Client
Allows for assigning client roles to the service account of an openid client. You need to set service_accounts_enabled to true for the openid client that should be assigned the role. If you'd like to attach realm roles to a service account, please use the keycloak.openid.ClientServiceAccountRealmRole resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
// client1 provides a role to other clients
const client1 = new keycloak.openid.Client("client1", {
realmId: realm.id,
name: "client1",
});
const client1Role = new keycloak.Role("client1_role", {
realmId: realm.id,
clientId: client1.id,
name: "my-client1-role",
description: "A role that client1 provides",
});
// client2 is assigned the role of client1
const client2 = new keycloak.openid.Client("client2", {
realmId: realm.id,
name: "client2",
serviceAccountsEnabled: true,
});
const client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole("client2_service_account_role", {
realmId: realm.id,
serviceAccountUserId: client2.serviceAccountUserId,
clientId: client1.id,
role: client1Role.name,
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
# client1 provides a role to other clients
client1 = keycloak.openid.Client("client1",
realm_id=realm.id,
name="client1")
client1_role = keycloak.Role("client1_role",
realm_id=realm.id,
client_id=client1.id,
name="my-client1-role",
description="A role that client1 provides")
# client2 is assigned the role of client1
client2 = keycloak.openid.Client("client2",
realm_id=realm.id,
name="client2",
service_accounts_enabled=True)
client2_service_account_role = keycloak.openid.ClientServiceAccountRole("client2_service_account_role",
realm_id=realm.id,
service_account_user_id=client2.service_account_user_id,
client_id=client1.id,
role=client1_role.name)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
// client1 provides a role to other clients
var client1 = new Keycloak.OpenId.Client("client1", new()
{
RealmId = realm.Id,
Name = "client1",
});
var client1Role = new Keycloak.Role("client1_role", new()
{
RealmId = realm.Id,
ClientId = client1.Id,
Name = "my-client1-role",
Description = "A role that client1 provides",
});
// client2 is assigned the role of client1
var client2 = new Keycloak.OpenId.Client("client2", new()
{
RealmId = realm.Id,
Name = "client2",
ServiceAccountsEnabled = true,
});
var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole("client2_service_account_role", new()
{
RealmId = realm.Id,
ServiceAccountUserId = client2.ServiceAccountUserId,
ClientId = client1.Id,
Role = client1Role.Name,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// client1 provides a role to other clients
client1, err := openid.NewClient(ctx, "client1", &openid.ClientArgs{
RealmId: realm.ID(),
Name: pulumi.String("client1"),
})
if err != nil {
return err
}
client1Role, err := keycloak.NewRole(ctx, "client1_role", &keycloak.RoleArgs{
RealmId: realm.ID(),
ClientId: client1.ID(),
Name: pulumi.String("my-client1-role"),
Description: pulumi.String("A role that client1 provides"),
})
if err != nil {
return err
}
// client2 is assigned the role of client1
client2, err := openid.NewClient(ctx, "client2", &openid.ClientArgs{
RealmId: realm.ID(),
Name: pulumi.String("client2"),
ServiceAccountsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = openid.NewClientServiceAccountRole(ctx, "client2_service_account_role", &openid.ClientServiceAccountRoleArgs{
RealmId: realm.ID(),
ServiceAccountUserId: client2.ServiceAccountUserId,
ClientId: client1.ID(),
Role: client1Role.Name,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.openid.ClientServiceAccountRole;
import com.pulumi.keycloak.openid.ClientServiceAccountRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
// client1 provides a role to other clients
var client1 = new Client("client1", ClientArgs.builder()
.realmId(realm.id())
.name("client1")
.build());
var client1Role = new Role("client1Role", RoleArgs.builder()
.realmId(realm.id())
.clientId(client1.id())
.name("my-client1-role")
.description("A role that client1 provides")
.build());
// client2 is assigned the role of client1
var client2 = new Client("client2", ClientArgs.builder()
.realmId(realm.id())
.name("client2")
.serviceAccountsEnabled(true)
.build());
var client2ServiceAccountRole = new ClientServiceAccountRole("client2ServiceAccountRole", ClientServiceAccountRoleArgs.builder()
.realmId(realm.id())
.serviceAccountUserId(client2.serviceAccountUserId())
.clientId(client1.id())
.role(client1Role.name())
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
# client1 provides a role to other clients
client1:
type: keycloak:openid:Client
properties:
realmId: ${realm.id}
name: client1
client1Role:
type: keycloak:Role
name: client1_role
properties:
realmId: ${realm.id}
clientId: ${client1.id}
name: my-client1-role
description: A role that client1 provides
# client2 is assigned the role of client1
client2:
type: keycloak:openid:Client
properties:
realmId: ${realm.id}
name: client2
serviceAccountsEnabled: true
client2ServiceAccountRole:
type: keycloak:openid:ClientServiceAccountRole
name: client2_service_account_role
properties:
realmId: ${realm.id}
serviceAccountUserId: ${client2.serviceAccountUserId}
clientId: ${client1.id}
role: ${client1Role.name}Content copied to clipboard
Import
This resource can be imported using the format {{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}. Example: bash
$ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8Content copied to clipboard