diff --git a/examples/go.mod b/examples/go.mod index b66629bb..e5088b94 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -2,7 +2,7 @@ module github.com/pulumi/pulumi-keycloak/examples/v4 go 1.21 -require github.com/pulumi/pulumi/pkg/v3 v3.105.0 +require github.com/pulumi/pulumi/pkg/v3 v3.107.0 require ( cloud.google.com/go v0.110.10 // indirect @@ -135,7 +135,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect github.com/pulumi/esc v0.6.2 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.105.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.107.0 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect diff --git a/examples/go.sum b/examples/go.sum index c752447c..bf363e56 100644 --- a/examples/go.sum +++ b/examples/go.sum @@ -1467,10 +1467,10 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= -github.com/pulumi/pulumi/pkg/v3 v3.105.0 h1:bJG1vUiYH2gDF1pfBKlIABDNoJD2LvU1LmjjL+EbvuM= -github.com/pulumi/pulumi/pkg/v3 v3.105.0/go.mod h1:eZAFEFOwE/skElTfwetfyTxPebmWr5vOS5NSU9XwlVw= -github.com/pulumi/pulumi/sdk/v3 v3.105.0 h1:OKEeubZigWyQVnZS6udnFnZHZ/8OWXuUYv9ir3OY+vs= -github.com/pulumi/pulumi/sdk/v3 v3.105.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/pkg/v3 v3.107.0 h1:HRyIl1c9ur0PVQW+GuFL1APBEuGa/fQQMp3F+WluxW8= +github.com/pulumi/pulumi/pkg/v3 v3.107.0/go.mod h1:7edfZu4FlrXdIn4339tJ+SQX5VKGqbFntmpc8cai0Zg= +github.com/pulumi/pulumi/sdk/v3 v3.107.0 h1:bef+ayh9+4KkAqXih4EjlHfQXRY24NWPwWBIQhBxTjg= +github.com/pulumi/pulumi/sdk/v3 v3.107.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/rakyll/embedmd v0.0.0-20171029212350-c8060a0752a2/go.mod h1:7jOTMgqac46PZcF54q6l2hkLEG8op93fZu61KmxWDV4= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= diff --git a/provider/cmd/pulumi-resource-keycloak/schema.json b/provider/cmd/pulumi-resource-keycloak/schema.json index a2df64b4..5673458a 100644 --- a/provider/cmd/pulumi-resource-keycloak/schema.json +++ b/provider/cmd/pulumi-resource-keycloak/schema.json @@ -1710,7 +1710,7 @@ }, "resources": { "keycloak:authentication/bindings:Bindings": { - "description": "Allows for creating and managing realm authentication flow bindings within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\nRealms assign authentication flows to supported user flows such as `registration` and `browser`. This resource allows the\nupdating of realm authentication flow bindings to custom authentication flows created by `keycloak.authentication.Flow`.\n\nNote that you can also use the `keycloak.Realm` resource to assign authentication flow bindings at the realm level. This\nresource is useful if you would like to create a realm and an authentication flow, and assign this flow to the realm within\na single run of `pulumi up`. In any case, do not attempt to use both the arguments within the `keycloak.Realm` resource\nand this resource to manage authentication flow bindings, you should choose one or the other.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\nconst browserAuthenticationBinding = new keycloak.authentication.Bindings(\"browserAuthenticationBinding\", {\n realmId: realm.id,\n browserFlow: flow.alias,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\nbrowser_authentication_binding = keycloak.authentication.Bindings(\"browserAuthenticationBinding\",\n realm_id=realm.id,\n browser_flow=flow.alias)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n executionOne,\n },\n });\n\n var browserAuthenticationBinding = new Keycloak.Authentication.Bindings(\"browserAuthenticationBinding\", new()\n {\n RealmId = realm.Id,\n BrowserFlow = flow.Alias,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewBindings(ctx, \"browserAuthenticationBinding\", \u0026authentication.BindingsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBrowserFlow: flow.Alias,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.Bindings;\nimport com.pulumi.keycloak.authentication.BindingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n var browserAuthenticationBinding = new Bindings(\"browserAuthenticationBinding\", BindingsArgs.builder() \n .realmId(realm.id())\n .browserFlow(flow.alias())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n browserAuthenticationBinding:\n type: keycloak:authentication:Bindings\n properties:\n realmId: ${realm.id}\n browserFlow: ${flow.alias}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Allows for creating and managing realm authentication flow bindings within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\nRealms assign authentication flows to supported user flows such as `registration` and `browser`. This resource allows the\nupdating of realm authentication flow bindings to custom authentication flows created by `keycloak.authentication.Flow`.\n\nNote that you can also use the `keycloak.Realm` resource to assign authentication flow bindings at the realm level. This\nresource is useful if you would like to create a realm and an authentication flow, and assign this flow to the realm within\na single run of `pulumi up`. In any case, do not attempt to use both the arguments within the `keycloak.Realm` resource\nand this resource to manage authentication flow bindings, you should choose one or the other.