Client
data class ClientAuthorizationClientScopePolicyArgs(val decisionStrategy: Output<String>? = null, val description: Output<String>? = null, val logic: Output<String>? = null, val name: Output<String>? = null, val realmId: Output<String>? = null, val resourceServerId: Output<String>? = null, val scopes: Output<List<ClientAuthorizationClientScopePolicyScopeArgs>>? = null) : ConvertibleToJava<ClientAuthorizationClientScopePolicyArgs>
Allows you to manage openid Client Authorization Client Scope type Policies.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const test = new keycloak.openid.Client("test", {
clientId: "client_id",
realmId: realm.id,
accessType: "CONFIDENTIAL",
serviceAccountsEnabled: true,
authorization: {
policyEnforcementMode: "ENFORCING",
},
});
const test1 = new keycloak.openid.ClientScope("test1", {
realmId: realm.id,
name: "test1",
description: "test1",
});
const test2 = new keycloak.openid.ClientScope("test2", {
realmId: realm.id,
name: "test2",
description: "test2",
});
const testClientAuthorizationClientScopePolicy = new keycloak.openid.ClientAuthorizationClientScopePolicy("test", {
resourceServerId: test.resourceServerId,
realmId: realm.id,
name: "test_policy_single",
description: "test",
decisionStrategy: "AFFIRMATIVE",
logic: "POSITIVE",
scopes: [{
id: test1.id,
required: false,
}],
});
const testMultiple = new keycloak.openid.ClientAuthorizationClientScopePolicy("test_multiple", {
resourceServerId: test.resourceServerId,
realmId: realm.id,
name: "test_policy_multiple",
description: "test",
decisionStrategy: "AFFIRMATIVE",
logic: "POSITIVE",
scopes: [
{
id: test1.id,
required: false,
},
{
id: test2.id,
required: true,
},
],
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
test = keycloak.openid.Client("test",
client_id="client_id",
realm_id=realm.id,
access_type="CONFIDENTIAL",
service_accounts_enabled=True,
authorization={
"policy_enforcement_mode": "ENFORCING",
})
test1 = keycloak.openid.ClientScope("test1",
realm_id=realm.id,
name="test1",
description="test1")
test2 = keycloak.openid.ClientScope("test2",
realm_id=realm.id,
name="test2",
description="test2")
test_client_authorization_client_scope_policy = keycloak.openid.ClientAuthorizationClientScopePolicy("test",
resource_server_id=test.resource_server_id,
realm_id=realm.id,
name="test_policy_single",
description="test",
decision_strategy="AFFIRMATIVE",
logic="POSITIVE",
scopes=[{
"id": test1.id,
"required": False,
}])
test_multiple = keycloak.openid.ClientAuthorizationClientScopePolicy("test_multiple",
resource_server_id=test.resource_server_id,
realm_id=realm.id,
name="test_policy_multiple",
description="test",
decision_strategy="AFFIRMATIVE",
logic="POSITIVE",
scopes=[
{
"id": test1.id,
"required": False,
},
{
"id": test2.id,
"required": True,
},
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var test = new Keycloak.OpenId.Client("test", new()
{
ClientId = "client_id",
RealmId = realm.Id,
AccessType = "CONFIDENTIAL",
ServiceAccountsEnabled = true,
Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs
{
PolicyEnforcementMode = "ENFORCING",
},
});
var test1 = new Keycloak.OpenId.ClientScope("test1", new()
{
RealmId = realm.Id,
Name = "test1",
Description = "test1",
});
var test2 = new Keycloak.OpenId.ClientScope("test2", new()
{
RealmId = realm.Id,
Name = "test2",
Description = "test2",
});
var testClientAuthorizationClientScopePolicy = new Keycloak.OpenId.ClientAuthorizationClientScopePolicy("test", new()
{
ResourceServerId = test.ResourceServerId,
RealmId = realm.Id,
Name = "test_policy_single",
