Generic
!>WARNING: This resource is deprecated and will be removed in the next major version. Please use keycloak.GenericRoleMapper instead. Allow for creating and managing a client's scope mappings within Keycloak. By default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When full_scope_allowed is set to false for a client, role scope mapping allows you to limit the roles that get declared inside an access token for a client.
Example Usage
Realm Role To Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const client = new keycloak.openid.Client("client", {
realmId: realm.id,
clientId: "client",
name: "client",
enabled: true,
accessType: "BEARER-ONLY",
});
const realmRole = new keycloak.Role("realm_role", {
realmId: realm.id,
name: "my-realm-role",
description: "My Realm Role",
});
const clientRoleMapper = new keycloak.GenericClientRoleMapper("client_role_mapper", {
realmId: realm.id,
clientId: client.id,
roleId: realmRole.id,
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
client = keycloak.openid.Client("client",
realm_id=realm.id,
client_id="client",
name="client",
enabled=True,
access_type="BEARER-ONLY")
realm_role = keycloak.Role("realm_role",
realm_id=realm.id,
name="my-realm-role",
description="My Realm Role")
client_role_mapper = keycloak.GenericClientRoleMapper("client_role_mapper",
realm_id=realm.id,
client_id=client.id,
role_id=realm_role.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var client = new Keycloak.OpenId.Client("client", new()
{
RealmId = realm.Id,
ClientId = "client",
Name = "client",
Enabled = true,
AccessType = "BEARER-ONLY",
});
var realmRole = new Keycloak.Role("realm_role", new()
{
RealmId = realm.Id,
Name = "my-realm-role",
Description = "My Realm Role",
});
var clientRoleMapper = new Keycloak.GenericClientRoleMapper("client_role_mapper", new()
{
RealmId = realm.Id,
ClientId = client.Id,
RoleId = realmRole.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("client"),
Name: pulumi.String("client"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("BEARER-ONLY"),
})
if err != nil {
return err
}
realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{
RealmId: realm.ID(),
Name: pulumi.String("my-realm-role"),
Description: pulumi.String("My Realm Role"),
})
if err != nil {
return err
}
_, err = keycloak.NewGenericClientRoleMapper(ctx, "client_role_mapper", &keycloak.GenericClientRoleMapperArgs{
RealmId: realm.ID(),
ClientId: client.ID(),
RoleId: realmRole.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.GenericClientRoleMapper;
import com.pulumi.keycloak.GenericClientRoleMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var client = new Client("client", ClientArgs.builder()
.realmId(realm.id())
.clientId("client")
.name("client")
.enabled(true)
.accessType("BEARER-ONLY")
.build());
var realmRole = new Role("realmRole", RoleArgs.builder()
.realmId(realm.id())
.name("my-realm-role")
.description("My Realm Role")
.build());
var clientRoleMapper = new GenericClientRoleMapper("clientRoleMapper", GenericClientRoleMapperArgs.builder()
.realmId(realm.id())
.clientId(client.id())
.roleId(realmRole.id())
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
client:
type: keycloak:openid:Client
properties:
realmId: ${realm.id}
clientId: client
name: client
enabled: true
accessType: BEARER-ONLY
realmRole:
type: keycloak:Role
name: realm_role
properties:
realmId: ${realm.id}
name: my-realm-role
description: My Realm Role
clientRoleMapper:
type: keycloak:GenericClientRoleMapper
name: client_role_mapper
properties:
realmId: ${realm.id}
clientId: ${client.id}
roleId: ${realmRole.id}Content copied to clipboard
Client Role To Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const clientA = new keycloak.openid.Client("client_a", {
realmId: realm.id,
clientId: "client-a",
name: "client-a",
enabled: true,
accessType: "BEARER-ONLY",
fullScopeAllowed: false,
});
const clientRoleA = new keycloak.Role("client_role_a", {
realmId: realm.id,
clientId: clientA.id,
name: "my-client-role",
description: "My Client Role",
});
const clientB = new keycloak.openid.Client("client_b", {
realmId: realm.id,
clientId: "client-b",
name: "client-b",
enabled: true,
accessType: "BEARER-ONLY",
});
const clientRoleB = new keycloak.Role("client_role_b", {
realmId: realm.id,