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\nconst browserAuthenticationBinding = new keycloak.authentication.Bindings(\"browserAuthenticationBinding\", {\n realmId: realm.id,\n browserFlow: flow.alias,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\nbrowser_authentication_binding = keycloak.authentication.Bindings(\"browserAuthenticationBinding\",\n realm_id=realm.id,\n browser_flow=flow.alias)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n executionOne,\n },\n });\n\n var browserAuthenticationBinding = new Keycloak.Authentication.Bindings(\"browserAuthenticationBinding\", new()\n {\n RealmId = realm.Id,\n BrowserFlow = flow.Alias,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewBindings(ctx, \"browserAuthenticationBinding\", \u0026authentication.BindingsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBrowserFlow: flow.Alias,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.Bindings;\nimport com.pulumi.keycloak.authentication.BindingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n var browserAuthenticationBinding = new Bindings(\"browserAuthenticationBinding\", BindingsArgs.builder() \n .realmId(realm.id())\n .browserFlow(flow.alias())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n browserAuthenticationBinding:\n type: keycloak:authentication:Bindings\n properties:\n realmId: ${realm.id}\n browserFlow: ${flow.alias}\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { "browserFlow": { "type": "string", @@ -1821,7 +1821,7 @@ } }, "keycloak:authentication/execution:Execution": { - "description": "Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n executionOne,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n ", + "description": "Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n executionOne,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n ", "properties": { "authenticator": { "type": "string", @@ -3828,7 +3828,7 @@ } }, "keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst tokenExchangeRealm = new keycloak.Realm(\"tokenExchangeRealm\", {\n realm: \"token-exchange_destination_realm\",\n enabled: true,\n});\nconst tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", {\n realm: tokenExchangeRealm.id,\n alias: \"myIdp\",\n authorizationUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n tokenUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n clientId: \"clientId\",\n clientSecret: \"secret\",\n defaultScopes: \"openid\",\n});\nconst token_exchangeWebappClient = new keycloak.openid.Client(\"token-exchangeWebappClient\", {\n realmId: tokenExchangeRealm.id,\n clientId: \"webapp_client\",\n clientSecret: \"secret\",\n description: \"a webapp client on the destination realm\",\n accessType: \"CONFIDENTIAL\",\n standardFlowEnabled: true,\n validRedirectUris: [\"http://localhost:8080/*\"],\n});\n//relevant part\nconst oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", {\n realmId: tokenExchangeRealm.id,\n providerAlias: tokenExchangeMyOidcIdp.alias,\n policyType: \"client\",\n clients: [token_exchangeWebappClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntoken_exchange_realm = keycloak.Realm(\"tokenExchangeRealm\",\n realm=\"token-exchange_destination_realm\",\n enabled=True)\ntoken_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\",\n realm=token_exchange_realm.id,\n alias=\"myIdp\",\n authorization_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n token_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n client_id=\"clientId\",\n client_secret=\"secret\",\n default_scopes=\"openid\")\ntoken_exchange_webapp_client = keycloak.openid.Client(\"token-exchangeWebappClient\",\n realm_id=token_exchange_realm.id,\n client_id=\"webapp_client\",\n client_secret=\"secret\",\n description=\"a webapp client on the destination realm\",\n access_type=\"CONFIDENTIAL\",\n standard_flow_enabled=True,\n valid_redirect_uris=[\"http://localhost:8080/*\"])\n#relevant part\noidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\",\n realm_id=token_exchange_realm.id,\n provider_alias=token_exchange_my_oidc_idp.alias,\n policy_type=\"client\",\n clients=[token_exchange_webapp_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tokenExchangeRealm = new Keycloak.Realm(\"tokenExchangeRealm\", new()\n {\n RealmName = \"token-exchange_destination_realm\",\n Enabled = true,\n });\n\n var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", new()\n {\n Realm = tokenExchangeRealm.Id,\n Alias = \"myIdp\",\n AuthorizationUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n TokenUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n ClientId = \"clientId\",\n ClientSecret = \"secret\",\n DefaultScopes = \"openid\",\n });\n\n var token_exchangeWebappClient = new Keycloak.OpenId.Client(\"token-exchangeWebappClient\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ClientId = \"webapp_client\",\n ClientSecret = \"secret\",\n Description = \"a webapp client on the destination realm\",\n AccessType = \"CONFIDENTIAL\",\n StandardFlowEnabled = true,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/*\",\n },\n });\n\n //relevant part\n var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ProviderAlias = tokenExchangeMyOidcIdp.Alias,\n PolicyType = \"client\",\n Clients = new[]\n {\n