keycloak.openid.HardcodedRoleProtocolMapper
Explore with Pulumi AI
# keycloak.openid.HardcodedRoleProtocolMapper
Allows for creating and managing hardcoded role protocol mappers within Keycloak.
Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.
Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const role = new keycloak.Role("role", {
realmId: realm.id,
name: "my-role",
});
const openidClient = new keycloak.openid.Client("openid_client", {
realmId: realm.id,
clientId: "test-client",
name: "test client",
enabled: true,
accessType: "CONFIDENTIAL",
validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper", {
realmId: realm.id,
clientId: openidClient.id,
name: "hardcoded-role-mapper",
roleId: role.id,
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
role = keycloak.Role("role",
realm_id=realm.id,
name="my-role")
openid_client = keycloak.openid.Client("openid_client",
realm_id=realm.id,
client_id="test-client",
name="test client",
enabled=True,
access_type="CONFIDENTIAL",
valid_redirect_uris=["http://localhost:8080/openid-callback"])
hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper",
realm_id=realm.id,
client_id=openid_client.id,
name="hardcoded-role-mapper",
role_id=role.id)
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
role, err := keycloak.NewRole(ctx, "role", &keycloak.RoleArgs{
RealmId: realm.ID(),
Name: pulumi.String("my-role"),
})
if err != nil {
return err
}
openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("test-client"),
Name: pulumi.String("test client"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("CONFIDENTIAL"),
ValidRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:8080/openid-callback"),
},
})
if err != nil {
return err
}
_, err = openid.NewHardcodedRoleProtocolMapper(ctx, "hardcoded_role_mapper", &openid.HardcodedRoleProtocolMapperArgs{
RealmId: realm.ID(),
ClientId: openidClient.ID(),
Name: pulumi.String("hardcoded-role-mapper"),
RoleId: role.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var role = new Keycloak.Role("role", new()
{
RealmId = realm.Id,
Name = "my-role",
});
var openidClient = new Keycloak.OpenId.Client("openid_client", new()
{
RealmId = realm.Id,
ClientId = "test-client",
Name = "test client",
Enabled = true,
AccessType = "CONFIDENTIAL",
ValidRedirectUris = new[]
{
"http://localhost:8080/openid-callback",
},
});
var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcoded_role_mapper", new()
{
RealmId = realm.Id,
ClientId = openidClient.Id,
Name = "hardcoded-role-mapper",
RoleId = role.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;
import com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var role = new Role("role", RoleArgs.builder()
.realmId(realm.id())
.name("my-role")
.build());
var openidClient = new Client("openidClient", ClientArgs.builder()
.realmId(realm.id())
.clientId("test-client")
.name("test client")
.enabled(true)
.accessType("CONFIDENTIAL")
.validRedirectUris("http://localhost:8080/openid-callback")
.build());
var hardcodedRoleMapper = new HardcodedRoleProtocolMapper("hardcodedRoleMapper", HardcodedRoleProtocolMapperArgs.builder()
.realmId(realm.id())
.clientId(openidClient.id())
.name("hardcoded-role-mapper")
.roleId(role.id())
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
role:
type: keycloak:Role
properties:
realmId: ${realm.id}
name: my-role
openidClient:
type: keycloak:openid:Client
name: openid_client
properties:
realmId: ${realm.id}
clientId: test-client
name: test client
enabled: true
accessType: CONFIDENTIAL
validRedirectUris:
- http://localhost:8080/openid-callback
hardcodedRoleMapper:
type: keycloak:openid:HardcodedRoleProtocolMapper
name: hardcoded_role_mapper
properties:
realmId: ${realm.id}
clientId: ${openidClient.id}
name: hardcoded-role-mapper
roleId: ${role.id}
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const role = new keycloak.Role("role", {
realmId: realm.id,
name: "my-role",
});
const clientScope = new keycloak.openid.ClientScope("client_scope", {
realmId: realm.id,
name: "test-client-scope",
});
const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper", {
realmId: realm.id,
clientScopeId: clientScope.id,
name: "hardcoded-role-mapper",
roleId: role.id,
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
role = keycloak.Role("role",
realm_id=realm.id,
name="my-role")
client_scope = keycloak.openid.ClientScope("client_scope",
realm_id=realm.id,
name="test-client-scope")
hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper",
realm_id=realm.id,
client_scope_id=client_scope.id,
name="hardcoded-role-mapper",
role_id=role.id)
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
role, err := keycloak.NewRole(ctx, "role", &keycloak.RoleArgs{
RealmId: realm.ID(),
Name: pulumi.String("my-role"),
})
if err != nil {
return err
}
clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{
RealmId: realm.ID(),
Name: pulumi.String("test-client-scope"),
})
if err != nil {
return err
}
_, err = openid.NewHardcodedRoleProtocolMapper(ctx, "hardcoded_role_mapper", &openid.HardcodedRoleProtocolMapperArgs{
RealmId: realm.ID(),
ClientScopeId: clientScope.ID(),
Name: pulumi.String("hardcoded-role-mapper"),
RoleId: role.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var role = new Keycloak.Role("role", new()
{
RealmId = realm.Id,
Name = "my-role",
});
var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new()
{
RealmId = realm.Id,
Name = "test-client-scope",
});
