keycloak.openid.ClientPermissions
Explore with Pulumi AI
Allows you to manage all openid client Scope Based Permissions.
This is part of a preview keycloak feature. You need to enable this feature to be able to use this resource. More information about enabling the preview feature can be found here: https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange
When enabling Openid Client Permissions, Keycloak does several things automatically:
- Enable Authorization on build-in realm-management client
- Create scopes “view”, “manage”, “configure”, “map-roles”, “map-roles-client-scope”, “map-roles-composite”, " token-exchange"
- Create a resource representing the openid client
- Create all scope based permission for the scopes and openid client resource
If the realm-management Authorization is not enable, you have to ceate a dependency (depends_on
) with the policy and
the openid client.
Create ClientPermissions Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ClientPermissions(name: string, args: ClientPermissionsArgs, opts?: CustomResourceOptions);
@overload
def ClientPermissions(resource_name: str,
args: ClientPermissionsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ClientPermissions(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_id: Optional[str] = None,
realm_id: Optional[str] = None,
configure_scope: Optional[ClientPermissionsConfigureScopeArgs] = None,
manage_scope: Optional[ClientPermissionsManageScopeArgs] = None,
map_roles_client_scope_scope: Optional[ClientPermissionsMapRolesClientScopeScopeArgs] = None,
map_roles_composite_scope: Optional[ClientPermissionsMapRolesCompositeScopeArgs] = None,
map_roles_scope: Optional[ClientPermissionsMapRolesScopeArgs] = None,
token_exchange_scope: Optional[ClientPermissionsTokenExchangeScopeArgs] = None,
view_scope: Optional[ClientPermissionsViewScopeArgs] = None)
func NewClientPermissions(ctx *Context, name string, args ClientPermissionsArgs, opts ...ResourceOption) (*ClientPermissions, error)
public ClientPermissions(string name, ClientPermissionsArgs args, CustomResourceOptions? opts = null)
public ClientPermissions(String name, ClientPermissionsArgs args)
public ClientPermissions(String name, ClientPermissionsArgs args, CustomResourceOptions options)
type: keycloak:openid:ClientPermissions
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ClientPermissionsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClientPermissionsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClientPermissionsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClientPermissionsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClientPermissionsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var clientPermissionsResource = new Keycloak.OpenId.ClientPermissions("clientPermissionsResource", new()
{
ClientId = "string",
RealmId = "string",
ConfigureScope = new Keycloak.OpenId.Inputs.ClientPermissionsConfigureScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
ManageScope = new Keycloak.OpenId.Inputs.ClientPermissionsManageScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
MapRolesClientScopeScope = new Keycloak.OpenId.Inputs.ClientPermissionsMapRolesClientScopeScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
MapRolesCompositeScope = new Keycloak.OpenId.Inputs.ClientPermissionsMapRolesCompositeScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
MapRolesScope = new Keycloak.OpenId.Inputs.ClientPermissionsMapRolesScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
TokenExchangeScope = new Keycloak.OpenId.Inputs.ClientPermissionsTokenExchangeScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
ViewScope = new Keycloak.OpenId.Inputs.ClientPermissionsViewScopeArgs
{
DecisionStrategy = "string",
Description = "string",
Policies = new[]
{
"string",
},
},
});
example, err := openid.NewClientPermissions(ctx, "clientPermissionsResource", &openid.ClientPermissionsArgs{
ClientId: pulumi.String("string"),
RealmId: pulumi.String("string"),
ConfigureScope: &openid.ClientPermissionsConfigureScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
ManageScope: &openid.ClientPermissionsManageScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
MapRolesClientScopeScope: &openid.ClientPermissionsMapRolesClientScopeScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
MapRolesCompositeScope: &openid.ClientPermissionsMapRolesCompositeScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
MapRolesScope: &openid.ClientPermissionsMapRolesScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
TokenExchangeScope: &openid.ClientPermissionsTokenExchangeScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
ViewScope: &openid.ClientPermissionsViewScopeArgs{
DecisionStrategy: pulumi.String("string"),
Description: pulumi.String("string"),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var clientPermissionsResource = new ClientPermissions("clientPermissionsResource", ClientPermissionsArgs.builder()
.clientId("string")
.realmId("string")
.configureScope(ClientPermissionsConfigureScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.manageScope(ClientPermissionsManageScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.mapRolesClientScopeScope(ClientPermissionsMapRolesClientScopeScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.mapRolesCompositeScope(ClientPermissionsMapRolesCompositeScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.mapRolesScope(ClientPermissionsMapRolesScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.tokenExchangeScope(ClientPermissionsTokenExchangeScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.viewScope(ClientPermissionsViewScopeArgs.builder()
