get
suspend fun getClientServiceAccountUser(argument: GetClientServiceAccountUserPlainArgs): GetClientServiceAccountUserResult
This data source can be used to fetch information about the service account user that is associated with an OpenID client that has service accounts enabled.
Example Usage
In this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user that represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this user, using the keycloak.UserRoles resource.
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const client = new keycloak.openid.Client("client", {
realmId: realm.id,
clientId: "client",
name: "client",
accessType: "CONFIDENTIAL",
serviceAccountsEnabled: true,
});
const serviceAccountUser = keycloak.openid.getClientServiceAccountUserOutput({
realmId: realm.id,
clientId: client.id,
});
const offlineAccess = keycloak.getRoleOutput({
realmId: realm.id,
name: "offline_access",
});
const serviceAccountUserRoles = new keycloak.UserRoles("service_account_user_roles", {
realmId: realm.id,
userId: serviceAccountUser.apply(serviceAccountUser => serviceAccountUser.id),
roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)],
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
client = keycloak.openid.Client("client",
realm_id=realm.id,
client_id="client",
name="client",
access_type="CONFIDENTIAL",
service_accounts_enabled=True)
service_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id,
client_id=client.id)
offline_access = keycloak.get_role_output(realm_id=realm.id,
name="offline_access")
service_account_user_roles = keycloak.UserRoles("service_account_user_roles",
realm_id=realm.id,
user_id=service_account_user.id,
role_ids=[offline_access.id])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var client = new Keycloak.OpenId.Client("client", new()
{
RealmId = realm.Id,
ClientId = "client",
Name = "client",
AccessType = "CONFIDENTIAL",
ServiceAccountsEnabled = true,
});
var serviceAccountUser = Keycloak.OpenId.GetClientServiceAccountUser.Invoke(new()
{
RealmId = realm.Id,
ClientId = client.Id,
});
var offlineAccess = Keycloak.GetRole.Invoke(new()
{
RealmId = realm.Id,
Name = "offline_access",
});
var serviceAccountUserRoles = new Keycloak.UserRoles("service_account_user_roles", new()
{
RealmId = realm.Id,
UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult => getClientServiceAccountUserResult.Id),
RoleIds = new[]
{
offlineAccess.Apply(getRoleResult => getRoleResult.Id),
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("client"),
Name: pulumi.String("client"),
AccessType: pulumi.String("CONFIDENTIAL"),
ServiceAccountsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
serviceAccountUser := openid.GetClientServiceAccountUserOutput(ctx, openid.GetClientServiceAccountUserOutputArgs{
RealmId: realm.ID(),
ClientId: client.ID(),
}, nil)
offlineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{
RealmId: realm.ID(),
Name: pulumi.String("offline_access"),
}, nil)
_, err = keycloak.NewUserRoles(ctx, "service_account_user_roles", &keycloak.UserRolesArgs{
RealmId: realm.ID(),
UserId: pulumi.String(serviceAccountUser.ApplyT(func(serviceAccountUser openid.GetClientServiceAccountUserResult) (*string, error) {
return &serviceAccountUser.Id, nil
}).(pulumi.StringPtrOutput)),
RoleIds: pulumi.StringArray{
pulumi.String(offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {
return &offlineAccess.Id, nil
}).(pulumi.StringPtrOutput)),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.openid.OpenidFunctions;
import com.pulumi.keycloak.openid.inputs.GetClientServiceAccountUserArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import com.pulumi.keycloak.UserRoles;
import com.pulumi.keycloak.UserRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var client = new Client("client", ClientArgs.builder()
.realmId(realm.id())
.clientId("client")
.name("client")
.accessType("CONFIDENTIAL")
.serviceAccountsEnabled(true)
.build());
final var serviceAccountUser = OpenidFunctions.getClientServiceAccountUser(GetClientServiceAccountUserArgs.builder()
.realmId(realm.id())
.clientId(client.id())
.build());
final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()
.realmId(realm.id())
.name("offline_access")
.build());
var serviceAccountUserRoles = new UserRoles("serviceAccountUserRoles", UserRolesArgs.builder()
.realmId(realm.id())
.userId(serviceAccountUser.applyValue(getClientServiceAccountUserResult -> getClientServiceAccountUserResult).applyValue(serviceAccountUser -> serviceAccountUser.applyValue(getClientServiceAccountUserResult -> getClientServiceAccountUserResult.id())))
.roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id())))
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
client:
type: keycloak:openid:Client
properties:
realmId: ${realm.id}
clientId: client
name: client
accessType: CONFIDENTIAL
serviceAccountsEnabled: true
serviceAccountUserRoles:
type: keycloak:UserRoles
name: service_account_user_roles
properties:
realmId: ${realm.id}
userId: ${serviceAccountUser.id}
roleIds:
- ${offlineAccess.id}
variables:
serviceAccountUser:
fn::invoke:
Function: keycloak:openid:getClientServiceAccountUser
Arguments:
realmId: ${realm.id}
clientId: ${client.id}
offlineAccess:
fn::invoke:
Function: keycloak:getRole
Arguments:
realmId: ${realm.id}
name: offline_accessContent copied to clipboard
Return
A collection of values returned by getClientServiceAccountUser.
Parameters
argument
A collection of arguments for invoking getClientServiceAccountUser.
suspend fun getClientServiceAccountUser(clientId: String, realmId: String): GetClientServiceAccountUserResult
Return
A collection of values returned by getClientServiceAccountUser.
Parameters
client
The ID of the OpenID client with service accounts enabled.
realm
The realm that the OpenID client exists within.
See also
suspend fun getClientServiceAccountUser(argument: suspend GetClientServiceAccountUserPlainArgsBuilder.() -> Unit): GetClientServiceAccountUserResult
Return
A collection of values returned by getClientServiceAccountUser.
Parameters
argument
Builder for com.pulumi.keycloak.openid.kotlin.inputs.GetClientServiceAccountUserPlainArgs.