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this role exists within. - """ return pulumi.get(self, "realm_id") diff --git a/sdk/python/pulumi_keycloak/saml/_inputs.py b/sdk/python/pulumi_keycloak/saml/_inputs.py index 5fa56702..d40914d3 100644 --- a/sdk/python/pulumi_keycloak/saml/_inputs.py +++ b/sdk/python/pulumi_keycloak/saml/_inputs.py @@ -18,10 +18,6 @@ class ClientAuthenticationFlowBindingOverridesArgs: def __init__(__self__, *, browser_id: Optional[pulumi.Input[str]] = None, direct_grant_id: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[str] browser_id: Browser flow id, (flow needs to exist) - :param pulumi.Input[str] direct_grant_id: Direct grant flow id (flow needs to exist) - """ if browser_id is not None: pulumi.set(__self__, "browser_id", browser_id) if direct_grant_id is not None: @@ -30,9 +26,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="browserId") def browser_id(self) -> Optional[pulumi.Input[str]]: - """ - Browser flow id, (flow needs to exist) - """ return pulumi.get(self, "browser_id") @browser_id.setter @@ -42,9 +35,6 @@ def browser_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="directGrantId") def direct_grant_id(self) -> Optional[pulumi.Input[str]]: - """ - Direct grant flow id (flow needs to exist) - """ return pulumi.get(self, "direct_grant_id") @direct_grant_id.setter diff --git a/sdk/python/pulumi_keycloak/saml/client.py b/sdk/python/pulumi_keycloak/saml/client.py index c2c9ec4e..034c13ab 100644 --- a/sdk/python/pulumi_keycloak/saml/client.py +++ b/sdk/python/pulumi_keycloak/saml/client.py @@ -52,39 +52,6 @@ def __init__(__self__, *, valid_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ The set of arguments for constructing a Client resource. - :param pulumi.Input[str] client_id: The unique ID of this client, referenced in the URI during authentication and in issued tokens. - :param pulumi.Input[str] realm_id: The realm this client is attached to. - :param pulumi.Input[str] assertion_consumer_post_url: SAML POST Binding URL for the client's assertion consumer service (login responses). - :param pulumi.Input[str] assertion_consumer_redirect_url: SAML Redirect Binding URL for the client's assertion consumer service (login responses). - :param pulumi.Input['ClientAuthenticationFlowBindingOverridesArgs'] authentication_flow_binding_overrides: Override realm authentication flow bindings - :param pulumi.Input[str] base_url: When specified, this URL will be used whenever Keycloak needs to link to this client. - :param pulumi.Input[str] canonicalization_method: The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - :param pulumi.Input[bool] client_signature_required: When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - :param pulumi.Input[str] description: The description of this client in the GUI. - :param pulumi.Input[bool] enabled: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - :param pulumi.Input[bool] encrypt_assertions: When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - :param pulumi.Input[str] encryption_certificate: If assertions for the client are encrypted, this certificate will be used for encryption. - :param pulumi.Input[bool] force_name_id_format: Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - :param pulumi.Input[bool] force_post_binding: When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - :param pulumi.Input[bool] front_channel_logout: When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - :param pulumi.Input[bool] full_scope_allowed: Allow to include all roles mappings in the access token - :param pulumi.Input[str] idp_initiated_sso_relay_state: Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - :param pulumi.Input[str] idp_initiated_sso_url_name: URL fragment name to reference client when you want to do IDP Initiated SSO. - :param pulumi.Input[bool] include_authn_statement: When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - :param pulumi.Input[str] login_theme: The login theme of this client. - :param pulumi.Input[str] logout_service_post_binding_url: SAML POST Binding URL for the client's single logout service. - :param pulumi.Input[str] logout_service_redirect_binding_url: SAML Redirect Binding URL for the client's single logout service. - :param pulumi.Input[str] master_saml_processing_url: When specified, this URL will be used for all SAML requests. - :param pulumi.Input[str] name: The display name of this client in the GUI. - :param pulumi.Input[str] name_id_format: Sets the Name ID format for the subject. - :param pulumi.Input[str] root_url: When specified, this value is prepended to all relative URLs. - :param pulumi.Input[bool] sign_assertions: When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - :param pulumi.Input[bool] sign_documents: When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - :param pulumi.Input[str] signature_algorithm: The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - :param pulumi.Input[str] signature_key_name: The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - :param pulumi.Input[str] signing_certificate: If documents or assertions from the client are signed, this certificate will be used to verify the signature. - :param pulumi.Input[str] signing_private_key: If documents or assertions from the client are signed, this private key will be used to verify the signature. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. """ pulumi.set(__self__, "client_id", client_id) pulumi.set(__self__, "realm_id", realm_id) @@ -156,9 +123,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Input[str]: - """ - The unique ID of this client, referenced in the URI during authentication and in issued tokens. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -168,9 +132,6 @@ def client_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this client is attached to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -180,9 +141,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="assertionConsumerPostUrl") def assertion_consumer_post_url(self) -> Optional[pulumi.Input[str]]: - """ - SAML POST Binding URL for the client's assertion consumer service (login responses). - """ return pulumi.get(self, "assertion_consumer_post_url") @assertion_consumer_post_url.setter @@ -192,9 +150,6 @@ def assertion_consumer_post_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="assertionConsumerRedirectUrl") def assertion_consumer_redirect_url(self) -> Optional[pulumi.Input[str]]: - """ - SAML Redirect Binding URL for the client's assertion consumer service (login responses). - """ return pulumi.get(self, "assertion_consumer_redirect_url") @assertion_consumer_redirect_url.setter @@ -204,9 +159,6 @@ def assertion_consumer_redirect_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="authenticationFlowBindingOverrides") def authentication_flow_binding_overrides(self) -> Optional[pulumi.Input['ClientAuthenticationFlowBindingOverridesArgs']]: - """ - Override realm authentication flow bindings - """ return pulumi.get(self, "authentication_flow_binding_overrides") @authentication_flow_binding_overrides.setter @@ -216,9 +168,6 @@ def authentication_flow_binding_overrides(self, value: Optional[pulumi.Input['Cl @property @pulumi.getter(name="baseUrl") def base_url(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this URL will be used whenever Keycloak needs to link to this client. - """ return pulumi.get(self, "base_url") @base_url.setter @@ -228,9 +177,6 @@ def base_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="canonicalizationMethod") def canonicalization_method(self) -> Optional[pulumi.Input[str]]: - """ - The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - """ return pulumi.get(self, "canonicalization_method") @canonicalization_method.setter @@ -240,9 +186,6 @@ def canonicalization_method(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSignatureRequired") def client_signature_required(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - """ return pulumi.get(self, "client_signature_required") @client_signature_required.setter @@ -252,9 +195,6 @@ def client_signature_required(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: - """ - The description of this client in the GUI. - """ return pulumi.get(self, "description") @description.setter @@ -264,9 +204,6 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - """ return pulumi.get(self, "enabled") @enabled.setter @@ -276,9 +213,6 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="encryptAssertions") def encrypt_assertions(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - """ return pulumi.get(self, "encrypt_assertions") @encrypt_assertions.setter @@ -288,9 +222,6 @@ def encrypt_assertions(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="encryptionCertificate") def encryption_certificate(self) -> Optional[pulumi.Input[str]]: - """ - If assertions for the client are encrypted, this certificate will be used for encryption. - """ return pulumi.get(self, "encryption_certificate") @encryption_certificate.setter @@ -309,9 +240,6 @@ def extra_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter(name="forceNameIdFormat") def force_name_id_format(self) -> Optional[pulumi.Input[bool]]: - """ - Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - """ return pulumi.get(self, "force_name_id_format") @force_name_id_format.setter @@ -321,9 +249,6 @@ def force_name_id_format(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="forcePostBinding") def force_post_binding(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - """ return pulumi.get(self, "force_post_binding") @force_post_binding.setter @@ -333,9 +258,6 @@ def force_post_binding(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="frontChannelLogout") def front_channel_logout(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - """ return pulumi.get(self, "front_channel_logout") @front_channel_logout.setter @@ -345,9 +267,6 @@ def front_channel_logout(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="fullScopeAllowed") def full_scope_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - Allow to include all roles mappings in the access token - """ return pulumi.get(self, "full_scope_allowed") @full_scope_allowed.setter @@ -357,9 +276,6 @@ def full_scope_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="idpInitiatedSsoRelayState") def idp_initiated_sso_relay_state(self) -> Optional[pulumi.Input[str]]: - """ - Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - """ return pulumi.get(self, "idp_initiated_sso_relay_state") @idp_initiated_sso_relay_state.setter @@ -369,9 +285,6 @@ def idp_initiated_sso_relay_state(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="idpInitiatedSsoUrlName") def idp_initiated_sso_url_name(self) -> Optional[pulumi.Input[str]]: - """ - URL fragment name to reference client when you want to do IDP Initiated SSO. - """ return pulumi.get(self, "idp_initiated_sso_url_name") @idp_initiated_sso_url_name.setter @@ -381,9 +294,6 @@ def idp_initiated_sso_url_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="includeAuthnStatement") def include_authn_statement(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - """ return pulumi.get(self, "include_authn_statement") @include_authn_statement.setter @@ -393,9 +303,6 @@ def include_authn_statement(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="loginTheme") def login_theme(self) -> Optional[pulumi.Input[str]]: - """ - The login theme of this client. - """ return pulumi.get(self, "login_theme") @login_theme.setter @@ -405,9 +312,6 @@ def login_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="logoutServicePostBindingUrl") def logout_service_post_binding_url(self) -> Optional[pulumi.Input[str]]: - """ - SAML POST Binding URL for the client's single logout service. - """ return pulumi.get(self, "logout_service_post_binding_url") @logout_service_post_binding_url.setter @@ -417,9 +321,6 @@ def logout_service_post_binding_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="logoutServiceRedirectBindingUrl") def logout_service_redirect_binding_url(self) -> Optional[pulumi.Input[str]]: - """ - SAML Redirect Binding URL for the client's single logout service. - """ return pulumi.get(self, "logout_service_redirect_binding_url") @logout_service_redirect_binding_url.setter @@ -429,9 +330,6 @@ def logout_service_redirect_binding_url(self, value: Optional[pulumi.Input[str]] @property @pulumi.getter(name="masterSamlProcessingUrl") def master_saml_processing_url(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this URL will be used for all SAML requests. - """ return pulumi.get(self, "master_saml_processing_url") @master_saml_processing_url.setter @@ -441,9 +339,6 @@ def master_saml_processing_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this client in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -453,9 +348,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="nameIdFormat") def name_id_format(self) -> Optional[pulumi.Input[str]]: - """ - Sets the Name ID format for the subject. - """ return pulumi.get(self, "name_id_format") @name_id_format.setter @@ -465,9 +357,6 @@ def name_id_format(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="rootUrl") def root_url(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this value is prepended to all relative URLs. - """ return pulumi.get(self, "root_url") @root_url.setter @@ -477,9 +366,6 @@ def root_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signAssertions") def sign_assertions(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - """ return pulumi.get(self, "sign_assertions") @sign_assertions.setter @@ -489,9 +375,6 @@ def sign_assertions(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="signDocuments") def sign_documents(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - """ return pulumi.get(self, "sign_documents") @sign_documents.setter @@ -501,9 +384,6 @@ def sign_documents(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="signatureAlgorithm") def signature_algorithm(self) -> Optional[pulumi.Input[str]]: - """ - The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - """ return pulumi.get(self, "signature_algorithm") @signature_algorithm.setter @@ -513,9 +393,6 @@ def signature_algorithm(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signatureKeyName") def signature_key_name(self) -> Optional[pulumi.Input[str]]: - """ - The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - """ return pulumi.get(self, "signature_key_name") @signature_key_name.setter @@ -525,9 +402,6 @@ def signature_key_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signingCertificate") def signing_certificate(self) -> Optional[pulumi.Input[str]]: - """ - If documents or assertions from the client are signed, this certificate will be used to verify the signature. - """ return pulumi.get(self, "signing_certificate") @signing_certificate.setter @@ -537,9 +411,6 @@ def signing_certificate(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signingPrivateKey") def signing_private_key(self) -> Optional[pulumi.Input[str]]: - """ - If documents or assertions from the client are signed, this private key will be used to verify the signature. - """ return pulumi.get(self, "signing_private_key") @signing_private_key.setter @@ -549,9 +420,6 @@ def signing_private_key(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="validRedirectUris") def valid_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - """ return pulumi.get(self, "valid_redirect_uris") @valid_redirect_uris.setter @@ -601,42 +469,6 @@ def __init__(__self__, *, valid_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ Input properties used for looking up and filtering Client resources. - :param pulumi.Input[str] assertion_consumer_post_url: SAML POST Binding URL for the client's assertion consumer service (login responses). - :param pulumi.Input[str] assertion_consumer_redirect_url: SAML Redirect Binding URL for the client's assertion consumer service (login responses). - :param pulumi.Input['ClientAuthenticationFlowBindingOverridesArgs'] authentication_flow_binding_overrides: Override realm authentication flow bindings - :param pulumi.Input[str] base_url: When specified, this URL will be used whenever Keycloak needs to link to this client. - :param pulumi.Input[str] canonicalization_method: The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - :param pulumi.Input[str] client_id: The unique ID of this client, referenced in the URI during authentication and in issued tokens. - :param pulumi.Input[bool] client_signature_required: When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - :param pulumi.Input[str] description: The description of this client in the GUI. - :param pulumi.Input[bool] enabled: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - :param pulumi.Input[bool] encrypt_assertions: When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - :param pulumi.Input[str] encryption_certificate: If assertions for the client are encrypted, this certificate will be used for encryption. - :param pulumi.Input[str] encryption_certificate_sha1: (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - :param pulumi.Input[bool] force_name_id_format: Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - :param pulumi.Input[bool] force_post_binding: When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - :param pulumi.Input[bool] front_channel_logout: When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - :param pulumi.Input[bool] full_scope_allowed: Allow to include all roles mappings in the access token - :param pulumi.Input[str] idp_initiated_sso_relay_state: Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - :param pulumi.Input[str] idp_initiated_sso_url_name: URL fragment name to reference client when you want to do IDP Initiated SSO. - :param pulumi.Input[bool] include_authn_statement: When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - :param pulumi.Input[str] login_theme: The login theme of this client. - :param pulumi.Input[str] logout_service_post_binding_url: SAML POST Binding URL for the client's single logout service. - :param pulumi.Input[str] logout_service_redirect_binding_url: SAML Redirect Binding URL for the client's single logout service. - :param pulumi.Input[str] master_saml_processing_url: When specified, this URL will be used for all SAML requests. - :param pulumi.Input[str] name: The display name of this client in the GUI. - :param pulumi.Input[str] name_id_format: Sets the Name ID format for the subject. - :param pulumi.Input[str] realm_id: The realm this client is attached to. - :param pulumi.Input[str] root_url: When specified, this value is prepended to all relative URLs. - :param pulumi.Input[bool] sign_assertions: When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - :param pulumi.Input[bool] sign_documents: When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - :param pulumi.Input[str] signature_algorithm: The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - :param pulumi.Input[str] signature_key_name: The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - :param pulumi.Input[str] signing_certificate: If documents or assertions from the client are signed, this certificate will be used to verify the signature. - :param pulumi.Input[str] signing_certificate_sha1: (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - :param pulumi.Input[str] signing_private_key: If documents or assertions from the client are signed, this private key will be used to verify the signature. - :param pulumi.Input[str] signing_private_key_sha1: (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. """ if assertion_consumer_post_url is not None: pulumi.set(__self__, "assertion_consumer_post_url", assertion_consumer_post_url) @@ -716,9 +548,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="assertionConsumerPostUrl") def assertion_consumer_post_url(self) -> Optional[pulumi.Input[str]]: - """ - SAML POST Binding URL for the client's assertion consumer service (login responses). - """ return pulumi.get(self, "assertion_consumer_post_url") @assertion_consumer_post_url.setter @@ -728,9 +557,6 @@ def assertion_consumer_post_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="assertionConsumerRedirectUrl") def assertion_consumer_redirect_url(self) -> Optional[pulumi.Input[str]]: - """ - SAML Redirect Binding URL for the client's assertion consumer service (login responses). - """ return pulumi.get(self, "assertion_consumer_redirect_url") @assertion_consumer_redirect_url.setter @@ -740,9 +566,6 @@ def assertion_consumer_redirect_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="authenticationFlowBindingOverrides") def authentication_flow_binding_overrides(self) -> Optional[pulumi.Input['ClientAuthenticationFlowBindingOverridesArgs']]: - """ - Override realm authentication flow bindings - """ return pulumi.get(self, "authentication_flow_binding_overrides") @authentication_flow_binding_overrides.setter @@ -752,9 +575,6 @@ def authentication_flow_binding_overrides(self, value: Optional[pulumi.Input['Cl @property @pulumi.getter(name="baseUrl") def base_url(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this URL will be used whenever Keycloak needs to link to this client. - """ return pulumi.get(self, "base_url") @base_url.setter @@ -764,9 +584,6 @@ def base_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="canonicalizationMethod") def canonicalization_method(self) -> Optional[pulumi.Input[str]]: - """ - The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - """ return pulumi.get(self, "canonicalization_method") @canonicalization_method.setter @@ -776,9 +593,6 @@ def canonicalization_method(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - The unique ID of this client, referenced in the URI during authentication and in issued tokens. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -788,9 +602,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientSignatureRequired") def client_signature_required(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - """ return pulumi.get(self, "client_signature_required") @client_signature_required.setter @@ -800,9 +611,6 @@ def client_signature_required(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: - """ - The description of this client in the GUI. - """ return pulumi.get(self, "description") @description.setter @@ -812,9 +620,6 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - """ return pulumi.get(self, "enabled") @enabled.setter @@ -824,9 +629,6 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="encryptAssertions") def encrypt_assertions(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - """ return pulumi.get(self, "encrypt_assertions") @encrypt_assertions.setter @@ -836,9 +638,6 @@ def encrypt_assertions(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="encryptionCertificate") def encryption_certificate(self) -> Optional[pulumi.Input[str]]: - """ - If assertions for the client are encrypted, this certificate will be used for encryption. - """ return pulumi.get(self, "encryption_certificate") @encryption_certificate.setter @@ -848,9 +647,6 @@ def encryption_certificate(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="encryptionCertificateSha1") def encryption_certificate_sha1(self) -> Optional[pulumi.Input[str]]: - """ - (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - """ return pulumi.get(self, "encryption_certificate_sha1") @encryption_certificate_sha1.setter @@ -869,9 +665,6 @@ def extra_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter(name="forceNameIdFormat") def force_name_id_format(self) -> Optional[pulumi.Input[bool]]: - """ - Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - """ return pulumi.get(self, "force_name_id_format") @force_name_id_format.setter @@ -881,9 +674,6 @@ def force_name_id_format(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="forcePostBinding") def force_post_binding(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - """ return pulumi.get(self, "force_post_binding") @force_post_binding.setter @@ -893,9 +683,6 @@ def force_post_binding(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="frontChannelLogout") def front_channel_logout(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - """ return pulumi.get(self, "front_channel_logout") @front_channel_logout.setter @@ -905,9 +692,6 @@ def front_channel_logout(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="fullScopeAllowed") def full_scope_allowed(self) -> Optional[pulumi.Input[bool]]: - """ - Allow to include all roles mappings in the access token - """ return pulumi.get(self, "full_scope_allowed") @full_scope_allowed.setter @@ -917,9 +701,6 @@ def full_scope_allowed(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="idpInitiatedSsoRelayState") def idp_initiated_sso_relay_state(self) -> Optional[pulumi.Input[str]]: - """ - Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - """ return pulumi.get(self, "idp_initiated_sso_relay_state") @idp_initiated_sso_relay_state.setter @@ -929,9 +710,6 @@ def idp_initiated_sso_relay_state(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="idpInitiatedSsoUrlName") def idp_initiated_sso_url_name(self) -> Optional[pulumi.Input[str]]: - """ - URL fragment name to reference client when you want to do IDP Initiated SSO. - """ return pulumi.get(self, "idp_initiated_sso_url_name") @idp_initiated_sso_url_name.setter @@ -941,9 +719,6 @@ def idp_initiated_sso_url_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="includeAuthnStatement") def include_authn_statement(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - """ return pulumi.get(self, "include_authn_statement") @include_authn_statement.setter @@ -953,9 +728,6 @@ def include_authn_statement(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="loginTheme") def login_theme(self) -> Optional[pulumi.Input[str]]: - """ - The login theme of this client. - """ return pulumi.get(self, "login_theme") @login_theme.setter @@ -965,9 +737,6 @@ def login_theme(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="logoutServicePostBindingUrl") def logout_service_post_binding_url(self) -> Optional[pulumi.Input[str]]: - """ - SAML POST Binding URL for the client's single logout service. - """ return pulumi.get(self, "logout_service_post_binding_url") @logout_service_post_binding_url.setter @@ -977,9 +746,6 @@ def logout_service_post_binding_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="logoutServiceRedirectBindingUrl") def logout_service_redirect_binding_url(self) -> Optional[pulumi.Input[str]]: - """ - SAML Redirect Binding URL for the client's single logout service. - """ return pulumi.get(self, "logout_service_redirect_binding_url") @logout_service_redirect_binding_url.setter @@ -989,9 +755,6 @@ def logout_service_redirect_binding_url(self, value: Optional[pulumi.Input[str]] @property @pulumi.getter(name="masterSamlProcessingUrl") def master_saml_processing_url(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this URL will be used for all SAML requests. - """ return pulumi.get(self, "master_saml_processing_url") @master_saml_processing_url.setter @@ -1001,9 +764,6 @@ def master_saml_processing_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this client in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -1013,9 +773,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="nameIdFormat") def name_id_format(self) -> Optional[pulumi.Input[str]]: - """ - Sets the Name ID format for the subject. - """ return pulumi.get(self, "name_id_format") @name_id_format.setter @@ -1025,9 +782,6 @@ def name_id_format(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this client is attached to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -1037,9 +791,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="rootUrl") def root_url(self) -> Optional[pulumi.Input[str]]: - """ - When specified, this value is prepended to all relative URLs. - """ return pulumi.get(self, "root_url") @root_url.setter @@ -1049,9 +800,6 @@ def root_url(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signAssertions") def sign_assertions(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - """ return pulumi.get(self, "sign_assertions") @sign_assertions.setter @@ -1061,9 +809,6 @@ def sign_assertions(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="signDocuments") def sign_documents(self) -> Optional[pulumi.Input[bool]]: - """ - When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - """ return pulumi.get(self, "sign_documents") @sign_documents.setter @@ -1073,9 +818,6 @@ def sign_documents(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="signatureAlgorithm") def signature_algorithm(self) -> Optional[pulumi.Input[str]]: - """ - The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - """ return pulumi.get(self, "signature_algorithm") @signature_algorithm.setter @@ -1085,9 +827,6 @@ def signature_algorithm(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signatureKeyName") def signature_key_name(self) -> Optional[pulumi.Input[str]]: - """ - The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - """ return pulumi.get(self, "signature_key_name") @signature_key_name.setter @@ -1097,9 +836,6 @@ def signature_key_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signingCertificate") def signing_certificate(self) -> Optional[pulumi.Input[str]]: - """ - If documents or assertions from the client are signed, this certificate will be used to verify the signature. - """ return pulumi.get(self, "signing_certificate") @signing_certificate.setter @@ -1109,9 +845,6 @@ def signing_certificate(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signingCertificateSha1") def signing_certificate_sha1(self) -> Optional[pulumi.Input[str]]: - """ - (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - """ return pulumi.get(self, "signing_certificate_sha1") @signing_certificate_sha1.setter @@ -1121,9 +854,6 @@ def signing_certificate_sha1(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signingPrivateKey") def signing_private_key(self) -> Optional[pulumi.Input[str]]: - """ - If documents or assertions from the client are signed, this private key will be used to verify the signature. - """ return pulumi.get(self, "signing_private_key") @signing_private_key.setter @@ -1133,9 +863,6 @@ def signing_private_key(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="signingPrivateKeySha1") def signing_private_key_sha1(self) -> Optional[pulumi.Input[str]]: - """ - (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - """ return pulumi.get(self, "signing_private_key_sha1") @signing_private_key_sha1.setter @@ -1145,9 +872,6 @@ def signing_private_key_sha1(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="validRedirectUris") def valid_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - """ return pulumi.get(self, "valid_redirect_uris") @valid_redirect_uris.setter @@ -1196,79 +920,74 @@ def __init__(__self__, valid_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): """ + ## # saml.Client + Allows for creating and managing Keycloak clients that use the SAML protocol. - Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users - to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. + Clients are entities that can use Keycloak for user authentication. Typically, + clients are applications that redirect users to Keycloak for authentication + in order to take advantage of Keycloak's user sessions for SSO. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") saml_client = keycloak.saml.Client("samlClient", + client_id="test-saml-client", + include_authn_statement=True, realm_id=realm.id, - client_id="saml-client", - sign_documents=False, sign_assertions=True, - include_authn_statement=True, + sign_documents=False, signing_certificate=(lambda path: open(path).read())("saml-cert.pem"), signing_private_key=(lambda path: open(path).read())("saml-key.pem")) ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm this client is attached to. + - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + - `name` - (Optional) The display name of this client in the GUI. + - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + - `description` - (Optional) The description of this client in the GUI. + - `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. + - `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. + - `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. + - `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. + - `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. + - `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. + - `name_id_format` - (Optional) Sets the Name ID format for the subject. + - `root_url` - (Optional) When specified, this value is prepended to all relative URLs. + - `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. + - `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. + - `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests. + - `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. + - `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. + - `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. + - `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. + - `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). + - `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). + - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. + - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. + - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token + + ### Import Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. - assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. - - Example: - - bash - - ```sh - $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] assertion_consumer_post_url: SAML POST Binding URL for the client's assertion consumer service (login responses). - :param pulumi.Input[str] assertion_consumer_redirect_url: SAML Redirect Binding URL for the client's assertion consumer service (login responses). - :param pulumi.Input[pulumi.InputType['ClientAuthenticationFlowBindingOverridesArgs']] authentication_flow_binding_overrides: Override realm authentication flow bindings - :param pulumi.Input[str] base_url: When specified, this URL will be used whenever Keycloak needs to link to this client. - :param pulumi.Input[str] canonicalization_method: The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - :param pulumi.Input[str] client_id: The unique ID of this client, referenced in the URI during authentication and in issued tokens. - :param pulumi.Input[bool] client_signature_required: When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - :param pulumi.Input[str] description: The description of this client in the GUI. - :param pulumi.Input[bool] enabled: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - :param pulumi.Input[bool] encrypt_assertions: When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - :param pulumi.Input[str] encryption_certificate: If assertions for the client are encrypted, this certificate will be used for encryption. - :param pulumi.Input[bool] force_name_id_format: Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - :param pulumi.Input[bool] force_post_binding: When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - :param pulumi.Input[bool] front_channel_logout: When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - :param pulumi.Input[bool] full_scope_allowed: Allow to include all roles mappings in the access token - :param pulumi.Input[str] idp_initiated_sso_relay_state: Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - :param pulumi.Input[str] idp_initiated_sso_url_name: URL fragment name to reference client when you want to do IDP Initiated SSO. - :param pulumi.Input[bool] include_authn_statement: When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - :param pulumi.Input[str] login_theme: The login theme of this client. - :param pulumi.Input[str] logout_service_post_binding_url: SAML POST Binding URL for the client's single logout service. - :param pulumi.Input[str] logout_service_redirect_binding_url: SAML Redirect Binding URL for the client's single logout service. - :param pulumi.Input[str] master_saml_processing_url: When specified, this URL will be used for all SAML requests. - :param pulumi.Input[str] name: The display name of this client in the GUI. - :param pulumi.Input[str] name_id_format: Sets the Name ID format for the subject. - :param pulumi.Input[str] realm_id: The realm this client is attached to. - :param pulumi.Input[str] root_url: When specified, this value is prepended to all relative URLs. - :param pulumi.Input[bool] sign_assertions: When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - :param pulumi.Input[bool] sign_documents: When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - :param pulumi.Input[str] signature_algorithm: The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - :param pulumi.Input[str] signature_key_name: The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - :param pulumi.Input[str] signing_certificate: If documents or assertions from the client are signed, this certificate will be used to verify the signature. - :param pulumi.Input[str] signing_private_key: If documents or assertions from the client are signed, this private key will be used to verify the signature. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. """ ... @overload @@ -1277,43 +996,71 @@ def __init__(__self__, args: ClientArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # saml.Client + Allows for creating and managing Keycloak clients that use the SAML protocol. - Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users - to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. + Clients are entities that can use Keycloak for user authentication. Typically, + clients are applications that redirect users to Keycloak for authentication + in order to take advantage of Keycloak's user sessions for SSO. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") saml_client = keycloak.saml.Client("samlClient", + client_id="test-saml-client", + include_authn_statement=True, realm_id=realm.id, - client_id="saml-client", - sign_documents=False, sign_assertions=True, - include_authn_statement=True, + sign_documents=False, signing_certificate=(lambda path: open(path).read())("saml-cert.pem"), signing_private_key=(lambda path: open(path).read())("saml-key.pem")) ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm_id` - (Required) The realm this client is attached to. + - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. + - `name` - (Optional) The display name of this client in the GUI. + - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. + - `description` - (Optional) The description of this client in the GUI. + - `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. + - `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. + - `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. + - `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. + - `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. + - `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. + - `name_id_format` - (Optional) Sets the Name ID format for the subject. + - `root_url` - (Optional) When specified, this value is prepended to all relative URLs. + - `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. + - `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. + - `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests. + - `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. + - `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. + - `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. + - `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. + - `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). + - `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). + - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. + - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. + - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token + + ### Import Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak + assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. - assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. - - Example: - - bash - - ```sh - $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 - ``` + Example: :param str resource_name: The name of the resource. :param ClientArgs args: The arguments to use to populate this resource's properties. @@ -1468,42 +1215,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] assertion_consumer_post_url: SAML POST Binding URL for the client's assertion consumer service (login responses). - :param pulumi.Input[str] assertion_consumer_redirect_url: SAML Redirect Binding URL for the client's assertion consumer service (login responses). - :param pulumi.Input[pulumi.InputType['ClientAuthenticationFlowBindingOverridesArgs']] authentication_flow_binding_overrides: Override realm authentication flow bindings - :param pulumi.Input[str] base_url: When specified, this URL will be used whenever Keycloak needs to link to this client. - :param pulumi.Input[str] canonicalization_method: The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - :param pulumi.Input[str] client_id: The unique ID of this client, referenced in the URI during authentication and in issued tokens. - :param pulumi.Input[bool] client_signature_required: When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - :param pulumi.Input[str] description: The description of this client in the GUI. - :param pulumi.Input[bool] enabled: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - :param pulumi.Input[bool] encrypt_assertions: When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - :param pulumi.Input[str] encryption_certificate: If assertions for the client are encrypted, this certificate will be used for encryption. - :param pulumi.Input[str] encryption_certificate_sha1: (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - :param pulumi.Input[bool] force_name_id_format: Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - :param pulumi.Input[bool] force_post_binding: When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - :param pulumi.Input[bool] front_channel_logout: When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - :param pulumi.Input[bool] full_scope_allowed: Allow to include all roles mappings in the access token - :param pulumi.Input[str] idp_initiated_sso_relay_state: Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - :param pulumi.Input[str] idp_initiated_sso_url_name: URL fragment name to reference client when you want to do IDP Initiated SSO. - :param pulumi.Input[bool] include_authn_statement: When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - :param pulumi.Input[str] login_theme: The login theme of this client. - :param pulumi.Input[str] logout_service_post_binding_url: SAML POST Binding URL for the client's single logout service. - :param pulumi.Input[str] logout_service_redirect_binding_url: SAML Redirect Binding URL for the client's single