Description = "test",
DecisionStrategy = "AFFIRMATIVE",
Logic = "POSITIVE",
Scopes = new[]
{
new Keycloak.OpenId.Inputs.ClientAuthorizationClientScopePolicyScopeArgs
{
Id = test1.Id,
Required = false,
},
},
});
var testMultiple = new Keycloak.OpenId.ClientAuthorizationClientScopePolicy("test_multiple", new()
{
ResourceServerId = test.ResourceServerId,
RealmId = realm.Id,
Name = "test_policy_multiple",
Description = "test",
DecisionStrategy = "AFFIRMATIVE",
Logic = "POSITIVE",
Scopes = new[]
{
new Keycloak.OpenId.Inputs.ClientAuthorizationClientScopePolicyScopeArgs
{
Id = test1.Id,
Required = false,
},
new Keycloak.OpenId.Inputs.ClientAuthorizationClientScopePolicyScopeArgs
{
Id = test2.Id,
Required = true,
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
test, err := openid.NewClient(ctx, "test", &openid.ClientArgs{
ClientId: pulumi.String("client_id"),
RealmId: realm.ID(),
AccessType: pulumi.String("CONFIDENTIAL"),
ServiceAccountsEnabled: pulumi.Bool(true),
Authorization: &openid.ClientAuthorizationArgs{
PolicyEnforcementMode: pulumi.String("ENFORCING"),
},
})
if err != nil {
return err
}
test1, err := openid.NewClientScope(ctx, "test1", &openid.ClientScopeArgs{
RealmId: realm.ID(),
Name: pulumi.String("test1"),
Description: pulumi.String("test1"),
})
if err != nil {
return err
}
test2, err := openid.NewClientScope(ctx, "test2", &openid.ClientScopeArgs{
RealmId: realm.ID(),
Name: pulumi.String("test2"),
Description: pulumi.String("test2"),
})
if err != nil {
return err
}
_, err = openid.NewClientAuthorizationClientScopePolicy(ctx, "test", &openid.ClientAuthorizationClientScopePolicyArgs{
ResourceServerId: test.ResourceServerId,
RealmId: realm.ID(),
Name: pulumi.String("test_policy_single"),
Description: pulumi.String("test"),
DecisionStrategy: pulumi.String("AFFIRMATIVE"),
Logic: pulumi.String("POSITIVE"),
Scopes: openid.ClientAuthorizationClientScopePolicyScopeArray{
&openid.ClientAuthorizationClientScopePolicyScopeArgs{
Id: test1.ID(),
Required: pulumi.Bool(false),
},
},
})
if err != nil {
return err
}
_, err = openid.NewClientAuthorizationClientScopePolicy(ctx, "test_multiple", &openid.ClientAuthorizationClientScopePolicyArgs{
ResourceServerId: test.ResourceServerId,
RealmId: realm.ID(),
Name: pulumi.String("test_policy_multiple"),
Description: pulumi.String("test"),
DecisionStrategy: pulumi.String("AFFIRMATIVE"),
Logic: pulumi.String("POSITIVE"),
Scopes: openid.ClientAuthorizationClientScopePolicyScopeArray{
&openid.ClientAuthorizationClientScopePolicyScopeArgs{
Id: test1.ID(),
Required: pulumi.Bool(false),
},
&openid.ClientAuthorizationClientScopePolicyScopeArgs{
Id: test2.ID(),
Required: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;
import com.pulumi.keycloak.openid.ClientScope;
import com.pulumi.keycloak.openid.ClientScopeArgs;
import com.pulumi.keycloak.openid.ClientAuthorizationClientScopePolicy;
import com.pulumi.keycloak.openid.ClientAuthorizationClientScopePolicyArgs;
import com.pulumi.keycloak.openid.inputs.ClientAuthorizationClientScopePolicyScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var test = new Client("test", ClientArgs.builder()
.clientId("client_id")
.realmId(realm.id())
.accessType("CONFIDENTIAL")
.serviceAccountsEnabled(true)
.authorization(ClientAuthorizationArgs.builder()
.policyEnforcementMode("ENFORCING")
.build())
.build());
var test1 = new ClientScope("test1", ClientScopeArgs.builder()
.realmId(realm.id())
.name("test1")
.description("test1")
.build());
var test2 = new ClientScope("test2", ClientScopeArgs.builder()
.realmId(realm.id())
.name("test2")
