diff --git a/.gitmodules b/.gitmodules index 6c859695..9180532f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +1,4 @@ [submodule "upstream"] path = upstream - url = https://github.com/mrparkers/terraform-provider-keycloak.git + url = https://github.com/keycloak/terraform-provider-keycloak.git ignore = dirty diff --git a/Makefile b/Makefile index bf155263..6e77bc34 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ PACK := keycloak ORG := pulumi PROJECT := github.com/$(ORG)/pulumi-$(PACK) -PROVIDER_PATH := provider/v5 +PROVIDER_PATH := provider/v6 VERSION_PATH := $(PROVIDER_PATH)/pkg/version.Version CODEGEN := pulumi-tfgen-$(PACK) PROVIDER := pulumi-resource-$(PACK) diff --git a/README.md b/README.md index 62dc8632..8556d880 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ To use from Python, install using `pip`: To use from Go, use `go get` to grab the latest version of the library - $ go get github.com/pulumi/pulumi-keycloak/sdk/v5 + $ go get github.com/pulumi/pulumi-keycloak/sdk/v6 ### .NET diff --git a/patches/0001-Add-file-to-mandate-patch.patch b/patches/0001-Add-file-to-mandate-patch.patch index 6792a66b..a33a0843 100644 --- a/patches/0001-Add-file-to-mandate-patch.patch +++ b/patches/0001-Add-file-to-mandate-patch.patch @@ -6,7 +6,7 @@ Subject: [PATCH] Add file to mandate patch diff --git a/patch.md b/patch.md new file mode 100644 -index 0000000..a8fee35 +index 0000000..2ed2d3f --- /dev/null +++ b/patch.md @@ -0,0 +1,7 @@ @@ -15,5 +15,5 @@ index 0000000..a8fee35 +This provider needs a patch since it's [`go.mod`](https://github.com/keycloak/terraform-provider-keycloak/blob/3f6b75b79ada48eddb41de6055f57a357d9b691c/go.mod#L1) is not valid: + +```go -+module github.com/mrparkers/terraform-provider-keycloak ++module github.com/keycloak/terraform-provider-keycloak +``` diff --git a/provider/cmd/pulumi-resource-keycloak/main.go b/provider/cmd/pulumi-resource-keycloak/main.go index f6aba57e..dc461a49 100644 --- a/provider/cmd/pulumi-resource-keycloak/main.go +++ b/provider/cmd/pulumi-resource-keycloak/main.go @@ -21,8 +21,8 @@ import ( "github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge" - keycloak "github.com/pulumi/pulumi-keycloak/provider/v5" - "github.com/pulumi/pulumi-keycloak/provider/v5/pkg/version" + keycloak "github.com/pulumi/pulumi-keycloak/provider/v6" + "github.com/pulumi/pulumi-keycloak/provider/v6/pkg/version" ) //go:embed schema-embed.json diff --git a/provider/cmd/pulumi-resource-keycloak/schema.json b/provider/cmd/pulumi-resource-keycloak/schema.json index 8c1addc6..c6e3fa60 100644 --- a/provider/cmd/pulumi-resource-keycloak/schema.json +++ b/provider/cmd/pulumi-resource-keycloak/schema.json @@ -7,7 +7,7 @@ ], "homepage": "https://pulumi.io", "license": "Apache-2.0", - "attribution": "This Pulumi package is based on the [`keycloak` Terraform Provider](https://github.com/mrparkers/terraform-provider-keycloak).", + "attribution": "This Pulumi package is based on the [`keycloak` Terraform Provider](https://github.com/keycloak/terraform-provider-keycloak).", "repository": "https://github.com/pulumi/pulumi-keycloak", "meta": { "moduleFormat": "(.*)(?:/[^/]*)" @@ -37,7 +37,7 @@ }, "nodejs": { "packageDescription": "A Pulumi package for creating and managing keycloak cloud resources.", - "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/mrparkers/terraform-provider-keycloak)\n\u003e distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-keycloak` repo](https://github.com/pulumi/pulumi-keycloak/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-keycloak` repo](https://github.com/mrparkers/terraform-provider-keycloak/issues).", + "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/keycloak/terraform-provider-keycloak)\n\u003e distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-keycloak` repo](https://github.com/pulumi/pulumi-keycloak/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-keycloak` repo](https://github.com/keycloak/terraform-provider-keycloak/issues).", "devDependencies": { "@types/mime": "^2.0.0", "@types/node": "^10.0.0" @@ -47,7 +47,7 @@ "respectSchemaVersion": true }, "python": { - "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/mrparkers/terraform-provider-keycloak)\n\u003e distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-keycloak` repo](https://github.com/pulumi/pulumi-keycloak/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-keycloak` repo](https://github.com/mrparkers/terraform-provider-keycloak/issues).", + "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/keycloak/terraform-provider-keycloak)\n\u003e distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-keycloak` repo](https://github.com/pulumi/pulumi-keycloak/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-keycloak` repo](https://github.com/keycloak/terraform-provider-keycloak/issues).", "compatibility": "tfbridge20", "respectSchemaVersion": true, "pyproject": { @@ -549,7 +549,7 @@ }, "relyingPartyEntityName": { "type": "string", - "description": "A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`.\n" + "description": "A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`.\n" }, "relyingPartyId": { "type": "string", @@ -607,7 +607,7 @@ }, "relyingPartyEntityName": { "type": "string", - "description": "A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`.\n" + "description": "A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`.\n" }, "relyingPartyId": { "type": "string", @@ -650,7 +650,7 @@ }, "userName": { "type": "string", - "description": "The user name of the user defined in the identity provider\n" + "description": "The username of the user defined in the identity provider\n" } }, "type": "object", @@ -1814,7 +1814,7 @@ } }, "keycloak:authentication/execution:Execution": { - "description": "Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"execution_one\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"execution_two\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"execution_one\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"execution_two\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts = pulumi.ResourceOptions(depends_on=[execution_one]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"execution_one\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"execution_two\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n executionOne,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"execution_one\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"execution_two\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n // first execution\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n // second execution\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n name: execution_one\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n name: execution_two\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependsOn:\n - ${executionOne}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n", + "description": "Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Following limitation affects Keycloak \u003c 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"execution_one\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n priority: 10,\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"execution_two\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n priority: 20,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"execution_one\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\",\n priority=10)\n# second execution\nexecution_two = keycloak.authentication.Execution(\"execution_two\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n priority=20)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"execution_one\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n Priority = 10,\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"execution_two\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n Priority = 20,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\t_, err = authentication.NewExecution(ctx, \"execution_one\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t\tPriority: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"execution_two\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t\tPriority: pulumi.Int(20),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n // first execution\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .priority(10)\n .build());\n\n // second execution\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .priority(20)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n name: execution_one\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n priority: 10\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n name: execution_two\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n priority: 20\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n", "properties": { "authenticator": { "type": "string", @@ -1824,6 +1824,10 @@ "type": "string", "description": "The alias of the flow this execution is attached to.\n" }, + "priority": { + "type": "integer", + "description": "The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n" + }, "realmId": { "type": "string", "description": "The realm the authentication execution exists in.\n" @@ -1849,6 +1853,10 @@ "description": "The alias of the flow this execution is attached to.\n", "willReplaceOnChanges": true }, + "priority": { + "type": "integer", + "description": "The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n" + }, "realmId": { "type": "string", "description": "The realm the authentication execution exists in.\n", @@ -1877,6 +1885,10 @@ "description": "The alias of the flow this execution is attached to.\n", "willReplaceOnChanges": true }, + "priority": { + "type": "integer", + "description": "The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n" + }, "realmId": { "type": "string", "description": "The realm the authentication execution exists in.\n", @@ -2050,7 +2062,7 @@ } }, "keycloak:authentication/subflow:Subflow": { - "description": "Allows for creating and managing an authentication subflow within Keycloak.\n\nLike authentication flows, authentication subflows are containers for authentication executions.\nAs its name implies, an authentication subflow is contained in an authentication flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst subflow = new keycloak.authentication.Subflow(\"subflow\", {\n realmId: realm.id,\n alias: \"my-subflow-alias\",\n parentFlowAlias: flow.alias,\n providerId: \"basic-flow\",\n requirement: \"ALTERNATIVE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nsubflow = keycloak.authentication.Subflow(\"subflow\",\n realm_id=realm.id,\n alias=\"my-subflow-alias\",\n parent_flow_alias=flow.alias,\n provider_id=\"basic-flow\",\n requirement=\"ALTERNATIVE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var subflow = new Keycloak.Authentication.Subflow(\"subflow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-subflow-alias\",\n ParentFlowAlias = flow.Alias,\n ProviderId = \"basic-flow\",\n Requirement = \"ALTERNATIVE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewSubflow(ctx, \"subflow\", \u0026authentication.SubflowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-subflow-alias\"),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tProviderId: pulumi.String(\"basic-flow\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Subflow;\nimport com.pulumi.keycloak.authentication.SubflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var subflow = new Subflow(\"subflow\", SubflowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-subflow-alias\")\n .parentFlowAlias(flow.alias())\n .providerId(\"basic-flow\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n subflow:\n type: keycloak:authentication:Subflow\n properties:\n realmId: ${realm.id}\n alias: my-subflow-alias\n parentFlowAlias: ${flow.alias}\n providerId: basic-flow\n requirement: ALTERNATIVE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`.\n\nThe authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak.\n\nUnfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the\n\n\"Authentication\" page in Keycloak, and use the network tab of your browser to view the response of the API call to\n\n`/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be.\n\n__The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field).\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/\"Parent Flow\"/3bad1172-bb5c-4a77-9615-c2606eb03081\n```\n\n", + "description": "Allows for creating and managing an authentication subflow within Keycloak.\n\nLike authentication flows, authentication subflows are containers for authentication executions.\nAs its name implies, an authentication subflow is contained in an authentication flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst subflow = new keycloak.authentication.Subflow(\"subflow\", {\n realmId: realm.id,\n alias: \"my-subflow-alias\",\n parentFlowAlias: flow.alias,\n providerId: \"basic-flow\",\n requirement: \"ALTERNATIVE\",\n priority: 10,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nsubflow = keycloak.authentication.Subflow(\"subflow\",\n realm_id=realm.id,\n alias=\"my-subflow-alias\",\n parent_flow_alias=flow.alias,\n provider_id=\"basic-flow\",\n requirement=\"ALTERNATIVE\",\n priority=10)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var subflow = new Keycloak.Authentication.Subflow(\"subflow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-subflow-alias\",\n ParentFlowAlias = flow.Alias,\n ProviderId = \"basic-flow\",\n Requirement = \"ALTERNATIVE\",\n Priority = 10,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewSubflow(ctx, \"subflow\", \u0026authentication.SubflowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-subflow-alias\"),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tProviderId: pulumi.String(\"basic-flow\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t\tPriority: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Subflow;\nimport com.pulumi.keycloak.authentication.SubflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var subflow = new Subflow(\"subflow\", SubflowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-subflow-alias\")\n .parentFlowAlias(flow.alias())\n .providerId(\"basic-flow\")\n .requirement(\"ALTERNATIVE\")\n .priority(10)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n subflow:\n type: keycloak:authentication:Subflow\n properties:\n realmId: ${realm.id}\n alias: my-subflow-alias\n parentFlowAlias: ${flow.alias}\n providerId: basic-flow\n requirement: ALTERNATIVE\n priority: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`.\n\nThe authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak.\n\nUnfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the\n\n\"Authentication\" page in Keycloak, and use the network tab of your browser to view the response of the API call to\n\n`/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be.\n\n__The subflow ID is contained in the `flowID` field__ (not, as one could guess, the `id` field).\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/subflow:Subflow subflow my-realm/\"Parent Flow\"/3bad1172-bb5c-4a77-9615-c2606eb03081\n```\n\n", "properties": { "alias": { "type": "string", @@ -2068,6 +2080,10 @@ "type": "string", "description": "The alias for the parent authentication flow.\n" }, + "priority": { + "type": "integer", + "description": "The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n" + }, "providerId": { "type": "string", "description": "The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow`\nand `client-flow`. Defaults to `basic-flow`.\n" @@ -2105,6 +2121,10 @@ "description": "The alias for the parent authentication flow.\n", "willReplaceOnChanges": true }, + "priority": { + "type": "integer", + "description": "The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n" + }, "providerId": { "type": "string", "description": "The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow`\nand `client-flow`. Defaults to `basic-flow`.\n" @@ -2145,6 +2165,10 @@ "description": "The alias for the parent authentication flow.\n", "willReplaceOnChanges": true }, + "priority": { + "type": "integer", + "description": "The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n" + }, "providerId": { "type": "string", "description": "The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow`\nand `client-flow`. Defaults to `basic-flow`.\n" @@ -2571,7 +2595,7 @@ "additionalProperties": { "type": "string" }, - "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values.\n" + "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values.\n" }, "enabled": { "type": "boolean", @@ -2622,7 +2646,7 @@ "additionalProperties": { "type": "string" }, - "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values.\n" + "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values.\n" }, "enabled": { "type": "boolean", @@ -2676,7 +2700,7 @@ "additionalProperties": { "type": "string" }, - "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values.\n" + "description": "The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values.