clientId: clientB.id,
name: "my-client-role",
description: "My Client Role",
});
const clientBRoleMapper = new keycloak.GenericClientRoleMapper("client_b_role_mapper", {
realmId: realm.id,
clientId: clientB.id,
roleId: clientRoleA.id,
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
client_a = keycloak.openid.Client("client_a",
realm_id=realm.id,
client_id="client-a",
name="client-a",
enabled=True,
access_type="BEARER-ONLY",
full_scope_allowed=False)
client_role_a = keycloak.Role("client_role_a",
realm_id=realm.id,
client_id=client_a.id,
name="my-client-role",
description="My Client Role")
client_b = keycloak.openid.Client("client_b",
realm_id=realm.id,
client_id="client-b",
name="client-b",
enabled=True,
access_type="BEARER-ONLY")
client_role_b = keycloak.Role("client_role_b",
realm_id=realm.id,
client_id=client_b.id,
name="my-client-role",
description="My Client Role")
client_b_role_mapper = keycloak.GenericClientRoleMapper("client_b_role_mapper",
realm_id=realm.id,
client_id=client_b.id,
role_id=client_role_a.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var clientA = new Keycloak.OpenId.Client("client_a", new()
{
RealmId = realm.Id,
ClientId = "client-a",
Name = "client-a",
Enabled = true,
AccessType = "BEARER-ONLY",
FullScopeAllowed = false,
});
var clientRoleA = new Keycloak.Role("client_role_a", new()
{
RealmId = realm.Id,
ClientId = clientA.Id,
Name = "my-client-role",
Description = "My Client Role",
});
var clientB = new Keycloak.OpenId.Client("client_b", new()
{
RealmId = realm.Id,
ClientId = "client-b",
Name = "client-b",
Enabled = true,
AccessType = "BEARER-ONLY",
});
var clientRoleB = new Keycloak.Role("client_role_b", new()
{
RealmId = realm.Id,
ClientId = clientB.Id,
Name = "my-client-role",
Description = "My Client Role",
});
var clientBRoleMapper = new Keycloak.GenericClientRoleMapper("client_b_role_mapper", new()
{
RealmId = realm.Id,
ClientId = clientB.Id,
RoleId = clientRoleA.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
clientA, err := openid.NewClient(ctx, "client_a", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("client-a"),
Name: pulumi.String("client-a"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("BEARER-ONLY"),
FullScopeAllowed: pulumi.Bool(false),
})
if err != nil {
return err
}
clientRoleA, err := keycloak.NewRole(ctx, "client_role_a", &keycloak.RoleArgs{
RealmId: realm.ID(),
ClientId: clientA.ID(),
Name: pulumi.String("my-client-role"),
Description: pulumi.String("My Client Role"),
})
if err != nil {
return err
}
clientB, err := openid.NewClient(ctx, "client_b", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("client-b"),
Name: pulumi.String("client-b"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("BEARER-ONLY"),
})
if err != nil {
return err
}
_, err = keycloak.NewRole(ctx, "client_role_b", &keycloak.RoleArgs{
RealmId: realm.ID(),
ClientId: clientB.ID(),
Name: pulumi.String("my-client-role"),
Description: pulumi.String("My Client Role"),
})
if err != nil {
return err
}
_, err = keycloak.NewGenericClientRoleMapper(ctx, "client_b_role_mapper", &keycloak.GenericClientRoleMapperArgs{
RealmId: realm.ID(),
ClientId: clientB.ID(),
RoleId: clientRoleA.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.GenericClientRoleMapper;
import com.pulumi.keycloak.GenericClientRoleMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var clientA = new Client("clientA", ClientArgs.builder()
.realmId(realm.id())
.clientId("client-a")
.name("client-a")
.enabled(true)
.accessType("BEARER-ONLY")
.fullScopeAllowed(false)
.build());
var clientRoleA = new Role("clientRoleA", RoleArgs.builder()
.realmId(realm.id())
.clientId(clientA.id())
.name("my-client-role")
.description("My Client Role")
.build());
var clientB = new Client("clientB", ClientArgs.builder()
.realmId(realm.id())
.clientId("client-b")
.name("client-b")
.enabled(true)
.accessType("BEARER-ONLY")
.build());
var clientRoleB = new Role("clientRoleB", RoleArgs.builder()
.realmId(realm.id())
.clientId(clientB.id())
.name("my-client-role")
.description("My Client Role")
.build());
var clientBRoleMapper = new GenericClientRoleMapper("clientBRoleMapper", GenericClientRoleMapperArgs.builder()
.realmId(realm.id())
.clientId(clientB.id())
.roleId(clientRoleA.id())