token_exchangeWebappClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttokenExchangeRealm, err := keycloak.NewRealm(ctx, \"tokenExchangeRealm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"token-exchange_destination_realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, \"tokenExchangeMyOidcIdp\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: tokenExchangeRealm.ID(),\n\t\t\tAlias: pulumi.String(\"myIdp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\"),\n\t\t\tClientId: pulumi.String(\"clientId\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"token-exchangeWebappClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tClientId: pulumi.String(\"webapp_client\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDescription: pulumi.String(\"a webapp client on the destination realm\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tStandardFlowEnabled: pulumi.Bool(true),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/*\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, \"oidcIdpPermission\", \u0026keycloak.IdentityProviderTokenExchangeScopePermissionArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tProviderAlias: tokenExchangeMyOidcIdp.Alias,\n\t\t\tPolicyType: pulumi.String(\"client\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\ttoken_exchangeWebappClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermission;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tokenExchangeRealm = new Realm(\"tokenExchangeRealm\", RealmArgs.builder() \n .realm(\"token-exchange_destination_realm\")\n .enabled(true)\n .build());\n\n var tokenExchangeMyOidcIdp = new IdentityProvider(\"tokenExchangeMyOidcIdp\", IdentityProviderArgs.builder() \n .realm(tokenExchangeRealm.id())\n .alias(\"myIdp\")\n .authorizationUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\")\n .tokenUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\")\n .clientId(\"clientId\")\n .clientSecret(\"secret\")\n .defaultScopes(\"openid\")\n .build());\n\n var token_exchangeWebappClient = new Client(\"token-exchangeWebappClient\", ClientArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .clientId(\"webapp_client\")\n .clientSecret(\"secret\")\n .description(\"a webapp client on the destination realm\")\n .accessType(\"CONFIDENTIAL\")\n .standardFlowEnabled(true)\n .validRedirectUris(\"http://localhost:8080/*\")\n .build());\n\n var oidcIdpPermission = new IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", IdentityProviderTokenExchangeScopePermissionArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .providerAlias(tokenExchangeMyOidcIdp.alias())\n .policyType(\"client\")\n .clients(token_exchangeWebappClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tokenExchangeRealm:\n type: keycloak:Realm\n properties:\n realm: token-exchange_destination_realm\n enabled: true\n tokenExchangeMyOidcIdp:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${tokenExchangeRealm.id}\n alias: myIdp\n authorizationUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\n tokenUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\n clientId: clientId\n clientSecret: secret\n defaultScopes: openid\n token-exchangeWebappClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${tokenExchangeRealm.id}\n clientId: webapp_client\n clientSecret: secret\n description: a webapp client on the destination realm\n accessType: CONFIDENTIAL\n standardFlowEnabled: true\n validRedirectUris:\n - http://localhost:8080/*\n # relevant part\n oidcIdpPermission:\n type: keycloak:IdentityProviderTokenExchangeScopePermission\n properties:\n realmId: ${tokenExchangeRealm.id}\n providerAlias: ${tokenExchangeMyOidcIdp.alias}\n policyType: client\n clients:\n - ${[\"token-exchangeWebappClient\"].id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that\n\n you assign to the identity provider upon creation.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp\n```\n\n ", + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst tokenExchangeRealm = new keycloak.Realm(\"tokenExchangeRealm\", {\n realm: \"token-exchange_destination_realm\",\n enabled: true,\n});\nconst tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", {\n realm: tokenExchangeRealm.id,\n alias: \"myIdp\",\n authorizationUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n tokenUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n clientId: \"clientId\",\n clientSecret: \"secret\",\n defaultScopes: \"openid\",\n});\nconst token_exchangeWebappClient = new keycloak.openid.Client(\"token-exchangeWebappClient\", {\n realmId: tokenExchangeRealm.id,\n clientId: \"webapp_client\",\n clientSecret: \"secret\",\n description: \"a webapp client on the destination realm\",\n accessType: \"CONFIDENTIAL\",\n standardFlowEnabled: true,\n validRedirectUris: [\"http://localhost:8080/*\"],\n});\n//relevant part\nconst oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", {\n realmId: tokenExchangeRealm.id,\n providerAlias: tokenExchangeMyOidcIdp.alias,\n policyType: \"client\",\n clients: [token_exchangeWebappClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntoken_exchange_realm = keycloak.Realm(\"tokenExchangeRealm\",\n realm=\"token-exchange_destination_realm\",\n enabled=True)\ntoken_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\",\n