var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcoded_role_mapper", new()
{
RealmId = realm.Id,
ClientScopeId = clientScope.Id,
Name = "hardcoded-role-mapper",
RoleId = role.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.openid.ClientScope;
import com.pulumi.keycloak.openid.ClientScopeArgs;
import com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;
import com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var role = new Role("role", RoleArgs.builder()
.realmId(realm.id())
.name("my-role")
.build());
var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder()
.realmId(realm.id())
.name("test-client-scope")
.build());
var hardcodedRoleMapper = new HardcodedRoleProtocolMapper("hardcodedRoleMapper", HardcodedRoleProtocolMapperArgs.builder()
.realmId(realm.id())
.clientScopeId(clientScope.id())
.name("hardcoded-role-mapper")
.roleId(role.id())
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
role:
type: keycloak:Role
properties:
realmId: ${realm.id}
name: my-role
clientScope:
type: keycloak:openid:ClientScope
name: client_scope
properties:
realmId: ${realm.id}
name: test-client-scope
hardcodedRoleMapper:
type: keycloak:openid:HardcodedRoleProtocolMapper
name: hardcoded_role_mapper
properties:
realmId: ${realm.id}
clientScopeId: ${clientScope.id}
name: hardcoded-role-mapper
roleId: ${role.id}
Argument Reference
The following arguments are supported:
realm_id
- (Required) The realm this protocol mapper exists within.client_id
- (Required ifclient_scope_id
is not specified) The client this protocol mapper is attached to.client_scope_id
- (Required ifclient_id
is not specified) The client scope this protocol mapper is attached to.name
- (Required) The display name of this protocol mapper in the GUI.role_id
- (Required) The ID of the role to map to an access token.
Import
Protocol mappers can be imported using one of the following formats:
- Client:
{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}
- Client Scope:
{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}
Example:
$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4
$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4
Create HardcodedRoleProtocolMapper Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new HardcodedRoleProtocolMapper(name: string, args: HardcodedRoleProtocolMapperArgs, opts?: CustomResourceOptions);
@overload
def HardcodedRoleProtocolMapper(resource_name: str,
args: HardcodedRoleProtocolMapperArgs,
opts: Optional[ResourceOptions] = None)
@overload
def HardcodedRoleProtocolMapper(resource_name: str,
opts: Optional[ResourceOptions] = None,
realm_id: Optional[str] = None,
role_id: Optional[str] = None,
client_id: Optional[str] = None,
client_scope_id: Optional[str] = None,
name: Optional[str] = None)
func NewHardcodedRoleProtocolMapper(ctx *Context, name string, args HardcodedRoleProtocolMapperArgs, opts ...ResourceOption) (*HardcodedRoleProtocolMapper, error)
public HardcodedRoleProtocolMapper(string name, HardcodedRoleProtocolMapperArgs args, CustomResourceOptions? opts = null)
public HardcodedRoleProtocolMapper(String name, HardcodedRoleProtocolMapperArgs args)
public HardcodedRoleProtocolMapper(String name, HardcodedRoleProtocolMapperArgs args, CustomResourceOptions options)
type: keycloak:openid:HardcodedRoleProtocolMapper
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args HardcodedRoleProtocolMapperArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args HardcodedRoleProtocolMapperArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args HardcodedRoleProtocolMapperArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args HardcodedRoleProtocolMapperArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args HardcodedRoleProtocolMapperArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var hardcodedRoleProtocolMapperResource = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcodedRoleProtocolMapperResource", new()
{
RealmId = "string",
RoleId = "string",
ClientId = "string",
ClientScopeId = "string",
Name = "string",
});
example, err := openid.NewHardcodedRoleProtocolMapper(ctx, "hardcodedRoleProtocolMapperResource", &openid.HardcodedRoleProtocolMapperArgs{
RealmId: pulumi.String("string"),
RoleId: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientScopeId: pulumi.String("string"),
Name: pulumi.String("string"),
})
var hardcodedRoleProtocolMapperResource = new HardcodedRoleProtocolMapper("hardcodedRoleProtocolMapperResource", HardcodedRoleProtocolMapperArgs.builder()
.realmId("string")
.roleId("string")
.clientId("string")
.clientScopeId("string")
.name("string")
.build());
hardcoded_role_protocol_mapper_resource = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleProtocolMapperResource",
realm_id="string",
role_id="string",
client_id="string",
client_scope_id="string",
name="string")
const hardcodedRoleProtocolMapperResource = new keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleProtocolMapperResource", {
realmId: "string",
roleId: "string",
clientId: "string",
clientScopeId: "string",
name: "string",
});
type: keycloak:openid:HardcodedRoleProtocolMapper
properties:
clientId: string
clientScopeId: string
name: string
realmId: string
roleId: string
HardcodedRoleProtocolMapper Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The HardcodedRoleProtocolMapper resource accepts the following input properties:
- Realm
Id string - The realm id where the associated client or client scope exists.
- Role
Id string - Client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- Client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- Name string
- A human-friendly name that will appear in the Keycloak console.
- Realm
Id string - The realm id where the associated client or client scope exists.
- Role
Id string - Client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- Client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- Name string
- A human-friendly name that will appear in the Keycloak console.
- realm
Id String - The realm id where the associated client or client scope exists.
- role
Id String - client
Id String - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope StringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- name String
- A human-friendly name that will appear in the Keycloak console.
- realm
Id string - The realm id where the associated client or client scope exists.
- role
Id string - client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- name string
- A human-friendly name that will appear in the Keycloak console.
- realm_
id str - The realm id where the associated client or client scope exists.
- role_
id str - client_
id str - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client_
scope_ strid - The mapper's associated client scope. Cannot be used at the same time as client_id.
- name str
- A human-friendly name that will appear in the Keycloak console.
- realm
Id String - The realm id where the associated client or client scope exists.
- role
Id String - client
Id String - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope StringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- name String
- A human-friendly name that will appear in the Keycloak console.
Outputs
All input properties are implicitly available as output properties. Additionally, the HardcodedRoleProtocolMapper resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing HardcodedRoleProtocolMapper Resource
Get an existing HardcodedRoleProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: HardcodedRoleProtocolMapperState, opts?: CustomResourceOptions): HardcodedRoleProtocolMapper
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
client_id: Optional[str] = None,
client_scope_id: Optional[str] = None,
name: Optional[str] = None,
realm_id: Optional[str] = None,
role_id: Optional[str] = None) -> HardcodedRoleProtocolMapper
func GetHardcodedRoleProtocolMapper(ctx *Context, name string, id IDInput, state *HardcodedRoleProtocolMapperState, opts ...ResourceOption) (*HardcodedRoleProtocolMapper, error)
public static HardcodedRoleProtocolMapper Get(string name, Input<string> id, HardcodedRoleProtocolMapperState? state, CustomResourceOptions? opts = null)
public static HardcodedRoleProtocolMapper get(String name, Output<String> id, HardcodedRoleProtocolMapperState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- Client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- Name string
- A human-friendly name that will appear in the Keycloak console.
- Realm
Id string - The realm id where the associated client or client scope exists.
- Role
Id string
- Client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- Client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- Name string
- A human-friendly name that will appear in the Keycloak console.
- Realm
Id string - The realm id where the associated client or client scope exists.
- Role
Id string
- client
Id String - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope StringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- name String
- A human-friendly name that will appear in the Keycloak console.
- realm
Id String - The realm id where the associated client or client scope exists.
- role
Id String
- client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- name string
- A human-friendly name that will appear in the Keycloak console.
- realm
Id string - The realm id where the associated client or client scope exists.
- role
Id string
- client_
id str - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client_
scope_ strid - The mapper's associated client scope. Cannot be used at the same time as client_id.
- name str
- A human-friendly name that will appear in the Keycloak console.
- realm_
id str - The realm id where the associated client or client scope exists.
- role_
id str
- client
Id String - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope StringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- name String
- A human-friendly name that will appear in the Keycloak console.
- realm
Id String - The realm id where the associated client or client scope exists.
- role
Id String
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloak
Terraform Provider.