Package-level declarations
Types
Allows for creating and managing an attribute importer identity provider mapper within Keycloak. The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user:
Allows for creating and managing an attribute importer identity provider mapper within Keycloak. The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user:
Allows for creating and managing an attribute to role identity provider mapper within Keycloak.
Allows for creating and managing an attribute to role identity provider mapper within Keycloak.
Builder for AttributeToRoleIdentityMapperArgs.
Builder for AttributeToRoleIdentityMapper.
Builder for CustomIdentityProviderMappingArgs.
Builder for CustomIdentityProviderMapping.
Allows for creating and managing custom user federation providers within Keycloak. A custom user federation provider is an implementation of Keycloak's User Storage SPI. An example of this implementation can be found here.
Allows for creating and managing custom user federation providers within Keycloak. A custom user federation provider is an implementation of Keycloak's User Storage SPI. An example of this implementation can be found here.
Builder for CustomUserFederationArgs.
Builder for CustomUserFederation.
Allows for managing a realm's default groups.
Allows for managing a realm's default groups.
Builder for DefaultGroupsArgs.
Builder for DefaultGroups.
Allows managing default realm roles within Keycloak. Note: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak.
Allows managing default realm roles within Keycloak. Note: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak.
Builder for DefaultRolesArgs.
Builder for DefaultRoles.
!>WARNING: This resource is deprecated and will be removed in the next major version. Please use keycloak.GenericProtocolMapper instead. Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. There are two uses cases for using this resource:
!>WARNING: This resource is deprecated and will be removed in the next major version. Please use keycloak.GenericProtocolMapper instead. Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. There are two uses cases for using this resource:
Builder for GenericClientProtocolMapperArgs.
Builder for GenericClientProtocolMapper.
!>WARNING: This resource is deprecated and will be removed in the next major version. Please use keycloak.GenericRoleMapper instead. Allow for creating and managing a client's scope mappings within Keycloak. By default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When full_scope_allowed is set to false for a client, role scope mapping allows you to limit the roles that get declared inside an access token for a client.
!>WARNING: This resource is deprecated and will be removed in the next major version. Please use keycloak.GenericRoleMapper instead. Allow for creating and managing a client's scope mappings within Keycloak. By default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When full_scope_allowed is set to false for a client, role scope mapping allows you to limit the roles that get declared inside an access token for a client.
Builder for GenericClientRoleMapperArgs.
Builder for GenericClientRoleMapper.
Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. There are two uses cases for using this resource:
Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak. There are two uses cases for using this resource:
Builder for GenericProtocolMapperArgs.
Builder for GenericProtocolMapper.
Allow for creating and managing a client's or client scope's role mappings within Keycloak. By default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When full_scope_allowed is set to false for a client, role scope mapping allows you to limit the roles that get declared inside an access token for a client.
Allow for creating and managing a client's or client scope's role mappings within Keycloak. By default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When full_scope_allowed is set to false for a client, role scope mapping allows you to limit the roles that get declared inside an access token for a client.
Builder for GenericRoleMapperArgs.
Builder for GenericRoleMapper.
Allows for creating and managing Groups within Keycloak. Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and group membership can be mapped to a claim. Attributes can also be defined on Groups. Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource should not be used to manage groups that were created this way.
Allows for creating and managing Groups within Keycloak. Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and group membership can be mapped to a claim. Attributes can also be defined on Groups. Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource should not be used to manage groups that were created this way.
Builder for GroupArgs.
Allows for managing a Keycloak group's members. Note that this resource attempts to be an authoritative source over group members. When this resource takes control over a group's members, users that are manually added to the group will be removed, and users that are manually removed from the group will be added upon the next run of pulumi up. Also note that you should not use keycloak.GroupMemberships with a group has been assigned as a default group via keycloak.DefaultGroups. This resource should not be used to control membership of a group that has its members federated from an external source via group mapping. To non-exclusively manage the group's of a user, see the 1 This resource paginates its data loading on refresh by 50 items.
Allows for managing a Keycloak group's members. Note that this resource attempts to be an authoritative source over group members. When this resource takes control over a group's members, users that are manually added to the group will be removed, and users that are manually removed from the group will be added upon the next run of pulumi up. Also note that you should not use keycloak.GroupMemberships with a group has been assigned as a default group via keycloak.DefaultGroups. This resource should not be used to control membership of a group that has its members federated from an external source via group mapping. To non-exclusively manage the group's of a user, see the 1 This resource paginates its data loading on refresh by 50 items.
Builder for GroupMembershipsArgs.
Builder for GroupMemberships.