\n" }, "enabled": { "type": "boolean", @@ -3264,7 +3288,7 @@ "additionalProperties": { "type": "string" }, - "description": "A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + "description": "A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars\n" }, "name": { "type": "string", @@ -3294,7 +3318,7 @@ "additionalProperties": { "type": "string" }, - "description": "A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + "description": "A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars\n" }, "name": { "type": "string", @@ -3322,7 +3346,7 @@ "additionalProperties": { "type": "string" }, - "description": "A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n" + "description": "A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars\n" }, "name": { "type": "string", @@ -3347,7 +3371,7 @@ } }, "keycloak:index/groupMemberships:GroupMemberships": { - "description": "Allows for managing a Keycloak group's members.\n\nNote that this resource attempts to be an **authoritative** source over group members. When this resource takes control\nover a group's members, users that are manually added to the group will be removed, and users that are manually removed\nfrom the group will be added upon the next run of `pulumi up`.\n\nAlso note that you should not use `keycloak.GroupMemberships` with a group has been assigned as a default group via\n`keycloak.DefaultGroups`.\n\nThis resource **should not** be used to control membership of a group that has its members federated from an external\nsource via group mapping.\n\nTo non-exclusively manage the group's of a user, see the [`keycloak.UserGroups` resource][1]\n\nThis resource paginates its data loading on refresh by 50 items.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst groupMembers = new keycloak.GroupMemberships(\"group_members\", {\n realmId: realm.id,\n groupId: group.id,\n members: [user.username],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\ngroup_members = keycloak.GroupMemberships(\"group_members\",\n realm_id=realm.id,\n group_id=group.id,\n members=[user.username])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var groupMembers = new Keycloak.GroupMemberships(\"group_members\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Members = new[]\n {\n user.Username,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupMemberships(ctx, \"group_members\", \u0026keycloak.GroupMembershipsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tuser.Username,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.GroupMemberships;\nimport com.pulumi.keycloak.GroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var groupMembers = new GroupMemberships(\"groupMembers\", GroupMembershipsArgs.builder()\n .realmId(realm.id())\n .groupId(group.id())\n .members(user.username())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n groupMembers:\n type: keycloak:GroupMemberships\n name: group_members\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n members:\n - ${user.username}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\n\nas if it did not already exist on the server.\n\n[1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships\n\n", + "description": "Allows for managing a Keycloak group's members.\n\nNote that this resource attempts to be an **authoritative** source over group members. When this resource takes control\nover a group's members, users that are manually added to the group will be removed, and users that are manually removed\nfrom the group will be added upon the next run of `pulumi up`.\n\nAlso note that you should not use `keycloak.GroupMemberships` with a group has been assigned as a default group via\n`keycloak.DefaultGroups`.\n\nThis resource **should not** be used to control membership of a group that has its members federated from an external\nsource via group mapping.\n\nTo non-exclusively manage the group's of a user, see the [`keycloak.UserGroups` resource][1]\n\nThis resource paginates its data loading on refresh by 50 items.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst groupMembers = new keycloak.GroupMemberships(\"group_members\", {\n realmId: realm.id,\n groupId: group.id,\n members: [user.username],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\ngroup_members = keycloak.GroupMemberships(\"group_members\",\n realm_id=realm.id,\n group_id=group.id,\n members=[user.username])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var groupMembers = new Keycloak.GroupMemberships(\"group_members\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Members = new[]\n {\n user.Username,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupMemberships(ctx, \"group_members\", \u0026keycloak.GroupMembershipsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tuser.Username,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.GroupMemberships;\nimport com.pulumi.keycloak.GroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var groupMembers = new GroupMemberships(\"groupMembers\", GroupMembershipsArgs.builder()\n .realmId(realm.id())\n .groupId(group.id())\n .members(user.username())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n groupMembers:\n type: keycloak:GroupMemberships\n name: group_members\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n members:\n - ${user.username}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\n\nas if it did not already exist on the server.\n\n[1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships\n\n", "properties": { "groupId": { "type": "string", @@ -3941,7 +3965,7 @@ } }, "keycloak:index/realm:Realm": { - "description": "Allows for creating and managing Realms within Keycloak.\n\nA realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated\nfrom multiple sources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n displayName: \"my realm\",\n displayNameHtml: \"\u003cb\u003emy realm\u003c/b\u003e\",\n loginTheme: \"base\",\n accessCodeLifespan: \"1h\",\n sslRequired: \"external\",\n passwordPolicy: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n attributes: {\n mycustomAttribute: \"myCustomValue\",\n },\n smtpServer: {\n host: \"smtp.example.com\",\n from: \"example@example.com\",\n auth: {\n username: \"tom\",\n password: \"password\",\n },\n },\n internationalization: {\n supportedLocales: [\n \"en\",\n \"de\",\n \"es\",\n ],\n defaultLocale: \"en\",\n },\n securityDefenses: {\n headers: {\n xFrameOptions: \"DENY\",\n contentSecurityPolicy: \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n contentSecurityPolicyReportOnly: \"\",\n xContentTypeOptions: \"nosniff\",\n xRobotsTag: \"none\",\n xXssProtection: \"1; mode=block\",\n strictTransportSecurity: \"max-age=31536000; includeSubDomains\",\n },\n bruteForceDetection: {\n permanentLockout: false,\n maxLoginFailures: 30,\n waitIncrementSeconds: 60,\n quickLoginCheckMilliSeconds: 1000,\n minimumQuickLoginWaitSeconds: 60,\n maxFailureWaitSeconds: 900,\n failureResetTimeSeconds: 43200,\n },\n },\n webAuthnPolicy: {\n relyingPartyEntityName: \"Example\",\n relyingPartyId: \"keycloak.example.com\",\n signatureAlgorithms: [\n \"ES256\",\n \"RS256\",\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True,\n display_name=\"my realm\",\n display_name_html=\"\u003cb\u003emy realm\u003c/b\u003e\",\n login_theme=\"base\",\n access_code_lifespan=\"1h\",\n ssl_required=\"external\",\n password_policy=\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n attributes={\n \"mycustomAttribute\": \"myCustomValue\",\n },\n smtp_server={\n \"host\": \"smtp.example.com\",\n \"from_\": \"example@example.com\",\n \"auth\": {\n \"username\": \"tom\",\n \"password\": \"password\",\n },\n },\n internationalization={\n \"supported_locales\": [\n \"en\",\n \"de\",\n \"es\",\n ],\n \"default_locale\": \"en\",\n },\n security_defenses={\n \"headers\": {\n \"x_frame_options\": \"DENY\",\n \"content_security_policy\": \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n \"content_security_policy_report_only\": \"\",\n \"x_content_type_options\": \"nosniff\",\n \"x_robots_tag\": \"none\",\n \"x_xss_protection\": \"1; mode=block\",\n \"strict_transport_security\": \"max-age=31536000; includeSubDomains\",\n },\n \"brute_force_detection\": {\n \"permanent_lockout\": False,\n \"max_login_failures\": 30,\n \"wait_increment_seconds\": 60,\n \"quick_login_check_milli_seconds\": 1000,\n \"minimum_quick_login_wait_seconds\": 60,\n \"max_failure_wait_seconds\": 900,\n \"failure_reset_time_seconds\": 43200,\n },\n },\n web_authn_policy={\n \"relying_party_entity_name\": \"Example\",\n \"relying_party_id\": \"keycloak.example.com\",\n \"signature_algorithms\": [\n \"ES256\",\n \"RS256\",\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n DisplayName = \"my realm\",\n DisplayNameHtml = \"\u003cb\u003emy realm\u003c/b\u003e\",\n LoginTheme = \"base\",\n AccessCodeLifespan = \"1h\",\n SslRequired = \"external\",\n PasswordPolicy = \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n Attributes = \n {\n { \"mycustomAttribute\", \"myCustomValue\" },\n },\n SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs\n {\n Host = \"smtp.example.com\",\n From = \"example@example.com\",\n Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs\n {\n Username = \"tom\",\n Password = \"password\",\n },\n },\n Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs\n {\n SupportedLocales = new[]\n {\n \"en\",\n \"de\",\n \"es\",\n },\n DefaultLocale = \"en\",\n },\n SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs\n {\n Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs\n {\n XFrameOptions = \"DENY\",\n ContentSecurityPolicy = \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n ContentSecurityPolicyReportOnly = \"\",\n XContentTypeOptions = \"nosniff\",\n XRobotsTag = \"none\",\n XXssProtection = \"1; mode=block\",\n StrictTransportSecurity = \"max-age=31536000; includeSubDomains\",\n },\n BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs\n {\n PermanentLockout = false,\n MaxLoginFailures = 30,\n WaitIncrementSeconds = 60,\n QuickLoginCheckMilliSeconds = 1000,\n MinimumQuickLoginWaitSeconds = 60,\n MaxFailureWaitSeconds = 900,\n FailureResetTimeSeconds = 43200,\n },\n },\n WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs\n {\n RelyingPartyEntityName = \"Example\",\n RelyingPartyId = \"keycloak.example.com\",\n SignatureAlgorithms = new[]\n {\n \"ES256\",\n \"RS256\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tDisplayName: pulumi.String(\"my realm\"),\n\t\t\tDisplayNameHtml: pulumi.String(\"\u003cb\u003emy realm\u003c/b\u003e\"),\n\t\t\tLoginTheme: pulumi.String(\"base\"),\n\t\t\tAccessCodeLifespan: pulumi.String(\"1h\"),\n\t\t\tSslRequired: pulumi.String(\"external\"),\n\t\t\tPasswordPolicy: pulumi.String(\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"mycustomAttribute\": pulumi.String(\"myCustomValue\"),\n\t\t\t},\n\t\t\tSmtpServer: \u0026keycloak.RealmSmtpServerArgs{\n\t\t\t\tHost: pulumi.String(\"smtp.example.com\"),\n\t\t\t\tFrom: pulumi.String(\"example@example.com\"),\n\t\t\t\tAuth: \u0026keycloak.RealmSmtpServerAuthArgs{\n\t\t\t\t\tUsername: pulumi.String(\"tom\"),\n\t\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInternationalization: \u0026keycloak.RealmInternationalizationArgs{\n\t\t\t\tSupportedLocales: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"en\"),\n\t\t\t\t\tpulumi.String(\"de\"),\n\t\t\t\t\tpulumi.String(\"es\"),\n\t\t\t\t},\n\t\t\t\tDefaultLocale: pulumi.String(\"en\"),\n\t\t\t},\n\t\t\tSecurityDefenses: \u0026keycloak.RealmSecurityDefensesArgs{\n\t\t\t\tHeaders: \u0026keycloak.RealmSecurityDefensesHeadersArgs{\n\t\t\t\t\tXFrameOptions: pulumi.String(\"DENY\"),\n\t\t\t\t\tContentSecurityPolicy: pulumi.String(\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\"),\n\t\t\t\t\tContentSecurityPolicyReportOnly: pulumi.String(\"\"),\n\t\t\t\t\tXContentTypeOptions: pulumi.String(\"nosniff\"),\n\t\t\t\t\tXRobotsTag: pulumi.String(\"none\"),\n\t\t\t\t\tXXssProtection: pulumi.String(\"1; mode=block\"),\n\t\t\t\t\tStrictTransportSecurity: pulumi.String(\"max-age=31536000; includeSubDomains\"),\n\t\t\t\t},\n\t\t\t\tBruteForceDetection: \u0026keycloak.RealmSecurityDefensesBruteForceDetectionArgs{\n\t\t\t\t\tPermanentLockout: pulumi.Bool(false),\n\t\t\t\t\tMaxLoginFailures: pulumi.Int(30),\n\t\t\t\t\tWaitIncrementSeconds: pulumi.Int(60),\n\t\t\t\t\tQuickLoginCheckMilliSeconds: pulumi.Int(1000),\n\t\t\t\t\tMinimumQuickLoginWaitSeconds: pulumi.Int(60),\n\t\t\t\t\tMaxFailureWaitSeconds: pulumi.Int(900),\n\t\t\t\t\tFailureResetTimeSeconds: pulumi.Int(43200),\n\t\t\t\t},\n\t\t\t},\n\t\t\tWebAuthnPolicy: \u0026keycloak.RealmWebAuthnPolicyArgs{\n\t\t\t\tRelyingPartyEntityName: pulumi.String(\"Example\"),\n\t\t\t\tRelyingPartyId: pulumi.String(\"keycloak.example.com\"),\n\t\t\t\tSignatureAlgorithms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ES256\"),\n\t\t\t\t\tpulumi.String(\"RS256\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.inputs.RealmSmtpServerArgs;\nimport com.pulumi.keycloak.inputs.RealmSmtpServerAuthArgs;\nimport com.pulumi.keycloak.inputs.RealmInternationalizationArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesHeadersArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesBruteForceDetectionArgs;\nimport com.pulumi.keycloak.inputs.RealmWebAuthnPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .displayName(\"my realm\")\n .displayNameHtml(\"\u003cb\u003emy realm\u003c/b\u003e\")\n .loginTheme(\"base\")\n .accessCodeLifespan(\"1h\")\n .sslRequired(\"external\")\n .passwordPolicy(\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\")\n .attributes(Map.of(\"mycustomAttribute\", \"myCustomValue\"))\n .smtpServer(RealmSmtpServerArgs.builder()\n .host(\"smtp.example.com\")\n .from(\"example@example.com\")\n .auth(RealmSmtpServerAuthArgs.builder()\n .username(\"tom\")\n .password(\"password\")\n .build())\n .build())\n .internationalization(RealmInternationalizationArgs.builder()\n .supportedLocales( \n \"en\",\n \"de\",\n \"es\")\n .defaultLocale(\"en\")\n .build())\n .securityDefenses(RealmSecurityDefensesArgs.builder()\n .headers(RealmSecurityDefensesHeadersArgs.builder()\n .xFrameOptions(\"DENY\")\n .contentSecurityPolicy(\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\")\n .contentSecurityPolicyReportOnly(\"\")\n .xContentTypeOptions(\"nosniff\")\n .xRobotsTag(\"none\")\n .xXssProtection(\"1; mode=block\")\n .strictTransportSecurity(\"max-age=31536000; includeSubDomains\")\n .build())\n .bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()\n .permanentLockout(false)\n .maxLoginFailures(30)\n .waitIncrementSeconds(60)\n .quickLoginCheckMilliSeconds(1000)\n .minimumQuickLoginWaitSeconds(60)\n .maxFailureWaitSeconds(900)\n .failureResetTimeSeconds(43200)\n .build())\n .build())\n .webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()\n .relyingPartyEntityName(\"Example\")\n .relyingPartyId(\"keycloak.example.com\")\n .signatureAlgorithms( \n \"ES256\",\n \"RS256\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n displayName: my realm\n displayNameHtml: \u003cb\u003emy realm\u003c/b\u003e\n loginTheme: base\n accessCodeLifespan: 1h\n sslRequired: external\n passwordPolicy: upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\n attributes:\n mycustomAttribute: myCustomValue\n smtpServer:\n host: smtp.example.com\n from: example@example.com\n auth:\n username: tom\n password: password\n internationalization:\n supportedLocales:\n - en\n - de\n - es\n defaultLocale: en\n securityDefenses:\n headers:\n xFrameOptions: DENY\n contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';\n contentSecurityPolicyReportOnly: \"\"\n xContentTypeOptions: nosniff\n xRobotsTag: none\n xXssProtection: 1; mode=block\n strictTransportSecurity: max-age=31536000; includeSubDomains\n bruteForceDetection:\n permanentLockout: false\n maxLoginFailures: 30\n waitIncrementSeconds: 60\n quickLoginCheckMilliSeconds: 1000\n minimumQuickLoginWaitSeconds: 60\n maxFailureWaitSeconds: 900\n failureResetTimeSeconds: 43200\n webAuthnPolicy:\n relyingPartyEntityName: Example\n relyingPartyId: keycloak.example.com\n signatureAlgorithms:\n - ES256\n - RS256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Default Client Scopes\n\n- `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes.\n- `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes.\n\n## Import\n\nRealms can be imported using their name.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realm:Realm realm my-realm\n```\n\n", + "description": "Allows for creating and managing Realms within Keycloak.