.description("test2")
.build());
var testClientAuthorizationClientScopePolicy = new ClientAuthorizationClientScopePolicy("testClientAuthorizationClientScopePolicy", ClientAuthorizationClientScopePolicyArgs.builder()
.resourceServerId(test.resourceServerId())
.realmId(realm.id())
.name("test_policy_single")
.description("test")
.decisionStrategy("AFFIRMATIVE")
.logic("POSITIVE")
.scopes(ClientAuthorizationClientScopePolicyScopeArgs.builder()
.id(test1.id())
.required(false)
.build())
.build());
var testMultiple = new ClientAuthorizationClientScopePolicy("testMultiple", ClientAuthorizationClientScopePolicyArgs.builder()
.resourceServerId(test.resourceServerId())
.realmId(realm.id())
.name("test_policy_multiple")
.description("test")
.decisionStrategy("AFFIRMATIVE")
.logic("POSITIVE")
.scopes(
ClientAuthorizationClientScopePolicyScopeArgs.builder()
.id(test1.id())
.required(false)
.build(),
ClientAuthorizationClientScopePolicyScopeArgs.builder()
.id(test2.id())
.required(true)
.build())
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
test:
type: keycloak:openid:Client
properties:
clientId: client_id
realmId: ${realm.id}
accessType: CONFIDENTIAL
serviceAccountsEnabled: true
authorization:
policyEnforcementMode: ENFORCING
test1:
type: keycloak:openid:ClientScope
properties:
realmId: ${realm.id}
name: test1
description: test1
test2:
type: keycloak:openid:ClientScope
properties:
realmId: ${realm.id}
name: test2
description: test2
testClientAuthorizationClientScopePolicy:
type: keycloak:openid:ClientAuthorizationClientScopePolicy
name: test
properties:
resourceServerId: ${test.resourceServerId}
realmId: ${realm.id}
name: test_policy_single
description: test
decisionStrategy: AFFIRMATIVE
logic: POSITIVE
scopes:
- id: ${test1.id}
required: false
testMultiple:
type: keycloak:openid:ClientAuthorizationClientScopePolicy
name: test_multiple
properties:
resourceServerId: ${test.resourceServerId}
realmId: ${realm.id}
name: test_policy_multiple
description: test
decisionStrategy: AFFIRMATIVE
logic: POSITIVE
scopes:
- id: ${test1.id}
required: false
- id: ${test2.id}
required: trueContent copied to clipboard
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this group exists in.resource_server_id- (Required) The ID of the resource server.name- (Required) The name of the policy.description- (Optional) A description for the authorization policy.decision_strategy- (Optional) The decision strategy, can be one ofUNANIMOUS,AFFIRMATIVE, orCONSENSUS. Defaults toUNANIMOUS.logic- (Optional) The logic, can be one ofPOSITIVEorNEGATIVE. Defaults toPOSITIVE.scope- An client scope to add client scope. At least one should be defined.
Scope Arguments
id- (Required) Id of client scope.required- (Optional) Whentrue, then this client scope will be set as required. Defaults tofalse.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
id- Policy ID representing the policy.
Import
Client authorization policies can be imported using the format: {{realmId}}/{{resourceServerId}}/{{policyId}}. Example: bash
$ pulumi import keycloak:openid/clientAuthorizationClientScopePolicy:ClientAuthorizationClientScopePolicy test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9Content copied to clipboard
Constructors
Link copied to clipboard
constructor(decisionStrategy: Output<String>? = null, description: Output<String>? = null, logic: Output<String>? = null, name: Output<String>? = null, realmId: Output<String>? = null, resourceServerId: Output<String>? = null, scopes: Output<List<ClientAuthorizationClientScopePolicyScopeArgs>>? = null)