pulumi-keycloak-kotlin/com.pulumi.keycloak.kotlin/HardcodedRoleIdentityMapper

HardcodedRoleIdentityMapper

class HardcodedRoleIdentityMapper : KotlinCustomResource

Allows for creating and managing hardcoded role mappers for Keycloak identity provider. The identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const oidc = new keycloak.oidc.IdentityProvider("oidc", {
    realm: realm.id,
    alias: "my-idp",
    authorizationUrl: "https://authorizationurl.com",
    clientId: "clientID",
    clientSecret: "clientSecret",
    tokenUrl: "https://tokenurl.com",
});
const realmRole = new keycloak.Role("realm_role", {
    realmId: realm.id,
    name: "my-realm-role",
    description: "My Realm Role",
});
const oidcHardcodedRoleIdentityMapper = new keycloak.HardcodedRoleIdentityMapper("oidc", {
    realm: realm.id,
    name: "hardcodedRole",
    identityProviderAlias: oidc.alias,
    role: "my-realm-role",
    extraConfig: {
        syncMode: "INHERIT",
    },
});
Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
oidc = keycloak.oidc.IdentityProvider("oidc",
    realm=realm.id,
    alias="my-idp",
    authorization_url="https://authorizationurl.com",
    client_id="clientID",
    client_secret="clientSecret",
    token_url="https://tokenurl.com")
realm_role = keycloak.Role("realm_role",
    realm_id=realm.id,
    name="my-realm-role",
    description="My Realm Role")
oidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper("oidc",
    realm=realm.id,
    name="hardcodedRole",
    identity_provider_alias=oidc.alias,
    role="my-realm-role",
    extra_config={
        "syncMode": "INHERIT",
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
    });
    var oidc = new Keycloak.Oidc.IdentityProvider("oidc", new()
    {
        Realm = realm.Id,
        Alias = "my-idp",
        AuthorizationUrl = "https://authorizationurl.com",
        ClientId = "clientID",
        ClientSecret = "clientSecret",
        TokenUrl = "https://tokenurl.com",
    });
    var realmRole = new Keycloak.Role("realm_role", new()
    {
        RealmId = realm.Id,
        Name = "my-realm-role",
        Description = "My Realm Role",
    });
    var oidcHardcodedRoleIdentityMapper = new Keycloak.HardcodedRoleIdentityMapper("oidc", new()
    {
        Realm = realm.Id,
        Name = "hardcodedRole",
        IdentityProviderAlias = oidc.Alias,
        Role = "my-realm-role",
        ExtraConfig =
        {
            { "syncMode", "INHERIT" },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		oidc, err := oidc.NewIdentityProvider(ctx, "oidc", &oidc.IdentityProviderArgs{
			Realm:            realm.ID(),
			Alias:            pulumi.String("my-idp"),
			AuthorizationUrl: pulumi.String("https://authorizationurl.com"),
			ClientId:         pulumi.String("clientID"),
			ClientSecret:     pulumi.String("clientSecret"),
			TokenUrl:         pulumi.String("https://tokenurl.com"),
		})
		if err != nil {
			return err
		}
		_, err = keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{
			RealmId:     realm.ID(),
			Name:        pulumi.String("my-realm-role"),
			Description: pulumi.String("My Realm Role"),
		})
		if err != nil {
			return err
		}
		_, err = keycloak.NewHardcodedRoleIdentityMapper(ctx, "oidc", &keycloak.HardcodedRoleIdentityMapperArgs{
			Realm:                 realm.ID(),
			Name:                  pulumi.String("hardcodedRole"),
			IdentityProviderAlias: oidc.Alias,
			Role:                  pulumi.String("my-realm-role"),
			ExtraConfig: pulumi.StringMap{
				"syncMode": pulumi.String("INHERIT"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.oidc.IdentityProvider;
import com.pulumi.keycloak.oidc.IdentityProviderArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.HardcodedRoleIdentityMapper;
import com.pulumi.keycloak.HardcodedRoleIdentityMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()
            .realm("my-realm")
            .enabled(true)
            .build());
        var oidc = new IdentityProvider("oidc", IdentityProviderArgs.builder()
            .realm(realm.id())
            .alias("my-idp")
            .authorizationUrl("https://authorizationurl.com")
            .clientId("clientID")
            .clientSecret("clientSecret")
            .tokenUrl("https://tokenurl.com")
            .build());
        var realmRole = new Role("realmRole", RoleArgs.builder()
            .realmId(realm.id())
            .name("my-realm-role")
            .description("My Realm Role")
            .build());
        var oidcHardcodedRoleIdentityMapper = new HardcodedRoleIdentityMapper("oidcHardcodedRoleIdentityMapper", HardcodedRoleIdentityMapperArgs.builder()
            .realm(realm.id())
            .name("hardcodedRole")
            .identityProviderAlias(oidc.alias())
            .role("my-realm-role")
            .extraConfig(Map.of("syncMode", "INHERIT"))
            .build());
    }
}
Content copied to clipboard
resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  oidc:
    type: keycloak:oidc:IdentityProvider
    properties:
      realm: ${realm.id}
      alias: my-idp
      authorizationUrl: https://authorizationurl.com
      clientId: clientID
      clientSecret: clientSecret
      tokenUrl: https://tokenurl.com
  realmRole:
    type: keycloak:Role
    name: realm_role
    properties:
      realmId: ${realm.id}
      name: my-realm-role
      description: My Realm Role
  oidcHardcodedRoleIdentityMapper:
    type: keycloak:HardcodedRoleIdentityMapper
    name: oidc
    properties:
      realm: ${realm.id}
      name: hardcodedRole
      identityProviderAlias: ${oidc.alias}
      role: my-realm-role
      extraConfig:
        syncMode: INHERIT
Content copied to clipboard

Properties

Link copied to clipboard
val extraConfig: Output<Map<String, String>>?
Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val identityProviderAlias: Output<String>

The IDP alias of the attribute to set.

Link copied to clipboard
val name: Output<String>

Display name of this mapper when displayed in the console.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val realm: Output<String>

The realm ID that this mapper will exist in.

Link copied to clipboard
val role: Output<String>?

The name of the role which should be assigned to the users.

Link copied to clipboard
val urn: Output<String>