realm=token_exchange_realm.id,\n alias=\"myIdp\",\n authorization_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n token_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n client_id=\"clientId\",\n client_secret=\"secret\",\n default_scopes=\"openid\")\ntoken_exchange_webapp_client = keycloak.openid.Client(\"token-exchangeWebappClient\",\n realm_id=token_exchange_realm.id,\n client_id=\"webapp_client\",\n client_secret=\"secret\",\n description=\"a webapp client on the destination realm\",\n access_type=\"CONFIDENTIAL\",\n standard_flow_enabled=True,\n valid_redirect_uris=[\"http://localhost:8080/*\"])\n#relevant part\noidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\",\n realm_id=token_exchange_realm.id,\n provider_alias=token_exchange_my_oidc_idp.alias,\n policy_type=\"client\",\n clients=[token_exchange_webapp_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tokenExchangeRealm = new Keycloak.Realm(\"tokenExchangeRealm\", new()\n {\n RealmName = \"token-exchange_destination_realm\",\n Enabled = true,\n });\n\n var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", new()\n {\n Realm = tokenExchangeRealm.Id,\n Alias = \"myIdp\",\n AuthorizationUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n TokenUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n ClientId = \"clientId\",\n ClientSecret = \"secret\",\n DefaultScopes = \"openid\",\n });\n\n var token_exchangeWebappClient = new Keycloak.OpenId.Client(\"token-exchangeWebappClient\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ClientId = \"webapp_client\",\n ClientSecret = \"secret\",\n Description = \"a webapp client on the destination realm\",\n AccessType = \"CONFIDENTIAL\",\n StandardFlowEnabled = true,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/*\",\n },\n });\n\n //relevant part\n var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ProviderAlias = tokenExchangeMyOidcIdp.Alias,\n PolicyType = \"client\",\n Clients = new[]\n {\n token_exchangeWebappClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttokenExchangeRealm, err := keycloak.NewRealm(ctx, \"tokenExchangeRealm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"token-exchange_destination_realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, \"tokenExchangeMyOidcIdp\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: tokenExchangeRealm.ID(),\n\t\t\tAlias: pulumi.String(\"myIdp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\"),\n\t\t\tClientId: pulumi.String(\"clientId\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"token-exchangeWebappClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tClientId: pulumi.String(\"webapp_client\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDescription: pulumi.String(\"a webapp client on the destination realm\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tStandardFlowEnabled: pulumi.Bool(true),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/*\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// relevant part\n\t\t_, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, \"oidcIdpPermission\", \u0026keycloak.IdentityProviderTokenExchangeScopePermissionArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tProviderAlias: tokenExchangeMyOidcIdp.Alias,\n\t\t\tPolicyType: pulumi.String(\"client\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\ttoken_exchangeWebappClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermission;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tokenExchangeRealm = new Realm(\"tokenExchangeRealm\", RealmArgs.builder() \n .realm(\"token-exchange_destination_realm\")\n .enabled(true)\n .build());\n\n var tokenExchangeMyOidcIdp = new IdentityProvider(\"tokenExchangeMyOidcIdp\", IdentityProviderArgs.builder() \n .realm(tokenExchangeRealm.id())\n .alias(\"myIdp\")\n .authorizationUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\")\n .tokenUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\")\n .clientId(\"clientId\")\n .clientSecret(\"secret\")\n .defaultScopes(\"openid\")\n .build());\n\n var token_exchangeWebappClient = new Client(\"token-exchangeWebappClient\", ClientArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .clientId(\"webapp_client\")\n .clientSecret(\"secret\")\n .description(\"a webapp client on the destination realm\")\n .accessType(\"CONFIDENTIAL\")\n .standardFlowEnabled(true)\n .validRedirectUris(\"http://localhost:8080/*\")\n .build());\n\n var oidcIdpPermission = new IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", IdentityProviderTokenExchangeScopePermissionArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .providerAlias(tokenExchangeMyOidcIdp.alias())\n .policyType(\"client\")\n .clients(token_exchangeWebappClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tokenExchangeRealm:\n type: keycloak:Realm\n properties:\n realm: token-exchange_destination_realm\n enabled: true\n tokenExchangeMyOidcIdp:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${tokenExchangeRealm.id}\n alias: myIdp\n authorizationUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\n tokenUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\n clientId: clientId\n clientSecret: secret\n defaultScopes: openid\n token-exchangeWebappClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${tokenExchangeRealm.id}\n clientId: webapp_client\n clientSecret: secret\n description: a webapp client on the destination realm\n accessType: CONFIDENTIAL\n standardFlowEnabled: true\n validRedirectUris:\n - http://localhost:8080/*\n # relevant part\n oidcIdpPermission:\n type: keycloak:IdentityProviderTokenExchangeScopePermission\n properties:\n realmId: ${tokenExchangeRealm.id}\n providerAlias: ${tokenExchangeMyOidcIdp.alias}\n policyType: client\n clients:\n - ${[\"token-exchangeWebappClient\"].id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that\n\n you assign to the identity provider upon creation.