\n\nA realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated\nfrom multiple sources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n displayName: \"my realm\",\n displayNameHtml: \"\u003cb\u003emy realm\u003c/b\u003e\",\n loginTheme: \"base\",\n accessCodeLifespan: \"1h\",\n sslRequired: \"external\",\n passwordPolicy: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n attributes: {\n mycustomAttribute: \"myCustomValue\",\n },\n smtpServer: {\n host: \"smtp.example.com\",\n from: \"example@example.com\",\n auth: {\n username: \"tom\",\n password: \"password\",\n },\n },\n internationalization: {\n supportedLocales: [\n \"en\",\n \"de\",\n \"es\",\n ],\n defaultLocale: \"en\",\n },\n securityDefenses: {\n headers: {\n xFrameOptions: \"DENY\",\n contentSecurityPolicy: \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n contentSecurityPolicyReportOnly: \"\",\n xContentTypeOptions: \"nosniff\",\n xRobotsTag: \"none\",\n xXssProtection: \"1; mode=block\",\n strictTransportSecurity: \"max-age=31536000; includeSubDomains\",\n },\n bruteForceDetection: {\n permanentLockout: false,\n maxLoginFailures: 30,\n waitIncrementSeconds: 60,\n quickLoginCheckMilliSeconds: 1000,\n minimumQuickLoginWaitSeconds: 60,\n maxFailureWaitSeconds: 900,\n failureResetTimeSeconds: 43200,\n },\n },\n webAuthnPolicy: {\n relyingPartyEntityName: \"Example\",\n relyingPartyId: \"keycloak.example.com\",\n signatureAlgorithms: [\n \"ES256\",\n \"RS256\",\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True,\n display_name=\"my realm\",\n display_name_html=\"\u003cb\u003emy realm\u003c/b\u003e\",\n login_theme=\"base\",\n access_code_lifespan=\"1h\",\n ssl_required=\"external\",\n password_policy=\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n attributes={\n \"mycustomAttribute\": \"myCustomValue\",\n },\n smtp_server={\n \"host\": \"smtp.example.com\",\n \"from_\": \"example@example.com\",\n \"auth\": {\n \"username\": \"tom\",\n \"password\": \"password\",\n },\n },\n internationalization={\n \"supported_locales\": [\n \"en\",\n \"de\",\n \"es\",\n ],\n \"default_locale\": \"en\",\n },\n security_defenses={\n \"headers\": {\n \"x_frame_options\": \"DENY\",\n \"content_security_policy\": \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n \"content_security_policy_report_only\": \"\",\n \"x_content_type_options\": \"nosniff\",\n \"x_robots_tag\": \"none\",\n \"x_xss_protection\": \"1; mode=block\",\n \"strict_transport_security\": \"max-age=31536000; includeSubDomains\",\n },\n \"brute_force_detection\": {\n \"permanent_lockout\": False,\n \"max_login_failures\": 30,\n \"wait_increment_seconds\": 60,\n \"quick_login_check_milli_seconds\": 1000,\n \"minimum_quick_login_wait_seconds\": 60,\n \"max_failure_wait_seconds\": 900,\n \"failure_reset_time_seconds\": 43200,\n },\n },\n web_authn_policy={\n \"relying_party_entity_name\": \"Example\",\n \"relying_party_id\": \"keycloak.example.com\",\n \"signature_algorithms\": [\n \"ES256\",\n \"RS256\",\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n DisplayName = \"my realm\",\n DisplayNameHtml = \"\u003cb\u003emy realm\u003c/b\u003e\",\n LoginTheme = \"base\",\n AccessCodeLifespan = \"1h\",\n SslRequired = \"external\",\n PasswordPolicy = \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n Attributes = \n {\n { \"mycustomAttribute\", \"myCustomValue\" },\n },\n SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs\n {\n Host = \"smtp.example.com\",\n From = \"example@example.com\",\n Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs\n {\n Username = \"tom\",\n Password = \"password\",\n },\n },\n Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs\n {\n SupportedLocales = new[]\n {\n \"en\",\n \"de\",\n \"es\",\n },\n DefaultLocale = \"en\",\n },\n SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs\n {\n Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs\n {\n XFrameOptions = \"DENY\",\n ContentSecurityPolicy = \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n ContentSecurityPolicyReportOnly = \"\",\n XContentTypeOptions = \"nosniff\",\n XRobotsTag = \"none\",\n XXssProtection = \"1; mode=block\",\n StrictTransportSecurity = \"max-age=31536000; includeSubDomains\",\n },\n BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs\n {\n PermanentLockout = false,\n MaxLoginFailures = 30,\n WaitIncrementSeconds = 60,\n QuickLoginCheckMilliSeconds = 1000,\n MinimumQuickLoginWaitSeconds = 60,\n MaxFailureWaitSeconds = 900,\n FailureResetTimeSeconds = 43200,\n },\n },\n WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs\n {\n RelyingPartyEntityName = \"Example\",\n RelyingPartyId = \"keycloak.example.com\",\n SignatureAlgorithms = new[]\n {\n \"ES256\",\n \"RS256\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tDisplayName: pulumi.String(\"my realm\"),\n\t\t\tDisplayNameHtml: pulumi.String(\"\u003cb\u003emy realm\u003c/b\u003e\"),\n\t\t\tLoginTheme: pulumi.String(\"base\"),\n\t\t\tAccessCodeLifespan: pulumi.String(\"1h\"),\n\t\t\tSslRequired: pulumi.String(\"external\"),\n\t\t\tPasswordPolicy: pulumi.String(\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"mycustomAttribute\": pulumi.String(\"myCustomValue\"),\n\t\t\t},\n\t\t\tSmtpServer: \u0026keycloak.RealmSmtpServerArgs{\n\t\t\t\tHost: pulumi.String(\"smtp.example.com\"),\n\t\t\t\tFrom: pulumi.String(\"example@example.com\"),\n\t\t\t\tAuth: \u0026keycloak.RealmSmtpServerAuthArgs{\n\t\t\t\t\tUsername: pulumi.String(\"tom\"),\n\t\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInternationalization: \u0026keycloak.RealmInternationalizationArgs{\n\t\t\t\tSupportedLocales: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"en\"),\n\t\t\t\t\tpulumi.String(\"de\"),\n\t\t\t\t\tpulumi.String(\"es\"),\n\t\t\t\t},\n\t\t\t\tDefaultLocale: pulumi.String(\"en\"),\n\t\t\t},\n\t\t\tSecurityDefenses: \u0026keycloak.RealmSecurityDefensesArgs{\n\t\t\t\tHeaders: \u0026keycloak.RealmSecurityDefensesHeadersArgs{\n\t\t\t\t\tXFrameOptions: pulumi.String(\"DENY\"),\n\t\t\t\t\tContentSecurityPolicy: pulumi.String(\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\"),\n\t\t\t\t\tContentSecurityPolicyReportOnly: pulumi.String(\"\"),\n\t\t\t\t\tXContentTypeOptions: pulumi.String(\"nosniff\"),\n\t\t\t\t\tXRobotsTag: pulumi.String(\"none\"),\n\t\t\t\t\tXXssProtection: pulumi.String(\"1; mode=block\"),\n\t\t\t\t\tStrictTransportSecurity: pulumi.String(\"max-age=31536000; includeSubDomains\"),\n\t\t\t\t},\n\t\t\t\tBruteForceDetection: \u0026keycloak.RealmSecurityDefensesBruteForceDetectionArgs{\n\t\t\t\t\tPermanentLockout: pulumi.Bool(false),\n\t\t\t\t\tMaxLoginFailures: pulumi.Int(30),\n\t\t\t\t\tWaitIncrementSeconds: pulumi.Int(60),\n\t\t\t\t\tQuickLoginCheckMilliSeconds: pulumi.Int(1000),\n\t\t\t\t\tMinimumQuickLoginWaitSeconds: pulumi.Int(60),\n\t\t\t\t\tMaxFailureWaitSeconds: pulumi.Int(900),\n\t\t\t\t\tFailureResetTimeSeconds: pulumi.Int(43200),\n\t\t\t\t},\n\t\t\t},\n\t\t\tWebAuthnPolicy: \u0026keycloak.RealmWebAuthnPolicyArgs{\n\t\t\t\tRelyingPartyEntityName: pulumi.String(\"Example\"),\n\t\t\t\tRelyingPartyId: pulumi.String(\"keycloak.example.com\"),\n\t\t\t\tSignatureAlgorithms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ES256\"),\n\t\t\t\t\tpulumi.String(\"RS256\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.inputs.RealmSmtpServerArgs;\nimport com.pulumi.keycloak.inputs.RealmSmtpServerAuthArgs;\nimport com.pulumi.keycloak.inputs.RealmInternationalizationArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesHeadersArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesBruteForceDetectionArgs;\nimport com.pulumi.keycloak.inputs.RealmWebAuthnPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .displayName(\"my realm\")\n .displayNameHtml(\"\u003cb\u003emy realm\u003c/b\u003e\")\n .loginTheme(\"base\")\n .accessCodeLifespan(\"1h\")\n .sslRequired(\"external\")\n .passwordPolicy(\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\")\n .attributes(Map.of(\"mycustomAttribute\", \"myCustomValue\"))\n .smtpServer(RealmSmtpServerArgs.builder()\n .host(\"smtp.example.com\")\n .from(\"example@example.com\")\n .auth(RealmSmtpServerAuthArgs.builder()\n .username(\"tom\")\n .password(\"password\")\n .build())\n .build())\n .internationalization(RealmInternationalizationArgs.builder()\n .supportedLocales( \n \"en\",\n \"de\",\n \"es\")\n .defaultLocale(\"en\")\n .build())\n .securityDefenses(RealmSecurityDefensesArgs.builder()\n .headers(RealmSecurityDefensesHeadersArgs.builder()\n .xFrameOptions(\"DENY\")\n .contentSecurityPolicy(\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\")\n .contentSecurityPolicyReportOnly(\"\")\n .xContentTypeOptions(\"nosniff\")\n .xRobotsTag(\"none\")\n .xXssProtection(\"1; mode=block\")\n .strictTransportSecurity(\"max-age=31536000; includeSubDomains\")\n .build())\n .bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()\n .permanentLockout(false)\n .maxLoginFailures(30)\n .waitIncrementSeconds(60)\n .quickLoginCheckMilliSeconds(1000)\n .minimumQuickLoginWaitSeconds(60)\n .maxFailureWaitSeconds(900)\n .failureResetTimeSeconds(43200)\n .build())\n .build())\n .webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()\n .relyingPartyEntityName(\"Example\")\n .relyingPartyId(\"keycloak.example.com\")\n .signatureAlgorithms( \n \"ES256\",\n \"RS256\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n displayName: my realm\n displayNameHtml: \u003cb\u003emy realm\u003c/b\u003e\n loginTheme: base\n accessCodeLifespan: 1h\n sslRequired: external\n passwordPolicy: upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\n attributes:\n mycustomAttribute: myCustomValue\n smtpServer:\n host: smtp.example.com\n from: example@example.com\n auth:\n username: tom\n password: password\n internationalization:\n supportedLocales:\n - en\n - de\n - es\n defaultLocale: en\n securityDefenses:\n headers:\n xFrameOptions: DENY\n contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';\n contentSecurityPolicyReportOnly: \"\"\n xContentTypeOptions: nosniff\n xRobotsTag: none\n xXssProtection: 1; mode=block\n strictTransportSecurity: max-age=31536000; includeSubDomains\n bruteForceDetection:\n permanentLockout: false\n maxLoginFailures: 30\n waitIncrementSeconds: 60\n quickLoginCheckMilliSeconds: 1000\n minimumQuickLoginWaitSeconds: 60\n maxFailureWaitSeconds: 900\n failureResetTimeSeconds: 43200\n webAuthnPolicy:\n relyingPartyEntityName: Example\n relyingPartyId: keycloak.example.com\n signatureAlgorithms:\n - ES256\n - RS256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Default Client Scopes\n\n- `default_default_client_scopes` - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`.\n- `default_optional_client_scopes` - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`.\n\n## Import\n\nRealms can be imported using their name.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realm:Realm realm my-realm\n```\n\n", "properties": { "accessCodeLifespan": { "type": "string" @@ -5399,7 +5423,7 @@ } }, "keycloak:index/realmUserProfile:RealmUserProfile": { - "description": "Allows for managing Realm User Profiles within Keycloak.\n\nA user profile defines a schema for representing user attributes and how they are managed within a realm.\nThis is a preview feature, hence not fully supported and disabled by default.\nTo enable it, start the server with one of the following flags:\n- WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled`\n- Quarkus distribution: `--features=preview` or `--features=declarative-user-profile`\n\nThe realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled.\nIt can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n attributes: {\n userProfileEnabled: \"true\",\n },\n});\nconst userprofile = new keycloak.RealmUserProfile(\"userprofile\", {\n realmId: myRealm.id,\n attributes: [\n {\n name: \"field1\",\n displayName: \"Field 1\",\n group: \"group1\",\n enabledWhenScopes: [\"offline_access\"],\n requiredForRoles: [\"user\"],\n requiredForScopes: [\"offline_access\"],\n permissions: {\n views: [\n \"admin\",\n \"user\",\n ],\n edits: [\n \"admin\",\n \"user\",\n ],\n },\n validators: [\n {\n name: \"person-name-prohibited-characters\",\n },\n {\n name: \"pattern\",\n config: {\n pattern: \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n annotations: {\n foo: \"bar\",\n },\n },\n {\n name: \"field2\",\n validators: [{\n name: \"options\",\n config: {\n options: JSON.stringify([\"opt1\"]),\n },\n }],\n annotations: {\n foo: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n ],\n groups: [\n {\n name: \"group1\",\n displayHeader: \"Group 1\",\n displayDescription: \"A first group\",\n annotations: {\n foo: \"bar\",\n foo2: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n {\n name: \"group2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n attributes={\n \"userProfileEnabled\": \"true\",\n })\nuserprofile = keycloak.RealmUserProfile(\"userprofile\",\n realm_id=my_realm[\"id\"],\n attributes=[\n {\n \"name\": \"field1\",\n \"display_name\": \"Field 1\",\n \"group\": \"group1\",\n \"enabled_when_scopes\": [\"offline_access\"],\n \"required_for_roles\": [\"user\"],\n \"required_for_scopes\": [\"offline_access\"],\n \"permissions\": {\n \"views\": [\n \"admin\",\n \"user\",\n ],\n \"edits\": [\n \"admin\",\n \"user\",\n ],\n },\n \"validators\": [\n {\n \"name\": \"person-name-prohibited-characters\",\n },\n {\n \"name\": \"pattern\",\n \"config\": {\n \"pattern\": \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n \"annotations\": {\n \"foo\": \"bar\",\n },\n },\n {\n \"name\": \"field2\",\n \"validators\": [{\n \"name\": \"options\",\n \"config\": {\n \"options\": json.dumps([\"opt1\"]),\n },\n }],\n \"annotations\": {\n \"foo\": json.dumps({\n \"key\": \"val\",\n }),\n },\n },\n ],\n groups=[\n {\n \"name\": \"group1\",\n \"display_header\": \"Group 1\",\n \"display_description\": \"A first group\",\n \"annotations\": {\n \"foo\": \"bar\",\n \"foo2\": json.dumps({\n \"key\": \"val\",\n }),\n },\n },\n {\n \"name\": \"group2\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Attributes = \n {\n { \"userProfileEnabled\", \"true\" },\n },\n });\n\n var userprofile = new Keycloak.RealmUserProfile(\"userprofile\", new()\n {\n RealmId = myRealm.Id,\n Attributes = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field1\",\n DisplayName = \"Field 1\",\n Group = \"group1\",\n EnabledWhenScopes = new[]\n {\n \"offline_access\",\n },\n RequiredForRoles = new[]\n {\n \"user\",\n },\n RequiredForScopes = new[]\n {\n \"offline_access\",\n },\n Permissions = new Keycloak.Inputs.RealmUserProfileAttributePermissionsArgs\n {\n Views = new[]\n {\n \"admin\",\n \"user\",\n },\n Edits = new[]\n {\n \"admin\",\n \"user\",\n },\n },\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"person-name-prohibited-characters\",\n },\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"pattern\",\n Config = \n {\n { \"pattern\", \"^[a-z]+$\" },\n { \"error-message\", \"Nope\" },\n },\n },\n },\n Annotations = \n {\n { \"foo\", \"bar\" },\n },\n },\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field2\",\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"options\",\n Config = \n {\n { \"options\", JsonSerializer.Serialize(new[]\n {\n \"opt1\",\n }) },\n },\n },\n },\n Annotations = \n {\n { \"foo\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n },\n Groups = new[]\n {\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group1\",\n DisplayHeader = \"Group 1\",\n DisplayDescription = \"A first group\",\n Annotations = \n {\n { \"foo\", \"bar\" },\n { \"foo2\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"userProfileEnabled\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\"opt1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\ttmpJSON2, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson2 := string(tmpJSON2)\n\t\t_, err = keycloak.NewRealmUserProfile(ctx, \"userprofile\", \u0026keycloak.RealmUserProfileArgs{\n\t\t\tRealmId: pulumi.Any(myRealm.Id),\n\t\t\tAttributes: keycloak.RealmUserProfileAttributeArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field1\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Field 1\"),\n\t\t\t\t\tGroup: pulumi.String(\"group1\"),\n\t\t\t\t\tEnabledWhenScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tPermissions: \u0026keycloak.RealmUserProfileAttributePermissionsArgs{\n\t\t\t\t\t\tViews: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEdits: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"person-name-prohibited-characters\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"pattern\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"pattern\": pulumi.String(\"^[a-z]+$\"),\n\t\t\t\t\t\t\t\t\"error-message\": pulumi.String(\"Nope\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field2\"),\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"options\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"options\": pulumi.String(json0),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(json1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroups: keycloak.RealmUserProfileGroupArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group1\"),\n\t\t\t\t\tDisplayHeader: pulumi.String(\"Group 1\"),\n\t\t\t\t\tDisplayDescription: pulumi.String(\"A first group\"),\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\t\"foo2\": pulumi.String(json2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmUserProfile;\nimport com.pulumi.keycloak.RealmUserProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributeArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributePermissionsArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .attributes(Map.of(\"userProfileEnabled\", true))\n .build());\n\n var userprofile = new RealmUserProfile(\"userprofile\", RealmUserProfileArgs.builder()\n .realmId(myRealm.id())\n .attributes( \n RealmUserProfileAttributeArgs.builder()\n .name(\"field1\")\n .displayName(\"Field 1\")\n .group(\"group1\")\n .enabledWhenScopes(\"offline_access\")\n .requiredForRoles(\"user\")\n .requiredForScopes(\"offline_access\")\n .permissions(RealmUserProfileAttributePermissionsArgs.builder()\n .views( \n \"admin\",\n \"user\")\n .edits( \n \"admin\",\n \"user\")\n .build())\n .validators( \n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"person-name-prohibited-characters\")\n .build(),\n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"pattern\")\n .config(Map.ofEntries(\n Map.entry(\"pattern\", \"^[a-z]+$\"),\n Map.entry(\"error-message\", \"Nope\")\n ))\n .build())\n .annotations(Map.of(\"foo\", \"bar\"))\n .build(),\n RealmUserProfileAttributeArgs.builder()\n .name(\"field2\")\n .validators(RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"options\")\n .config(Map.of(\"options\", serializeJson(\n jsonArray(\"opt1\"))))\n .build())\n .annotations(Map.of(\"foo\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n ))))\n .build())\n .groups( \n RealmUserProfileGroupArgs.builder()\n .name(\"group1\")\n .displayHeader(\"Group 1\")\n .displayDescription(\"A first group\")\n .annotations(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"foo2\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n )))\n ))\n .build(),\n RealmUserProfileGroupArgs.builder()\n .name(\"group2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n attributes:\n userProfileEnabled: true\n userprofile:\n type: keycloak:RealmUserProfile\n properties:\n realmId: ${myRealm.id}\n attributes:\n - name: field1\n displayName: Field 1\n group: group1\n enabledWhenScopes:\n - offline_access\n requiredForRoles:\n - user\n requiredForScopes:\n - offline_access\n permissions:\n views:\n - admin\n - user\n edits:\n - admin\n - user\n validators:\n - name: person-name-prohibited-characters\n - name: pattern\n config:\n pattern: ^[a-z]+$\n error-message: Nope\n annotations:\n foo: bar\n - name: field2\n validators:\n - name: options\n config:\n options:\n fn::toJSON:\n - opt1\n annotations:\n foo:\n fn::toJSON:\n key: val\n groups:\n - name: group1\n displayHeader: Group 1\n displayDescription: A first group\n annotations:\n foo: bar\n foo2:\n fn::toJSON:\n key: val\n - name: group2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource currently does not support importing.