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
clientA:
type: keycloak:openid:Client
name: client_a
properties:
realmId: ${realm.id}
clientId: client-a
name: client-a
enabled: true
accessType: BEARER-ONLY
fullScopeAllowed: false
clientRoleA:
type: keycloak:Role
name: client_role_a
properties:
realmId: ${realm.id}
clientId: ${clientA.id}
name: my-client-role
description: My Client Role
clientB:
type: keycloak:openid:Client
name: client_b
properties:
realmId: ${realm.id}
clientId: client-b
name: client-b
enabled: true
accessType: BEARER-ONLY
clientRoleB:
type: keycloak:Role
name: client_role_b
properties:
realmId: ${realm.id}
clientId: ${clientB.id}
name: my-client-role
description: My Client Role
clientBRoleMapper:
type: keycloak:GenericClientRoleMapper
name: client_b_role_mapper
properties:
realmId: ${realm.id}
clientId: ${clientB.id}
roleId: ${clientRoleA.id}Content copied to clipboard
Realm Role To Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const clientScope = new keycloak.openid.ClientScope("client_scope", {
realmId: realm.id,
name: "my-client-scope",
});
const realmRole = new keycloak.Role("realm_role", {
realmId: realm.id,
name: "my-realm-role",
description: "My Realm Role",
});
const clientRoleMapper = new keycloak.GenericClientRoleMapper("client_role_mapper", {
realmId: realm.id,
clientScopeId: clientScope.id,
roleId: realmRole.id,
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
client_scope = keycloak.openid.ClientScope("client_scope",
realm_id=realm.id,
name="my-client-scope")
realm_role = keycloak.Role("realm_role",
realm_id=realm.id,
name="my-realm-role",
description="My Realm Role")
client_role_mapper = keycloak.GenericClientRoleMapper("client_role_mapper",
realm_id=realm.id,
client_scope_id=client_scope.id,
role_id=realm_role.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new()
{
RealmId = realm.Id,
Name = "my-client-scope",
});
var realmRole = new Keycloak.Role("realm_role", new()
{
RealmId = realm.Id,
Name = "my-realm-role",
Description = "My Realm Role",
});
var clientRoleMapper = new Keycloak.GenericClientRoleMapper("client_role_mapper", new()
{
RealmId = realm.Id,
ClientScopeId = clientScope.Id,
RoleId = realmRole.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{
RealmId: realm.ID(),
Name: pulumi.String("my-client-scope"),
})
if err != nil {
return err
}
realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{
RealmId: realm.ID(),
Name: pulumi.String("my-realm-role"),
Description: pulumi.String("My Realm Role"),
})
if err != nil {
return err
}
_, err = keycloak.NewGenericClientRoleMapper(ctx, "client_role_mapper", &keycloak.GenericClientRoleMapperArgs{
RealmId: realm.ID(),
ClientScopeId: clientScope.ID(),
RoleId: realmRole.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.ClientScope;
import com.pulumi.keycloak.openid.ClientScopeArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.GenericClientRoleMapper;
import com.pulumi.keycloak.GenericClientRoleMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder()
.realmId(realm.id())
.name("my-client-scope")
.build());
var realmRole = new Role("realmRole", RoleArgs.builder()
.realmId(realm.id())
.name("my-realm-role")
.description("My Realm Role")
.build());
var clientRoleMapper = new GenericClientRoleMapper("clientRoleMapper", GenericClientRoleMapperArgs.builder()
.realmId(realm.id())
.clientScopeId(clientScope.id())
.roleId(realmRole.id())
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
clientScope:
type: keycloak:openid:ClientScope
name: client_scope
properties:
realmId: ${realm.id}
name: my-client-scope
realmRole:
type: keycloak:Role
name: realm_role
properties:
realmId: ${realm.id}
name: my-realm-role
description: My Realm Role
clientRoleMapper:
type: keycloak:GenericClientRoleMapper
name: client_role_mapper
properties:
realmId: ${realm.id}
clientScopeId: ${clientScope.id}
roleId: ${realmRole.id}Content copied to clipboard
Client Role To Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const client = new keycloak.openid.Client("client", {
realmId: realm.id,
clientId: "client",
name: "client",
enabled: true,
accessType: "BEARER-ONLY",
});
const clientRole = new keycloak.Role("client_role", {
realmId: realm.id,
clientId: client.id,
name: "my-client-role",
description: "My Client Role",
});