.decisionStrategy("string")
.description("string")
.policies("string")
.build())
.build());
client_permissions_resource = keycloak.openid.ClientPermissions("clientPermissionsResource",
client_id="string",
realm_id="string",
configure_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
manage_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
map_roles_client_scope_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
map_roles_composite_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
map_roles_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
token_exchange_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
},
view_scope={
"decision_strategy": "string",
"description": "string",
"policies": ["string"],
})
const clientPermissionsResource = new keycloak.openid.ClientPermissions("clientPermissionsResource", {
clientId: "string",
realmId: "string",
configureScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
manageScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
mapRolesClientScopeScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
mapRolesCompositeScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
mapRolesScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
tokenExchangeScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
viewScope: {
decisionStrategy: "string",
description: "string",
policies: ["string"],
},
});
type: keycloak:openid:ClientPermissions
properties:
clientId: string
configureScope:
decisionStrategy: string
description: string
policies:
- string
manageScope:
decisionStrategy: string
description: string
policies:
- string
mapRolesClientScopeScope:
decisionStrategy: string
description: string
policies:
- string
mapRolesCompositeScope:
decisionStrategy: string
description: string
policies:
- string
mapRolesScope:
decisionStrategy: string
description: string
policies:
- string
realmId: string
tokenExchangeScope:
decisionStrategy: string
description: string
policies:
- string
viewScope:
decisionStrategy: string
description: string
policies:
- string
ClientPermissions Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ClientPermissions resource accepts the following input properties:
- Client
Id string - Realm
Id string - Configure
Scope ClientPermissions Configure Scope - Manage
Scope ClientPermissions Manage Scope - Map
Roles ClientClient Scope Scope Permissions Map Roles Client Scope Scope - Map
Roles ClientComposite Scope Permissions Map Roles Composite Scope - Map
Roles ClientScope Permissions Map Roles Scope - Token
Exchange ClientScope Permissions Token Exchange Scope - View
Scope ClientPermissions View Scope
- Client
Id string - Realm
Id string - Configure
Scope ClientPermissions Configure Scope Args - Manage
Scope ClientPermissions Manage Scope Args - Map
Roles ClientClient Scope Scope Permissions Map Roles Client Scope Scope Args - Map
Roles ClientComposite Scope Permissions Map Roles Composite Scope Args - Map
Roles ClientScope Permissions Map Roles Scope Args - Token
Exchange ClientScope Permissions Token Exchange Scope Args - View
Scope ClientPermissions View Scope Args
- client
Id String - realm
Id String - configure
Scope ClientPermissions Configure Scope - manage
Scope ClientPermissions Manage Scope - map
Roles ClientClient Scope Scope Permissions Map Roles Client Scope Scope - map
Roles ClientComposite Scope Permissions Map Roles Composite Scope - map
Roles ClientScope Permissions Map Roles Scope - token
Exchange ClientScope Permissions Token Exchange Scope - view
Scope ClientPermissions View Scope
- client
Id string - realm
Id string - configure
Scope ClientPermissions Configure Scope - manage
Scope ClientPermissions Manage Scope - map
Roles ClientClient Scope Scope Permissions Map Roles Client Scope Scope - map
Roles ClientComposite Scope Permissions Map Roles Composite Scope - map
Roles ClientScope Permissions Map Roles Scope - token
Exchange ClientScope Permissions Token Exchange Scope - view
Scope ClientPermissions View Scope
- client_
id str - realm_
id str - configure_
scope ClientPermissions Configure Scope Args - manage_
scope ClientPermissions Manage Scope Args - map_
roles_ Clientclient_ scope_ scope Permissions Map Roles Client Scope Scope Args - map_
roles_ Clientcomposite_ scope Permissions Map Roles Composite Scope Args - map_
roles_ Clientscope Permissions Map Roles Scope Args - token_
exchange_ Clientscope Permissions Token Exchange Scope Args - view_
scope ClientPermissions View Scope Args
Outputs
All input properties are implicitly available as output properties. Additionally, the ClientPermissions resource produces the following output properties:
Look up Existing ClientPermissions Resource
Get an existing ClientPermissions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClientPermissionsState, opts?: CustomResourceOptions): ClientPermissions
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authorization_resource_server_id: Optional[str] = None,
client_id: Optional[str] = None,
configure_scope: Optional[ClientPermissionsConfigureScopeArgs] = None,
enabled: Optional[bool] = None,
manage_scope: Optional[ClientPermissionsManageScopeArgs] = None,