\n\n", + "description": "Allows for managing Realm User Profiles within Keycloak.\n\nA user profile defines a schema for representing user attributes and how they are managed within a realm.\n\nInformation for Keycloak versions \u003c 24:\nThe realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled.\nIt can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst userprofile = new keycloak.RealmUserProfile(\"userprofile\", {\n realmId: myRealm.id,\n unmanagedAttributePolicy: \"ENABLED\",\n attributes: [\n {\n name: \"field1\",\n displayName: \"Field 1\",\n group: \"group1\",\n enabledWhenScopes: [\"offline_access\"],\n requiredForRoles: [\"user\"],\n requiredForScopes: [\"offline_access\"],\n permissions: {\n views: [\n \"admin\",\n \"user\",\n ],\n edits: [\n \"admin\",\n \"user\",\n ],\n },\n validators: [\n {\n name: \"person-name-prohibited-characters\",\n },\n {\n name: \"pattern\",\n config: {\n pattern: \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n annotations: {\n foo: \"bar\",\n },\n },\n {\n name: \"field2\",\n validators: [{\n name: \"options\",\n config: {\n options: JSON.stringify([\"opt1\"]),\n },\n }],\n annotations: {\n foo: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n ],\n groups: [\n {\n name: \"group1\",\n displayHeader: \"Group 1\",\n displayDescription: \"A first group\",\n annotations: {\n foo: \"bar\",\n foo2: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n {\n name: \"group2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nuserprofile = keycloak.RealmUserProfile(\"userprofile\",\n realm_id=my_realm[\"id\"],\n unmanaged_attribute_policy=\"ENABLED\",\n attributes=[\n {\n \"name\": \"field1\",\n \"display_name\": \"Field 1\",\n \"group\": \"group1\",\n \"enabled_when_scopes\": [\"offline_access\"],\n \"required_for_roles\": [\"user\"],\n \"required_for_scopes\": [\"offline_access\"],\n \"permissions\": {\n \"views\": [\n \"admin\",\n \"user\",\n ],\n \"edits\": [\n \"admin\",\n \"user\",\n ],\n },\n \"validators\": [\n {\n \"name\": \"person-name-prohibited-characters\",\n },\n {\n \"name\": \"pattern\",\n \"config\": {\n \"pattern\": \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n \"annotations\": {\n \"foo\": \"bar\",\n },\n },\n {\n \"name\": \"field2\",\n \"validators\": [{\n \"name\": \"options\",\n \"config\": {\n \"options\": json.dumps([\"opt1\"]),\n },\n }],\n \"annotations\": {\n \"foo\": json.dumps({\n \"key\": \"val\",\n }),\n },\n },\n ],\n groups=[\n {\n \"name\": \"group1\",\n \"display_header\": \"Group 1\",\n \"display_description\": \"A first group\",\n \"annotations\": {\n \"foo\": \"bar\",\n \"foo2\": json.dumps({\n \"key\": \"val\",\n }),\n },\n },\n {\n \"name\": \"group2\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var userprofile = new Keycloak.RealmUserProfile(\"userprofile\", new()\n {\n RealmId = myRealm.Id,\n UnmanagedAttributePolicy = \"ENABLED\",\n Attributes = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field1\",\n DisplayName = \"Field 1\",\n Group = \"group1\",\n EnabledWhenScopes = new[]\n {\n \"offline_access\",\n },\n RequiredForRoles = new[]\n {\n \"user\",\n },\n RequiredForScopes = new[]\n {\n \"offline_access\",\n },\n Permissions = new Keycloak.Inputs.RealmUserProfileAttributePermissionsArgs\n {\n Views = new[]\n {\n \"admin\",\n \"user\",\n },\n Edits = new[]\n {\n \"admin\",\n \"user\",\n },\n },\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"person-name-prohibited-characters\",\n },\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"pattern\",\n Config = \n {\n { \"pattern\", \"^[a-z]+$\" },\n { \"error-message\", \"Nope\" },\n },\n },\n },\n Annotations = \n {\n { \"foo\", \"bar\" },\n },\n },\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field2\",\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"options\",\n Config = \n {\n { \"options\", JsonSerializer.Serialize(new[]\n {\n \"opt1\",\n }) },\n },\n },\n },\n Annotations = \n {\n { \"foo\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n },\n Groups = new[]\n {\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group1\",\n DisplayHeader = \"Group 1\",\n DisplayDescription = \"A first group\",\n Annotations = \n {\n { \"foo\", \"bar\" },\n { \"foo2\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\"opt1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\ttmpJSON2, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson2 := string(tmpJSON2)\n\t\t_, err = keycloak.NewRealmUserProfile(ctx, \"userprofile\", \u0026keycloak.RealmUserProfileArgs{\n\t\t\tRealmId: pulumi.Any(myRealm.Id),\n\t\t\tUnmanagedAttributePolicy: pulumi.String(\"ENABLED\"),\n\t\t\tAttributes: keycloak.RealmUserProfileAttributeArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field1\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Field 1\"),\n\t\t\t\t\tGroup: pulumi.String(\"group1\"),\n\t\t\t\t\tEnabledWhenScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tPermissions: \u0026keycloak.RealmUserProfileAttributePermissionsArgs{\n\t\t\t\t\t\tViews: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEdits: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"person-name-prohibited-characters\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"pattern\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"pattern\": pulumi.String(\"^[a-z]+$\"),\n\t\t\t\t\t\t\t\t\"error-message\": pulumi.String(\"Nope\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field2\"),\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"options\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"options\": pulumi.String(json0),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(json1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroups: keycloak.RealmUserProfileGroupArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group1\"),\n\t\t\t\t\tDisplayHeader: pulumi.String(\"Group 1\"),\n\t\t\t\t\tDisplayDescription: pulumi.String(\"A first group\"),\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\t\"foo2\": pulumi.String(json2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmUserProfile;\nimport com.pulumi.keycloak.RealmUserProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributeArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributePermissionsArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var userprofile = new RealmUserProfile(\"userprofile\", RealmUserProfileArgs.builder()\n .realmId(myRealm.id())\n .unmanagedAttributePolicy(\"ENABLED\")\n .attributes( \n RealmUserProfileAttributeArgs.builder()\n .name(\"field1\")\n .displayName(\"Field 1\")\n .group(\"group1\")\n .enabledWhenScopes(\"offline_access\")\n .requiredForRoles(\"user\")\n .requiredForScopes(\"offline_access\")\n .permissions(RealmUserProfileAttributePermissionsArgs.builder()\n .views( \n \"admin\",\n \"user\")\n .edits( \n \"admin\",\n \"user\")\n .build())\n .validators( \n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"person-name-prohibited-characters\")\n .build(),\n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"pattern\")\n .config(Map.ofEntries(\n Map.entry(\"pattern\", \"^[a-z]+$\"),\n Map.entry(\"error-message\", \"Nope\")\n ))\n .build())\n .annotations(Map.of(\"foo\", \"bar\"))\n .build(),\n RealmUserProfileAttributeArgs.builder()\n .name(\"field2\")\n .validators(RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"options\")\n .config(Map.of(\"options\", serializeJson(\n jsonArray(\"opt1\"))))\n .build())\n .annotations(Map.of(\"foo\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n ))))\n .build())\n .groups( \n RealmUserProfileGroupArgs.builder()\n .name(\"group1\")\n .displayHeader(\"Group 1\")\n .displayDescription(\"A first group\")\n .annotations(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"foo2\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n )))\n ))\n .build(),\n RealmUserProfileGroupArgs.builder()\n .name(\"group2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n userprofile:\n type: keycloak:RealmUserProfile\n properties:\n realmId: ${myRealm.id}\n unmanagedAttributePolicy: ENABLED\n attributes:\n - name: field1\n displayName: Field 1\n group: group1\n enabledWhenScopes:\n - offline_access\n requiredForRoles:\n - user\n requiredForScopes:\n - offline_access\n permissions:\n views:\n - admin\n - user\n edits:\n - admin\n - user\n validators:\n - name: person-name-prohibited-characters\n - name: pattern\n config:\n pattern: ^[a-z]+$\n error-message: Nope\n annotations:\n foo: bar\n - name: field2\n validators:\n - name: options\n config:\n options:\n fn::toJSON:\n - opt1\n annotations:\n foo:\n fn::toJSON:\n key: val\n groups:\n - name: group1\n displayHeader: Group 1\n displayDescription: A first group\n annotations:\n foo: bar\n foo2:\n fn::toJSON:\n key: val\n - name: group2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource currently does not support importing.\n\n", "properties": { "attributes": { "type": "array", @@ -5418,6 +5442,10 @@ "realmId": { "type": "string", "description": "The ID of the realm the user profile applies to.\n" + }, + "unmanagedAttributePolicy": { + "type": "string", + "description": "Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED`\n" } }, "required": [ @@ -5442,6 +5470,10 @@ "type": "string", "description": "The ID of the realm the user profile applies to.\n", "willReplaceOnChanges": true + }, + "unmanagedAttributePolicy": { + "type": "string", + "description": "Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED`\n" } }, "requiredInputs": [ @@ -5468,6 +5500,10 @@ "type": "string", "description": "The ID of the realm the user profile applies to.\n", "willReplaceOnChanges": true + }, + "unmanagedAttributePolicy": { + "type": "string", + "description": "Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED`\n" } }, "type": "object" @@ -5569,7 +5605,7 @@ } }, "keycloak:index/role:Role": { - "description": "Allows for creating and managing roles within Keycloak.\n\nRoles allow you define privileges within Keycloak and map them to users and groups.\n\n## Example Usage\n\n### Realm Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n attributes: {\n key: \"value\",\n multivalue: \"value1##value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\",\n attributes={\n \"key\": \"value\",\n \"multivalue\": \"value1##value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n { \"multivalue\", \"value1##value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t\t\"multivalue\": pulumi.String(\"value1##value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .attributes(Map.ofEntries(\n Map.entry(\"key\", \"value\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n attributes:\n key: value\n multivalue: value1##value2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: openidClientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n attributes: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=openid_client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\",\n attributes={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(openidClientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(openidClientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${openidClientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n attributes:\n key: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Composite Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// realm roles\nconst createRole = new keycloak.Role(\"create_role\", {\n realmId: realm.id,\n name: \"create\",\n attributes: {\n key: \"value\",\n },\n});\nconst readRole = new keycloak.Role(\"read_role\", {\n realmId: realm.id,\n name: \"read\",\n attributes: {\n key: \"value\",\n },\n});\nconst updateRole = new keycloak.Role(\"update_role\", {\n realmId: realm.id,\n name: \"update\",\n attributes: {\n key: \"value\",\n },\n});\nconst deleteRole = new keycloak.Role(\"delete_role\", {\n realmId: realm.id,\n name: \"delete\",\n attributes: {\n key: \"value\",\n },\n});\n// client role\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: openidClientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n attributes: {\n key: \"value\",\n },\n});\nconst adminRole = new keycloak.Role(\"admin_role\", {\n realmId: realm.id,\n name: \"admin\",\n compositeRoles: [\n createRole.id,\n readRole.id,\n updateRole.id,\n deleteRole.id,\n clientRole.id,\n ],\n attributes: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# realm roles\ncreate_role = keycloak.Role(\"create_role\",\n realm_id=realm.id,\n name=\"create\",\n attributes={\n \"key\": \"value\",\n })\nread_role = keycloak.Role(\"read_role\",\n realm_id=realm.id,\n name=\"read\",\n attributes={\n \"key\": \"value\",\n })\nupdate_role = keycloak.Role(\"update_role\",\n realm_id=realm.id,\n name=\"update\",\n attributes={\n \"key\": \"value\",\n })\ndelete_role = keycloak.Role(\"delete_role\",\n realm_id=realm.id,\n name=\"delete\",\n attributes={\n \"key\": \"value\",\n })\n# client role\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=openid_client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\",\n attributes={\n \"key\": \"value\",\n })\nadmin_role = keycloak.Role(\"admin_role\",\n realm_id=realm.id,\n name=\"admin\",\n composite_roles=[\n create_role.id,\n read_role.id,\n update_role.id,\n delete_role.id,\n client_role.id,\n ],\n attributes={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // realm roles\n var createRole = new Keycloak.Role(\"create_role\", new()\n {\n RealmId = realm.Id,\n Name = \"create\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var readRole = new Keycloak.Role(\"read_role\", new()\n {\n RealmId = realm.Id,\n Name = \"read\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var updateRole = new Keycloak.Role(\"update_role\", new()\n {\n RealmId = realm.Id,\n Name = \"update\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var deleteRole = new Keycloak.Role(\"delete_role\", new()\n {\n RealmId = realm.Id,\n Name = \"delete\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n // client role\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var adminRole = new Keycloak.Role(\"admin_role\", new()\n {\n RealmId = realm.Id,\n Name = \"admin\",\n CompositeRoles = new[]\n {\n createRole.Id,\n readRole.Id,\n updateRole.Id,\n deleteRole.Id,\n clientRole.Id,\n },\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// realm roles\n\t\tcreateRole, err := keycloak.NewRole(ctx, \"create_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"create\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treadRole, err := keycloak.NewRole(ctx, \"read_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"read\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tupdateRole, err := keycloak.NewRole(ctx, \"update_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"update\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdeleteRole, err := keycloak.NewRole(ctx, \"delete_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"delete\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client role\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(openidClientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"admin_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"admin\"),\n\t\t\tCompositeRoles: pulumi.StringArray{\n\t\t\t\tcreateRole.ID(),\n\t\t\t\treadRole.ID(),\n\t\t\t\tupdateRole.ID(),\n\t\t\t\tdeleteRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n // realm roles\n var createRole = new Role(\"createRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"create\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var readRole = new Role(\"readRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"read\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var updateRole = new Role(\"updateRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"update\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var deleteRole = new Role(\"deleteRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"delete\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n // client role\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(openidClientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var adminRole = new Role(\"adminRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"admin\")\n .compositeRoles( \n createRole.id(),\n readRole.id(),\n updateRole.id(),\n deleteRole.id(),\n clientRole.id())\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # realm roles\n createRole:\n type: keycloak:Role\n name: create_role\n properties:\n realmId: ${realm.id}\n name: create\n attributes:\n key: value\n readRole:\n type: keycloak:Role\n name: read_role\n properties:\n realmId: ${realm.id}\n name: read\n attributes:\n key: value\n updateRole:\n type: keycloak:Role\n name: update_role\n properties:\n realmId: ${realm.id}\n name: update\n attributes:\n key: value\n deleteRole:\n type: keycloak:Role\n name: delete_role\n properties:\n realmId: ${realm.id}\n name: delete\n attributes:\n key: value\n # client role\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${openidClientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n attributes:\n key: value\n adminRole:\n type: keycloak:Role\n name: admin_role\n properties:\n realmId: ${realm.id}\n name: admin\n compositeRoles:\n - ${createRole.id}\n - ${readRole.id}\n - ${updateRole.id}\n - ${deleteRole.id}\n - ${clientRole.id}\n attributes:\n key: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRoles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns\n\nto the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad\n```\n\n", + "description": "Allows for creating and managing roles within Keycloak.\n\nRoles allow you to define privileges within Keycloak and map them to users and groups.\n\n## Example Usage\n\n### Realm Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n attributes: {\n key: \"value\",\n multivalue: \"value1##value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\",\n attributes={\n \"key\": \"value\",\n \"multivalue\": \"value1##value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n { \"multivalue\", \"value1##value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t\t\"multivalue\": pulumi.String(\"value1##value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .attributes(Map.ofEntries(\n Map.entry(\"key\", \"value\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n attributes:\n key: value\n multivalue: value1##value2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: openidClientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n attributes: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=openid_client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\",\n attributes={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(openidClientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(openidClientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${openidClientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n attributes:\n key: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Composite Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// realm roles\nconst createRole = new keycloak.Role(\"create_role\", {\n realmId: realm.id,\n name: \"create\",\n attributes: {\n key: \"value\",\n },\n});\nconst readRole = new keycloak.Role(\"read_role\", {\n realmId: realm.id,\n name: \"read\",\n attributes: {\n key: \"value\",\n },\n});\nconst updateRole = new keycloak.Role(\"update_role\", {\n realmId: realm.id,\n name: \"update\",\n attributes: {\n key: \"value\",\n },\n});\nconst deleteRole = new keycloak.Role(\"delete_role\", {\n realmId: realm.id,\n name: \"delete\",\n attributes: {\n key: \"value\",\n },\n});\n// client role\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: openidClientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n attributes: {\n key: \"value\",\n },\n});\nconst adminRole = new keycloak.Role(\"admin_role\", {\n realmId: realm.id,\n name: \"admin\",\n compositeRoles: [\n createRole.id,\n readRole.id,\n updateRole.id,\n deleteRole.id,\n clientRole.id,\n ],\n attributes: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# realm roles\ncreate_role = keycloak.Role(\"create_role\",\n realm_id=realm.id,\n name=\"create\",\n attributes={\n \"key\": \"value\",\n })\nread_role = keycloak.Role(\"read_role\",\n realm_id=realm.id,\n name=\"read\",\n attributes={\n \"key\": \"value\",\n })\nupdate_role = keycloak.Role(\"update_role\",\n realm_id=realm.id,\n name=\"update\",\n attributes={\n \"key\": \"value\",\n })\ndelete_role = keycloak.Role(\"delete_role\",\n realm_id=realm.id,\n name=\"delete\",\n attributes={\n \"key\": \"value\",\n })\n# client role\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=openid_client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\",\n attributes={\n \"key\": \"value\",\n })\nadmin_role = keycloak.Role(\"admin_role\",\n realm_id=realm.id,\n name=\"admin\",\n composite_roles=[\n create_role.id,\n read_role.id,\n update_role.id,\n delete_role.id,\n client_role.id,\n ],\n attributes={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // realm roles\n var createRole = new Keycloak.Role(\"create_role\", new()\n {\n RealmId = realm.Id,\n Name = \"create\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var readRole = new Keycloak.Role(\"read_role\", new()\n {\n RealmId = realm.Id,\n Name = \"read\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var updateRole = new Keycloak.Role(\"update_role\", new()\n {\n RealmId = realm.Id,\n Name = \"update\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var deleteRole = new Keycloak.Role(\"delete_role\", new()\n {\n RealmId = realm.Id,\n Name = \"delete\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n // client role\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var adminRole = new Keycloak.Role(\"admin_role\", new()\n {\n RealmId = realm.Id,\n Name = \"admin\",\n CompositeRoles = new[]\n {\n createRole.Id,\n readRole.Id,\n updateRole.Id,\n deleteRole.Id,\n clientRole.Id,\n },\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// realm roles\n\t\tcreateRole, err := keycloak.NewRole(ctx, \"create_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"create\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treadRole, err := keycloak.NewRole(ctx, \"read_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"read\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tupdateRole, err := keycloak.NewRole(ctx, \"update_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"update\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdeleteRole, err := keycloak.NewRole(ctx, \"delete_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"delete\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client role\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(openidClientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"admin_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"admin\"),\n\t\t\tCompositeRoles: pulumi.StringArray{\n\t\t\t\tcreateRole.ID(),\n\t\t\t\treadRole.ID(),\n\t\t\t\tupdateRole.ID(),\n\t\t\t\tdeleteRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n // realm roles\n var createRole = new Role(\"createRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"create\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var readRole = new Role(\"readRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"read\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var updateRole = new Role(\"updateRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"update\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var deleteRole = new Role(\"deleteRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"delete\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n // client role\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(openidClientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var adminRole = new Role(\"adminRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"admin\")\n .compositeRoles( \n createRole.id(),\n readRole.id(),\n updateRole.id(),\n deleteRole.id(),\n clientRole.id())\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # realm roles\n createRole:\n type: keycloak:Role\n name: create_role\n properties:\n realmId: ${realm.id}\n name: create\n attributes:\n key: value\n readRole:\n type: keycloak:Role\n name: read_role\n properties:\n realmId: ${realm.id}\n name: read\n attributes:\n key: value\n updateRole:\n type: keycloak:Role\n name: update_role\n properties:\n realmId: ${realm.id}\n name: update\n attributes:\n key: value\n deleteRole:\n type: keycloak:Role\n name: delete_role\n properties:\n realmId: ${realm.id}\n name: delete\n attributes:\n key: value\n # client role\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${openidClientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n attributes:\n key: value\n adminRole:\n type: keycloak:Role\n name: admin_role\n properties:\n realmId: ${realm.id}\n name: admin\n compositeRoles:\n - ${createRole.id}\n - ${readRole.id}\n - ${updateRole.id}\n - ${deleteRole.id}\n - ${clientRole.id}\n attributes:\n key: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRoles can be imported using the format `{{realm_id}}/{{role_id}}`, where `role_id` is the unique ID that Keycloak assigns\n\nto the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/role:Role role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad\n```\n\n", "properties": { "attributes": { "type": "object", @@ -5593,6 +5629,10 @@ "type": "string", "description": "The description of the role\n" }, + "import": { + "type": "boolean", + "description": "When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`.\n" + }, "name": { "type": "string", "description": "The name of the role\n" @@ -5603,6 +5643,9 @@ } }, "required": [ + "attributes", + "compositeRoles", + "description", "name", "realmId" ], @@ -5630,6 +5673,11 @@ "type": "string", "description": "The description of the role\n" }, + "import": { + "type": "boolean", + "description": "When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`.\n", + "willReplaceOnChanges": true + }, "name": { "type": "string", "description": "The name of the role\n" @@ -5669,6 +5717,11 @@ "type": "string", "description": "The description of the role\n" }, + "import": { + "type": "boolean", + "description": "When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`.\n", + "willReplaceOnChanges": true + }, "name": { "type": "string", "description": "The name of the role\n" @@ -5715,6 +5768,10 @@ "type": "string", "description": "The user's first name.\n" }, + "import": { + "type": "boolean", + "description": "When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`.\n" + }, "initialPassword": { "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword", "description": "When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n" @@ -5774,6 +5831,11 @@ "type": "string", "description": "The user's first name.\n" }, + "import": { + "type": "boolean", + "description": "When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`.\n", + "willReplaceOnChanges": true + }, "initialPassword": { "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword", "description": "When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n" @@ -5837,6 +5899,11 @@ "type": "string", "description": "The user's first name.\n" }, + "import": { + "type": "boolean", + "description": "When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`.\n", + "willReplaceOnChanges": true + }, "initialPassword": { "$ref": "#/types/keycloak:index/UserInitialPassword:UserInitialPassword", "description": "When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n" @@ -6466,7 +6533,7 @@ }, "groupsLdapFilter": { "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" + "description": "When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" }, "groupsPath": { "type": "string", @@ -6557,7 +6624,7 @@ }, "groupsLdapFilter": { "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" + "description": "When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" }, "groupsPath": { "type": "string", @@ -6650,7 +6717,7 @@ }, "groupsLdapFilter": { "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" + "description": "When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n" }, "groupsPath": { "type": "string", @@ -7159,7 +7226,7 @@ }, "rolesLdapFilter": { "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n" + "description": "When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n" }, "useRealmRolesMapping": { "type": "boolean", @@ -7236,7 +7303,7 @@ }, "rolesLdapFilter": { "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n" + "description": "When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n" }, "useRealmRolesMapping": { "type": "boolean", @@ -7314,7 +7381,7 @@ }, "rolesLdapFilter": { "type": "string", - "description": "When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n" + "description": "When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n" }, "useRealmRolesMapping": { "type": "boolean", @@ -7339,6 +7406,10 @@ "type": "string", "description": "Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty.\n" }, + "attributeForceDefault": { + "type": "boolean", + "description": "When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`.\n" + }, "isBinaryAttribute": { "type": "boolean", "description": "Should be true for binary LDAP attributes.\n" @@ -7388,6 +7459,10 @@ "type": "string", "description": "Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty.\n" }, + "attributeForceDefault": { + "type": "boolean", + "description": "When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`.\n" + }, "isBinaryAttribute": { "type": "boolean", "description": "Should be true for binary LDAP attributes.\n" @@ -7440,6 +7515,10 @@ "type": "string", "description": "Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty.\n" }, + "attributeForceDefault": { + "type": "boolean", + "description": "When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`.\n" + }, "isBinaryAttribute": { "type": "boolean", "description": "Should be true for binary LDAP attributes.\n" @@ -7982,7 +8061,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -8084,7 +8163,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -8198,7 +8277,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -8250,7 +8329,7 @@ }, "alias": { "type": "string", - "description": "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.\n" + "description": "The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n" }, "authenticateByDefault": { "type": "boolean", @@ -8321,7 +8400,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "loginHint": { "type": "string", @@ -8329,7 +8408,7 @@ }, "logoutUrl": { "type": "string", - "description": "The Logout URL is the end session endpoint to use to logout user from external identity provider.\n" + "description": "The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -8393,7 +8472,7 @@ }, "alias": { "type": "string", - "description": "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.\n", + "description": "The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n", "willReplaceOnChanges": true }, "authenticateByDefault": { @@ -8461,7 +8540,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "loginHint": { "type": "string", @@ -8469,7 +8548,7 @@ }, "logoutUrl": { "type": "string", - "description": "The Logout URL is the end session endpoint to use to logout user from external identity provider.\n" + "description": "The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -8535,7 +8614,7 @@ }, "alias": { "type": "string", - "description": "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.\n", + "description": "The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n", "willReplaceOnChanges": true }, "authenticateByDefault": { @@ -8607,7 +8686,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "loginHint": { "type": "string", @@ -8615,7 +8694,7 @@ }, "logoutUrl": { "type": "string", - "description": "The Logout URL is the end session endpoint to use to logout user from external identity provider.\n" + "description": "The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -8663,7 +8742,7 @@ } }, "keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper": { - "description": "Allows for creating and managing audience protocol mappers within Keycloak.\n\nAudience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom\nstring, or it can be mapped to the ID of a pre-existing client.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: audience-mapper\n includedCustomAudience: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: audience-mapper\n includedCustomAudience: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", + "description": "Allows for creating and managing audience protocol mappers within Keycloak.\n\nAudience protocol mappers allow you to add audiences to the `aud` claim within issued tokens. The audience can be a custom\nstring, or it can be mapped to the ID of a pre-existing client.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: audience-mapper\n includedCustomAudience: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: audience-mapper\n includedCustomAudience: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -9139,7 +9218,7 @@ "items": { "type": "string" }, - "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\"\n" + "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\n" } }, "required": [ @@ -9361,7 +9440,7 @@ "items": { "type": "string" }, - "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\"\n" + "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\n" } }, "requiredInputs": [ @@ -9568,7 +9647,7 @@ "items": { "type": "string" }, - "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\"\n" + "description": "A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\n" } }, "type": "object" @@ -12279,7 +12358,7 @@ }, "userProperty": { "type": "string", - "description": "The built in user property (such as email) to map a claim for.\n" + "description": "The built-in user property (such as email) to map a claim for.\n" } }, "required": [ @@ -12330,7 +12409,7 @@ }, "userProperty": { "type": "string", - "description": "The built in user property (such as email) to map a claim for.\n" + "description": "The built-in user property (such as email) to map a claim for.\n" } }, "requiredInputs": [ @@ -12382,7 +12461,7 @@ }, "userProperty": { "type": "string", - "description": "The built in user property (such as email) to map a claim for.\n" + "description": "The built-in user property (such as email) to map a claim for.\n" } }, "type": "object" @@ -12585,7 +12664,7 @@ }, "sessionNote": { "type": "string", - "description": "String value being the name of stored user session note within the UserSessionModel.note map.\n" + "description": "String value being the name of stored user session note within the `UserSessionModel.note` map.\n" } }, "required": [ @@ -12631,7 +12710,7 @@ }, "sessionNote": { "type": "string", - "description": "String value being the name of stored user session note within the UserSessionModel.note map.\n" + "description": "String value being the name of stored user session note within the `UserSessionModel.note` map.\n" } }, "requiredInputs": [ @@ -12678,7 +12757,7 @@ }, "sessionNote": { "type": "string", - "description": "String value being the name of stored user session note within the UserSessionModel.note map.\n" + "description": "String value being the name of stored user session note within the `UserSessionModel.note` map.\n" } }, "type": "object" @@ -13393,7 +13472,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "loginHint": { "type": "string", @@ -13413,7 +13492,7 @@ }, "postBindingResponse": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n" + "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -13560,7 +13639,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "loginHint": { "type": "string", @@ -13580,7 +13659,7 @@ }, "postBindingResponse": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n" + "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -13733,7 +13812,7 @@ }, "linkOnly": { "type": "boolean", - "description": "When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" + "description": "When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.\n" }, "loginHint": { "type": "string", @@ -13753,7 +13832,7 @@ }, "postBindingResponse": { "type": "boolean", - "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n" + "description": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n" }, "postBrokerLoginFlowAlias": { "type": "string", @@ -14257,6 +14336,10 @@ "parentFlowAlias": { "type": "string" }, + "priority": { + "description": "(Computed) The authenticator priority.\n", + "type": "integer" + }, "providerId": { "type": "string" }, @@ -14266,6 +14349,7 @@ }, "required": [ "parentFlowAlias", + "priority", "providerId", "realmId", "id" @@ -14316,7 +14400,7 @@ } }, "keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter": { - "description": "This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak\nclient. This data can then be used to manage the client within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = keycloak.getClientDescriptionConverterOutput({\n realmId: realm.id,\n body: `\\x09\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\\x09\\x09\\x09\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\\x09\\x09\\x09\\x09\u003cds:X509Data\u003e\n\\x09\\x09\\x09\\x09\\x09\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\x09\\x09\\x09\\x09\\x09CzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\x09\\x09\\x09\\x09\\x09YWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\x09\\x09\\x09\\x09\\x09EW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\x09\\x09\\x09\\x09\\x09NlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\x09\\x09\\x09\\x09\\x09b3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\x09\\x09\\x09\\x09\\x09LmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\x09\\x09\\x09\\x09\\x099w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\x09\\x09\\x09\\x09\\x09qIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\x09\\x09\\x09\\x09\\x0953S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\x09\\x09\\x09\\x09\\x09GX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\x09\\x09\\x09\\x09\\x09IwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\x09\\x09\\x09\\x09\\x09hvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\x09\\x09\\x09\\x09\\x09n01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\x09\\x09\\x09\\x09\\x09K3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\x09\\x09\\x09\\x09\u003c/ds:X509Data\u003e\n\\x09\\x09\\x09\u003c/ds:KeyInfo\u003e\n\\x09\\x09\u003c/md:KeyDescriptor\u003e\n\\x09\\x09\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`,\n});\nconst samlClientClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: samlClient.apply(samlClient =\u003e samlClient.clientId),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.get_client_description_converter_output(realm_id=realm.id,\n body=\"\"\"\\x09\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\\x09\\x09\\x09\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\\x09\\x09\\x09\\x09\u003cds:X509Data\u003e\n\\x09\\x09\\x09\\x09\\x09\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\x09\\x09\\x09\\x09\\x09CzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\x09\\x09\\x09\\x09\\x09YWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\x09\\x09\\x09\\x09\\x09EW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\x09\\x09\\x09\\x09\\x09NlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\x09\\x09\\x09\\x09\\x09b3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\x09\\x09\\x09\\x09\\x09LmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\x09\\x09\\x09\\x09\\x099w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\x09\\x09\\x09\\x09\\x09qIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\x09\\x09\\x09\\x09\\x0953S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\x09\\x09\\x09\\x09\\x09GX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\x09\\x09\\x09\\x09\\x09IwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\x09\\x09\\x09\\x09\\x09hvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\x09\\x09\\x09\\x09\\x09n01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\x09\\x09\\x09\\x09\\x09K3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\x09\\x09\\x09\\x09\u003c/ds:X509Data\u003e\n\\x09\\x09\\x09\u003c/ds:KeyInfo\u003e\n\\x09\\x09\u003c/md:KeyDescriptor\u003e\n\\x09\\x09\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\"\"\")\nsaml_client_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=saml_client.client_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = Keycloak.GetClientDescriptionConverter.Invoke(new()\n {\n RealmId = realm.Id,\n Body = @\"\t\u003cmd:EntityDescriptor xmlns:md=\"\"urn:oasis:names:tc:SAML:2.0:metadata\"\" validUntil=\"\"2021-04-17T12:41:46Z\"\" cacheDuration=\"\"PT604800S\"\" entityID=\"\"FakeEntityId\"\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"\"false\"\" WantAssertionsSigned=\"\"false\"\" protocolSupportEnumeration=\"\"urn:oasis:names:tc:SAML:2.0:protocol\"\"\u003e\n \u003cmd:KeyDescriptor use=\"\"signing\"\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"\"http://www.w3.org/2000/09/xmldsig#\"\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" Location=\"\"https://localhost/acs/saml/\"\" index=\"\"1\"\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\",\n });\n\n var samlClientClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Apply(getClientDescriptionConverterResult =\u003e getClientDescriptionConverterResult.ClientId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBody: pulumi.String(`\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`),\n\t\t}, nil)\n\t\t_, err = saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(samlClient.ApplyT(func(samlClient keycloak.GetClientDescriptionConverterResult) (*string, error) {\n\t\t\t\treturn \u0026samlClient.ClientId, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetClientDescriptionConverterArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var samlClient = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder()\n .realmId(realm.id())\n .body(\"\"\"\n\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n \"\"\")\n .build());\n\n var samlClientClient = new Client(\"samlClientClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult).applyValue(samlClient -\u003e samlClient.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult.clientId())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.clientId}\nvariables:\n samlClient:\n fn::invoke:\n function: keycloak:getClientDescriptionConverter\n arguments:\n realmId: ${realm.id}\n body: |\n \t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n \t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n \t\t\t\t\u003cds:X509Data\u003e\n \t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n \t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n \t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n \t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n \t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n \t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n \t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n \t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n \t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n \t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n \t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n \t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n \t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n \t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n \t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n \t\t\t\t\u003c/ds:X509Data\u003e\n \t\t\t\u003c/ds:KeyInfo\u003e\n \t\t\u003c/md:KeyDescriptor\u003e\n \t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n \u003c/md:EntityDescriptor\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak\nclient. This data can then be used to manage the client within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = keycloak.getClientDescriptionConverterOutput({\n realmId: realm.id,\n body: `\\x09\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\\x09\\x09\\x09\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\\x09\\x09\\x09\\x09\u003cds:X509Data\u003e\n\\x09\\x09\\x09\\x09\\x09\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\x09\\x09\\x09\\x09\\x09CzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\x09\\x09\\x09\\x09\\x09YWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\x09\\x09\\x09\\x09\\x09EW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\x09\\x09\\x09\\x09\\x09NlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\x09\\x09\\x09\\x09\\x09b3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\x09\\x09\\x09\\x09\\x09LmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\x09\\x09\\x09\\x09\\x099w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\x09\\x09\\x09\\x09\\x09qIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\x09\\x09\\x09\\x09\\x0953S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\x09\\x09\\x09\\x09\\x09GX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\x09\\x09\\x09\\x09\\x09IwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\x09\\x09\\x09\\x09\\x09hvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\x09\\x09\\x09\\x09\\x09n01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\x09\\x09\\x09\\x09\\x09K3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\x09\\x09\\x09\\x09\u003c/ds:X509Data\u003e\n\\x09\\x09\\x09\u003c/ds:KeyInfo\u003e\n\\x09\\x09\u003c/md:KeyDescriptor\u003e\n\\x09\\x09\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`,\n});\nconst samlClientClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: samlClient.apply(samlClient =\u003e samlClient.clientId),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.get_client_description_converter_output(realm_id=realm.id,\n body=\"\"\"\\x09\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\\x09\\x09\\x09\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\\x09\\x09\\x09\\x09\u003cds:X509Data\u003e\n\\x09\\x09\\x09\\x09\\x09\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\x09\\x09\\x09\\x09\\x09CzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\x09\\x09\\x09\\x09\\x09YWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\x09\\x09\\x09\\x09\\x09EW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\x09\\x09\\x09\\x09\\x09NlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\x09\\x09\\x09\\x09\\x09b3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\x09\\x09\\x09\\x09\\x09LmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\x09\\x09\\x09\\x09\\x099w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\x09\\x09\\x09\\x09\\x09qIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\x09\\x09\\x09\\x09\\x0953S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\x09\\x09\\x09\\x09\\x09GX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\x09\\x09\\x09\\x09\\x09IwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\x09\\x09\\x09\\x09\\x09hvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\x09\\x09\\x09\\x09\\x09n01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\x09\\x09\\x09\\x09\\x09K3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\x09\\x09\\x09\\x09\u003c/ds:X509Data\u003e\n\\x09\\x09\\x09\u003c/ds:KeyInfo\u003e\n\\x09\\x09\u003c/md:KeyDescriptor\u003e\n\\x09\\x09\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\"\"\")\nsaml_client_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=saml_client.client_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = Keycloak.GetClientDescriptionConverter.Invoke(new()\n {\n RealmId = realm.Id,\n Body = @\"\t\u003cmd:EntityDescriptor xmlns:md=\"\"urn:oasis:names:tc:SAML:2.0:metadata\"\" validUntil=\"\"2021-04-17T12:41:46Z\"\" cacheDuration=\"\"PT604800S\"\" entityID=\"\"FakeEntityId\"\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"\"false\"\" WantAssertionsSigned=\"\"false\"\" protocolSupportEnumeration=\"\"urn:oasis:names:tc:SAML:2.0:protocol\"\"\u003e\n \u003cmd:KeyDescriptor use=\"\"signing\"\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"\"http://www.w3.org/2000/09/xmldsig#\"\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" Location=\"\"https://localhost/acs/saml/\"\" index=\"\"1\"\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\",\n });\n\n var samlClientClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Apply(getClientDescriptionConverterResult =\u003e getClientDescriptionConverterResult.ClientId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBody: pulumi.String(`\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`),\n\t\t}, nil)\n\t\t_, err = saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(samlClient.ApplyT(func(samlClient keycloak.GetClientDescriptionConverterResult) (*string, error) {\n\t\t\t\treturn \u0026samlClient.ClientId, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetClientDescriptionConverterArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var samlClient = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder()\n .realmId(realm.id())\n .body(\"\"\"\n\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n \"\"\")\n .build());\n\n var samlClientClient = new Client(\"samlClientClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult).applyValue(samlClient -\u003e samlClient.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult.clientId())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.clientId}\nvariables:\n samlClient:\n fn::invoke:\n function: keycloak:getClientDescriptionConverter\n arguments:\n realmId: ${realm.id}\n body: |\n \t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n \t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n \t\t\t\t\u003cds:X509Data\u003e\n \t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n \t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n \t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n \t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n \t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n \t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n \t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n \t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n \t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n \t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n \t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n \t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n \t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n \t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n \t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n \t\t\t\t\u003c/ds:X509Data\u003e\n \t\t\t\u003c/ds:KeyInfo\u003e\n \t\t\u003c/md:KeyDescriptor\u003e\n \t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n \u003c/md:EntityDescriptor\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientDescriptionConverter.\n", "properties": { diff --git a/provider/cmd/pulumi-tfgen-keycloak/main.go b/provider/cmd/pulumi-tfgen-keycloak/main.go index 25a4c2c4..d469ab39 100644 --- a/provider/cmd/pulumi-tfgen-keycloak/main.go +++ b/provider/cmd/pulumi-tfgen-keycloak/main.go @@ -17,8 +17,8 @@ package main import ( "github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfgen" - keycloak "github.com/pulumi/pulumi-keycloak/provider/v5" - "github.com/pulumi/pulumi-keycloak/provider/v5/pkg/version" + keycloak "github.com/pulumi/pulumi-keycloak/provider/v6" + "github.com/pulumi/pulumi-keycloak/provider/v6/pkg/version" ) func main() { diff --git a/provider/go.mod b/provider/go.mod index ef94fa17..47e70a17 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -1,4 +1,4 @@ -module github.com/pulumi/pulumi-keycloak/provider/v5 +module github.com/pulumi/pulumi-keycloak/provider/v6 go 1.22.3 @@ -7,11 +7,11 @@ toolchain go1.22.7 replace ( github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240520223432-0c0bf0d65f10 github.com/hashicorp/vault => github.com/hashicorp/vault v1.2.0 - github.com/mrparkers/terraform-provider-keycloak => ../upstream + github.com/keycloak/terraform-provider-keycloak => ../upstream ) require ( - github.com/mrparkers/terraform-provider-keycloak v0.0.0-00010101000000-000000000000 + github.com/keycloak/terraform-provider-keycloak v0.0.0-20241206084240-f87470c95855 github.com/pulumi/providertest v0.1.3 github.com/pulumi/pulumi-terraform-bridge/v3 v3.101.0 github.com/pulumi/pulumi/sdk/v3 v3.145.0 @@ -26,7 +26,7 @@ require ( cloud.google.com/go/logging v1.9.0 // indirect cloud.google.com/go/longrunning v0.5.5 // indirect cloud.google.com/go/storage v1.39.1 // indirect - dario.cat/mergo v1.0.0 // indirect + dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect @@ -119,17 +119,17 @@ require ( github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.6 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect - github.com/hashicorp/hc-install v0.6.3 // indirect + github.com/hashicorp/go-version v1.7.0 // indirect + github.com/hashicorp/hc-install v0.9.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/hcl/v2 v2.22.0 // indirect github.com/hashicorp/hil v0.0.0-20190212132231-97b3a9cdfa93 // indirect github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-exec v0.20.0 // indirect - github.com/hashicorp/terraform-json v0.21.0 // indirect + github.com/hashicorp/terraform-exec v0.21.0 // indirect + github.com/hashicorp/terraform-json v0.23.0 // indirect github.com/hashicorp/terraform-plugin-go v0.25.0 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect - github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 // indirect + github.com/hashicorp/terraform-plugin-sdk/v2 v2.35.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/vault/api v1.12.0 // indirect @@ -143,7 +143,6 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/keycloak/terraform-provider-keycloak v0.0.0-20241206084240-f87470c95855 // indirect github.com/klauspost/compress v1.15.11 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect @@ -216,7 +215,7 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/yuin/goldmark v1.7.4 // indirect - github.com/zclconf/go-cty v1.14.4 // indirect + github.com/zclconf/go-cty v1.15.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect @@ -228,7 +227,7 @@ require ( gocloud.dev/secrets/hashivault v0.37.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/mod v0.19.0 // indirect + golang.org/x/mod v0.21.0 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.22.0 // indirect golang.org/x/sync v0.10.0 // indirect diff --git a/provider/go.sum b/provider/go.sum index dd6e2d06..cee403be 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -1146,8 +1146,9 @@ cloud.google.com/go/workflows v1.12.0/go.mod h1:PYhSk2b6DhZ508tj8HXKaBh+OFe+xdl0 cloud.google.com/go/workflows v1.12.1/go.mod h1:5A95OhD/edtOhQd/O741NSfIMezNTbCwLM1P1tBRGHM= cloud.google.com/go/workflows v1.12.2/go.mod h1:+OmBIgNqYJPVggnMo9nqmizW0qEXHhmnAzK/CnBqsHc= cloud.google.com/go/workflows v1.12.3/go.mod h1:fmOUeeqEwPzIU81foMjTRQIdwQHADi/vEr1cx9R1m5g= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= @@ -1638,13 +1639,15 @@ github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/C github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hc-install v0.6.2/go.mod h1:2JBpd+NCFKiHiu/yYCGaPyPHhZLxXTpz8oreHa/a3Ps= -github.com/hashicorp/hc-install v0.6.3 h1:yE/r1yJvWbtrJ0STwScgEnCanb0U9v7zp0Gbkmcoxqs= github.com/hashicorp/hc-install v0.6.3/go.mod h1:KamGdbodYzlufbWh4r9NRo8y6GLHWZP2GBtdnms1Ln0= +github.com/hashicorp/hc-install v0.9.0 h1:2dIk8LcvANwtv3QZLckxcjyF5w8KVtiMxu6G6eLhghE= +github.com/hashicorp/hc-install v0.9.0/go.mod h1:+6vOP+mf3tuGgMApVYtmsnDoKWMDcFXeTxCACYZ8SFg= github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= @@ -1657,12 +1660,14 @@ github.com/hashicorp/hil v0.0.0-20190212132231-97b3a9cdfa93/go.mod h1:n2TSygSNws github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/terraform-config-inspect v0.0.0-20191115094559-17f92b0546e8/go.mod h1:p+ivJws3dpqbp1iP84+npOyAmTTOLMgCzrXd3GSdn/A= -github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= +github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= +github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= github.com/hashicorp/terraform-json v0.4.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU= github.com/hashicorp/terraform-json v0.19.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= -github.com/hashicorp/terraform-json v0.21.0 h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U= github.com/hashicorp/terraform-json v0.21.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= +github.com/hashicorp/terraform-json v0.23.0 h1:sniCkExU4iKtTADReHzACkk8fnpQXrdD2xoR+lppBkI= +github.com/hashicorp/terraform-json v0.23.0/go.mod h1:MHdXbBAbSg0GvzuWazEGKAn/cyNfIB7mN6y7KJN6y2c= github.com/hashicorp/terraform-plugin-go v0.22.0/go.mod h1:mPULV91VKss7sik6KFEcEu7HuTogMLLO/EvWCuFkRVE= github.com/hashicorp/terraform-plugin-go v0.25.0 h1:oi13cx7xXA6QciMcpcFi/rwA974rdTxjqEhXJjbAyks= github.com/hashicorp/terraform-plugin-go v0.25.0/go.mod h1:+SYagMYadJP86Kvn+TGeV+ofr/R3g4/If0O5sO96MVw= @@ -1730,8 +1735,6 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:C github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M= -github.com/keycloak/terraform-provider-keycloak v0.0.0-20241206084240-f87470c95855 h1:jIogAikiZaTZDZMz/SzaJv8dTs8ENRIt+G73iuDj8zc= -github.com/keycloak/terraform-provider-keycloak v0.0.0-20241206084240-f87470c95855/go.mod h1:hbsqZ3rt/vlhPyujtuUUxGOxepyfaMenNbiiFXSOdaI= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= @@ -2076,8 +2079,8 @@ github.com/zclconf/go-cty v1.13.0/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4 github.com/zclconf/go-cty v1.13.1/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= -github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= -github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= +github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= @@ -2217,8 +2220,8 @@ golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= diff --git a/provider/resources.go b/provider/resources.go index 980c3e41..c4d81d69 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -22,14 +22,14 @@ import ( // embed is used to store bridge-metadata.json in the compiled binary _ "embed" - "github.com/mrparkers/terraform-provider-keycloak/provider" + "github.com/keycloak/terraform-provider-keycloak/provider" "github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge" tks "github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge/tokens" shimv2 "github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2" "github.com/pulumi/pulumi/sdk/v3/go/common/tokens" - "github.com/pulumi/pulumi-keycloak/provider/v5/pkg/version" + "github.com/pulumi/pulumi-keycloak/provider/v6/pkg/version" ) // all of the token components used below. @@ -66,7 +66,7 @@ func Provider() tfbridge.ProviderInfo { prov := tfbridge.ProviderInfo{ P: p, Name: "keycloak", - GitHubOrg: "mrparkers", + GitHubOrg: "keycloak", Description: "A Pulumi package for creating and managing keycloak cloud resources.", Keywords: []string{"pulumi", "keycloak"}, License: "Apache-2.0", diff --git a/sdk/dotnet/Authentication/Execution.cs b/sdk/dotnet/Authentication/Execution.cs index 2b9f0c21..3832aa4f 100644 --- a/sdk/dotnet/Authentication/Execution.cs +++ b/sdk/dotnet/Authentication/Execution.cs @@ -15,7 +15,7 @@ namespace Pulumi.Keycloak.Authentication /// An authentication execution is an action that the user or service may or may not take when authenticating through an authentication /// flow. /// - /// > Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. + /// > Following limitation affects Keycloak < 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. /// /// ## Example Usage /// @@ -46,6 +46,7 @@ namespace Pulumi.Keycloak.Authentication /// ParentFlowAlias = flow.Alias, /// Authenticator = "auth-cookie", /// Requirement = "ALTERNATIVE", + /// Priority = 10, /// }); /// /// // second execution @@ -55,12 +56,7 @@ namespace Pulumi.Keycloak.Authentication /// ParentFlowAlias = flow.Alias, /// Authenticator = "identity-provider-redirector", /// Requirement = "ALTERNATIVE", - /// }, new CustomResourceOptions - /// { - /// DependsOn = - /// { - /// executionOne, - /// }, + /// Priority = 20, /// }); /// /// }); @@ -93,6 +89,12 @@ public partial class Execution : global::Pulumi.CustomResource [Output("parentFlowAlias")] public Output ParentFlowAlias { get; private set; } = null!; + /// + /// The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + /// + [Output("priority")] + public Output Priority { get; private set; } = null!; + /// /// The realm the authentication execution exists in. /// @@ -163,6 +165,12 @@ public sealed class ExecutionArgs : global::Pulumi.ResourceArgs [Input("parentFlowAlias", required: true)] public Input ParentFlowAlias { get; set; } = null!; + /// + /// The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + /// + [Input("priority")] + public Input? Priority { get; set; } + /// /// The realm the authentication execution exists in. /// @@ -195,6 +203,12 @@ public sealed class ExecutionState : global::Pulumi.ResourceArgs [Input("parentFlowAlias")] public Input? ParentFlowAlias { get; set; } + /// + /// The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + /// + [Input("priority")] + public Input? Priority { get; set; } + /// /// The realm the authentication execution exists in. /// diff --git a/sdk/dotnet/Authentication/Subflow.cs b/sdk/dotnet/Authentication/Subflow.cs index b9cdfb5f..d17c3877 100644 --- a/sdk/dotnet/Authentication/Subflow.cs +++ b/sdk/dotnet/Authentication/Subflow.cs @@ -44,6 +44,7 @@ namespace Pulumi.Keycloak.Authentication /// ParentFlowAlias = flow.Alias, /// ProviderId = "basic-flow", /// Requirement = "ALTERNATIVE", + /// Priority = 10, /// }); /// /// }); @@ -99,6 +100,12 @@ public partial class Subflow : global::Pulumi.CustomResource [Output("parentFlowAlias")] public Output ParentFlowAlias { get; private set; } = null!; + /// + /// The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + /// + [Output("priority")] + public Output Priority { get; private set; } = null!; + /// /// The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` /// and `client-flow`. Defaults to `basic-flow`. @@ -190,6 +197,12 @@ public sealed class SubflowArgs : global::Pulumi.ResourceArgs [Input("parentFlowAlias", required: true)] public Input ParentFlowAlias { get; set; } = null!; + /// + /// The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + /// + [Input("priority")] + public Input? Priority { get; set; } + /// /// The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` /// and `client-flow`. Defaults to `basic-flow`. @@ -243,6 +256,12 @@ public sealed class SubflowState : global::Pulumi.ResourceArgs [Input("parentFlowAlias")] public Input? ParentFlowAlias { get; set; } + /// + /// The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + /// + [Input("priority")] + public Input? Priority { get; set; } + /// /// The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` /// and `client-flow`. Defaults to `basic-flow`. diff --git a/sdk/dotnet/CustomUserFederation.cs b/sdk/dotnet/CustomUserFederation.cs index b76235e4..eed6f7d9 100644 --- a/sdk/dotnet/CustomUserFederation.cs +++ b/sdk/dotnet/CustomUserFederation.cs @@ -76,7 +76,7 @@ public partial class CustomUserFederation : global::Pulumi.CustomResource public Output ChangedSyncPeriod { get; private set; } = null!; /// - /// The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + /// The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. /// [Output("config")] public Output?> Config { get; private set; } = null!; @@ -185,7 +185,7 @@ public sealed class CustomUserFederationArgs : global::Pulumi.ResourceArgs private InputMap? _config; /// - /// The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + /// The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. /// public InputMap Config { @@ -259,7 +259,7 @@ public sealed class CustomUserFederationState : global::Pulumi.ResourceArgs private InputMap? _config; /// - /// The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + /// The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. /// public InputMap Config { diff --git a/sdk/dotnet/GetAuthenticationExecution.cs b/sdk/dotnet/GetAuthenticationExecution.cs index 0c169987..57d35b9e 100644 --- a/sdk/dotnet/GetAuthenticationExecution.cs +++ b/sdk/dotnet/GetAuthenticationExecution.cs @@ -170,6 +170,10 @@ public sealed class GetAuthenticationExecutionResult /// public readonly string Id; public readonly string ParentFlowAlias; + /// + /// (Computed) The authenticator priority. + /// + public readonly int Priority; public readonly string ProviderId; public readonly string RealmId; @@ -179,12 +183,15 @@ private GetAuthenticationExecutionResult( string parentFlowAlias, + int priority, + string providerId, string realmId) { Id = id; ParentFlowAlias = parentFlowAlias; + Priority = priority; ProviderId = providerId; RealmId = realmId; } diff --git a/sdk/dotnet/GetClientDescriptionConverter.cs b/sdk/dotnet/GetClientDescriptionConverter.cs index 161ae57c..6036e018 100644 --- a/sdk/dotnet/GetClientDescriptionConverter.cs +++ b/sdk/dotnet/GetClientDescriptionConverter.cs @@ -12,7 +12,7 @@ namespace Pulumi.Keycloak public static class GetClientDescriptionConverter { /// - /// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + /// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak /// client. This data can then be used to manage the client within Keycloak. /// /// ## Example Usage @@ -77,7 +77,7 @@ public static Task InvokeAsync(GetClientDes => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter", args ?? new GetClientDescriptionConverterArgs(), options.WithDefaults()); /// - /// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + /// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak /// client. This data can then be used to manage the client within Keycloak. /// /// ## Example Usage @@ -142,7 +142,7 @@ public static Output Invoke(GetClientDescri => global::Pulumi.Deployment.Instance.Invoke("keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter", args ?? new GetClientDescriptionConverterInvokeArgs(), options.WithDefaults()); /// - /// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + /// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak /// client. This data can then be used to manage the client within Keycloak. /// /// ## Example Usage diff --git a/sdk/dotnet/Group.cs b/sdk/dotnet/Group.cs index 26b2b658..d5d5ddca 100644 --- a/sdk/dotnet/Group.cs +++ b/sdk/dotnet/Group.cs @@ -82,7 +82,7 @@ namespace Pulumi.Keycloak public partial class Group : global::Pulumi.CustomResource { /// - /// A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + /// A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars /// [Output("attributes")] public Output?