Execution
data class ExecutionArgs(val authenticator: Output<String>? = null, val parentFlowAlias: Output<String>? = null, val priority: Output<Int>? = null, val realmId: Output<String>? = null, val requirement: Output<String>? = null) : ConvertibleToJava<ExecutionArgs>
Allows for creating and managing an authentication execution within Keycloak. An authentication execution is an action that the user or service may or may not take when authenticating through an authentication flow.
Following limitation affects Keycloak < 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using
depends_on. Authentication executions that are created first will appear first within the flow.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const flow = new keycloak.authentication.Flow("flow", {
realmId: realm.id,
alias: "my-flow-alias",
});
// first execution
const executionOne = new keycloak.authentication.Execution("execution_one", {
realmId: realm.id,
parentFlowAlias: flow.alias,
authenticator: "auth-cookie",
requirement: "ALTERNATIVE",
priority: 10,
});
// second execution
const executionTwo = new keycloak.authentication.Execution("execution_two", {
realmId: realm.id,
parentFlowAlias: flow.alias,
authenticator: "identity-provider-redirector",
requirement: "ALTERNATIVE",
priority: 20,
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
flow = keycloak.authentication.Flow("flow",
realm_id=realm.id,
alias="my-flow-alias")
# first execution
execution_one = keycloak.authentication.Execution("execution_one",
realm_id=realm.id,
parent_flow_alias=flow.alias,
authenticator="auth-cookie",
requirement="ALTERNATIVE",
priority=10)
# second execution
execution_two = keycloak.authentication.Execution("execution_two",
realm_id=realm.id,
parent_flow_alias=flow.alias,
authenticator="identity-provider-redirector",
requirement="ALTERNATIVE",
priority=20)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var flow = new Keycloak.Authentication.Flow("flow", new()
{
RealmId = realm.Id,
Alias = "my-flow-alias",
});
// first execution
var executionOne = new Keycloak.Authentication.Execution("execution_one", new()
{
RealmId = realm.Id,
ParentFlowAlias = flow.Alias,
Authenticator = "auth-cookie",
Requirement = "ALTERNATIVE",
Priority = 10,
});
// second execution
var executionTwo = new Keycloak.Authentication.Execution("execution_two", new()
{
RealmId = realm.Id,
ParentFlowAlias = flow.Alias,
Authenticator = "identity-provider-redirector",
Requirement = "ALTERNATIVE",
Priority = 20,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
flow, err := authentication.NewFlow(ctx, "flow", &authentication.FlowArgs{
RealmId: realm.ID(),
Alias: pulumi.String("my-flow-alias"),
})
if err != nil {
return err
}
// first execution
_, err = authentication.NewExecution(ctx, "execution_one", &authentication.ExecutionArgs{
RealmId: realm.ID(),
ParentFlowAlias: flow.Alias,
Authenticator: pulumi.String("auth-cookie"),
Requirement: pulumi.String("ALTERNATIVE"),
Priority: pulumi.Int(10),
})
if err != nil {
return err
}
// second execution
_, err = authentication.NewExecution(ctx, "execution_two", &authentication.ExecutionArgs{
RealmId: realm.ID(),
ParentFlowAlias: flow.Alias,
Authenticator: pulumi.String("identity-provider-redirector"),
Requirement: pulumi.String("ALTERNATIVE"),
Priority: pulumi.Int(20),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.authentication.Flow;
import com.pulumi.keycloak.authentication.FlowArgs;
import com.pulumi.keycloak.authentication.Execution;
import com.pulumi.keycloak.authentication.ExecutionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var flow = new Flow("flow", FlowArgs.builder()
.realmId(realm.id())
.alias("my-flow-alias")
.build());
// first execution
var executionOne = new Execution("executionOne", ExecutionArgs.builder()
.realmId(realm.id())
.parentFlowAlias(flow.alias())
.authenticator("auth-cookie")
.requirement("ALTERNATIVE")
.priority(10)
.build());
// second execution
var executionTwo = new Execution("executionTwo", ExecutionArgs.builder()
.realmId(realm.id())
.parentFlowAlias(flow.alias())
.authenticator("identity-provider-redirector")
.requirement("ALTERNATIVE")
.priority(20)
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
flow:
type: keycloak:authentication:Flow
properties:
realmId: ${realm.id}
alias: my-flow-alias
# first execution
executionOne:
type: keycloak:authentication:Execution
name: execution_one
properties:
realmId: ${realm.id}
parentFlowAlias: ${flow.alias}
authenticator: auth-cookie
requirement: ALTERNATIVE
priority: 10
# second execution
executionTwo:
type: keycloak:authentication:Execution
name: execution_two
properties:
realmId: ${realm.id}
parentFlowAlias: ${flow.alias}
authenticator: identity-provider-redirector
requirement: ALTERNATIVE
priority: 20Content copied to clipboard
Import
Authentication executions can be imported using the formats: {{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}. Example: bash
$ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17Content copied to clipboard
Constructors
Properties
Link copied to clipboard
The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools.
Link copied to clipboard
The alias of the flow this execution is attached to.
Link copied to clipboard
The requirement setting, which can be one of REQUIRED, ALTERNATIVE, OPTIONAL, CONDITIONAL, or DISABLED. Defaults to DISABLED.