Allows you to manage all group Scope Based Permissions https://www.keycloak.org/docs/latest/server_admin/#group. This is part of a preview Keycloak feature: admin_fine_grained_authz (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions). This feature can be enabled with the Keycloak option -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled. See the example docker-compose.yml file for an example. When enabling Roles Permissions, Keycloak does several things automatically:
Allows you to manage all group Scope Based Permissions https://www.keycloak.org/docs/latest/server_admin/#group. This is part of a preview Keycloak feature: admin_fine_grained_authz (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions). This feature can be enabled with the Keycloak option -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled. See the example docker-compose.yml file for an example. When enabling Roles Permissions, Keycloak does several things automatically:
Builder for GroupPermissionsArgs.
Builder for GroupPermissions.
Builder for Group.
Allows you to manage roles assigned to a Keycloak group. If exhaustive is true, this resource attempts to be an authoritative source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the group will be added upon the next run of pulumi up. If exhaustive is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple keycloak.GroupRoles for the same group_id. Note that when assigning composite roles to a group, you may see a non-empty plan following a pulumi up if you assign a role and a composite that includes that role to the same group.
Allows you to manage roles assigned to a Keycloak group. If exhaustive is true, this resource attempts to be an authoritative source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the group will be added upon the next run of pulumi up. If exhaustive is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple keycloak.GroupRoles for the same group_id. Note that when assigning composite roles to a group, you may see a non-empty plan following a pulumi up if you assign a role and a composite that includes that role to the same group.
Builder for GroupRolesArgs.
Builder for GroupRoles.
Allows for creating and managing hardcoded attribute mappers for Keycloak identity provider. The identity provider hardcoded attribute mapper will set the specified value to the IDP attribute.
Allows for creating and managing hardcoded attribute mappers for Keycloak identity provider. The identity provider hardcoded attribute mapper will set the specified value to the IDP attribute.
Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP. The user model hardcoded attribute mapper will set the specified value to the attribute.
Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP. The user model hardcoded attribute mapper will set the specified value to the attribute.
Builder for HardcodedAttributeMapperArgs.
Builder for HardcodedAttributeMapper.
Allows for creating and managing hardcoded group mappers for Keycloak identity provider. The identity provider hardcoded group mapper grants a specified Keycloak group to each Keycloak user from the identity provider.
Allows for creating and managing hardcoded group mappers for Keycloak identity provider. The identity provider hardcoded group mapper grants a specified Keycloak group to each Keycloak user from the identity provider.
Allows for creating and managing hardcoded role mappers for Keycloak identity provider. The identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider.
Allows for creating and managing hardcoded role mappers for Keycloak identity provider. The identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider.
Builder for HardcodedRoleIdentityMapperArgs.
Builder for HardcodedRoleIdentityMapper.
The provider type for the keycloak package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.
Builder for KeycloakProvider.
The provider type for the keycloak package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.
Builder for ProviderArgs.
Allows for creating and managing Realms within Keycloak. A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated from multiple sources.
Builder for RealmArgs.
Allows you to manage the set of default client scopes for a Keycloak realm, which are used when new clients are created. Note that this resource attempts to be an authoritative source over the default client scopes for a Keycloak realm, so any Keycloak defaults and manual adjustments will be overwritten.
Allows you to manage the set of default client scopes for a Keycloak realm, which are used when new clients are created. Note that this resource attempts to be an authoritative source over the default client scopes for a Keycloak realm, so any Keycloak defaults and manual adjustments will be overwritten.
Builder for RealmDefaultClientScopesArgs.
Builder for RealmDefaultClientScopes.
Allows for managing Realm Events settings within Keycloak.
Allows for managing Realm Events settings within Keycloak.
Builder for RealmEventsArgs.
Builder for RealmEvents.
Allows for creating and managing aes-generated Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Allows for creating and managing aes-generated Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Builder for RealmKeystoreAesGeneratedArgs.
Builder for RealmKeystoreAesGenerated.
Allows for creating and managing acdsa_generated Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Allows for creating and managing acdsa_generated Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Builder for RealmKeystoreEcdsaGeneratedArgs.
Builder for RealmKeystoreEcdsaGenerated.
Allows for creating and managing hmac-generated Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Allows for creating and managing hmac-generated Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Builder for RealmKeystoreHmacGeneratedArgs.
Builder for RealmKeystoreHmacGenerated.
Allows for creating and managing java-keystore Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Allows for creating and managing java-keystore Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Builder for RealmKeystoreJavaGeneratedArgs.
Builder for RealmKeystoreJavaGenerated.
Allows for creating and managing rsa Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Allows for creating and managing rsa Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Builder for RealmKeystoreRsaArgs.
Allows for creating and managing rsa-generated Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Allows for creating and managing rsa-generated Realm keystores within Keycloak. A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.
Builder for RealmKeystoreRsaGeneratedArgs.
Builder for RealmKeystoreRsaGenerated.
Builder for RealmKeystoreRsa.
Builder for RealmLocalizationArgs.
Builder for RealmLocalization.
Allows you to manage the set of optional client scopes for a Keycloak realm, which are used when new clients are created. Note that this resource attempts to be an authoritative source over the optional client scopes for a Keycloak realm, so any Keycloak defaults and manual adjustments will be overwritten.
Allows you to manage the set of optional client scopes for a Keycloak realm, which are used when new clients are created. Note that this resource attempts to be an authoritative source over the optional client scopes for a Keycloak realm, so any Keycloak defaults and manual adjustments will be overwritten.
Builder for RealmOptionalClientScopesArgs.
Builder for RealmOptionalClientScopes.
Builder for Realm.
Allows for managing Realm User Profiles within Keycloak. A user profile defines a schema for representing user attributes and how they are managed within a realm. Information for Keycloak versions < 24: The realm linked to the keycloak.RealmUserProfile resource must have the user profile feature enabled. It can be done via the administration UI, or by setting the userProfileEnabled realm attribute to true.
Allows for managing Realm User Profiles within Keycloak. A user profile defines a schema for representing user attributes and how they are managed within a realm. Information for Keycloak versions < 24: The realm linked to the keycloak.RealmUserProfile resource must have the user profile feature enabled. It can be done via the administration UI, or by setting the userProfileEnabled realm attribute to true.
Builder for RealmUserProfileArgs.
Builder for RealmUserProfile.
Allows for creating and managing required actions within Keycloak. Required actions specify actions required before the first login of all new users.
Allows for creating and managing required actions within Keycloak. Required actions specify actions required before the first login of all new users.
Builder for RequiredActionArgs.
Builder for RequiredAction.
Allows for creating and managing roles within Keycloak. Roles allow you to define privileges within Keycloak and map them to users and groups.
Builder for RoleArgs.
Builder for Role.
Allows for creating and managing Users within Keycloak. This resource was created primarily to enable the acceptance tests for the keycloak.Group resource. Creating users within Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers or identity providers.
Allows for creating and managing Users within Keycloak. This resource was created primarily to enable the acceptance tests for the keycloak.Group resource. Creating users within Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers or identity providers.
Builder for UserArgs.
Allows for managing a Keycloak user's groups. If exhaustive is true, this resource attempts to be an authoritative source over user groups: groups that are manually added to the user will be removed, and groups that are manually removed from the user group will be added upon the next run of pulumi up. If exhaustive is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple keycloak.UserGroups for the same user_id.
Allows for managing a Keycloak user's groups. If exhaustive is true, this resource attempts to be an authoritative source over user groups: groups that are manually added to the user will be removed, and groups that are manually removed from the user group will be added upon the next run of pulumi up. If exhaustive is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple keycloak.UserGroups for the same user_id.
Builder for UserGroupsArgs.
Builder for UserGroups.
Builder for User.
Allows you to manage roles assigned to a Keycloak user. If exhaustive is true, this resource attempts to be an authoritative source over user roles: roles that are manually added to the user will be removed, and roles that are manually removed from the user will be added upon the next run of pulumi up. If exhaustive is false, this resource is a partial assignation of roles to a user. As a result, you can use multiple keycloak.UserRoles for the same user_id. Note that when assigning composite roles to a user, you may see a non-empty plan following a pulumi up if you assign a role and a composite that includes that role to the same user.
Allows you to manage roles assigned to a Keycloak user. If exhaustive is true, this resource attempts to be an authoritative source over user roles: roles that are manually added to the user will be removed, and roles that are manually removed from the user will be added upon the next run of pulumi up. If exhaustive is false, this resource is a partial assignation of roles to a user. As a result, you can use multiple keycloak.UserRoles for the same user_id. Note that when assigning composite roles to a user, you may see a non-empty plan following a pulumi up if you assign a role and a composite that includes that role to the same user.
Builder for UserRolesArgs.
Builder for UserRoles.
Allows you to manage fine-grained permissions for all users in a realm: https://www.keycloak.org/docs/latest/server_admin/#_users-permissions This is part of a preview Keycloak feature: admin_fine_grained_authz (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions). This feature can be enabled with the Keycloak option -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled. See the example docker-compose.yml file for an example. When enabling fine-grained permissions for users, Keycloak does several things automatically:
Allows you to manage fine-grained permissions for all users in a realm: https://www.keycloak.org/docs/latest/server_admin/#_users-permissions This is part of a preview Keycloak feature: admin_fine_grained_authz (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions). This feature can be enabled with the Keycloak option -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled. See the example docker-compose.yml file for an example. When enabling fine-grained permissions for users, Keycloak does several things automatically:
Builder for UsersPermissionsArgs.
Builder for UsersPermissions.
Allows for creating and managing an username template importer identity provider mapper within Keycloak. The username template importer mapper can be used to map externally defined OIDC claims or SAML attributes with a template to the username of the imported Keycloak user:
Allows for creating and managing an username template importer identity provider mapper within Keycloak. The username template importer mapper can be used to map externally defined OIDC claims or SAML attributes with a template to the username of the imported Keycloak user: