keycloak.GroupPermissions
Explore with Pulumi AI
Allows you to manage all group Scope Based Permissions https://www.keycloak.org/docs/latest/server_admin/#group.
This is part of a preview Keycloak feature: admin_fine_grained_authz
(see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).
This feature can be enabled with the Keycloak option -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled
. See the
example docker-compose.yml
file for an example.
When enabling Roles Permissions, Keycloak does several things automatically:
- Enable Authorization on built-in
realm-management
client (if not already enabled). - Create a resource representing the role permissions.
- Create scopes
view
,manage
,view-members
,manage-members
,manage-membership
. - Create all scope based permission for the scopes and role resource
Create GroupPermissions Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GroupPermissions(name: string, args: GroupPermissionsArgs, opts?: CustomResourceOptions);
@overload
def GroupPermissions(resource_name: str,
args: GroupPermissionsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GroupPermissions(resource_name: str,
opts: Optional[ResourceOptions] = None,
group_id: Optional[str] = None,
realm_id: Optional[str] = None,
manage_members_scope: Optional[GroupPermissionsManageMembersScopeArgs] = None,
manage_membership_scope: Optional[GroupPermissionsManageMembershipScopeArgs] = None,
manage_scope: Optional[GroupPermissionsManageScopeArgs] = None,
view_members_scope: Optional[GroupPermissionsViewMembersScopeArgs] = None,
view_scope: Optional[GroupPermissionsViewScopeArgs] = None)
func NewGroupPermissions(ctx *Context, name string, args GroupPermissionsArgs, opts ...ResourceOption) (*GroupPermissions, error)
public GroupPermissions(string name, GroupPermissionsArgs args, CustomResourceOptions? opts = null)
public GroupPermissions(String name, GroupPermissionsArgs args)
public GroupPermissions(String name, GroupPermissionsArgs args, CustomResourceOptions options)
type: keycloak:GroupPermissions
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GroupPermissionsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GroupPermissionsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GroupPermissionsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GroupPermissionsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GroupPermissionsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var groupPermissionsResource = new Keycloak.GroupPermissions("groupPermissionsResource", new()
{
GroupId = "string",
RealmId = "string",
ManageMembersScope = new Keycloak.Inputs.GroupPermissionsManageMembersScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
ManageMembershipScope = new Keycloak.Inputs.GroupPermissionsManageMembershipScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
ManageScope = new Keycloak.Inputs.GroupPermissionsManageScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
ViewMembersScope = new Keycloak.Inputs.GroupPermissionsViewMembersScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
ViewScope = new Keycloak.Inputs.GroupPermissionsViewScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
});
example, err := keycloak.NewGroupPermissions(ctx, "groupPermissionsResource", &keycloak.GroupPermissionsArgs{
GroupId: pulumi.String("string"),
RealmId: pulumi.String("string"),
ManageMembersScope: &keycloak.GroupPermissionsManageMembersScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
ManageMembershipScope: &keycloak.GroupPermissionsManageMembershipScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
ManageScope: &keycloak.GroupPermissionsManageScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
ViewMembersScope: &keycloak.GroupPermissionsViewMembersScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
ViewScope: &keycloak.GroupPermissionsViewScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var groupPermissionsResource = new GroupPermissions("groupPermissionsResource", GroupPermissionsArgs.builder()
.groupId("string")
.realmId("string")
.manageMembersScope(GroupPermissionsManageMembersScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.manageMembershipScope(GroupPermissionsManageMembershipScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.manageScope(GroupPermissionsManageScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.viewMembersScope(GroupPermissionsViewMembersScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.viewScope(GroupPermissionsViewScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.build());
group_permissions_resource = keycloak.GroupPermissions("groupPermissionsResource",
group_id="string",
realm_id="string",
manage_members_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
manage_membership_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
manage_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
view_members_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
view_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
})
const groupPermissionsResource = new keycloak.GroupPermissions("groupPermissionsResource", {
groupId: "string",
realmId: "string",
manageMembersScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
manageMembershipScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
manageScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
viewMembersScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
viewScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
});
type: keycloak:GroupPermissions
properties:
groupId: string
manageMembersScope:
decisionStrategy: string
description: string
policies:
- string
manageMembershipScope:
decisionStrategy: string
description: string
policies:
- string
manageScope:
decisionStrategy: string
description: string
policies:
- string
realmId: string
viewMembersScope:
decisionStrategy: string
description: string
policies:
- string
viewScope:
decisionStrategy: string
description: string
policies:
- string
GroupPermissions Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GroupPermissions resource accepts the following input properties:
Outputs
All input properties are implicitly available as output properties. Additionally, the GroupPermissions resource produces the following output properties:
Look up Existing GroupPermissions Resource
Get an existing GroupPermissions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GroupPermissionsState, opts?: CustomResourceOptions): GroupPermissions
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authorization_resource_server_id: Optional[str] = None,
enabled: Optional[bool] = None,
group_id: Optional[str] = None,
manage_members_scope: Optional[GroupPermissionsManageMembersScopeArgs] = None,
manage_membership_scope: Optional[GroupPermissionsManageMembershipScopeArgs] = None,
manage_scope: Optional[GroupPermissionsManageScopeArgs] = None,
realm_id: Optional[str] = None,
view_members_scope: Optional[GroupPermissionsViewMembersScopeArgs] = None,
view_scope: Optional[GroupPermissionsViewScopeArgs] = None) -> GroupPermissions
func GetGroupPermissions(ctx *Context, name string, id IDInput, state *GroupPermissionsState, opts ...ResourceOption) (*GroupPermissions, error)
public static GroupPermissions Get(string name, Input<string> id, GroupPermissionsState? state, CustomResourceOptions? opts = null)
public static GroupPermissions get(String name, Output<String> id, GroupPermissionsState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- string
- Resource server id representing the realm management client on which this permission is managed
- Enabled bool
- Group
Id string - Manage
Members GroupScope Permissions Manage Members Scope - Manage
Membership GroupScope Permissions Manage Membership Scope - Manage
Scope GroupPermissions Manage Scope - Realm
Id string - View
Members GroupScope Permissions View Members Scope - View
Scope GroupPermissions View Scope
- string
- Resource server id representing the realm management client on which this permission is managed
- Enabled bool
- Group
Id string - Manage
Members GroupScope Permissions Manage Members Scope Args - Manage
Membership GroupScope Permissions Manage Membership Scope Args - Manage
Scope GroupPermissions Manage Scope Args - Realm
Id string - View
Members GroupScope Permissions View Members Scope Args - View
Scope GroupPermissions View Scope Args
- String
- Resource server id representing the realm management client on which this permission is managed
- enabled Boolean
- group
Id String - manage
Members GroupScope Permissions Manage Members Scope - manage
Membership GroupScope Permissions Manage Membership Scope - manage
Scope GroupPermissions Manage Scope - realm
Id String - view
Members GroupScope Permissions View Members Scope - view
Scope GroupPermissions View Scope
- string
- Resource server id representing the realm management client on which this permission is managed
- enabled boolean
- group
Id string - manage
Members GroupScope Permissions Manage Members Scope - manage
Membership GroupScope Permissions Manage Membership Scope - manage
Scope GroupPermissions Manage Scope - realm
Id string - view
Members GroupScope Permissions View Members Scope - view
Scope GroupPermissions View Scope
- str
- Resource server id representing the realm management client on which this permission is managed
- enabled bool
- group_
id str - manage_
members_ Groupscope Permissions Manage Members Scope Args - manage_
membership_ Groupscope Permissions Manage Membership Scope Args - manage_
scope GroupPermissions Manage Scope Args - realm_
id str - view_
members_ Groupscope Permissions View Members Scope Args - view_
scope GroupPermissions View Scope Args
- String
- Resource server id representing the realm management client on which this permission is managed
- enabled Boolean
- group
Id String - manage
Members Property MapScope - manage
Membership Property MapScope - manage
Scope Property Map - realm
Id String - view
Members Property MapScope - view
Scope Property Map
Supporting Types
GroupPermissionsManageMembersScope, GroupPermissionsManageMembersScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
GroupPermissionsManageMembershipScope, GroupPermissionsManageMembershipScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
GroupPermissionsManageScope, GroupPermissionsManageScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
GroupPermissionsViewMembersScope, GroupPermissionsViewMembersScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
GroupPermissionsViewScope, GroupPermissionsViewScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloak
Terraform Provider.