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp\n```\n\n ", "properties": { "authorizationIdpResourceId": { "type": "string", @@ -10990,7 +10990,7 @@ } }, "keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole": { - "description": "Allows for assigning client roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach realm roles to a service account, please use the `keycloak.openid.ClientServiceAccountRealmRole`\nresource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// client1 provides a role to other clients\nconst client1 = new keycloak.openid.Client(\"client1\", {realmId: realm.id});\nconst client1Role = new keycloak.Role(\"client1Role\", {\n realmId: realm.id,\n clientId: client1.id,\n description: \"A role that client1 provides\",\n});\n// client2 is assigned the role of client1\nconst client2 = new keycloak.openid.Client(\"client2\", {\n realmId: realm.id,\n serviceAccountsEnabled: true,\n});\nconst client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\", {\n realmId: realm.id,\n serviceAccountUserId: client2.serviceAccountUserId,\n clientId: client1.id,\n role: client1Role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# client1 provides a role to other clients\nclient1 = keycloak.openid.Client(\"client1\", realm_id=realm.id)\nclient1_role = keycloak.Role(\"client1Role\",\n realm_id=realm.id,\n client_id=client1.id,\n description=\"A role that client1 provides\")\n# client2 is assigned the role of client1\nclient2 = keycloak.openid.Client(\"client2\",\n realm_id=realm.id,\n service_accounts_enabled=True)\nclient2_service_account_role = keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\",\n realm_id=realm.id,\n service_account_user_id=client2.service_account_user_id,\n client_id=client1.id,\n role=client1_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // client1 provides a role to other clients\n var client1 = new Keycloak.OpenId.Client(\"client1\", new()\n {\n RealmId = realm.Id,\n });\n\n var client1Role = new Keycloak.Role(\"client1Role\", new()\n {\n RealmId = realm.Id,\n ClientId = client1.Id,\n Description = \"A role that client1 provides\",\n });\n\n // client2 is assigned the role of client1\n var client2 = new Keycloak.OpenId.Client(\"client2\", new()\n {\n RealmId = realm.Id,\n ServiceAccountsEnabled = true,\n });\n\n var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole(\"client2ServiceAccountRole\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client2.ServiceAccountUserId,\n ClientId = client1.Id,\n Role = client1Role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1, err := openid.NewClient(ctx, \"client1\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1Role, err := keycloak.NewRole(ctx, \"client1Role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client1.ID(),\n\t\t\tDescription: pulumi.String(\"A role that client1 provides\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient2, err := openid.NewClient(ctx, \"client2\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRole(ctx, \"client2ServiceAccountRole\", \u0026openid.ClientServiceAccountRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client2.ServiceAccountUserId,\n\t\t\tClientId: client1.ID(),\n\t\t\tRole: client1Role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client1 = new Client(\"client1\", ClientArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client1Role = new Role(\"client1Role\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client1.id())\n .description(\"A role that client1 provides\")\n .build());\n\n var client2 = new Client(\"client2\", ClientArgs.builder() \n .realmId(realm.id())\n .serviceAccountsEnabled(true)\n .build());\n\n var client2ServiceAccountRole = new ClientServiceAccountRole(\"client2ServiceAccountRole\", ClientServiceAccountRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client2.serviceAccountUserId())\n .clientId(client1.id())\n .role(client1Role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # client1 provides a role to other clients\n client1:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n client1Role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client1.id}\n description: A role that client1 provides\n # client2 is assigned the role of client1\n client2:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n serviceAccountsEnabled: true\n client2ServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRole\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client2.serviceAccountUserId}\n clientId: ${client1.id}\n role: ${client1Role.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n ", + "description": "Allows for assigning client roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach realm roles to a service account, please use the `keycloak.openid.ClientServiceAccountRealmRole`\nresource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// client1 provides a role to other clients\nconst client1 = new keycloak.openid.Client(\"client1\", {realmId: realm.id});\nconst client1Role = new keycloak.Role(\"client1Role\", {\n realmId: realm.id,\n clientId: client1.id,\n description: \"A role that client1 provides\",\n});\n// client2 is assigned the role of client1\nconst client2 = new keycloak.openid.Client(\"client2\", {\n realmId: realm.id,\n serviceAccountsEnabled: true,\n});\nconst client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\", {\n realmId: realm.id,\n serviceAccountUserId: client2.serviceAccountUserId,\n clientId: client1.id,\n role: client1Role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# client1 provides a role to other clients\nclient1 = keycloak.openid.Client(\"client1\", realm_id=realm.id)\nclient1_role = keycloak.Role(\"client1Role\",\n realm_id=realm.id,\n client_id=client1.id,\n description=\"A role that client1 provides\")\n# client2 is assigned the role of client1\nclient2 = keycloak.openid.Client(\"client2\",\n realm_id=realm.id,\n service_accounts_enabled=True)\nclient2_service_account_role = keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\",\n realm_id=realm.id,\n service_account_user_id=client2.service_account_user_id,\n client_id=client1.id,\n role=client1_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // client1 provides a role to other clients\n var client1 = new Keycloak.OpenId.Client(\"client1\", new()\n {\n RealmId = realm.Id,\n });\n\n var client1Role = new Keycloak.Role(\"client1Role\", new()\n {\n RealmId = realm.Id,\n ClientId = client1.Id,\n Description = \"A role that client1 provides\",\n });\n\n // client2 is assigned the role of client1\n var client2 = new Keycloak.OpenId.Client(\"client2\", new()\n {\n RealmId = realm.Id,\n ServiceAccountsEnabled = true,\n });\n\n var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole(\"client2ServiceAccountRole\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client2.ServiceAccountUserId,\n ClientId = client1.Id,\n Role = client1Role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client1 provides a role to other clients\n\t\tclient1, err := openid.NewClient(ctx, \"client1\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1Role, err := keycloak.NewRole(ctx, \"client1Role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client1.ID(),\n\t\t\tDescription: pulumi.String(\"A role that client1 provides\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client2 is assigned the role of client1\n\t\tclient2, err := openid.NewClient(ctx, \"client2\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRole(ctx, \"client2ServiceAccountRole\", \u0026openid.ClientServiceAccountRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client2.ServiceAccountUserId,\n\t\t\tClientId: client1.ID(),\n\t\t\tRole: client1Role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client1 = new Client(\"client1\", ClientArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client1Role = new Role(\"client1Role\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client1.id())\n .description(\"A role that client1 provides\")\n .build());\n\n var client2 = new Client(\"client2\", ClientArgs.builder() \n .realmId(realm.id())\n .serviceAccountsEnabled(true)\n .build());\n\n var client2ServiceAccountRole = new ClientServiceAccountRole(\"client2ServiceAccountRole\", ClientServiceAccountRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client2.serviceAccountUserId())\n .clientId(client1.id())\n .role(client1Role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # client1 provides a role to other clients\n client1:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n client1Role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client1.id}\n description: A role that client1 provides\n # client2 is assigned the role of client1\n client2:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n serviceAccountsEnabled: true\n client2ServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRole\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client2.serviceAccountUserId}\n clientId: ${client1.id}\n role: ${client1Role.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`.