logout service. - :param pulumi.Input[str] master_saml_processing_url: When specified, this URL will be used for all SAML requests. - :param pulumi.Input[str] name: The display name of this client in the GUI. - :param pulumi.Input[str] name_id_format: Sets the Name ID format for the subject. - :param pulumi.Input[str] realm_id: The realm this client is attached to. - :param pulumi.Input[str] root_url: When specified, this value is prepended to all relative URLs. - :param pulumi.Input[bool] sign_assertions: When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - :param pulumi.Input[bool] sign_documents: When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - :param pulumi.Input[str] signature_algorithm: The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - :param pulumi.Input[str] signature_key_name: The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - :param pulumi.Input[str] signing_certificate: If documents or assertions from the client are signed, this certificate will be used to verify the signature. - :param pulumi.Input[str] signing_certificate_sha1: (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - :param pulumi.Input[str] signing_private_key: If documents or assertions from the client are signed, this private key will be used to verify the signature. - :param pulumi.Input[str] signing_private_key_sha1: (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -1551,97 +1262,61 @@ def get(resource_name: str, @property @pulumi.getter(name="assertionConsumerPostUrl") def assertion_consumer_post_url(self) -> pulumi.Output[Optional[str]]: - """ - SAML POST Binding URL for the client's assertion consumer service (login responses). - """ return pulumi.get(self, "assertion_consumer_post_url") @property @pulumi.getter(name="assertionConsumerRedirectUrl") def assertion_consumer_redirect_url(self) -> pulumi.Output[Optional[str]]: - """ - SAML Redirect Binding URL for the client's assertion consumer service (login responses). - """ return pulumi.get(self, "assertion_consumer_redirect_url") @property @pulumi.getter(name="authenticationFlowBindingOverrides") def authentication_flow_binding_overrides(self) -> pulumi.Output[Optional['outputs.ClientAuthenticationFlowBindingOverrides']]: - """ - Override realm authentication flow bindings - """ return pulumi.get(self, "authentication_flow_binding_overrides") @property @pulumi.getter(name="baseUrl") def base_url(self) -> pulumi.Output[Optional[str]]: - """ - When specified, this URL will be used whenever Keycloak needs to link to this client. - """ return pulumi.get(self, "base_url") @property @pulumi.getter(name="canonicalizationMethod") def canonicalization_method(self) -> pulumi.Output[Optional[str]]: - """ - The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". - """ return pulumi.get(self, "canonicalization_method") @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[str]: - """ - The unique ID of this client, referenced in the URI during authentication and in issued tokens. - """ return pulumi.get(self, "client_id") @property @pulumi.getter(name="clientSignatureRequired") def client_signature_required(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. Defaults to `true`. - """ return pulumi.get(self, "client_signature_required") @property @pulumi.getter def description(self) -> pulumi.Output[Optional[str]]: - """ - The description of this client in the GUI. - """ return pulumi.get(self, "description") @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: - """ - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - """ return pulumi.get(self, "enabled") @property @pulumi.getter(name="encryptAssertions") def encrypt_assertions(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`. - """ return pulumi.get(self, "encrypt_assertions") @property @pulumi.getter(name="encryptionCertificate") def encryption_certificate(self) -> pulumi.Output[str]: - """ - If assertions for the client are encrypted, this certificate will be used for encryption. - """ return pulumi.get(self, "encryption_certificate") @property @pulumi.getter(name="encryptionCertificateSha1") def encryption_certificate_sha1(self) -> pulumi.Output[str]: - """ - (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. - """ return pulumi.get(self, "encryption_certificate_sha1") @property @@ -1652,192 +1327,120 @@ def extra_config(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: @property @pulumi.getter(name="forceNameIdFormat") def force_name_id_format(self) -> pulumi.Output[Optional[bool]]: - """ - Ignore requested NameID subject format and use the one defined in `name_id_format` instead. Defaults to `false`. - """ return pulumi.get(self, "force_name_id_format") @property @pulumi.getter(name="forcePostBinding") def force_post_binding(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`. - """ return pulumi.get(self, "force_post_binding") @property @pulumi.getter(name="frontChannelLogout") def front_channel_logout(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`. - """ return pulumi.get(self, "front_channel_logout") @property @pulumi.getter(name="fullScopeAllowed") def full_scope_allowed(self) -> pulumi.Output[Optional[bool]]: - """ - Allow to include all roles mappings in the access token - """ return pulumi.get(self, "full_scope_allowed") @property @pulumi.getter(name="idpInitiatedSsoRelayState") def idp_initiated_sso_relay_state(self) -> pulumi.Output[Optional[str]]: - """ - Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - """ return pulumi.get(self, "idp_initiated_sso_relay_state") @property @pulumi.getter(name="idpInitiatedSsoUrlName") def idp_initiated_sso_url_name(self) -> pulumi.Output[Optional[str]]: - """ - URL fragment name to reference client when you want to do IDP Initiated SSO. - """ return pulumi.get(self, "idp_initiated_sso_url_name") @property @pulumi.getter(name="includeAuthnStatement") def include_authn_statement(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`. - """ return pulumi.get(self, "include_authn_statement") @property @pulumi.getter(name="loginTheme") def login_theme(self) -> pulumi.Output[Optional[str]]: - """ - The login theme of this client. - """ return pulumi.get(self, "login_theme") @property @pulumi.getter(name="logoutServicePostBindingUrl") def logout_service_post_binding_url(self) -> pulumi.Output[Optional[str]]: - """ - SAML POST Binding URL for the client's single logout service. - """ return pulumi.get(self, "logout_service_post_binding_url") @property @pulumi.getter(name="logoutServiceRedirectBindingUrl") def logout_service_redirect_binding_url(self) -> pulumi.Output[Optional[str]]: - """ - SAML Redirect Binding URL for the client's single logout service. - """ return pulumi.get(self, "logout_service_redirect_binding_url") @property @pulumi.getter(name="masterSamlProcessingUrl") def master_saml_processing_url(self) -> pulumi.Output[Optional[str]]: - """ - When specified, this URL will be used for all SAML requests. - """ return pulumi.get(self, "master_saml_processing_url") @property @pulumi.getter def name(self) -> pulumi.Output[str]: - """ - The display name of this client in the GUI. - """ return pulumi.get(self, "name") @property @pulumi.getter(name="nameIdFormat") def name_id_format(self) -> pulumi.Output[str]: - """ - Sets the Name ID format for the subject. - """ return pulumi.get(self, "name_id_format") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this client is attached to. - """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="rootUrl") def root_url(self) -> pulumi.Output[Optional[str]]: - """ - When specified, this value is prepended to all relative URLs. - """ return pulumi.get(self, "root_url") @property @pulumi.getter(name="signAssertions") def sign_assertions(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`. - """ return pulumi.get(self, "sign_assertions") @property @pulumi.getter(name="signDocuments") def sign_documents(self) -> pulumi.Output[Optional[bool]]: - """ - When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`. - """ return pulumi.get(self, "sign_documents") @property @pulumi.getter(name="signatureAlgorithm") def signature_algorithm(self) -> pulumi.Output[Optional[str]]: - """ - The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1". - """ return pulumi.get(self, "signature_algorithm") @property @pulumi.getter(name="signatureKeyName") def signature_key_name(self) -> pulumi.Output[Optional[str]]: - """ - The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID". - """ return pulumi.get(self, "signature_key_name") @property @pulumi.getter(name="signingCertificate") def signing_certificate(self) -> pulumi.Output[str]: - """ - If documents or assertions from the client are signed, this certificate will be used to verify the signature. - """ return pulumi.get(self, "signing_certificate") @property @pulumi.getter(name="signingCertificateSha1") def signing_certificate_sha1(self) -> pulumi.Output[str]: - """ - (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty. - """ return pulumi.get(self, "signing_certificate_sha1") @property @pulumi.getter(name="signingPrivateKey") def signing_private_key(self) -> pulumi.Output[str]: - """ - If documents or assertions from the client are signed, this private key will be used to verify the signature. - """ return pulumi.get(self, "signing_private_key") @property @pulumi.getter(name="signingPrivateKeySha1") def signing_private_key_sha1(self) -> pulumi.Output[str]: - """ - (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty. - """ return pulumi.get(self, "signing_private_key_sha1") @property @pulumi.getter(name="validRedirectUris") def valid_redirect_uris(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - """ return pulumi.get(self, "valid_redirect_uris") diff --git a/sdk/python/pulumi_keycloak/saml/client_default_scope.py b/sdk/python/pulumi_keycloak/saml/client_default_scope.py index 0999c673..f36774c1 100644 --- a/sdk/python/pulumi_keycloak/saml/client_default_scope.py +++ b/sdk/python/pulumi_keycloak/saml/client_default_scope.py @@ -132,6 +132,7 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -156,12 +157,13 @@ def __init__(__self__, client_scope.name, ]) ``` + ## Import This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist - on the server. + on the server. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -178,6 +180,7 @@ def __init__(__self__, """ ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -202,12 +205,13 @@ def __init__(__self__, client_scope.name, ]) ``` + ## Import This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist - on the server. + on the server. :param str resource_name: The name of the resource. :param ClientDefaultScopeArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_keycloak/saml/client_scope.py b/sdk/python/pulumi_keycloak/saml/client_scope.py index 07375a0b..ae89f2c6 100644 --- a/sdk/python/pulumi_keycloak/saml/client_scope.py +++ b/sdk/python/pulumi_keycloak/saml/client_scope.py @@ -204,6 +204,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -216,16 +217,17 @@ def __init__(__self__, description="This scope will map a user's group memberships to SAML assertion", gui_order=1) ``` + ## Import Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak - assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e @@ -252,6 +254,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -264,16 +267,17 @@ def __init__(__self__, description="This scope will map a user's group memberships to SAML assertion", gui_order=1) ``` + ## Import Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak - assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. + assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e diff --git a/sdk/python/pulumi_keycloak/saml/get_client.py b/sdk/python/pulumi_keycloak/saml/get_client.py index 9b582d72..cc184794 100644 --- a/sdk/python/pulumi_keycloak/saml/get_client.py +++ b/sdk/python/pulumi_keycloak/saml/get_client.py @@ -395,6 +395,7 @@ def get_client(client_id: Optional[str] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -405,6 +406,7 @@ def get_client(client_id: Optional[str] = None, client_id=realm_management.id, name="realm-admin") ``` + :param str client_id: The client id (not its unique ID). @@ -467,6 +469,7 @@ def get_client_output(client_id: Optional[pulumi.Input[str]] = None, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -477,6 +480,7 @@ def get_client_output(client_id: Optional[pulumi.Input[str]] = None, client_id=realm_management.id, name="realm-admin") ``` + :param str client_id: The client id (not its unique ID). diff --git a/sdk/python/pulumi_keycloak/saml/get_client_installation_provider.py b/sdk/python/pulumi_keycloak/saml/get_client_installation_provider.py index 297effb3..1df00bb6 100644 --- a/sdk/python/pulumi_keycloak/saml/get_client_installation_provider.py +++ b/sdk/python/pulumi_keycloak/saml/get_client_installation_provider.py @@ -94,6 +94,7 @@ def get_client_installation_provider(client_id: Optional[str] = None, In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. + ```python import pulumi import pulumi_aws as aws @@ -115,6 +116,7 @@ def get_client_installation_provider(client_id: Optional[str] = None, provider_id="saml-idp-descriptor") default = aws.iam.SamlProvider("default", saml_metadata_document=saml_idp_descriptor.value) ``` + :param str client_id: The ID of the SAML client. The `id` attribute of a `keycloak_client` resource should be used here. @@ -148,6 +150,7 @@ def get_client_installation_provider_output(client_id: Optional[pulumi.Input[str In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. + ```python import pulumi import pulumi_aws as aws @@ -169,6 +172,7 @@ def get_client_installation_provider_output(client_id: Optional[pulumi.Input[str provider_id="saml-idp-descriptor") default = aws.iam.SamlProvider("default", saml_metadata_document=saml_idp_descriptor.value) ``` + :param str client_id: The ID of the SAML client. The `id` attribute of a `keycloak_client` resource should be used here. diff --git a/sdk/python/pulumi_keycloak/saml/identity_provider.py b/sdk/python/pulumi_keycloak/saml/identity_provider.py index fa3bb076..4a492bac 100644 --- a/sdk/python/pulumi_keycloak/saml/identity_provider.py +++ b/sdk/python/pulumi_keycloak/saml/identity_provider.py @@ -53,42 +53,47 @@ def __init__(__self__, *, xml_sign_key_info_key_name_transformer: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a IdentityProvider resource. - :param pulumi.Input[str] alias: The unique name of identity provider. + :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider and it is also used to build the redirect uri. :param pulumi.Input[str] entity_id: The Entity ID that will be used to uniquely identify this SAML Service Provider. - :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. - :param pulumi.Input[str] single_sign_on_service_url: The Url that must be used to send authentication requests (SAML AuthnRequest). - :param pulumi.Input[bool] add_read_token_role_on_create: When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. - :param pulumi.Input[bool] authenticate_by_default: Authenticate users by default. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_class_refs: Ordered list of requested AuthnContext ClassRefs. - :param pulumi.Input[str] authn_context_comparison_type: Specifies the comparison method used to evaluate the requested context classes or statements. - :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_decl_refs: Ordered list of requested AuthnContext DeclRefs. - :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout?. Defaults to `false`. - :param pulumi.Input[str] display_name: The display name for the realm that is shown when logging in to the admin console. - :param pulumi.Input[bool] enabled: When `false`, users and clients will not be able to access this realm. Defaults to `true`. - :param pulumi.Input[str] first_broker_login_flow_alias: Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. - :param pulumi.Input[bool] force_authn: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. - :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. - :param pulumi.Input[bool] hide_on_login_page: If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[str] realm: Realm Name + :param pulumi.Input[str] single_sign_on_service_url: SSO Logout URL. + :param pulumi.Input[bool] add_read_token_role_on_create: Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. + :param pulumi.Input[bool] authenticate_by_default: Enable/disable authenticate users by default. + :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_class_refs: AuthnContext ClassRefs + :param pulumi.Input[str] authn_context_comparison_type: AuthnContext Comparison + :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_decl_refs: AuthnContext DeclRefs + :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout? + :param pulumi.Input[str] display_name: Friendly name for Identity Providers. + :param pulumi.Input[bool] enabled: Enable/disable this identity provider. + :param pulumi.Input[str] first_broker_login_flow_alias: Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + that there is not yet existing Keycloak account linked with the authenticated identity provider account. + :param pulumi.Input[bool] force_authn: Require Force Authn. + :param pulumi.Input[str] gui_order: GUI Order + :param pulumi.Input[bool] hide_on_login_page: Hide On Login Page. + :param pulumi.Input[bool] link_only: If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + want to allow login from the provider, but want to integrate with a provider :param pulumi.Input[str] login_hint: Login Hint. - :param pulumi.Input[str] name_id_policy_format: Specifies the URI reference corresponding to a name identifier format. Defaults to empty. - :param pulumi.Input[bool] post_binding_authn_request: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_logout: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. - :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. - :param pulumi.Input[str] principal_attribute: The principal attribute. - :param pulumi.Input[str] principal_type: The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. - :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. - :param pulumi.Input[str] signature_algorithm: Signing Algorithm. Defaults to empty. + :param pulumi.Input[str] name_id_policy_format: Name ID Policy Format. + :param pulumi.Input[bool] post_binding_authn_request: Post Binding Authn Request. + :param pulumi.Input[bool] post_binding_logout: Post Binding Logout. + :param pulumi.Input[bool] post_binding_response: Post Binding Response. + :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. + :param pulumi.Input[str] principal_attribute: Principal Attribute + :param pulumi.Input[str] principal_type: Principal Type + :param pulumi.Input[str] provider_id: provider id, is always saml, unless you have a custom implementation + :param pulumi.Input[str] signature_algorithm: Signing Algorithm. :param pulumi.Input[str] signing_certificate: Signing Certificate. - :param pulumi.Input[str] single_logout_service_url: The Url that must be used to send logout requests. - :param pulumi.Input[bool] store_token: When `true`, tokens will be stored after authenticating users. Defaults to `true`. - :param pulumi.Input[str] sync_mode: The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. - :param pulumi.Input[bool] trust_email: When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + :param pulumi.Input[str] single_logout_service_url: Logout URL. + :param pulumi.Input[bool] store_token: Enable/disable if tokens must be stored after authenticating users. + :param pulumi.Input[str] sync_mode: Sync Mode + :param pulumi.Input[bool] trust_email: If enabled then email provided by this provider is not verified even if verification is enabled for the realm. :param pulumi.Input[bool] validate_signature: Enable/disable signature validation of SAML responses. - :param pulumi.Input[bool] want_assertions_encrypted: Indicates whether this service provider expects an encrypted Assertion. - :param pulumi.Input[bool] want_assertions_signed: Indicates whether this service provider expects a signed Assertion. - :param pulumi.Input[str] xml_sign_key_info_key_name_transformer: The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + :param pulumi.Input[bool] want_assertions_encrypted: Want Assertions Encrypted. + :param pulumi.Input[bool] want_assertions_signed: Want Assertions Signed. + :param pulumi.Input[str] xml_sign_key_info_key_name_transformer: Sign Key Transformer. """ pulumi.set(__self__, "alias", alias) pulumi.set(__self__, "entity_id", entity_id) @@ -165,7 +170,7 @@ def __init__(__self__, *, @pulumi.getter def alias(self) -> pulumi.Input[str]: """ - The unique name of identity provider. + The alias uniquely identifies an identity provider and it is also used to build the redirect uri. """ return pulumi.get(self, "alias") @@ -189,7 +194,7 @@ def entity_id(self, value: pulumi.Input[str]): @pulumi.getter def realm(self) -> pulumi.Input[str]: """ - The name of the realm. This is unique across Keycloak. + Realm Name """ return pulumi.get(self, "realm") @@ -201,7 +206,7 @@ def realm(self, value: pulumi.Input[str]): @pulumi.getter(name="singleSignOnServiceUrl") def single_sign_on_service_url(self) -> pulumi.Input[str]: """ - The Url that must be used to send authentication requests (SAML AuthnRequest). + SSO Logout URL. """ return pulumi.get(self, "single_sign_on_service_url") @@ -213,7 +218,7 @@ def single_sign_on_service_url(self, value: pulumi.Input[str]): @pulumi.getter(name="addReadTokenRoleOnCreate") def add_read_token_role_on_create(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. """ return pulumi.get(self, "add_read_token_role_on_create") @@ -225,7 +230,7 @@ def add_read_token_role_on_create(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="authenticateByDefault") def authenticate_by_default(self) -> Optional[pulumi.Input[bool]]: """ - Authenticate users by default. Defaults to `false`. + Enable/disable authenticate users by default. """ return pulumi.get(self, "authenticate_by_default") @@ -237,7 +242,7 @@ def authenticate_by_default(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="authnContextClassRefs") def authn_context_class_refs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Ordered list of requested AuthnContext ClassRefs. + AuthnContext ClassRefs """ return pulumi.get(self, "authn_context_class_refs") @@ -249,7 +254,7 @@ def authn_context_class_refs(self, value: Optional[pulumi.Input[Sequence[pulumi. @pulumi.getter(name="authnContextComparisonType") def authn_context_comparison_type(self) -> Optional[pulumi.Input[str]]: """ - Specifies the comparison method used to evaluate the requested context classes or statements. + AuthnContext Comparison """ return pulumi.get(self, "authn_context_comparison_type") @@ -261,7 +266,7 @@ def authn_context_comparison_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="authnContextDeclRefs") def authn_context_decl_refs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Ordered list of requested AuthnContext DeclRefs. + AuthnContext DeclRefs """ return pulumi.get(self, "authn_context_decl_refs") @@ -273,7 +278,7 @@ def authn_context_decl_refs(self, value: Optional[pulumi.Input[Sequence[pulumi.I @pulumi.getter(name="backchannelSupported") def backchannel_supported(self) -> Optional[pulumi.Input[bool]]: """ - Does the external IDP support backchannel logout?. Defaults to `false`. + Does the external IDP support backchannel logout? """ return pulumi.get(self, "backchannel_supported") @@ -285,7 +290,7 @@ def backchannel_supported(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="displayName") def display_name(self) -> Optional[pulumi.Input[str]]: """ - The display name for the realm that is shown when logging in to the admin console. + Friendly name for Identity Providers. """ return pulumi.get(self, "display_name") @@ -297,7 +302,7 @@ def display_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - When `false`, users and clients will not be able to access this realm. Defaults to `true`. + Enable/disable this identity provider. """ return pulumi.get(self, "enabled") @@ -318,7 +323,8 @@ def extra_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter(name="firstBrokerLoginFlowAlias") def first_broker_login_flow_alias(self) -> Optional[pulumi.Input[str]]: """ - Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + that there is not yet existing Keycloak account linked with the authenticated identity provider account. """ return pulumi.get(self, "first_broker_login_flow_alias") @@ -330,7 +336,7 @@ def first_broker_login_flow_alias(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="forceAuthn") def force_authn(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + Require Force Authn. """ return pulumi.get(self, "force_authn") @@ -342,7 +348,7 @@ def force_authn(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="guiOrder") def gui_order(self) -> Optional[pulumi.Input[str]]: """ - A number defining the order of this identity provider in the GUI. + GUI Order """ return pulumi.get(self, "gui_order") @@ -354,7 +360,7 @@ def gui_order(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="hideOnLoginPage") def hide_on_login_page(self) -> Optional[pulumi.Input[bool]]: """ - If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + Hide On Login Page. """ return pulumi.get(self, "hide_on_login_page") @@ -366,7 +372,8 @@ def hide_on_login_page(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="linkOnly") def link_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + want to allow login from the provider, but want to integrate with a provider """ return pulumi.get(self, "link_only") @@ -390,7 +397,7 @@ def login_hint(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="nameIdPolicyFormat") def name_id_policy_format(self) -> Optional[pulumi.Input[str]]: """ - Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + Name ID Policy Format. """ return pulumi.get(self, "name_id_policy_format") @@ -402,7 +409,7 @@ def name_id_policy_format(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="postBindingAuthnRequest") def post_binding_authn_request(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + Post Binding Authn Request. """ return pulumi.get(self, "post_binding_authn_request") @@ -414,7 +421,7 @@ def post_binding_authn_request(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="postBindingLogout") def post_binding_logout(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + Post Binding Logout. """ return pulumi.get(self, "post_binding_logout") @@ -426,7 +433,7 @@ def post_binding_logout(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="postBindingResponse") def post_binding_response(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + Post Binding Response. """ return pulumi.get(self, "post_binding_response") @@ -438,7 +445,10 @@ def post_binding_response(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="postBrokerLoginFlowAlias") def post_broker_login_flow_alias(self) -> Optional[pulumi.Input[str]]: """ - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. """ return pulumi.get(self, "post_broker_login_flow_alias") @@ -450,7 +460,7 @@ def post_broker_login_flow_alias(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="principalAttribute") def principal_attribute(self) -> Optional[pulumi.Input[str]]: """ - The principal attribute. + Principal Attribute """ return pulumi.get(self, "principal_attribute") @@ -462,7 +472,7 @@ def principal_attribute(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="principalType") def principal_type(self) -> Optional[pulumi.Input[str]]: """ - The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + Principal Type """ return pulumi.get(self, "principal_type") @@ -474,7 +484,7 @@ def principal_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="providerId") def provider_id(self) -> Optional[pulumi.Input[str]]: """ - The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + provider id, is always saml, unless you have a custom implementation """ return pulumi.get(self, "provider_id") @@ -486,7 +496,7 @@ def provider_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="signatureAlgorithm") def signature_algorithm(self) -> Optional[pulumi.Input[str]]: """ - Signing Algorithm. Defaults to empty. + Signing Algorithm. """ return pulumi.get(self, "signature_algorithm") @@ -510,7 +520,7 @@ def signing_certificate(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="singleLogoutServiceUrl") def single_logout_service_url(self) -> Optional[pulumi.Input[str]]: """ - The Url that must be used to send logout requests. + Logout URL. """ return pulumi.get(self, "single_logout_service_url") @@ -522,7 +532,7 @@ def single_logout_service_url(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="storeToken") def store_token(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, tokens will be stored after authenticating users. Defaults to `true`. + Enable/disable if tokens must be stored after authenticating users. """ return pulumi.get(self, "store_token") @@ -534,7 +544,7 @@ def store_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="syncMode") def sync_mode(self) -> Optional[pulumi.Input[str]]: """ - The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + Sync Mode """ return pulumi.get(self, "sync_mode") @@ -546,7 +556,7 @@ def sync_mode(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="trustEmail") def trust_email(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + If enabled then email provided by this provider is not verified even if verification is enabled for the realm. """ return pulumi.get(self, "trust_email") @@ -570,7 +580,7 @@ def validate_signature(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="wantAssertionsEncrypted") def want_assertions_encrypted(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether this service provider expects an encrypted Assertion. + Want Assertions Encrypted. """ return pulumi.get(self, "want_assertions_encrypted") @@ -582,7 +592,7 @@ def want_assertions_encrypted(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="wantAssertionsSigned") def want_assertions_signed(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether this service provider expects a signed Assertion. + Want Assertions Signed. """ return pulumi.get(self, "want_assertions_signed") @@ -594,7 +604,7 @@ def want_assertions_signed(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="xmlSignKeyInfoKeyNameTransformer") def xml_sign_key_info_key_name_transformer(self) -> Optional[pulumi.Input[str]]: """ - The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + Sign Key Transformer. """ return pulumi.get(self, "xml_sign_key_info_key_name_transformer") @@ -646,43 +656,48 @@ def __init__(__self__, *, xml_sign_key_info_key_name_transformer: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering IdentityProvider resources. - :param pulumi.Input[bool] add_read_token_role_on_create: When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. - :param pulumi.Input[str] alias: The unique name of identity provider. - :param pulumi.Input[bool] authenticate_by_default: Authenticate users by default. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_class_refs: Ordered list of requested AuthnContext ClassRefs. - :param pulumi.Input[str] authn_context_comparison_type: Specifies the comparison method used to evaluate the requested context classes or statements. - :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_decl_refs: Ordered list of requested AuthnContext DeclRefs. - :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout?. Defaults to `false`. - :param pulumi.Input[str] display_name: The display name for the realm that is shown when logging in to the admin console. - :param pulumi.Input[bool] enabled: When `false`, users and clients will not be able to access this realm. Defaults to `true`. + :param pulumi.Input[bool] add_read_token_role_on_create: Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. + :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + :param pulumi.Input[bool] authenticate_by_default: Enable/disable authenticate users by default. + :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_class_refs: AuthnContext ClassRefs + :param pulumi.Input[str] authn_context_comparison_type: AuthnContext Comparison + :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_decl_refs: AuthnContext DeclRefs + :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout? + :param pulumi.Input[str] display_name: Friendly name for Identity Providers. + :param pulumi.Input[bool] enabled: Enable/disable this identity provider. :param pulumi.Input[str] entity_id: The Entity ID that will be used to uniquely identify this SAML Service Provider. - :param pulumi.Input[str] first_broker_login_flow_alias: Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. - :param pulumi.Input[bool] force_authn: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. - :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. - :param pulumi.Input[bool] hide_on_login_page: If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + :param pulumi.Input[str] first_broker_login_flow_alias: Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + that there is not yet existing Keycloak account linked with the authenticated identity provider account. + :param pulumi.Input[bool] force_authn: Require Force Authn. + :param pulumi.Input[str] gui_order: GUI Order + :param pulumi.Input[bool] hide_on_login_page: Hide On Login Page. :param pulumi.Input[str] internal_id: Internal Identity Provider Id - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + want to allow login from the provider, but want to integrate with a provider :param pulumi.Input[str] login_hint: Login Hint. - :param pulumi.Input[str] name_id_policy_format: Specifies the URI reference corresponding to a name identifier format. Defaults to empty. - :param pulumi.Input[bool] post_binding_authn_request: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_logout: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. - :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. - :param pulumi.Input[str] principal_attribute: The principal attribute. - :param pulumi.Input[str] principal_type: The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. - :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. - :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. - :param pulumi.Input[str] signature_algorithm: Signing Algorithm. Defaults to empty. + :param pulumi.Input[str] name_id_policy_format: Name ID Policy Format. + :param pulumi.Input[bool] post_binding_authn_request: Post Binding Authn Request. + :param pulumi.Input[bool] post_binding_logout: Post Binding Logout. + :param pulumi.Input[bool] post_binding_response: Post Binding Response. + :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. + :param pulumi.Input[str] principal_attribute: Principal Attribute + :param pulumi.Input[str] principal_type: Principal Type + :param pulumi.Input[str] provider_id: provider id, is always saml, unless you have a custom implementation + :param pulumi.Input[str] realm: Realm Name + :param pulumi.Input[str] signature_algorithm: Signing Algorithm. :param pulumi.Input[str] signing_certificate: Signing Certificate. - :param pulumi.Input[str] single_logout_service_url: The Url that must be used to send logout requests. - :param pulumi.Input[str] single_sign_on_service_url: The Url that must be used to send authentication requests (SAML AuthnRequest). - :param pulumi.Input[bool] store_token: When `true`, tokens will be stored after authenticating users. Defaults to `true`. - :param pulumi.Input[str] sync_mode: The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. - :param pulumi.Input[bool] trust_email: When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + :param pulumi.Input[str] single_logout_service_url: Logout URL. + :param pulumi.Input[str] single_sign_on_service_url: SSO Logout URL. + :param pulumi.Input[bool] store_token: Enable/disable if tokens must be stored after authenticating users. + :param pulumi.Input[str] sync_mode: Sync Mode + :param pulumi.Input[bool] trust_email: If enabled then email provided by this provider is not verified even if verification is enabled for the realm. :param pulumi.Input[bool] validate_signature: Enable/disable signature validation of SAML responses. - :param pulumi.Input[bool] want_assertions_encrypted: Indicates whether this service provider expects an encrypted Assertion. - :param pulumi.Input[bool] want_assertions_signed: Indicates whether this service provider expects a signed Assertion. - :param pulumi.Input[str] xml_sign_key_info_key_name_transformer: The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + :param pulumi.Input[bool] want_assertions_encrypted: Want Assertions Encrypted. + :param pulumi.Input[bool] want_assertions_signed: Want Assertions Signed. + :param pulumi.Input[str] xml_sign_key_info_key_name_transformer: Sign Key Transformer. """ if add_read_token_role_on_create is not None: pulumi.set(__self__, "add_read_token_role_on_create", add_read_token_role_on_create) @@ -765,7 +780,7 @@ def __init__(__self__, *, @pulumi.getter(name="addReadTokenRoleOnCreate") def add_read_token_role_on_create(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. """ return pulumi.get(self, "add_read_token_role_on_create") @@ -777,7 +792,7 @@ def add_read_token_role_on_create(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def alias(self) -> Optional[pulumi.Input[str]]: """ - The unique name of identity provider. + The alias uniquely identifies an identity provider and it is also used to build the redirect uri. """ return pulumi.get(self, "alias") @@ -789,7 +804,7 @@ def alias(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="authenticateByDefault") def authenticate_by_default(self) -> Optional[pulumi.Input[bool]]: """ - Authenticate users by default. Defaults to `false`. + Enable/disable authenticate users by default. """ return pulumi.get(self, "authenticate_by_default") @@ -801,7 +816,7 @@ def authenticate_by_default(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="authnContextClassRefs") def authn_context_class_refs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Ordered list of requested AuthnContext ClassRefs. + AuthnContext ClassRefs """ return pulumi.get(self, "authn_context_class_refs") @@ -813,7 +828,7 @@ def authn_context_class_refs(self, value: Optional[pulumi.Input[Sequence[pulumi. @pulumi.getter(name="authnContextComparisonType") def authn_context_comparison_type(self) -> Optional[pulumi.Input[str]]: """ - Specifies the comparison method used to evaluate the requested context classes or statements. + AuthnContext Comparison """ return pulumi.get(self, "authn_context_comparison_type") @@ -825,7 +840,7 @@ def authn_context_comparison_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="authnContextDeclRefs") def authn_context_decl_refs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Ordered list of requested AuthnContext DeclRefs. + AuthnContext DeclRefs """ return pulumi.get(self, "authn_context_decl_refs") @@ -837,7 +852,7 @@ def authn_context_decl_refs(self, value: Optional[pulumi.Input[Sequence[pulumi.I @pulumi.getter(name="backchannelSupported") def backchannel_supported(self) -> Optional[pulumi.Input[bool]]: """ - Does the external IDP support backchannel logout?. Defaults to `false`. + Does the external IDP support backchannel logout? """ return pulumi.get(self, "backchannel_supported") @@ -849,7 +864,7 @@ def backchannel_supported(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="displayName") def display_name(self) -> Optional[pulumi.Input[str]]: """ - The display name for the realm that is shown when logging in to the admin console. + Friendly name for Identity Providers. """ return pulumi.get(self, "display_name") @@ -861,7 +876,7 @@ def display_name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - When `false`, users and clients will not be able to access this realm. Defaults to `true`. + Enable/disable this identity provider. """ return pulumi.get(self, "enabled") @@ -894,7 +909,8 @@ def extra_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter(name="firstBrokerLoginFlowAlias") def first_broker_login_flow_alias(self) -> Optional[pulumi.Input[str]]: """ - Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + that there is not yet existing Keycloak account linked with the authenticated identity provider account. """ return pulumi.get(self, "first_broker_login_flow_alias") @@ -906,7 +922,7 @@ def first_broker_login_flow_alias(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="forceAuthn") def force_authn(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + Require Force Authn. """ return pulumi.get(self, "force_authn") @@ -918,7 +934,7 @@ def force_authn(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="guiOrder") def gui_order(self) -> Optional[pulumi.Input[str]]: """ - A number defining the order of this identity provider in the GUI. + GUI Order """ return pulumi.get(self, "gui_order") @@ -930,7 +946,7 @@ def gui_order(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="hideOnLoginPage") def hide_on_login_page(self) -> Optional[pulumi.Input[bool]]: """ - If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + Hide On Login Page. """ return pulumi.get(self, "hide_on_login_page") @@ -954,7 +970,8 @@ def internal_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="linkOnly") def link_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + want to allow login from the provider, but want to integrate with a provider """ return pulumi.get(self, "link_only") @@ -978,7 +995,7 @@ def login_hint(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="nameIdPolicyFormat") def name_id_policy_format(self) -> Optional[pulumi.Input[str]]: """ - Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + Name ID Policy Format. """ return pulumi.get(self, "name_id_policy_format") @@ -990,7 +1007,7 @@ def name_id_policy_format(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="postBindingAuthnRequest") def post_binding_authn_request(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + Post Binding Authn Request. """ return pulumi.get(self, "post_binding_authn_request") @@ -1002,7 +1019,7 @@ def post_binding_authn_request(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="postBindingLogout") def post_binding_logout(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + Post Binding Logout. """ return pulumi.get(self, "post_binding_logout") @@ -1014,7 +1031,7 @@ def post_binding_logout(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="postBindingResponse") def post_binding_response(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + Post Binding Response. """ return pulumi.get(self, "post_binding_response") @@ -1026,7 +1043,10 @@ def post_binding_response(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="postBrokerLoginFlowAlias") def