map_roles_client_scope_scope: Optional[ClientPermissionsMapRolesClientScopeScopeArgs] = None,
map_roles_composite_scope: Optional[ClientPermissionsMapRolesCompositeScopeArgs] = None,
map_roles_scope: Optional[ClientPermissionsMapRolesScopeArgs] = None,
realm_id: Optional[str] = None,
token_exchange_scope: Optional[ClientPermissionsTokenExchangeScopeArgs] = None,
view_scope: Optional[ClientPermissionsViewScopeArgs] = None) -> ClientPermissions
func GetClientPermissions(ctx *Context, name string, id IDInput, state *ClientPermissionsState, opts ...ResourceOption) (*ClientPermissions, error)
public static ClientPermissions Get(string name, Input<string> id, ClientPermissionsState? state, CustomResourceOptions? opts = null)
public static ClientPermissions get(String name, Output<String> id, ClientPermissionsState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- string
- Resource server id representing the realm management client on which this permission is managed
- Client
Id string - Configure
Scope ClientPermissions Configure Scope - Enabled bool
- Manage
Scope ClientPermissions Manage Scope - Map
Roles ClientClient Scope Scope Permissions Map Roles Client Scope Scope - Map
Roles ClientComposite Scope Permissions Map Roles Composite Scope - Map
Roles ClientScope Permissions Map Roles Scope - Realm
Id string - Token
Exchange ClientScope Permissions Token Exchange Scope - View
Scope ClientPermissions View Scope
- string
- Resource server id representing the realm management client on which this permission is managed
- Client
Id string - Configure
Scope ClientPermissions Configure Scope Args - Enabled bool
- Manage
Scope ClientPermissions Manage Scope Args - Map
Roles ClientClient Scope Scope Permissions Map Roles Client Scope Scope Args - Map
Roles ClientComposite Scope Permissions Map Roles Composite Scope Args - Map
Roles ClientScope Permissions Map Roles Scope Args - Realm
Id string - Token
Exchange ClientScope Permissions Token Exchange Scope Args - View
Scope ClientPermissions View Scope Args
- String
- Resource server id representing the realm management client on which this permission is managed
- client
Id String - configure
Scope ClientPermissions Configure Scope - enabled Boolean
- manage
Scope ClientPermissions Manage Scope - map
Roles ClientClient Scope Scope Permissions Map Roles Client Scope Scope - map
Roles ClientComposite Scope Permissions Map Roles Composite Scope - map
Roles ClientScope Permissions Map Roles Scope - realm
Id String - token
Exchange ClientScope Permissions Token Exchange Scope - view
Scope ClientPermissions View Scope
- string
- Resource server id representing the realm management client on which this permission is managed
- client
Id string - configure
Scope ClientPermissions Configure Scope - enabled boolean
- manage
Scope ClientPermissions Manage Scope - map
Roles ClientClient Scope Scope Permissions Map Roles Client Scope Scope - map
Roles ClientComposite Scope Permissions Map Roles Composite Scope - map
Roles ClientScope Permissions Map Roles Scope - realm
Id string - token
Exchange ClientScope Permissions Token Exchange Scope - view
Scope ClientPermissions View Scope
- str
- Resource server id representing the realm management client on which this permission is managed
- client_
id str - configure_
scope ClientPermissions Configure Scope Args - enabled bool
- manage_
scope ClientPermissions Manage Scope Args - map_
roles_ Clientclient_ scope_ scope Permissions Map Roles Client Scope Scope Args - map_
roles_ Clientcomposite_ scope Permissions Map Roles Composite Scope Args - map_
roles_ Clientscope Permissions Map Roles Scope Args - realm_
id str - token_
exchange_ Clientscope Permissions Token Exchange Scope Args - view_
scope ClientPermissions View Scope Args
- String
- Resource server id representing the realm management client on which this permission is managed
- client
Id String - configure
Scope Property Map - enabled Boolean
- manage
Scope Property Map - map
Roles Property MapClient Scope Scope - map
Roles Property MapComposite Scope - map
Roles Property MapScope - realm
Id String - token
Exchange Property MapScope - view
Scope Property Map
Supporting Types
ClientPermissionsConfigureScope, ClientPermissionsConfigureScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
ClientPermissionsManageScope, ClientPermissionsManageScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
ClientPermissionsMapRolesClientScopeScope, ClientPermissionsMapRolesClientScopeScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
ClientPermissionsMapRolesCompositeScope, ClientPermissionsMapRolesCompositeScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
ClientPermissionsMapRolesScope, ClientPermissionsMapRolesScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
ClientPermissionsTokenExchangeScope, ClientPermissionsTokenExchangeScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
ClientPermissionsViewScope, ClientPermissionsViewScopeArgs
- Decision
Strategy string - Description string
- Policies List<string>
- Decision
Strategy string - Description string
- Policies []string
- decision
Strategy String - description String
- policies List<String>
- decision
Strategy string - description string
- policies string[]
- decision_
strategy str - description str
- policies Sequence[str]
- decision
Strategy String - description String
- policies List<String>
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloak
Terraform Provider.