\n\n Example:\n\n bash\n\n ```sh\n $ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n ", "properties": { "clientId": { "type": "string", @@ -15638,7 +15638,7 @@ } }, "keycloak:openid/getClientScope:getClientScope": { - "description": "This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst offlineAccess = keycloak.openid.getClientScope({\n realmId: \"my-realm\",\n name: \"offline_access\",\n});\n// use the data source\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: offlineAccess.then(offlineAccess =\u003e offlineAccess.realmId),\n clientScopeId: offlineAccess.then(offlineAccess =\u003e offlineAccess.id),\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\noffline_access = keycloak.openid.get_client_scope(realm_id=\"my-realm\",\n name=\"offline_access\")\n# use the data source\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=offline_access.realm_id,\n client_scope_id=offline_access.id,\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var offlineAccess = Keycloak.OpenId.GetClientScope.Invoke(new()\n {\n RealmId = \"my-realm\",\n Name = \"offline_access\",\n });\n\n // use the data source\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.RealmId),\n ClientScopeId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.Id),\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tofflineAccess, err := openid.LookupClientScope(ctx, \u0026openid.LookupClientScopeArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tName: \"offline_access\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: *pulumi.String(offlineAccess.RealmId),\n\t\t\tClientScopeId: *pulumi.String(offlineAccess.Id),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var offlineAccess = OpenidFunctions.getClientScope(GetClientScopeArgs.builder()\n .realmId(\"my-realm\")\n .name(\"offline_access\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.realmId()))\n .clientScopeId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.id()))\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${offlineAccess.realmId}\n clientScopeId: ${offlineAccess.id}\n includedCustomAudience: foo\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:openid:getClientScope\n Arguments:\n realmId: my-realm\n name: offline_access\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst offlineAccess = keycloak.openid.getClientScope({\n realmId: \"my-realm\",\n name: \"offline_access\",\n});\n// use the data source\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: offlineAccess.then(offlineAccess =\u003e offlineAccess.realmId),\n clientScopeId: offlineAccess.then(offlineAccess =\u003e offlineAccess.id),\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\noffline_access = keycloak.openid.get_client_scope(realm_id=\"my-realm\",\n name=\"offline_access\")\n# use the data source\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=offline_access.realm_id,\n client_scope_id=offline_access.id,\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var offlineAccess = Keycloak.OpenId.GetClientScope.Invoke(new()\n {\n RealmId = \"my-realm\",\n Name = \"offline_access\",\n });\n\n // use the data source\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.RealmId),\n ClientScopeId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.Id),\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tofflineAccess, err := openid.LookupClientScope(ctx, \u0026openid.LookupClientScopeArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tName: \"offline_access\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: *pulumi.String(offlineAccess.RealmId),\n\t\t\tClientScopeId: *pulumi.String(offlineAccess.Id),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var offlineAccess = OpenidFunctions.getClientScope(GetClientScopeArgs.builder()\n .realmId(\"my-realm\")\n .name(\"offline_access\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.realmId()))\n .clientScopeId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.id()))\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${offlineAccess.realmId}\n clientScopeId: ${offlineAccess.id}\n includedCustomAudience: foo\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:openid:getClientScope\n Arguments:\n realmId: my-realm\n name: offline_access\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getClientScope.\n", "properties": { diff --git a/provider/go.mod b/provider/go.mod index 9519b973..a76f1461 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -10,8 +10,8 @@ replace ( require ( github.com/mrparkers/terraform-provider-keycloak v0.0.0-00010101000000-000000000000 - github.com/pulumi/pulumi-terraform-bridge/v3 v3.75.0 - github.com/pulumi/pulumi/sdk/v3 v3.105.0 + github.com/pulumi/pulumi-terraform-bridge/v3 v3.76.0 + github.com/pulumi/pulumi/sdk/v3 v3.107.0 ) require ( @@ -184,7 +184,7 @@ require ( github.com/pulumi/pulumi-java/pkg v0.9.9 // indirect github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 // indirect github.com/pulumi/pulumi-yaml v1.5.0 // indirect - github.com/pulumi/pulumi/pkg/v3 v3.105.0 // indirect + github.com/pulumi/pulumi/pkg/v3 v3.107.0 // indirect github.com/pulumi/schema-tools v0.1.2 // indirect github.com/pulumi/terraform-diff-reader v0.0.2 // indirect github.com/rivo/uniseg v0.4.4 // indirect diff --git a/provider/go.sum b/provider/go.sum index d54ccfe9..03202eda 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -2206,16 +2206,16 @@ github.com/pulumi/providertest v0.0.10 h1:bx77G0JYPO2Alf/SHRP05XpAYMrboKJkMIVkbF github.com/pulumi/providertest v0.0.10/go.mod h1:HsxjVsytcMIuNj19w1lT2W0QXY0oReXl1+h6eD2JXP8= github.com/pulumi/pulumi-java/pkg v0.9.9 h1:F3xJUtMFDVrTGCxb7Rh2Q8s6tj7gMfM5pcoUthz7vFY= github.com/pulumi/pulumi-java/pkg v0.9.9/go.mod h1:LVF1zeg3UkToHWxb67V+zEIxQc3EdMnlot5NWSt+FpA= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.75.0 h1:U4ela95zt8F1cPKfb7WZmlnp+ZqigaV/H5WZQdE5YkQ= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.75.0/go.mod h1:Qww43/Vier5FvEYsOF7JcxECa6irjPqO047KKXfJVzk= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.76.0 h1:o8XQDN0KH1LE1SNYjk512HdQujxmnOVhMp4mlqIGqVo= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.76.0/go.mod h1:iSQ4IXK9AD/ne+pFcR+kqtrEuOD43/1f8jugbYWvt4c= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 h1:mav2tSitA9BPJPLLahKgepHyYsMzwaTm4cvp0dcTMYw= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8/go.mod h1:qUYk2c9i/yqMGNj9/bQyXpS39BxNDSXYjVN1njnq0zY= github.com/pulumi/pulumi-yaml v1.5.0 h1:HfXu+WSFNpycref9CK935cViYJzXwSgHGWM/RepyrW0= github.com/pulumi/pulumi-yaml v1.5.0/go.mod h1:AvKSmEQv2EkPbpvAQroR1eP1LkJGC8z5NDM34rVWOtg= -github.com/pulumi/pulumi/pkg/v3 v3.105.0 h1:bJG1vUiYH2gDF1pfBKlIABDNoJD2LvU1LmjjL+EbvuM= -github.com/pulumi/pulumi/pkg/v3 v3.105.0/go.mod h1:eZAFEFOwE/skElTfwetfyTxPebmWr5vOS5NSU9XwlVw= -github.com/pulumi/pulumi/sdk/v3 v3.105.0 h1:OKEeubZigWyQVnZS6udnFnZHZ/8OWXuUYv9ir3OY+vs= -github.com/pulumi/pulumi/sdk/v3 v3.105.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/pkg/v3 v3.107.0 h1:HRyIl1c9ur0PVQW+GuFL1APBEuGa/fQQMp3F+WluxW8= +github.com/pulumi/pulumi/pkg/v3 v3.107.0/go.mod h1:7edfZu4FlrXdIn4339tJ+SQX5VKGqbFntmpc8cai0Zg= +github.com/pulumi/pulumi/sdk/v3 v3.107.0 h1:bef+ayh9+4KkAqXih4EjlHfQXRY24NWPwWBIQhBxTjg= +github.com/pulumi/pulumi/sdk/v3 v3.107.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= diff --git a/sdk/go.mod b/sdk/go.mod index cd5ae09c..1782cea8 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/blang/semver v3.5.1+incompatible - github.com/pulumi/pulumi/sdk/v3 v3.105.0 + github.com/pulumi/pulumi/sdk/v3 v3.107.0 ) require ( diff --git a/sdk/go.sum b/sdk/go.sum index 6b1732e4..e0318b57 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -148,8 +148,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= -github.com/pulumi/pulumi/sdk/v3 v3.105.0 h1:OKEeubZigWyQVnZS6udnFnZHZ/8OWXuUYv9ir3OY+vs= -github.com/pulumi/pulumi/sdk/v3 v3.105.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/sdk/v3 v3.107.0 h1:bef+ayh9+4KkAqXih4EjlHfQXRY24NWPwWBIQhBxTjg= +github.com/pulumi/pulumi/sdk/v3 v3.107.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= diff --git a/sdk/go/keycloak/authentication/bindings.go b/sdk/go/keycloak/authentication/bindings.go index f5a5e9f6..58fc2da5 100644 --- a/sdk/go/keycloak/authentication/bindings.go +++ b/sdk/go/keycloak/authentication/bindings.go @@ -55,6 +55,7 @@ import ( // if err != nil { // return err // } +// // first execution // executionOne, err := authentication.NewExecution(ctx, "executionOne", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, @@ -64,6 +65,7 @@ import ( // if err != nil { // return err // } +// // second execution // _, err = authentication.NewExecution(ctx, "executionTwo", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, diff --git a/sdk/go/keycloak/authentication/execution.go b/sdk/go/keycloak/authentication/execution.go index ff95f048..a38b1c5b 100644 --- a/sdk/go/keycloak/authentication/execution.go +++ b/sdk/go/keycloak/authentication/execution.go @@ -48,6 +48,7 @@ import ( // if err != nil { // return err // } +// // first execution // executionOne, err := authentication.NewExecution(ctx, "executionOne", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, @@ -57,6 +58,7 @@ import ( // if err != nil { // return err // } +// // second execution // _, err = authentication.NewExecution(ctx, "executionTwo", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, diff --git a/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go b/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go index f9223726..e6bb220d 100644 --- a/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go +++ b/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go @@ -61,6 +61,7 @@ import ( // if err != nil { // return err // } +// // relevant part // _, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, "oidcIdpPermission", &keycloak.IdentityProviderTokenExchangeScopePermissionArgs{ // RealmId: tokenExchangeRealm.ID(), // ProviderAlias: tokenExchangeMyOidcIdp.Alias, diff --git a/sdk/go/keycloak/openid/clientServiceAccountRole.go b/sdk/go/keycloak/openid/clientServiceAccountRole.go index 3789a3c5..2d2ab23e 100644 --- a/sdk/go/keycloak/openid/clientServiceAccountRole.go +++ b/sdk/go/keycloak/openid/clientServiceAccountRole.go @@ -40,6 +40,7 @@ import ( // if err != nil { // return err // } +// // client1 provides a role to other clients // client1, err := openid.NewClient(ctx, "client1", &openid.ClientArgs{ // RealmId: realm.ID(), // }) @@ -54,6 +55,7 @@ import ( // if err != nil { // return err // } +// // client2 is assigned the role of client1 // client2, err := openid.NewClient(ctx, "client2", &openid.ClientArgs{ // RealmId: realm.ID(), // ServiceAccountsEnabled: pulumi.Bool(true), diff --git a/sdk/go/keycloak/openid/getClientScope.go b/sdk/go/keycloak/openid/getClientScope.go index 63343298..f01e9de8 100644 --- a/sdk/go/keycloak/openid/getClientScope.go +++ b/sdk/go/keycloak/openid/getClientScope.go @@ -34,6 +34,7 @@ import ( // if err != nil { // return err // } +// // use the data source // _, err = openid.NewAudienceProtocolMapper(ctx, "audienceMapper", &openid.AudienceProtocolMapperArgs{ // RealmId: *pulumi.String(offlineAccess.RealmId), // ClientScopeId: *pulumi.String(offlineAccess.Id),