const clientScope = new keycloak.openid.ClientScope("client_scope", {
realmId: realm.id,
name: "my-client-scope",
});
const clientBRoleMapper = new keycloak.GenericClientRoleMapper("client_b_role_mapper", {
realmId: realm.id,
clientScopeId: clientScope.id,
roleId: clientRole.id,
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
client = keycloak.openid.Client("client",
realm_id=realm.id,
client_id="client",
name="client",
enabled=True,
access_type="BEARER-ONLY")
client_role = keycloak.Role("client_role",
realm_id=realm.id,
client_id=client.id,
name="my-client-role",
description="My Client Role")
client_scope = keycloak.openid.ClientScope("client_scope",
realm_id=realm.id,
name="my-client-scope")
client_b_role_mapper = keycloak.GenericClientRoleMapper("client_b_role_mapper",
realm_id=realm.id,
client_scope_id=client_scope.id,
role_id=client_role.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var client = new Keycloak.OpenId.Client("client", new()
{
RealmId = realm.Id,
ClientId = "client",
Name = "client",
Enabled = true,
AccessType = "BEARER-ONLY",
});
var clientRole = new Keycloak.Role("client_role", new()
{
RealmId = realm.Id,
ClientId = client.Id,
Name = "my-client-role",
Description = "My Client Role",
});
var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new()
{
RealmId = realm.Id,
Name = "my-client-scope",
});
var clientBRoleMapper = new Keycloak.GenericClientRoleMapper("client_b_role_mapper", new()
{
RealmId = realm.Id,
ClientScopeId = clientScope.Id,
RoleId = clientRole.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("client"),
Name: pulumi.String("client"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("BEARER-ONLY"),
})
if err != nil {
return err
}
clientRole, err := keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{
RealmId: realm.ID(),
ClientId: client.ID(),
Name: pulumi.String("my-client-role"),
Description: pulumi.String("My Client Role"),
})
if err != nil {
return err
}
clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{
RealmId: realm.ID(),
Name: pulumi.String("my-client-scope"),
})
if err != nil {
return err
}
_, err = keycloak.NewGenericClientRoleMapper(ctx, "client_b_role_mapper", &keycloak.GenericClientRoleMapperArgs{
RealmId: realm.ID(),
ClientScopeId: clientScope.ID(),
RoleId: clientRole.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.openid.ClientScope;
import com.pulumi.keycloak.openid.ClientScopeArgs;
import com.pulumi.keycloak.GenericClientRoleMapper;
import com.pulumi.keycloak.GenericClientRoleMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var client = new Client("client", ClientArgs.builder()
.realmId(realm.id())
.clientId("client")
.name("client")
.enabled(true)
.accessType("BEARER-ONLY")
.build());
var clientRole = new Role("clientRole", RoleArgs.builder()
.realmId(realm.id())
.clientId(client.id())
.name("my-client-role")
.description("My Client Role")
.build());
var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder()
.realmId(realm.id())
.name("my-client-scope")
.build());
var clientBRoleMapper = new GenericClientRoleMapper("clientBRoleMapper", GenericClientRoleMapperArgs.builder()
.realmId(realm.id())
.clientScopeId(clientScope.id())
.roleId(clientRole.id())
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
client:
type: keycloak:openid:Client
properties:
realmId: ${realm.id}
clientId: client
name: client
enabled: true
accessType: BEARER-ONLY
clientRole:
type: keycloak:Role
name: client_role
properties:
realmId: ${realm.id}
clientId: ${client.id}
name: my-client-role
description: My Client Role
clientScope:
type: keycloak:openid:ClientScope
name: client_scope
properties:
realmId: ${realm.id}
name: my-client-scope
clientBRoleMapper:
type: keycloak:GenericClientRoleMapper
name: client_b_role_mapper
properties:
realmId: ${realm.id}
clientScopeId: ${clientScope.id}
roleId: ${clientRole.id}Content copied to clipboard
Import
Generic client role mappers can be imported using one of the following two formats:
When mapping a role to a client, use the format
{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}When mapping a role to a client scope, use the format
{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}Example: bash
$ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3Content copied to clipboard