post_broker_login_flow_alias(self) -> Optional[pulumi.Input[str]]: """ - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. """ return pulumi.get(self, "post_broker_login_flow_alias") @@ -1038,7 +1058,7 @@ def post_broker_login_flow_alias(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="principalAttribute") def principal_attribute(self) -> Optional[pulumi.Input[str]]: """ - The principal attribute. + Principal Attribute """ return pulumi.get(self, "principal_attribute") @@ -1050,7 +1070,7 @@ def principal_attribute(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="principalType") def principal_type(self) -> Optional[pulumi.Input[str]]: """ - The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + Principal Type """ return pulumi.get(self, "principal_type") @@ -1062,7 +1082,7 @@ def principal_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="providerId") def provider_id(self) -> Optional[pulumi.Input[str]]: """ - The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + provider id, is always saml, unless you have a custom implementation """ return pulumi.get(self, "provider_id") @@ -1074,7 +1094,7 @@ def provider_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def realm(self) -> Optional[pulumi.Input[str]]: """ - The name of the realm. This is unique across Keycloak. + Realm Name """ return pulumi.get(self, "realm") @@ -1086,7 +1106,7 @@ def realm(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="signatureAlgorithm") def signature_algorithm(self) -> Optional[pulumi.Input[str]]: """ - Signing Algorithm. Defaults to empty. + Signing Algorithm. """ return pulumi.get(self, "signature_algorithm") @@ -1110,7 +1130,7 @@ def signing_certificate(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="singleLogoutServiceUrl") def single_logout_service_url(self) -> Optional[pulumi.Input[str]]: """ - The Url that must be used to send logout requests. + Logout URL. """ return pulumi.get(self, "single_logout_service_url") @@ -1122,7 +1142,7 @@ def single_logout_service_url(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="singleSignOnServiceUrl") def single_sign_on_service_url(self) -> Optional[pulumi.Input[str]]: """ - The Url that must be used to send authentication requests (SAML AuthnRequest). + SSO Logout URL. """ return pulumi.get(self, "single_sign_on_service_url") @@ -1134,7 +1154,7 @@ def single_sign_on_service_url(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="storeToken") def store_token(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, tokens will be stored after authenticating users. Defaults to `true`. + Enable/disable if tokens must be stored after authenticating users. """ return pulumi.get(self, "store_token") @@ -1146,7 +1166,7 @@ def store_token(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="syncMode") def sync_mode(self) -> Optional[pulumi.Input[str]]: """ - The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + Sync Mode """ return pulumi.get(self, "sync_mode") @@ -1158,7 +1178,7 @@ def sync_mode(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="trustEmail") def trust_email(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + If enabled then email provided by this provider is not verified even if verification is enabled for the realm. """ return pulumi.get(self, "trust_email") @@ -1182,7 +1202,7 @@ def validate_signature(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="wantAssertionsEncrypted") def want_assertions_encrypted(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether this service provider expects an encrypted Assertion. + Want Assertions Encrypted. """ return pulumi.get(self, "want_assertions_encrypted") @@ -1194,7 +1214,7 @@ def want_assertions_encrypted(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="wantAssertionsSigned") def want_assertions_signed(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether this service provider expects a signed Assertion. + Want Assertions Signed. """ return pulumi.get(self, "want_assertions_signed") @@ -1206,7 +1226,7 @@ def want_assertions_signed(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="xmlSignKeyInfoKeyNameTransformer") def xml_sign_key_info_key_name_transformer(self) -> Optional[pulumi.Input[str]]: """ - The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + Sign Key Transformer. """ return pulumi.get(self, "xml_sign_key_info_key_name_transformer") @@ -1259,84 +1279,117 @@ def __init__(__self__, xml_sign_key_info_key_name_transformer: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing SAML Identity Providers within Keycloak. + ## # saml.IdentityProvider - SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol. + Allows to create and manage SAML Identity Providers within Keycloak. - ## Example Usage + SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard. + ### Example Usage + + ```python import pulumi import pulumi_keycloak as keycloak - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - realm_saml_identity_provider = keycloak.saml.IdentityProvider("realmSamlIdentityProvider", - realm=realm.id, - alias="my-saml-idp", - entity_id="https://domain.com/entity_id", - single_sign_on_service_url="https://domain.com/adfs/ls/", - single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0", + realm_identity_provider = keycloak.saml.IdentityProvider("realmIdentityProvider", + alias="my-idp", backchannel_supported=True, - post_binding_response=True, - post_binding_logout=True, + force_authn=True, post_binding_authn_request=True, + post_binding_logout=True, + post_binding_response=True, + realm="my-realm", + single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0", + single_sign_on_service_url="https://domain.com/adfs/ls/", store_token=False, - trust_email=True, - force_authn=True) + trust_email=True) ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm` - (Required) The name of the realm. This is unique across Keycloak. + - `alias` - (Optional) The uniq name of identity provider. + - `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`. + - `display_name` - (Optional) The display name for the realm that is shown when logging in to the admin console. + - `store_token` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`. + - `add_read_token_role_on_create` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`. + - `trust_email` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`. + - `link_only` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`. + - `hide_on_login_page` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + - `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + - `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + - `authenticate_by_default` - (Optional) Authenticate users by default. Defaults to `false`. + + #### SAML Configuration + + - `single_sign_on_service_url` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest). + - `single_logout_service_url` - (Optional) The Url that must be used to send logout requests. + - `backchannel_supported` - (Optional) Does the external IDP support back-channel logout ?. + - `name_id_policy_format` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + - `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + - `post_binding_authn_request` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + - `post_binding_logout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + - `want_assertions_signed` - (Optional) Indicates whether this service provider expects a signed Assertion. + - `want_assertions_encrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion. + - `force_authn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + - `validate_signature` - (Optional) Enable/disable signature validation of SAML responses. + - `signing_certificate` - (Optional) Signing Certificate. + - `signature_algorithm` - (Optional) Signing Algorithm. Defaults to empty. + - `xml_sign_key_info_key_name_transformer` - (Optional) Sign Key Transformer. Defaults to empty. + + ### Import Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. - Example: - - bash - - ```sh - $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_read_token_role_on_create: When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. - :param pulumi.Input[str] alias: The unique name of identity provider. - :param pulumi.Input[bool] authenticate_by_default: Authenticate users by default. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_class_refs: Ordered list of requested AuthnContext ClassRefs. - :param pulumi.Input[str] authn_context_comparison_type: Specifies the comparison method used to evaluate the requested context classes or statements. - :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_decl_refs: Ordered list of requested AuthnContext DeclRefs. - :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout?. Defaults to `false`. - :param pulumi.Input[str] display_name: The display name for the realm that is shown when logging in to the admin console. - :param pulumi.Input[bool] enabled: When `false`, users and clients will not be able to access this realm. Defaults to `true`. + :param pulumi.Input[bool] add_read_token_role_on_create: Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. + :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + :param pulumi.Input[bool] authenticate_by_default: Enable/disable authenticate users by default. + :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_class_refs: AuthnContext ClassRefs + :param pulumi.Input[str] authn_context_comparison_type: AuthnContext Comparison + :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_decl_refs: AuthnContext DeclRefs + :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout? + :param pulumi.Input[str] display_name: Friendly name for Identity Providers. + :param pulumi.Input[bool] enabled: Enable/disable this identity provider. :param pulumi.Input[str] entity_id: The Entity ID that will be used to uniquely identify this SAML Service Provider. - :param pulumi.Input[str] first_broker_login_flow_alias: Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. - :param pulumi.Input[bool] force_authn: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. - :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. - :param pulumi.Input[bool] hide_on_login_page: If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[str] first_broker_login_flow_alias: Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + that there is not yet existing Keycloak account linked with the authenticated identity provider account. + :param pulumi.Input[bool] force_authn: Require Force Authn. + :param pulumi.Input[str] gui_order: GUI Order + :param pulumi.Input[bool] hide_on_login_page: Hide On Login Page. + :param pulumi.Input[bool] link_only: If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + want to allow login from the provider, but want to integrate with a provider :param pulumi.Input[str] login_hint: Login Hint. - :param pulumi.Input[str] name_id_policy_format: Specifies the URI reference corresponding to a name identifier format. Defaults to empty. - :param pulumi.Input[bool] post_binding_authn_request: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_logout: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. - :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. - :param pulumi.Input[str] principal_attribute: The principal attribute. - :param pulumi.Input[str] principal_type: The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. - :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. - :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. - :param pulumi.Input[str] signature_algorithm: Signing Algorithm. Defaults to empty. + :param pulumi.Input[str] name_id_policy_format: Name ID Policy Format. + :param pulumi.Input[bool] post_binding_authn_request: Post Binding Authn Request. + :param pulumi.Input[bool] post_binding_logout: Post Binding Logout. + :param pulumi.Input[bool] post_binding_response: Post Binding Response. + :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. + :param pulumi.Input[str] principal_attribute: Principal Attribute + :param pulumi.Input[str] principal_type: Principal Type + :param pulumi.Input[str] provider_id: provider id, is always saml, unless you have a custom implementation + :param pulumi.Input[str] realm: Realm Name + :param pulumi.Input[str] signature_algorithm: Signing Algorithm. :param pulumi.Input[str] signing_certificate: Signing Certificate. - :param pulumi.Input[str] single_logout_service_url: The Url that must be used to send logout requests. - :param pulumi.Input[str] single_sign_on_service_url: The Url that must be used to send authentication requests (SAML AuthnRequest). - :param pulumi.Input[bool] store_token: When `true`, tokens will be stored after authenticating users. Defaults to `true`. - :param pulumi.Input[str] sync_mode: The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. - :param pulumi.Input[bool] trust_email: When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + :param pulumi.Input[str] single_logout_service_url: Logout URL. + :param pulumi.Input[str] single_sign_on_service_url: SSO Logout URL. + :param pulumi.Input[bool] store_token: Enable/disable if tokens must be stored after authenticating users. + :param pulumi.Input[str] sync_mode: Sync Mode + :param pulumi.Input[bool] trust_email: If enabled then email provided by this provider is not verified even if verification is enabled for the realm. :param pulumi.Input[bool] validate_signature: Enable/disable signature validation of SAML responses. - :param pulumi.Input[bool] want_assertions_encrypted: Indicates whether this service provider expects an encrypted Assertion. - :param pulumi.Input[bool] want_assertions_signed: Indicates whether this service provider expects a signed Assertion. - :param pulumi.Input[str] xml_sign_key_info_key_name_transformer: The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + :param pulumi.Input[bool] want_assertions_encrypted: Want Assertions Encrypted. + :param pulumi.Input[bool] want_assertions_signed: Want Assertions Signed. + :param pulumi.Input[str] xml_sign_key_info_key_name_transformer: Sign Key Transformer. """ ... @overload @@ -1345,45 +1398,73 @@ def __init__(__self__, args: IdentityProviderArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing SAML Identity Providers within Keycloak. + ## # saml.IdentityProvider - SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol. + Allows to create and manage SAML Identity Providers within Keycloak. - ## Example Usage + SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard. + ### Example Usage + + ```python import pulumi import pulumi_keycloak as keycloak - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - realm_saml_identity_provider = keycloak.saml.IdentityProvider("realmSamlIdentityProvider", - realm=realm.id, - alias="my-saml-idp", - entity_id="https://domain.com/entity_id", - single_sign_on_service_url="https://domain.com/adfs/ls/", - single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0", + realm_identity_provider = keycloak.saml.IdentityProvider("realmIdentityProvider", + alias="my-idp", backchannel_supported=True, - post_binding_response=True, - post_binding_logout=True, + force_authn=True, post_binding_authn_request=True, + post_binding_logout=True, + post_binding_response=True, + realm="my-realm", + single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0", + single_sign_on_service_url="https://domain.com/adfs/ls/", store_token=False, - trust_email=True, - force_authn=True) + trust_email=True) ``` - - ## Import + + + ### Argument Reference + + The following arguments are supported: + + - `realm` - (Required) The name of the realm. This is unique across Keycloak. + - `alias` - (Optional) The uniq name of identity provider. + - `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`. + - `display_name` - (Optional) The display name for the realm that is shown when logging in to the admin console. + - `store_token` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`. + - `add_read_token_role_on_create` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`. + - `trust_email` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`. + - `link_only` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`. + - `hide_on_login_page` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + - `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + - `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + - `authenticate_by_default` - (Optional) Authenticate users by default. Defaults to `false`. + + #### SAML Configuration + + - `single_sign_on_service_url` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest). + - `single_logout_service_url` - (Optional) The Url that must be used to send logout requests. + - `backchannel_supported` - (Optional) Does the external IDP support back-channel logout ?. + - `name_id_policy_format` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + - `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + - `post_binding_authn_request` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + - `post_binding_logout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + - `want_assertions_signed` - (Optional) Indicates whether this service provider expects a signed Assertion. + - `want_assertions_encrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion. + - `force_authn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + - `validate_signature` - (Optional) Enable/disable signature validation of SAML responses. + - `signing_certificate` - (Optional) Signing Certificate. + - `signature_algorithm` - (Optional) Signing Algorithm. Defaults to empty. + - `xml_sign_key_info_key_name_transformer` - (Optional) Sign Key Transformer. Defaults to empty. + + ### Import Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. - Example: - - bash - - ```sh - $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp - ``` + Example: :param str resource_name: The name of the resource. :param IdentityProviderArgs args: The arguments to use to populate this resource's properties. @@ -1547,43 +1628,48 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[bool] add_read_token_role_on_create: When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. - :param pulumi.Input[str] alias: The unique name of identity provider. - :param pulumi.Input[bool] authenticate_by_default: Authenticate users by default. Defaults to `false`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_class_refs: Ordered list of requested AuthnContext ClassRefs. - :param pulumi.Input[str] authn_context_comparison_type: Specifies the comparison method used to evaluate the requested context classes or statements. - :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_decl_refs: Ordered list of requested AuthnContext DeclRefs. - :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout?. Defaults to `false`. - :param pulumi.Input[str] display_name: The display name for the realm that is shown when logging in to the admin console. - :param pulumi.Input[bool] enabled: When `false`, users and clients will not be able to access this realm. Defaults to `true`. + :param pulumi.Input[bool] add_read_token_role_on_create: Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. + :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + :param pulumi.Input[bool] authenticate_by_default: Enable/disable authenticate users by default. + :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_class_refs: AuthnContext ClassRefs + :param pulumi.Input[str] authn_context_comparison_type: AuthnContext Comparison + :param pulumi.Input[Sequence[pulumi.Input[str]]] authn_context_decl_refs: AuthnContext DeclRefs + :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout? + :param pulumi.Input[str] display_name: Friendly name for Identity Providers. + :param pulumi.Input[bool] enabled: Enable/disable this identity provider. :param pulumi.Input[str] entity_id: The Entity ID that will be used to uniquely identify this SAML Service Provider. - :param pulumi.Input[str] first_broker_login_flow_alias: Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. - :param pulumi.Input[bool] force_authn: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. - :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. - :param pulumi.Input[bool] hide_on_login_page: If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + :param pulumi.Input[str] first_broker_login_flow_alias: Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + that there is not yet existing Keycloak account linked with the authenticated identity provider account. + :param pulumi.Input[bool] force_authn: Require Force Authn. + :param pulumi.Input[str] gui_order: GUI Order + :param pulumi.Input[bool] hide_on_login_page: Hide On Login Page. :param pulumi.Input[str] internal_id: Internal Identity Provider Id - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + want to allow login from the provider, but want to integrate with a provider :param pulumi.Input[str] login_hint: Login Hint. - :param pulumi.Input[str] name_id_policy_format: Specifies the URI reference corresponding to a name identifier format. Defaults to empty. - :param pulumi.Input[bool] post_binding_authn_request: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_logout: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. - :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. - :param pulumi.Input[str] principal_attribute: The principal attribute. - :param pulumi.Input[str] principal_type: The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. - :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. - :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. - :param pulumi.Input[str] signature_algorithm: Signing Algorithm. Defaults to empty. + :param pulumi.Input[str] name_id_policy_format: Name ID Policy Format. + :param pulumi.Input[bool] post_binding_authn_request: Post Binding Authn Request. + :param pulumi.Input[bool] post_binding_logout: Post Binding Logout. + :param pulumi.Input[bool] post_binding_response: Post Binding Response. + :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. + :param pulumi.Input[str] principal_attribute: Principal Attribute + :param pulumi.Input[str] principal_type: Principal Type + :param pulumi.Input[str] provider_id: provider id, is always saml, unless you have a custom implementation + :param pulumi.Input[str] realm: Realm Name + :param pulumi.Input[str] signature_algorithm: Signing Algorithm. :param pulumi.Input[str] signing_certificate: Signing Certificate. - :param pulumi.Input[str] single_logout_service_url: The Url that must be used to send logout requests. - :param pulumi.Input[str] single_sign_on_service_url: The Url that must be used to send authentication requests (SAML AuthnRequest). - :param pulumi.Input[bool] store_token: When `true`, tokens will be stored after authenticating users. Defaults to `true`. - :param pulumi.Input[str] sync_mode: The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. - :param pulumi.Input[bool] trust_email: When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + :param pulumi.Input[str] single_logout_service_url: Logout URL. + :param pulumi.Input[str] single_sign_on_service_url: SSO Logout URL. + :param pulumi.Input[bool] store_token: Enable/disable if tokens must be stored after authenticating users. + :param pulumi.Input[str] sync_mode: Sync Mode + :param pulumi.Input[bool] trust_email: If enabled then email provided by this provider is not verified even if verification is enabled for the realm. :param pulumi.Input[bool] validate_signature: Enable/disable signature validation of SAML responses. - :param pulumi.Input[bool] want_assertions_encrypted: Indicates whether this service provider expects an encrypted Assertion. - :param pulumi.Input[bool] want_assertions_signed: Indicates whether this service provider expects a signed Assertion. - :param pulumi.Input[str] xml_sign_key_info_key_name_transformer: The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + :param pulumi.Input[bool] want_assertions_encrypted: Want Assertions Encrypted. + :param pulumi.Input[bool] want_assertions_signed: Want Assertions Signed. + :param pulumi.Input[str] xml_sign_key_info_key_name_transformer: Sign Key Transformer. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -1633,7 +1719,7 @@ def get(resource_name: str, @pulumi.getter(name="addReadTokenRoleOnCreate") def add_read_token_role_on_create(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. + Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. """ return pulumi.get(self, "add_read_token_role_on_create") @@ -1641,7 +1727,7 @@ def add_read_token_role_on_create(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def alias(self) -> pulumi.Output[str]: """ - The unique name of identity provider. + The alias uniquely identifies an identity provider and it is also used to build the redirect uri. """ return pulumi.get(self, "alias") @@ -1649,7 +1735,7 @@ def alias(self) -> pulumi.Output[str]: @pulumi.getter(name="authenticateByDefault") def authenticate_by_default(self) -> pulumi.Output[Optional[bool]]: """ - Authenticate users by default. Defaults to `false`. + Enable/disable authenticate users by default. """ return pulumi.get(self, "authenticate_by_default") @@ -1657,7 +1743,7 @@ def authenticate_by_default(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="authnContextClassRefs") def authn_context_class_refs(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - Ordered list of requested AuthnContext ClassRefs. + AuthnContext ClassRefs """ return pulumi.get(self, "authn_context_class_refs") @@ -1665,7 +1751,7 @@ def authn_context_class_refs(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="authnContextComparisonType") def authn_context_comparison_type(self) -> pulumi.Output[Optional[str]]: """ - Specifies the comparison method used to evaluate the requested context classes or statements. + AuthnContext Comparison """ return pulumi.get(self, "authn_context_comparison_type") @@ -1673,7 +1759,7 @@ def authn_context_comparison_type(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="authnContextDeclRefs") def authn_context_decl_refs(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - Ordered list of requested AuthnContext DeclRefs. + AuthnContext DeclRefs """ return pulumi.get(self, "authn_context_decl_refs") @@ -1681,7 +1767,7 @@ def authn_context_decl_refs(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="backchannelSupported") def backchannel_supported(self) -> pulumi.Output[Optional[bool]]: """ - Does the external IDP support backchannel logout?. Defaults to `false`. + Does the external IDP support backchannel logout? """ return pulumi.get(self, "backchannel_supported") @@ -1689,7 +1775,7 @@ def backchannel_supported(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="displayName") def display_name(self) -> pulumi.Output[Optional[str]]: """ - The display name for the realm that is shown when logging in to the admin console. + Friendly name for Identity Providers. """ return pulumi.get(self, "display_name") @@ -1697,7 +1783,7 @@ def display_name(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: """ - When `false`, users and clients will not be able to access this realm. Defaults to `true`. + Enable/disable this identity provider. """ return pulumi.get(self, "enabled") @@ -1718,7 +1804,8 @@ def extra_config(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: @pulumi.getter(name="firstBrokerLoginFlowAlias") def first_broker_login_flow_alias(self) -> pulumi.Output[Optional[str]]: """ - Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. + Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means + that there is not yet existing Keycloak account linked with the authenticated identity provider account. """ return pulumi.get(self, "first_broker_login_flow_alias") @@ -1726,7 +1813,7 @@ def first_broker_login_flow_alias(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="forceAuthn") def force_authn(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. + Require Force Authn. """ return pulumi.get(self, "force_authn") @@ -1734,7 +1821,7 @@ def force_authn(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="guiOrder") def gui_order(self) -> pulumi.Output[Optional[str]]: """ - A number defining the order of this identity provider in the GUI. + GUI Order """ return pulumi.get(self, "gui_order") @@ -1742,7 +1829,7 @@ def gui_order(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="hideOnLoginPage") def hide_on_login_page(self) -> pulumi.Output[Optional[bool]]: """ - If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. + Hide On Login Page. """ return pulumi.get(self, "hide_on_login_page") @@ -1758,7 +1845,8 @@ def internal_id(self) -> pulumi.Output[str]: @pulumi.getter(name="linkOnly") def link_only(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't + want to allow login from the provider, but want to integrate with a provider """ return pulumi.get(self, "link_only") @@ -1774,7 +1862,7 @@ def login_hint(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="nameIdPolicyFormat") def name_id_policy_format(self) -> pulumi.Output[Optional[str]]: """ - Specifies the URI reference corresponding to a name identifier format. Defaults to empty. + Name ID Policy Format. """ return pulumi.get(self, "name_id_policy_format") @@ -1782,7 +1870,7 @@ def name_id_policy_format(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="postBindingAuthnRequest") def post_binding_authn_request(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + Post Binding Authn Request. """ return pulumi.get(self, "post_binding_authn_request") @@ -1790,7 +1878,7 @@ def post_binding_authn_request(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="postBindingLogout") def post_binding_logout(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. + Post Binding Logout. """ return pulumi.get(self, "post_binding_logout") @@ -1798,7 +1886,7 @@ def post_binding_logout(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="postBindingResponse") def post_binding_response(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + Post Binding Response. """ return pulumi.get(self, "post_binding_response") @@ -1806,7 +1894,10 @@ def post_binding_response(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="postBrokerLoginFlowAlias") def post_broker_login_flow_alias(self) -> pulumi.Output[Optional[str]]: """ - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. + Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want + additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if + you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that + authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. """ return pulumi.get(self, "post_broker_login_flow_alias") @@ -1814,7 +1905,7 @@ def post_broker_login_flow_alias(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="principalAttribute") def principal_attribute(self) -> pulumi.Output[Optional[str]]: """ - The principal attribute. + Principal Attribute """ return pulumi.get(self, "principal_attribute") @@ -1822,7 +1913,7 @@ def principal_attribute(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="principalType") def principal_type(self) -> pulumi.Output[Optional[str]]: """ - The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. + Principal Type """ return pulumi.get(self, "principal_type") @@ -1830,7 +1921,7 @@ def principal_type(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="providerId") def provider_id(self) -> pulumi.Output[Optional[str]]: """ - The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. + provider id, is always saml, unless you have a custom implementation """ return pulumi.get(self, "provider_id") @@ -1838,7 +1929,7 @@ def provider_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter def realm(self) -> pulumi.Output[str]: """ - The name of the realm. This is unique across Keycloak. + Realm Name """ return pulumi.get(self, "realm") @@ -1846,7 +1937,7 @@ def realm(self) -> pulumi.Output[str]: @pulumi.getter(name="signatureAlgorithm") def signature_algorithm(self) -> pulumi.Output[Optional[str]]: """ - Signing Algorithm. Defaults to empty. + Signing Algorithm. """ return pulumi.get(self, "signature_algorithm") @@ -1862,7 +1953,7 @@ def signing_certificate(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="singleLogoutServiceUrl") def single_logout_service_url(self) -> pulumi.Output[Optional[str]]: """ - The Url that must be used to send logout requests. + Logout URL. """ return pulumi.get(self, "single_logout_service_url") @@ -1870,7 +1961,7 @@ def single_logout_service_url(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="singleSignOnServiceUrl") def single_sign_on_service_url(self) -> pulumi.Output[str]: """ - The Url that must be used to send authentication requests (SAML AuthnRequest). + SSO Logout URL. """ return pulumi.get(self, "single_sign_on_service_url") @@ -1878,7 +1969,7 @@ def single_sign_on_service_url(self) -> pulumi.Output[str]: @pulumi.getter(name="storeToken") def store_token(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, tokens will be stored after authenticating users. Defaults to `true`. + Enable/disable if tokens must be stored after authenticating users. """ return pulumi.get(self, "store_token") @@ -1886,7 +1977,7 @@ def store_token(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="syncMode") def sync_mode(self) -> pulumi.Output[Optional[str]]: """ - The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`. + Sync Mode """ return pulumi.get(self, "sync_mode") @@ -1894,7 +1985,7 @@ def sync_mode(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="trustEmail") def trust_email(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. + If enabled then email provided by this provider is not verified even if verification is enabled for the realm. """ return pulumi.get(self, "trust_email") @@ -1910,7 +2001,7 @@ def validate_signature(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="wantAssertionsEncrypted") def want_assertions_encrypted(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether this service provider expects an encrypted Assertion. + Want Assertions Encrypted. """ return pulumi.get(self, "want_assertions_encrypted") @@ -1918,7 +2009,7 @@ def want_assertions_encrypted(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="wantAssertionsSigned") def want_assertions_signed(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether this service provider expects a signed Assertion. + Want Assertions Signed. """ return pulumi.get(self, "want_assertions_signed") @@ -1926,7 +2017,7 @@ def want_assertions_signed(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="xmlSignKeyInfoKeyNameTransformer") def xml_sign_key_info_key_name_transformer(self) -> pulumi.Output[Optional[str]]: """ - The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`. + Sign Key Transformer. """ return pulumi.get(self, "xml_sign_key_info_key_name_transformer") diff --git a/sdk/python/pulumi_keycloak/saml/outputs.py b/sdk/python/pulumi_keycloak/saml/outputs.py index 0f20e09d..400d5275 100644 --- a/sdk/python/pulumi_keycloak/saml/outputs.py +++ b/sdk/python/pulumi_keycloak/saml/outputs.py @@ -38,10 +38,6 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, browser_id: Optional[str] = None, direct_grant_id: Optional[str] = None): - """ - :param str browser_id: Browser flow id, (flow needs to exist) - :param str direct_grant_id: Direct grant flow id (flow needs to exist) - """ if browser_id is not None: pulumi.set(__self__, "browser_id", browser_id) if direct_grant_id is not None: @@ -50,17 +46,11 @@ def __init__(__self__, *, @property @pulumi.getter(name="browserId") def browser_id(self) -> Optional[str]: - """ - Browser flow id, (flow needs to exist) - """ return pulumi.get(self, "browser_id") @property @pulumi.getter(name="directGrantId") def direct_grant_id(self) -> Optional[str]: - """ - Direct grant flow id (flow needs to exist) - """ return pulumi.get(self, "direct_grant_id") diff --git a/sdk/python/pulumi_keycloak/saml/script_protocol_mapper.py b/sdk/python/pulumi_keycloak/saml/script_protocol_mapper.py index d52ecbf9..ff5e9d2b 100644 --- a/sdk/python/pulumi_keycloak/saml/script_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/saml/script_protocol_mapper.py @@ -336,6 +336,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -353,18 +354,19 @@ def __init__(__self__, saml_attribute_name="displayName", saml_attribute_name_format="Unspecified") ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 @@ -402,6 +404,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -419,18 +422,19 @@ def __init__(__self__, saml_attribute_name="displayName", saml_attribute_name_format="Unspecified") ``` + ## Import Protocol mappers can be imported using one of the following formats: - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 diff --git a/sdk/python/pulumi_keycloak/saml/user_attribute_protocol_mapper.py b/sdk/python/pulumi_keycloak/saml/user_attribute_protocol_mapper.py index 33a478ac..7246b3fa 100644 --- a/sdk/python/pulumi_keycloak/saml/user_attribute_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/saml/user_attribute_protocol_mapper.py @@ -24,14 +24,6 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a UserAttributeProtocolMapper resource. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] saml_attribute_name: The name of the SAML attribute. - :param pulumi.Input[str] saml_attribute_name_format: The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - :param pulumi.Input[str] user_attribute: The custom user attribute to map. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] friendly_name: An optional human-friendly name for this attribute. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. """ pulumi.set(__self__, "realm_id", realm_id) pulumi.set(__self__, "saml_attribute_name", saml_attribute_name) @@ -49,9 +41,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this protocol mapper exists within. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -61,9 +50,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="samlAttributeName") def saml_attribute_name(self) -> pulumi.Input[str]: - """ - The name of the SAML attribute. - """ return pulumi.get(self, "saml_attribute_name") @saml_attribute_name.setter @@ -73,9 +59,6 @@ def saml_attribute_name(self, value: pulumi.Input[str]): @property @pulumi.getter(name="samlAttributeNameFormat") def saml_attribute_name_format(self) -> pulumi.Input[str]: - """ - The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - """ return pulumi.get(self, "saml_attribute_name_format") @saml_attribute_name_format.setter @@ -85,9 +68,6 @@ def saml_attribute_name_format(self, value: pulumi.Input[str]): @property @pulumi.getter(name="userAttribute") def user_attribute(self) -> pulumi.Input[str]: - """ - The custom user attribute to map. - """ return pulumi.get(self, "user_attribute") @user_attribute.setter @@ -97,9 +77,6 @@ def user_attribute(self, value: pulumi.Input[str]): @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -109,9 +86,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: - """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_scope_id") @client_scope_id.setter @@ -121,9 +95,6 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="friendlyName") def friendly_name(self) -> Optional[pulumi.Input[str]]: - """ - An optional human-friendly name for this attribute. - """ return pulumi.get(self, "friendly_name") @friendly_name.setter @@ -133,9 +104,6 @@ def friendly_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this protocol mapper in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -156,14 +124,6 @@ def __init__(__self__, *, user_attribute: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering UserAttributeProtocolMapper resources. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] friendly_name: An optional human-friendly name for this attribute. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] saml_attribute_name: The name of the SAML attribute. - :param pulumi.Input[str] saml_attribute_name_format: The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - :param pulumi.Input[str] user_attribute: The custom user attribute to map. """ if client_id is not None: pulumi.set(__self__, "client_id", client_id) @@ -185,9 +145,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -197,9 +154,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: - """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_scope_id") @client_scope_id.setter @@ -209,9 +163,6 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="friendlyName") def friendly_name(self) -> Optional[pulumi.Input[str]]: - """ - An optional human-friendly name for this attribute. - """ return pulumi.get(self, "friendly_name") @friendly_name.setter @@ -221,9 +172,6 @@ def friendly_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this protocol mapper in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -233,9 +181,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this protocol mapper exists within. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -245,9 +190,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="samlAttributeName") def saml_attribute_name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the SAML attribute. - """ return pulumi.get(self, "saml_attribute_name") @saml_attribute_name.setter @@ -257,9 +199,6 @@ def saml_attribute_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="samlAttributeNameFormat") def saml_attribute_name_format(self) -> Optional[pulumi.Input[str]]: - """ - The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - """ return pulumi.get(self, "saml_attribute_name_format") @saml_attribute_name_format.setter @@ -269,9 +208,6 @@ def saml_attribute_name_format(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="userAttribute") def user_attribute(self) -> Optional[pulumi.Input[str]]: - """ - The custom user attribute to map. - """ return pulumi.get(self, "user_attribute") @user_attribute.setter @@ -294,64 +230,61 @@ def __init__(__self__, user_attribute: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak. + ## # saml.UserAttributeProtocolMapper - SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute - in a SAML assertion. + Allows for creating and managing user attribute protocol mappers for + SAML clients within Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + SAML user attribute protocol mappers allow you to map custom attributes defined + for a user within Keycloak to an attribute in a SAML assertion. Protocol mappers + can be defined for a single client, or they can be defined for a client scope which + can be shared between multiple different clients. - ## Example Usage + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="saml-client") + client_id="test-saml-client", + realm_id=keycloak_realm["test"]["id"]) saml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper("samlUserAttributeMapper", - realm_id=realm.id, client_id=saml_client.id, - user_attribute="displayName", + realm_id=keycloak_realm["test"]["id"], saml_attribute_name="displayName", - saml_attribute_name_format="Unspecified") + saml_attribute_name_format="Unspecified", + user_attribute="displayName") ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `user_attribute` - (Required) The custom user attribute to map. + - `friendly_name` - (Optional) An optional human-friendly name for this attribute. + - `saml_attribute_name` - (Required) The name of the SAML attribute. + - `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - bash + ### Import - ```sh - $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] friendly_name: An optional human-friendly name for this attribute. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] saml_attribute_name: The name of the SAML attribute. - :param pulumi.Input[str] saml_attribute_name_format: The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - :param pulumi.Input[str] user_attribute: The custom user attribute to map. """ ... @overload @@ -360,53 +293,58 @@ def __init__(__self__, args: UserAttributeProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak. + ## # saml.UserAttributeProtocolMapper - SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute - in a SAML assertion. + Allows for creating and managing user attribute protocol mappers for + SAML clients within Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + SAML user attribute protocol mappers allow you to map custom attributes defined + for a user within Keycloak to an attribute in a SAML assertion. Protocol mappers + can be defined for a single client, or they can be defined for a client scope which + can be shared between multiple different clients. - ## Example Usage + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="saml-client") + client_id="test-saml-client", + realm_id=keycloak_realm["test"]["id"]) saml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper("samlUserAttributeMapper", - realm_id=realm.id, client_id=saml_client.id, - user_attribute="displayName", + realm_id=keycloak_realm["test"]["id"], saml_attribute_name="displayName", - saml_attribute_name_format="Unspecified") + saml_attribute_name_format="Unspecified", + user_attribute="displayName") ``` + - ## Import + ### Argument Reference - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `user_attribute` - (Required) The custom user attribute to map. + - `friendly_name` - (Optional) An optional human-friendly name for this attribute. + - `saml_attribute_name` - (Required) The name of the SAML attribute. + - `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - Example: + ### Import - bash - - ```sh - $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param UserAttributeProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -481,14 +419,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] friendly_name: An optional human-friendly name for this attribute. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] saml_attribute_name: The name of the SAML attribute. - :param pulumi.Input[str] saml_attribute_name_format: The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - :param pulumi.Input[str] user_attribute: The custom user attribute to map. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -507,64 +437,40 @@ def get(resource_name: str, @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: - """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_id") @property @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: - """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_scope_id") @property @pulumi.getter(name="friendlyName") def friendly_name(self) -> pulumi.Output[Optional[str]]: - """ - An optional human-friendly name for this attribute. - """ return pulumi.get(self, "friendly_name") @property @pulumi.getter def name(self) -> pulumi.Output[str]: - """ - The display name of this protocol mapper in the GUI. - """ return pulumi.get(self, "name") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this protocol mapper exists within. - """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="samlAttributeName") def saml_attribute_name(self) -> pulumi.Output[str]: - """ - The name of the SAML attribute. - """ return pulumi.get(self, "saml_attribute_name") @property @pulumi.getter(name="samlAttributeNameFormat") def saml_attribute_name_format(self) -> pulumi.Output[str]: - """ - The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - """ return pulumi.get(self, "saml_attribute_name_format") @property @pulumi.getter(name="userAttribute") def user_attribute(self) -> pulumi.Output[str]: - """ - The custom user attribute to map. - """ return pulumi.get(self, "user_attribute") diff --git a/sdk/python/pulumi_keycloak/saml/user_property_protocol_mapper.py b/sdk/python/pulumi_keycloak/saml/user_property_protocol_mapper.py index 2954b975..d1943ca5 100644 --- a/sdk/python/pulumi_keycloak/saml/user_property_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/saml/user_property_protocol_mapper.py @@ -24,14 +24,6 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a UserPropertyProtocolMapper resource. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] saml_attribute_name: The name of the SAML attribute. - :param pulumi.Input[str] saml_attribute_name_format: The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - :param pulumi.Input[str] user_property: The property of the Keycloak user model to map. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] friendly_name: An optional human-friendly name for this attribute. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. """ pulumi.set(__self__, "realm_id", realm_id) pulumi.set(__self__, "saml_attribute_name", saml_attribute_name) @@ -49,9 +41,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this protocol mapper exists within. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -61,9 +50,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="samlAttributeName") def saml_attribute_name(self) -> pulumi.Input[str]: - """ - The name of the SAML attribute. - """ return pulumi.get(self, "saml_attribute_name") @saml_attribute_name.setter @@ -73,9 +59,6 @@ def saml_attribute_name(self, value: pulumi.Input[str]): @property @pulumi.getter(name="samlAttributeNameFormat") def saml_attribute_name_format(self) -> pulumi.Input[str]: - """ - The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - """ return pulumi.get(self, "saml_attribute_name_format") @saml_attribute_name_format.setter @@ -85,9 +68,6 @@ def saml_attribute_name_format(self, value: pulumi.Input[str]): @property @pulumi.getter(name="userProperty") def user_property(self) -> pulumi.Input[str]: - """ - The property of the Keycloak user model to map. - """ return pulumi.get(self, "user_property") @user_property.setter @@ -97,9 +77,6 @@ def user_property(self, value: pulumi.Input[str]): @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -109,9 +86,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: - """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_scope_id") @client_scope_id.setter @@ -121,9 +95,6 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="friendlyName") def friendly_name(self) -> Optional[pulumi.Input[str]]: - """ - An optional human-friendly name for this attribute. - """ return pulumi.get(self, "friendly_name") @friendly_name.setter @@ -133,9 +104,6 @@ def friendly_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this protocol mapper in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -156,14 +124,6 @@ def __init__(__self__, *, user_property: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering UserPropertyProtocolMapper resources. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] friendly_name: An optional human-friendly name for this attribute. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] saml_attribute_name: The name of the SAML attribute. - :param pulumi.Input[str] saml_attribute_name_format: The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - :param pulumi.Input[str] user_property: The property of the Keycloak user model to map. """ if client_id is not None: pulumi.set(__self__, "client_id", client_id) @@ -185,9 +145,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="clientId") def client_id(self) -> Optional[pulumi.Input[str]]: - """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_id") @client_id.setter @@ -197,9 +154,6 @@ def client_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> Optional[pulumi.Input[str]]: - """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_scope_id") @client_scope_id.setter @@ -209,9 +163,6 @@ def client_scope_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="friendlyName") def friendly_name(self) -> Optional[pulumi.Input[str]]: - """ - An optional human-friendly name for this attribute. - """ return pulumi.get(self, "friendly_name") @friendly_name.setter @@ -221,9 +172,6 @@ def friendly_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The display name of this protocol mapper in the GUI. - """ return pulumi.get(self, "name") @name.setter @@ -233,9 +181,6 @@ def name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this protocol mapper exists within. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -245,9 +190,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="samlAttributeName") def saml_attribute_name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the SAML attribute. - """ return pulumi.get(self, "saml_attribute_name") @saml_attribute_name.setter @@ -257,9 +199,6 @@ def saml_attribute_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="samlAttributeNameFormat") def saml_attribute_name_format(self) -> Optional[pulumi.Input[str]]: - """ - The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - """ return pulumi.get(self, "saml_attribute_name_format") @saml_attribute_name_format.setter @@ -269,9 +208,6 @@ def saml_attribute_name_format(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="userProperty") def user_property(self) -> Optional[pulumi.Input[str]]: - """ - The property of the Keycloak user model to map. - """ return pulumi.get(self, "user_property") @user_property.setter @@ -294,64 +230,61 @@ def __init__(__self__, user_property: Optional[pulumi.Input[str]] = None, __props__=None): """ - Allows for creating and managing user property protocol mappers for SAML clients within Keycloak. + ## # saml.UserPropertyProtocolMapper - SAML user property protocol mappers allow you to map properties of the Keycloak - user model to an attribute in a SAML assertion. + Allows for creating and managing user property protocol mappers for + SAML clients within Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + SAML user property protocol mappers allow you to map properties of the Keycloak + user model to an attribute in a SAML assertion. Protocol mappers + can be defined for a single client, or they can be defined for a client scope which + can be shared between multiple different clients. - ## Example Usage + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="saml-client") + client_id="test-saml-client", + realm_id=keycloak_realm["test"]["id"]) saml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper("samlUserPropertyMapper", - realm_id=realm.id, client_id=saml_client.id, - user_property="email", + realm_id=keycloak_realm["test"]["id"], saml_attribute_name="email", - saml_attribute_name_format="Unspecified") + saml_attribute_name_format="Unspecified", + user_property="email") ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `user_property` - (Required) The property of the Keycloak user model to map. + - `friendly_name` - (Optional) An optional human-friendly name for this attribute. + - `saml_attribute_name` - (Required) The name of the SAML attribute. + - `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - bash + ### Import - ```sh - $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] friendly_name: An optional human-friendly name for this attribute. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] saml_attribute_name: The name of the SAML attribute. - :param pulumi.Input[str] saml_attribute_name_format: The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - :param pulumi.Input[str] user_property: The property of the Keycloak user model to map. """ ... @overload @@ -360,53 +293,58 @@ def __init__(__self__, args: UserPropertyProtocolMapperArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Allows for creating and managing user property protocol mappers for SAML clients within Keycloak. + ## # saml.UserPropertyProtocolMapper - SAML user property protocol mappers allow you to map properties of the Keycloak - user model to an attribute in a SAML assertion. + Allows for creating and managing user property protocol mappers for + SAML clients within Keycloak. - Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between - multiple different clients. + SAML user property protocol mappers allow you to map properties of the Keycloak + user model to an attribute in a SAML assertion. Protocol mappers + can be defined for a single client, or they can be defined for a client scope which + can be shared between multiple different clients. - ## Example Usage + ### Example Usage (Client) + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) + enabled=True, + realm="my-realm") saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="saml-client") + client_id="test-saml-client", + realm_id=keycloak_realm["test"]["id"]) saml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper("samlUserPropertyMapper", - realm_id=realm.id, client_id=saml_client.id, - user_property="email", + realm_id=keycloak_realm["test"]["id"], saml_attribute_name="email", - saml_attribute_name_format="Unspecified") + saml_attribute_name_format="Unspecified", + user_property="email") ``` + - ## Import - - Protocol mappers can be imported using one of the following formats: - - - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + ### Argument Reference - - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + The following arguments are supported: - Example: + - `realm_id` - (Required) The realm this protocol mapper exists within. + - `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to. + - `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to. + - `name` - (Required) The display name of this protocol mapper in the GUI. + - `user_property` - (Required) The property of the Keycloak user model to map. + - `friendly_name` - (Optional) An optional human-friendly name for this attribute. + - `saml_attribute_name` - (Required) The name of the SAML attribute. + - `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - bash + ### Import - ```sh - $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Protocol mappers can be imported using one of the following formats: + - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` + - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` - ```sh - $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 - ``` + Example: :param str resource_name: The name of the resource. :param UserPropertyProtocolMapperArgs args: The arguments to use to populate this resource's properties. @@ -481,14 +419,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - :param pulumi.Input[str] friendly_name: An optional human-friendly name for this attribute. - :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] saml_attribute_name: The name of the SAML attribute. - :param pulumi.Input[str] saml_attribute_name_format: The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - :param pulumi.Input[str] user_property: The property of the Keycloak user model to map. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -507,64 +437,40 @@ def get(resource_name: str, @property @pulumi.getter(name="clientId") def client_id(self) -> pulumi.Output[Optional[str]]: - """ - The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_id") @property @pulumi.getter(name="clientScopeId") def client_scope_id(self) -> pulumi.Output[Optional[str]]: - """ - The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - """ return pulumi.get(self, "client_scope_id") @property @pulumi.getter(name="friendlyName") def friendly_name(self) -> pulumi.Output[Optional[str]]: - """ - An optional human-friendly name for this attribute. - """ return pulumi.get(self, "friendly_name") @property @pulumi.getter def name(self) -> pulumi.Output[str]: - """ - The display name of this protocol mapper in the GUI. - """ return pulumi.get(self, "name") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this protocol mapper exists within. - """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="samlAttributeName") def saml_attribute_name(self) -> pulumi.Output[str]: - """ - The name of the SAML attribute. - """ return pulumi.get(self, "saml_attribute_name") @property @pulumi.getter(name="samlAttributeNameFormat") def saml_attribute_name_format(self) -> pulumi.Output[str]: - """ - The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`. - """ return pulumi.get(self, "saml_attribute_name_format") @property @pulumi.getter(name="userProperty") def user_property(self) -> pulumi.Output[str]: - """ - The property of the Keycloak user model to map. - """ return pulumi.get(self, "user_property") diff --git a/sdk/python/pulumi_keycloak/user.py b/sdk/python/pulumi_keycloak/user.py index 8b868a13..888c3d17 100644 --- a/sdk/python/pulumi_keycloak/user.py +++ b/sdk/python/pulumi_keycloak/user.py @@ -29,17 +29,6 @@ def __init__(__self__, *, required_actions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ The set of arguments for constructing a User resource. - :param pulumi.Input[str] realm_id: The realm this user belongs to. - :param pulumi.Input[str] username: The unique username of this user. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] email: The user's email. - :param pulumi.Input[bool] email_verified: Whether the email address was validated or not. Default to `false`. - :param pulumi.Input[bool] enabled: When false, this user cannot log in. Defaults to `true`. - :param pulumi.Input[Sequence[pulumi.Input['UserFederatedIdentityArgs']]] federated_identities: When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - :param pulumi.Input[str] first_name: The user's first name. - :param pulumi.Input['UserInitialPasswordArgs'] initial_password: When given, the user's initial password will be set. This attribute is only respected during initial user creation. - :param pulumi.Input[str] last_name: The user's last name. - :param pulumi.Input[Sequence[pulumi.Input[str]]] required_actions: A list of required user actions. """ pulumi.set(__self__, "realm_id", realm_id) pulumi.set(__self__, "username", username) @@ -65,9 +54,6 @@ def __init__(__self__, *, @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Input[str]: - """ - The realm this user belongs to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -77,9 +63,6 @@ def realm_id(self, value: pulumi.Input[str]): @property @pulumi.getter def username(self) -> pulumi.Input[str]: - """ - The unique username of this user. - """ return pulumi.get(self, "username") @username.setter @@ -89,9 +72,6 @@ def username(self, value: pulumi.Input[str]): @property @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @attributes.setter @@ -101,9 +81,6 @@ def attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter def email(self) -> Optional[pulumi.Input[str]]: - """ - The user's email. - """ return pulumi.get(self, "email") @email.setter @@ -113,9 +90,6 @@ def email(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="emailVerified") def email_verified(self) -> Optional[pulumi.Input[bool]]: - """ - Whether the email address was validated or not. Default to `false`. - """ return pulumi.get(self, "email_verified") @email_verified.setter @@ -125,9 +99,6 @@ def email_verified(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When false, this user cannot log in. Defaults to `true`. - """ return pulumi.get(self, "enabled") @enabled.setter @@ -137,9 +108,6 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="federatedIdentities") def federated_identities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserFederatedIdentityArgs']]]]: - """ - When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - """ return pulumi.get(self, "federated_identities") @federated_identities.setter @@ -149,9 +117,6 @@ def federated_identities(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @property @pulumi.getter(name="firstName") def first_name(self) -> Optional[pulumi.Input[str]]: - """ - The user's first name. - """ return pulumi.get(self, "first_name") @first_name.setter @@ -161,9 +126,6 @@ def first_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="initialPassword") def initial_password(self) -> Optional[pulumi.Input['UserInitialPasswordArgs']]: - """ - When given, the user's initial password will be set. This attribute is only respected during initial user creation. - """ return pulumi.get(self, "initial_password") @initial_password.setter @@ -173,9 +135,6 @@ def initial_password(self, value: Optional[pulumi.Input['UserInitialPasswordArgs @property @pulumi.getter(name="lastName") def last_name(self) -> Optional[pulumi.Input[str]]: - """ - The user's last name. - """ return pulumi.get(self, "last_name") @last_name.setter @@ -185,9 +144,6 @@ def last_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="requiredActions") def required_actions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of required user actions. - """ return pulumi.get(self, "required_actions") @required_actions.setter @@ -211,17 +167,6 @@ def __init__(__self__, *, username: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering User resources. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] email: The user's email. - :param pulumi.Input[bool] email_verified: Whether the email address was validated or not. Default to `false`. - :param pulumi.Input[bool] enabled: When false, this user cannot log in. Defaults to `true`. - :param pulumi.Input[Sequence[pulumi.Input['UserFederatedIdentityArgs']]] federated_identities: When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - :param pulumi.Input[str] first_name: The user's first name. - :param pulumi.Input['UserInitialPasswordArgs'] initial_password: When given, the user's initial password will be set. This attribute is only respected during initial user creation. - :param pulumi.Input[str] last_name: The user's last name. - :param pulumi.Input[str] realm_id: The realm this user belongs to. - :param pulumi.Input[Sequence[pulumi.Input[str]]] required_actions: A list of required user actions. - :param pulumi.Input[str] username: The unique username of this user. """ if attributes is not None: pulumi.set(__self__, "attributes", attributes) @@ -249,9 +194,6 @@ def __init__(__self__, *, @property @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: - """ - A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @attributes.setter @@ -261,9 +203,6 @@ def attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @property @pulumi.getter def email(self) -> Optional[pulumi.Input[str]]: - """ - The user's email. - """ return pulumi.get(self, "email") @email.setter @@ -273,9 +212,6 @@ def email(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="emailVerified") def email_verified(self) -> Optional[pulumi.Input[bool]]: - """ - Whether the email address was validated or not. Default to `false`. - """ return pulumi.get(self, "email_verified") @email_verified.setter @@ -285,9 +221,6 @@ def email_verified(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - When false, this user cannot log in. Defaults to `true`. - """ return pulumi.get(self, "enabled") @enabled.setter @@ -297,9 +230,6 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="federatedIdentities") def federated_identities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserFederatedIdentityArgs']]]]: - """ - When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - """ return pulumi.get(self, "federated_identities") @federated_identities.setter @@ -309,9 +239,6 @@ def federated_identities(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @property @pulumi.getter(name="firstName") def first_name(self) -> Optional[pulumi.Input[str]]: - """ - The user's first name. - """ return pulumi.get(self, "first_name") @first_name.setter @@ -321,9 +248,6 @@ def first_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="initialPassword") def initial_password(self) -> Optional[pulumi.Input['UserInitialPasswordArgs']]: - """ - When given, the user's initial password will be set. This attribute is only respected during initial user creation. - """ return pulumi.get(self, "initial_password") @initial_password.setter @@ -333,9 +257,6 @@ def initial_password(self, value: Optional[pulumi.Input['UserInitialPasswordArgs @property @pulumi.getter(name="lastName") def last_name(self) -> Optional[pulumi.Input[str]]: - """ - The user's last name. - """ return pulumi.get(self, "last_name") @last_name.setter @@ -345,9 +266,6 @@ def last_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: - """ - The realm this user belongs to. - """ return pulumi.get(self, "realm_id") @realm_id.setter @@ -357,9 +275,6 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="requiredActions") def required_actions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - A list of required user actions. - """ return pulumi.get(self, "required_actions") @required_actions.setter @@ -369,9 +284,6 @@ def required_actions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @property @pulumi.getter def username(self) -> Optional[pulumi.Input[str]]: - """ - The unique username of this user. - """ return pulumi.get(self, "username") @username.setter @@ -397,72 +309,69 @@ def __init__(__self__, username: Optional[pulumi.Input[str]] = None, __props__=None): """ + ## # User + Allows for creating and managing Users within Keycloak. - This resource was created primarily to enable the acceptance tests for the `Group` resource. Creating users within - Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers - or identity providers. + This resource was created primarily to enable the acceptance tests for the `Group` resource. + Creating users within Keycloak is not recommended. Instead, users should be federated from external sources + by configuring user federation providers or identity providers. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - user = keycloak.User("user", - realm_id=realm.id, - username="bob", enabled=True, + realm="my-realm") + user = keycloak.User("user", email="bob@domain.com", + enabled=True, first_name="Bob", - last_name="Bobson") - user_with_initial_password = keycloak.User("userWithInitialPassword", + last_name="Bobson", realm_id=realm.id, - username="alice", - enabled=True, + username="bob") + user_with_initial_password = keycloak.User("userWithInitialPassword", email="alice@domain.com", + enabled=True, first_name="Alice", - last_name="Aliceberg", - attributes={ - "foo": "bar", - "multivalue": "value1##value2", - }, initial_password=keycloak.UserInitialPasswordArgs( - value="some password", temporary=True, - )) + value="some password", + ), + last_name="Aliceberg", + realm_id=realm.id, + username="alice") ``` + - ## Import + ### Argument Reference - Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the user upon creation. This value can be found in the GUI when editing the user. + - `realm_id` - (Required) The realm this user belongs to. + - `username` - (Required) The unique username of this user. + - `initial_password` (Optional) When given, the user's initial password will be set. + This attribute is only respected during initial user creation. + - `value` (Required) The initial password. + - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`. + - `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`. + - `email` - (Optional) The user's email. + - `first_name` - (Optional) The user's first name. + - `last_name` - (Optional) The user's last name. - Example: + ### Import - bash + Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + assigns to the user upon creation. This value can be found in the GUI when editing the user. - ```sh - $ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4 - ``` + Example: :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] email: The user's email. - :param pulumi.Input[bool] email_verified: Whether the email address was validated or not. Default to `false`. - :param pulumi.Input[bool] enabled: When false, this user cannot log in. Defaults to `true`. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['UserFederatedIdentityArgs']]]] federated_identities: When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - :param pulumi.Input[str] first_name: The user's first name. - :param pulumi.Input[pulumi.InputType['UserInitialPasswordArgs']] initial_password: When given, the user's initial password will be set. This attribute is only respected during initial user creation. - :param pulumi.Input[str] last_name: The user's last name. - :param pulumi.Input[str] realm_id: The realm this user belongs to. - :param pulumi.Input[Sequence[pulumi.Input[str]]] required_actions: A list of required user actions. - :param pulumi.Input[str] username: The unique username of this user. """ ... @overload @@ -471,58 +380,66 @@ def __init__(__self__, args: UserArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + ## # User + Allows for creating and managing Users within Keycloak. - This resource was created primarily to enable the acceptance tests for the `Group` resource. Creating users within - Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers - or identity providers. + This resource was created primarily to enable the acceptance tests for the `Group` resource. + Creating users within Keycloak is not recommended. Instead, users should be federated from external sources + by configuring user federation providers or identity providers. - ## Example Usage + ### Example Usage + ```python import pulumi import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - user = keycloak.User("user", - realm_id=realm.id, - username="bob", enabled=True, + realm="my-realm") + user = keycloak.User("user", email="bob@domain.com", + enabled=True, first_name="Bob", - last_name="Bobson") - user_with_initial_password = keycloak.User("userWithInitialPassword", + last_name="Bobson", realm_id=realm.id, - username="alice", - enabled=True, + username="bob") + user_with_initial_password = keycloak.User("userWithInitialPassword", email="alice@domain.com", + enabled=True, first_name="Alice", - last_name="Aliceberg", - attributes={ - "foo": "bar", - "multivalue": "value1##value2", - }, initial_password=keycloak.UserInitialPasswordArgs( - value="some password", temporary=True, - )) + value="some password", + ), + last_name="Aliceberg", + realm_id=realm.id, + username="alice") ``` + - ## Import + ### Argument Reference - Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + The following arguments are supported: - assigns to the user upon creation. This value can be found in the GUI when editing the user. + - `realm_id` - (Required) The realm this user belongs to. + - `username` - (Required) The unique username of this user. + - `initial_password` (Optional) When given, the user's initial password will be set. + This attribute is only respected during initial user creation. + - `value` (Required) The initial password. + - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`. + - `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`. + - `email` - (Optional) The user's email. + - `first_name` - (Optional) The user's first name. + - `last_name` - (Optional) The user's last name. - Example: + ### Import - bash + Users can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak + assigns to the user upon creation. This value can be found in the GUI when editing the user. - ```sh - $ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4 - ``` + Example: :param str resource_name: The name of the resource. :param UserArgs args: The arguments to use to populate this resource's properties. @@ -602,17 +519,6 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Mapping[str, Any]] attributes: A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - :param pulumi.Input[str] email: The user's email. - :param pulumi.Input[bool] email_verified: Whether the email address was validated or not. Default to `false`. - :param pulumi.Input[bool] enabled: When false, this user cannot log in. Defaults to `true`. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['UserFederatedIdentityArgs']]]] federated_identities: When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - :param pulumi.Input[str] first_name: The user's first name. - :param pulumi.Input[pulumi.InputType['UserInitialPasswordArgs']] initial_password: When given, the user's initial password will be set. This attribute is only respected during initial user creation. - :param pulumi.Input[str] last_name: The user's last name. - :param pulumi.Input[str] realm_id: The realm this user belongs to. - :param pulumi.Input[Sequence[pulumi.Input[str]]] required_actions: A list of required user actions. - :param pulumi.Input[str] username: The unique username of this user. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -634,88 +540,55 @@ def get(resource_name: str, @property @pulumi.getter def attributes(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: - """ - A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars - """ return pulumi.get(self, "attributes") @property @pulumi.getter def email(self) -> pulumi.Output[Optional[str]]: - """ - The user's email. - """ return pulumi.get(self, "email") @property @pulumi.getter(name="emailVerified") def email_verified(self) -> pulumi.Output[Optional[bool]]: - """ - Whether the email address was validated or not. Default to `false`. - """ return pulumi.get(self, "email_verified") @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: - """ - When false, this user cannot log in. Defaults to `true`. - """ return pulumi.get(self, "enabled") @property @pulumi.getter(name="federatedIdentities") def federated_identities(self) -> pulumi.Output[Optional[Sequence['outputs.UserFederatedIdentity']]]: - """ - When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. - """ return pulumi.get(self, "federated_identities") @property @pulumi.getter(name="firstName") def first_name(self) -> pulumi.Output[Optional[str]]: - """ - The user's first name. - """ return pulumi.get(self, "first_name") @property @pulumi.getter(name="initialPassword") def initial_password(self) -> pulumi.Output[Optional['outputs.UserInitialPassword']]: - """ - When given, the user's initial password will be set. This attribute is only respected during initial user creation. - """ return pulumi.get(self, "initial_password") @property @pulumi.getter(name="lastName") def last_name(self) -> pulumi.Output[Optional[str]]: - """ - The user's last name. - """ return pulumi.get(self, "last_name") @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: - """ - The realm this user belongs to. - """ return pulumi.get(self, "realm_id") @property @pulumi.getter(name="requiredActions") def required_actions(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - A list of required user actions. - """ return pulumi.get(self, "required_actions") @property @pulumi.getter def username(self) -> pulumi.Output[str]: - """ - The unique username of this user. - """ return pulumi.get(self, "username") diff --git a/sdk/python/pulumi_keycloak/user_groups.py b/sdk/python/pulumi_keycloak/user_groups.py index 3702e557..5344dbbc 100644 --- a/sdk/python/pulumi_keycloak/user_groups.py +++ b/sdk/python/pulumi_keycloak/user_groups.py @@ -169,7 +169,9 @@ def __init__(__self__, If `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `UserGroups` for the same `user_id`. ## Example Usage + ### Exhaustive Groups) + ```python import pulumi import pulumi_keycloak as keycloak @@ -186,7 +188,10 @@ def __init__(__self__, user_id=user.id, group_ids=[group.id]) ``` + + ### Non Exhaustive Groups) + ```python import pulumi import pulumi_keycloak as keycloak @@ -210,12 +215,13 @@ def __init__(__self__, exhaustive=False, group_ids=[group_bar.id]) ``` + ## Import This resource does not support import. Instead of importing, feel free to create this resource - as if it did not already exist on the server. + as if it did not already exist on the server. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -237,7 +243,9 @@ def __init__(__self__, If `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `UserGroups` for the same `user_id`. ## Example Usage + ### Exhaustive Groups) + ```python import pulumi import pulumi_keycloak as keycloak @@ -254,7 +262,10 @@ def __init__(__self__, user_id=user.id, group_ids=[group.id]) ``` + + ### Non Exhaustive Groups) + ```python import pulumi import pulumi_keycloak as keycloak @@ -278,12 +289,13 @@ def __init__(__self__, exhaustive=False, group_ids=[group_bar.id]) ``` + ## Import This resource does not support import. Instead of importing, feel free to create this resource - as if it did not already exist on the server. + as if it did not already exist on the server. :param str resource_name: The name of the resource. :param UserGroupsArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_keycloak/user_roles.py b/sdk/python/pulumi_keycloak/user_roles.py index f6880aab..860dc789 100644 --- a/sdk/python/pulumi_keycloak/user_roles.py +++ b/sdk/python/pulumi_keycloak/user_roles.py @@ -173,8 +173,10 @@ def __init__(__self__, a role and a composite that includes that role to the same user. ## Example Usage + ### Exhaustive Roles) + ```python import pulumi import pulumi_keycloak as keycloak @@ -209,16 +211,17 @@ def __init__(__self__, client_role.id, ]) ``` + ## Import This resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak - assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. + assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924 @@ -248,8 +251,10 @@ def __init__(__self__, a role and a composite that includes that role to the same user. ## Example Usage + ### Exhaustive Roles) + ```python import pulumi import pulumi_keycloak as keycloak @@ -284,16 +289,17 @@ def __init__(__self__, client_role.id, ]) ``` + ## Import This resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak - assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. + assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924 diff --git a/sdk/python/pulumi_keycloak/user_template_importer_identity_provider_mapper.py b/sdk/python/pulumi_keycloak/user_template_importer_identity_provider_mapper.py index 7cb348e1..899385cc 100644 --- a/sdk/python/pulumi_keycloak/user_template_importer_identity_provider_mapper.py +++ b/sdk/python/pulumi_keycloak/user_template_importer_identity_provider_mapper.py @@ -207,6 +207,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -230,16 +231,17 @@ def __init__(__self__, "syncMode": "INHERIT", }) ``` + ## Import Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak - assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b @@ -270,6 +272,7 @@ def __init__(__self__, ## Example Usage + ```python import pulumi import pulumi_keycloak as keycloak @@ -293,16 +296,17 @@ def __init__(__self__, "syncMode": "INHERIT", }) ``` + ## Import Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak - assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. + assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. - Example: + Example: - bash + bash ```sh $ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b diff --git a/sdk/python/pulumi_keycloak/users_permissions.py b/sdk/python/pulumi_keycloak/users_permissions.py index a0a4af9d..83d08e2b 100644 --- a/sdk/python/pulumi_keycloak/users_permissions.py +++ b/sdk/python/pulumi_keycloak/users_permissions.py @@ -252,35 +252,6 @@ def __init__(__self__, > This resource should only be created once per realm. - ## Example Usage - ### Argument Reference - - The following arguments are supported: - - - `realm_id` - (Required) The realm in which to manage fine-grained user permissions. - - Each of the scopes that can be managed are defined below: - - - `view_scope` - (Optional) When specified, set the scope based view permission. - - `manage_scope` - (Optional) When specified, set the scope based manage permission. - - `map_roles_scope` - (Optional) When specified, set the scope based map_roles permission. - - `manage_group_membership_scope` - (Optional) When specified, set the scope based manage_group_membership permission. - - `impersonate_scope` - (Optional) When specified, set the scope based impersonate permission. - - `user_impersonated_scope` - (Optional) When specified, set the scope based user_impersonated permission. - - The configuration block for each of these scopes supports the following arguments: - - - `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID. - - `description` - (Optional) Description of the permission. - - `decision_strategy` - (Optional) Decision strategy of the permission. - - ### Attributes Reference - - In addition to the arguments listed above, the following computed attributes are exported: - - - `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`. - - `authorization_resource_server_id` - Resource server id representing the realm management client on which these permissions are managed. - :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. """ @@ -305,35 +276,6 @@ def __init__(__self__, > This resource should only be created once per realm. - ## Example Usage - ### Argument Reference - - The following arguments are supported: - - - `realm_id` - (Required) The realm in which to manage fine-grained user permissions. - - Each of the scopes that can be managed are defined below: - - - `view_scope` - (Optional) When specified, set the scope based view permission. - - `manage_scope` - (Optional) When specified, set the scope based manage permission. - - `map_roles_scope` - (Optional) When specified, set the scope based map_roles permission. - - `manage_group_membership_scope` - (Optional) When specified, set the scope based manage_group_membership permission. - - `impersonate_scope` - (Optional) When specified, set the scope based impersonate permission. - - `user_impersonated_scope` - (Optional) When specified, set the scope based user_impersonated permission. - - The configuration block for each of these scopes supports the following arguments: - - - `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID. - - `description` - (Optional) Description of the permission. - - `decision_strategy` - (Optional) Decision strategy of the permission. - - ### Attributes Reference - - In addition to the arguments listed above, the following computed attributes are exported: - - - `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`. - - `authorization_resource_server_id` - Resource server id representing the realm management client on which these permissions are managed. - :param str resource_name: The name of the resource. :param UsersPermissionsArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource.