pulumi-keycloak-kotlin/com.pulumi.keycloak.kotlin/GroupRolesArgs

GroupRolesArgs

data class GroupRolesArgs(val exhaustive: Output<Boolean>? = null, val groupId: Output<String>? = null, val realmId: Output<String>? = null, val roleIds: Output<List<String>>? = null) : ConvertibleToJava<GroupRolesArgs>

# keycloak.GroupRoles

Allows you to manage roles assigned to a Keycloak group. Note that this resource attempts to be an authoritative source over group roles. When this resource takes control over a group's roles, roles that are manually added to the group will be removed, and roles that are manually removed from the group will be added upon the next run of pulumi up. Note that when assigning composite roles to a group, you may see a non-empty plan following a pulumi up if you assign a role and a composite that includes that role to the same group.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const realmRole = new keycloak.Role("realm_role", {
    realmId: realm.id,
    name: "my-realm-role",
    description: "My Realm Role",
});
const client = new keycloak.openid.Client("client", {
    realmId: realm.id,
    clientId: "client",
    name: "client",
    enabled: true,
    accessType: "BEARER-ONLY",
});
const clientRole = new keycloak.Role("client_role", {
    realmId: realm.id,
    clientId: clientKeycloakClient.id,
    name: "my-client-role",
    description: "My Client Role",
});
const group = new keycloak.Group("group", {
    realmId: realm.id,
    name: "my-group",
});
const groupRoles = new keycloak.GroupRoles("group_roles", {
    realmId: realm.id,
    groupId: group.id,
    roleIds: [
        realmRole.id,
        clientRole.id,
    ],
});
Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
realm_role = keycloak.Role("realm_role",
    realm_id=realm.id,
    name="my-realm-role",
    description="My Realm Role")
client = keycloak.openid.Client("client",
    realm_id=realm.id,
    client_id="client",
    name="client",
    enabled=True,
    access_type="BEARER-ONLY")
client_role = keycloak.Role("client_role",
    realm_id=realm.id,
    client_id=client_keycloak_client["id"],
    name="my-client-role",
    description="My Client Role")
group = keycloak.Group("group",
    realm_id=realm.id,
    name="my-group")
group_roles = keycloak.GroupRoles("group_roles",
    realm_id=realm.id,
    group_id=group.id,
    role_ids=[
        realm_role.id,
        client_role.id,
    ])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
    });
    var realmRole = new Keycloak.Role("realm_role", new()
    {
        RealmId = realm.Id,
        Name = "my-realm-role",
        Description = "My Realm Role",
    });
    var client = new Keycloak.OpenId.Client("client", new()
    {
        RealmId = realm.Id,
        ClientId = "client",
        Name = "client",
        Enabled = true,
        AccessType = "BEARER-ONLY",
    });
    var clientRole = new Keycloak.Role("client_role", new()
    {
        RealmId = realm.Id,
        ClientId = clientKeycloakClient.Id,
        Name = "my-client-role",
        Description = "My Client Role",
    });
    var @group = new Keycloak.Group("group", new()
    {
        RealmId = realm.Id,
        Name = "my-group",
    });
    var groupRoles = new Keycloak.GroupRoles("group_roles", new()
    {
        RealmId = realm.Id,
        GroupId = @group.Id,
        RoleIds = new[]
        {
            realmRole.Id,
            clientRole.Id,
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{
			RealmId:     realm.ID(),
			Name:        pulumi.String("my-realm-role"),
			Description: pulumi.String("My Realm Role"),
		})
		if err != nil {
			return err
		}
		_, err = openid.NewClient(ctx, "client", &openid.ClientArgs{
			RealmId:    realm.ID(),
			ClientId:   pulumi.String("client"),
			Name:       pulumi.String("client"),
			Enabled:    pulumi.Bool(true),
			AccessType: pulumi.String("BEARER-ONLY"),
		})
		if err != nil {
			return err
		}
		clientRole, err := keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{
			RealmId:     realm.ID(),
			ClientId:    pulumi.Any(clientKeycloakClient.Id),
			Name:        pulumi.String("my-client-role"),
			Description: pulumi.String("My Client Role"),
		})
		if err != nil {
			return err
		}
		group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{
			RealmId: realm.ID(),
			Name:    pulumi.String("my-group"),
		})
		if err != nil {
			return err
		}
		_, err = keycloak.NewGroupRoles(ctx, "group_roles", &keycloak.GroupRolesArgs{
			RealmId: realm.ID(),
			GroupId: group.ID(),
			RoleIds: pulumi.StringArray{
				realmRole.ID(),
				clientRole.ID(),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.Group;
import com.pulumi.keycloak.GroupArgs;
import com.pulumi.keycloak.GroupRoles;
import com.pulumi.keycloak.GroupRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()
            .realm("my-realm")
            .enabled(true)
            .build());
        var realmRole = new Role("realmRole", RoleArgs.builder()
            .realmId(realm.id())
            .name("my-realm-role")
            .description("My Realm Role")
            .build());
        var client = new Client("client", ClientArgs.builder()
            .realmId(realm.id())
            .clientId("client")
            .name("client")
            .enabled(true)
            .accessType("BEARER-ONLY")
            .build());
        var clientRole = new Role("clientRole", RoleArgs.builder()
            .realmId(realm.id())
            .clientId(clientKeycloakClient.id())
            .name("my-client-role")
            .description("My Client Role")
            .build());
        var group = new Group("group", GroupArgs.builder()
            .realmId(realm.id())
            .name("my-group")
            .build());
        var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder()
            .realmId(realm.id())
            .groupId(group.id())
            .roleIds(
                realmRole.id(),
                clientRole.id())
            .build());
    }
}
Content copied to clipboard
resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  realmRole:
    type: keycloak:Role
    name: realm_role
    properties:
      realmId: ${realm.id}
      name: my-realm-role
      description: My Realm Role
  client:
    type: keycloak:openid:Client
    properties:
      realmId: ${realm.id}
      clientId: client
      name: client
      enabled: true
      accessType: BEARER-ONLY
  clientRole:
    type: keycloak:Role
    name: client_role
    properties:
      realmId: ${realm.id}
      clientId: ${clientKeycloakClient.id}
      name: my-client-role
      description: My Client Role
  group:
    type: keycloak:Group
    properties:
      realmId: ${realm.id}
      name: my-group
  groupRoles:
    type: keycloak:GroupRoles
    name: group_roles
    properties:
      realmId: ${realm.id}
      groupId: ${group.id}
      roleIds:
        - ${realmRole.id}
        - ${clientRole.id}
Content copied to clipboard

Argument Reference

The following arguments are supported:

  • realm_id - (Required) The realm this group exists in.

  • group_id - (Required) The ID of the group this resource should manage roles for.

  • role_ids - (Required) A list of role IDs to map to the group

Import

This resource can be imported using the format {{realm_id}}/{{group_id}}, where group_id is the unique ID that Keycloak assigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID. Example:

$ terraform import keycloak_group_roles.group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(exhaustive: Output<Boolean>? = null, groupId: Output<String>? = null, realmId: Output<String>? = null, roleIds: Output<List<String>>? = null)

Properties

Link copied to clipboard
val exhaustive: Output<Boolean>? = null
Link copied to clipboard
val groupId: Output<String>? = null
Link copied to clipboard
val realmId: Output<String>? = null
Link copied to clipboard
val roleIds: Output<List<String>>? = null

Functions

Link copied to clipboard
open override fun toJava(): GroupRolesArgs