> Attributes { get; private set; } = null!; @@ -161,7 +161,7 @@ public sealed class GroupArgs : global::Pulumi.ResourceArgs private InputMap? _attributes; /// - /// A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + /// A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars /// public InputMap Attributes { @@ -199,7 +199,7 @@ public sealed class GroupState : global::Pulumi.ResourceArgs private InputMap? _attributes; /// - /// A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + /// A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars /// public InputMap Attributes { diff --git a/sdk/dotnet/GroupMemberships.cs b/sdk/dotnet/GroupMemberships.cs index f3d235bd..e255794d 100644 --- a/sdk/dotnet/GroupMemberships.cs +++ b/sdk/dotnet/GroupMemberships.cs @@ -73,7 +73,7 @@ namespace Pulumi.Keycloak /// /// as if it did not already exist on the server. /// - /// [1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships + /// [1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships /// [KeycloakResourceType("keycloak:index/groupMemberships:GroupMemberships")] public partial class GroupMemberships : global::Pulumi.CustomResource diff --git a/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyArgs.cs b/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyArgs.cs index 722f3db4..b32255e9 100644 --- a/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyArgs.cs +++ b/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyArgs.cs @@ -49,7 +49,7 @@ public InputList AcceptableAaguids public Input? CreateTimeout { get; set; } /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + /// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. /// [Input("relyingPartyEntityName")] public Input? RelyingPartyEntityName { get; set; } diff --git a/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyGetArgs.cs b/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyGetArgs.cs index 743ccafd..5afee474 100644 --- a/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmWebAuthnPasswordlessPolicyGetArgs.cs @@ -49,7 +49,7 @@ public InputList AcceptableAaguids public Input? CreateTimeout { get; set; } /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + /// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. /// [Input("relyingPartyEntityName")] public Input? RelyingPartyEntityName { get; set; } diff --git a/sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs b/sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs index c721c7b5..b5e1c9fa 100644 --- a/sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs +++ b/sdk/dotnet/Inputs/RealmWebAuthnPolicyArgs.cs @@ -49,7 +49,7 @@ public InputList AcceptableAaguids public Input? CreateTimeout { get; set; } /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + /// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. /// [Input("relyingPartyEntityName")] public Input? RelyingPartyEntityName { get; set; } diff --git a/sdk/dotnet/Inputs/RealmWebAuthnPolicyGetArgs.cs b/sdk/dotnet/Inputs/RealmWebAuthnPolicyGetArgs.cs index 922dcc17..72821af3 100644 --- a/sdk/dotnet/Inputs/RealmWebAuthnPolicyGetArgs.cs +++ b/sdk/dotnet/Inputs/RealmWebAuthnPolicyGetArgs.cs @@ -49,7 +49,7 @@ public InputList AcceptableAaguids public Input? CreateTimeout { get; set; } /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + /// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. /// [Input("relyingPartyEntityName")] public Input? RelyingPartyEntityName { get; set; } diff --git a/sdk/dotnet/Inputs/UserFederatedIdentityArgs.cs b/sdk/dotnet/Inputs/UserFederatedIdentityArgs.cs index 20dbd459..ea1e5949 100644 --- a/sdk/dotnet/Inputs/UserFederatedIdentityArgs.cs +++ b/sdk/dotnet/Inputs/UserFederatedIdentityArgs.cs @@ -25,7 +25,7 @@ public sealed class UserFederatedIdentityArgs : global::Pulumi.ResourceArgs public Input UserId { get; set; } = null!; /// - /// The user name of the user defined in the identity provider + /// The username of the user defined in the identity provider /// [Input("userName", required: true)] public Input UserName { get; set; } = null!; diff --git a/sdk/dotnet/Inputs/UserFederatedIdentityGetArgs.cs b/sdk/dotnet/Inputs/UserFederatedIdentityGetArgs.cs index 797a438a..be8c2ea2 100644 --- a/sdk/dotnet/Inputs/UserFederatedIdentityGetArgs.cs +++ b/sdk/dotnet/Inputs/UserFederatedIdentityGetArgs.cs @@ -25,7 +25,7 @@ public sealed class UserFederatedIdentityGetArgs : global::Pulumi.ResourceArgs public Input UserId { get; set; } = null!; /// - /// The user name of the user defined in the identity provider + /// The username of the user defined in the identity provider /// [Input("userName", required: true)] public Input UserName { get; set; } = null!; diff --git a/sdk/dotnet/Ldap/GroupMapper.cs b/sdk/dotnet/Ldap/GroupMapper.cs index f9dc9296..47d183c0 100644 --- a/sdk/dotnet/Ldap/GroupMapper.cs +++ b/sdk/dotnet/Ldap/GroupMapper.cs @@ -105,7 +105,7 @@ public partial class GroupMapper : global::Pulumi.CustomResource public Output> GroupObjectClasses { get; private set; } = null!; /// - /// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + /// When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. /// [Output("groupsLdapFilter")] public Output GroupsLdapFilter { get; private set; } = null!; @@ -265,7 +265,7 @@ public InputList GroupObjectClasses } /// - /// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + /// When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. /// [Input("groupsLdapFilter")] public Input? GroupsLdapFilter { get; set; } @@ -393,7 +393,7 @@ public InputList GroupObjectClasses } /// - /// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + /// When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. /// [Input("groupsLdapFilter")] public Input? GroupsLdapFilter { get; set; } diff --git a/sdk/dotnet/Ldap/RoleMapper.cs b/sdk/dotnet/Ldap/RoleMapper.cs index 6d3bcf9b..d34cd060 100644 --- a/sdk/dotnet/Ldap/RoleMapper.cs +++ b/sdk/dotnet/Ldap/RoleMapper.cs @@ -159,7 +159,7 @@ public partial class RoleMapper : global::Pulumi.CustomResource public Output> RoleObjectClasses { get; private set; } = null!; /// - /// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + /// When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. /// [Output("rolesLdapFilter")] public Output RolesLdapFilter { get; private set; } = null!; @@ -301,7 +301,7 @@ public InputList RoleObjectClasses } /// - /// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + /// When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. /// [Input("rolesLdapFilter")] public Input? RolesLdapFilter { get; set; } @@ -405,7 +405,7 @@ public InputList RoleObjectClasses } /// - /// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + /// When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. /// [Input("rolesLdapFilter")] public Input? RolesLdapFilter { get; set; } diff --git a/sdk/dotnet/Ldap/UserAttributeMapper.cs b/sdk/dotnet/Ldap/UserAttributeMapper.cs index 5cf9ccbb..8f9c8903 100644 --- a/sdk/dotnet/Ldap/UserAttributeMapper.cs +++ b/sdk/dotnet/Ldap/UserAttributeMapper.cs @@ -91,6 +91,12 @@ public partial class UserAttributeMapper : global::Pulumi.CustomResource [Output("attributeDefaultValue")] public Output AttributeDefaultValue { get; private set; } = null!; + /// + /// When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + /// + [Output("attributeForceDefault")] + public Output AttributeForceDefault { get; private set; } = null!; + /// /// Should be true for binary LDAP attributes. /// @@ -197,6 +203,12 @@ public sealed class UserAttributeMapperArgs : global::Pulumi.ResourceArgs [Input("attributeDefaultValue")] public Input? AttributeDefaultValue { get; set; } + /// + /// When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + /// + [Input("attributeForceDefault")] + public Input? AttributeForceDefault { get; set; } + /// /// Should be true for binary LDAP attributes. /// @@ -265,6 +277,12 @@ public sealed class UserAttributeMapperState : global::Pulumi.ResourceArgs [Input("attributeDefaultValue")] public Input? AttributeDefaultValue { get; set; } + /// + /// When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + /// + [Input("attributeForceDefault")] + public Input? AttributeForceDefault { get; set; } + /// /// Should be true for binary LDAP attributes. /// diff --git a/sdk/dotnet/Oidc/GoogleIdentityProvider.cs b/sdk/dotnet/Oidc/GoogleIdentityProvider.cs index d9fa4f73..461f2f48 100644 --- a/sdk/dotnet/Oidc/GoogleIdentityProvider.cs +++ b/sdk/dotnet/Oidc/GoogleIdentityProvider.cs @@ -156,7 +156,7 @@ public partial class GoogleIdentityProvider : global::Pulumi.CustomResource public Output InternalId { get; private set; } = null!; /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Output("linkOnly")] public Output LinkOnly { get; private set; } = null!; @@ -350,7 +350,7 @@ public InputMap ExtraConfig public Input? HostedDomain { get; set; } /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Input("linkOnly")] public Input? LinkOnly { get; set; } @@ -520,7 +520,7 @@ public InputMap ExtraConfig public Input? InternalId { get; set; } /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Input("linkOnly")] public Input? LinkOnly { get; set; } diff --git a/sdk/dotnet/Oidc/IdentityProvider.cs b/sdk/dotnet/Oidc/IdentityProvider.cs index 81010db1..065ae86e 100644 --- a/sdk/dotnet/Oidc/IdentityProvider.cs +++ b/sdk/dotnet/Oidc/IdentityProvider.cs @@ -75,7 +75,7 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output AddReadTokenRoleOnCreate { get; private set; } = null!; /// - /// The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + /// The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. /// [Output("alias")] public Output Alias { get; private set; } = null!; @@ -174,7 +174,7 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output JwksUrl { get; private set; } = null!; /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Output("linkOnly")] public Output LinkOnly { get; private set; } = null!; @@ -186,7 +186,7 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output LoginHint { get; private set; } = null!; /// - /// The Logout URL is the end session endpoint to use to logout user from external identity provider. + /// The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. /// [Output("logoutUrl")] public Output LogoutUrl { get; private set; } = null!; @@ -314,7 +314,7 @@ public sealed class IdentityProviderArgs : global::Pulumi.ResourceArgs public Input? AddReadTokenRoleOnCreate { get; set; } /// - /// The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + /// The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. /// [Input("alias", required: true)] public Input Alias { get; set; } = null!; @@ -422,7 +422,7 @@ public InputMap ExtraConfig public Input? JwksUrl { get; set; } /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Input("linkOnly")] public Input? LinkOnly { get; set; } @@ -434,7 +434,7 @@ public InputMap ExtraConfig public Input? LoginHint { get; set; } /// - /// The Logout URL is the end session endpoint to use to logout user from external identity provider. + /// The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. /// [Input("logoutUrl")] public Input? LogoutUrl { get; set; } @@ -520,7 +520,7 @@ public sealed class IdentityProviderState : global::Pulumi.ResourceArgs public Input? AddReadTokenRoleOnCreate { get; set; } /// - /// The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + /// The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. /// [Input("alias")] public Input? Alias { get; set; } @@ -634,7 +634,7 @@ public InputMap ExtraConfig public Input? JwksUrl { get; set; } /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Input("linkOnly")] public Input? LinkOnly { get; set; } @@ -646,7 +646,7 @@ public InputMap ExtraConfig public Input? LoginHint { get; set; } /// - /// The Logout URL is the end session endpoint to use to logout user from external identity provider. + /// The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. /// [Input("logoutUrl")] public Input? LogoutUrl { get; set; } diff --git a/sdk/dotnet/OpenId/AudienceProtocolMapper.cs b/sdk/dotnet/OpenId/AudienceProtocolMapper.cs index ab61fb31..8bfd5099 100644 --- a/sdk/dotnet/OpenId/AudienceProtocolMapper.cs +++ b/sdk/dotnet/OpenId/AudienceProtocolMapper.cs @@ -12,7 +12,7 @@ namespace Pulumi.Keycloak.OpenId /// /// Allows for creating and managing audience protocol mappers within Keycloak. /// - /// Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom + /// Audience protocol mappers allow you to add audiences to the `aud` claim within issued tokens. The audience can be a custom /// string, or it can be mapped to the ID of a pre-existing client. /// /// ## Example Usage diff --git a/sdk/dotnet/OpenId/Client.cs b/sdk/dotnet/OpenId/Client.cs index 616cb91a..8e1256a8 100644 --- a/sdk/dotnet/OpenId/Client.cs +++ b/sdk/dotnet/OpenId/Client.cs @@ -350,7 +350,7 @@ public partial class Client : global::Pulumi.CustomResource public Output> ValidRedirectUris { get; private set; } = null!; /// - /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. /// [Output("webOrigins")] public Output> WebOrigins { get; private set; } = null!; @@ -702,7 +702,7 @@ public InputList ValidRedirectUris private InputList? _webOrigins; /// - /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. /// public InputList WebOrigins { @@ -1027,7 +1027,7 @@ public InputList ValidRedirectUris private InputList? _webOrigins; /// - /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + /// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. /// public InputList WebOrigins { diff --git a/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs b/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs index 204c365f..ea782029 100644 --- a/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs @@ -173,7 +173,7 @@ public partial class UserPropertyProtocolMapper : global::Pulumi.CustomResource public Output RealmId { get; private set; } = null!; /// - /// The built in user property (such as email) to map a claim for. + /// The built-in user property (such as email) to map a claim for. /// [Output("userProperty")] public Output UserProperty { get; private set; } = null!; @@ -279,7 +279,7 @@ public sealed class UserPropertyProtocolMapperArgs : global::Pulumi.ResourceArgs public Input RealmId { get; set; } = null!; /// - /// The built in user property (such as email) to map a claim for. + /// The built-in user property (such as email) to map a claim for. /// [Input("userProperty", required: true)] public Input UserProperty { get; set; } = null!; @@ -347,7 +347,7 @@ public sealed class UserPropertyProtocolMapperState : global::Pulumi.ResourceArg public Input? RealmId { get; set; } /// - /// The built in user property (such as email) to map a claim for. + /// The built-in user property (such as email) to map a claim for. /// [Input("userProperty")] public Input? UserProperty { get; set; } diff --git a/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs b/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs index 27402c2d..61c76c0a 100644 --- a/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs @@ -168,7 +168,7 @@ public partial class UserSessionNoteProtocolMapper : global::Pulumi.CustomResour public Output RealmId { get; private set; } = null!; /// - /// String value being the name of stored user session note within the UserSessionModel.note map. + /// String value being the name of stored user session note within the `UserSessionModel.note` map. /// [Output("sessionNote")] public Output SessionNote { get; private set; } = null!; @@ -268,7 +268,7 @@ public sealed class UserSessionNoteProtocolMapperArgs : global::Pulumi.ResourceA public Input RealmId { get; set; } = null!; /// - /// String value being the name of stored user session note within the UserSessionModel.note map. + /// String value being the name of stored user session note within the `UserSessionModel.note` map. /// [Input("sessionNote")] public Input? SessionNote { get; set; } @@ -330,7 +330,7 @@ public sealed class UserSessionNoteProtocolMapperState : global::Pulumi.Resource public Input? RealmId { get; set; } /// - /// String value being the name of stored user session note within the UserSessionModel.note map. + /// String value being the name of stored user session note within the `UserSessionModel.note` map. /// [Input("sessionNote")] public Input? SessionNote { get; set; } diff --git a/sdk/dotnet/Outputs/RealmWebAuthnPasswordlessPolicy.cs b/sdk/dotnet/Outputs/RealmWebAuthnPasswordlessPolicy.cs index 586b9677..47dd76f5 100644 --- a/sdk/dotnet/Outputs/RealmWebAuthnPasswordlessPolicy.cs +++ b/sdk/dotnet/Outputs/RealmWebAuthnPasswordlessPolicy.cs @@ -34,7 +34,7 @@ public sealed class RealmWebAuthnPasswordlessPolicy /// public readonly int? CreateTimeout; /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + /// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. /// public readonly string? RelyingPartyEntityName; /// diff --git a/sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs b/sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs index 89263d8b..e9558aa2 100644 --- a/sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs +++ b/sdk/dotnet/Outputs/RealmWebAuthnPolicy.cs @@ -34,7 +34,7 @@ public sealed class RealmWebAuthnPolicy /// public readonly int? CreateTimeout; /// - /// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + /// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. /// public readonly string? RelyingPartyEntityName; /// diff --git a/sdk/dotnet/Outputs/UserFederatedIdentity.cs b/sdk/dotnet/Outputs/UserFederatedIdentity.cs index 92163beb..e93a61f1 100644 --- a/sdk/dotnet/Outputs/UserFederatedIdentity.cs +++ b/sdk/dotnet/Outputs/UserFederatedIdentity.cs @@ -22,7 +22,7 @@ public sealed class UserFederatedIdentity /// public readonly string UserId; /// - /// The user name of the user defined in the identity provider + /// The username of the user defined in the identity provider /// public readonly string UserName; diff --git a/sdk/dotnet/Realm.cs b/sdk/dotnet/Realm.cs index 990a9424..3f426288 100644 --- a/sdk/dotnet/Realm.cs +++ b/sdk/dotnet/Realm.cs @@ -99,8 +99,8 @@ namespace Pulumi.Keycloak /// /// ## Default Client Scopes /// - /// - `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - /// - `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. + /// - `default_default_client_scopes` - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`. + /// - `default_optional_client_scopes` - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`. /// /// ## Import /// diff --git a/sdk/dotnet/RealmUserProfile.cs b/sdk/dotnet/RealmUserProfile.cs index c1adab6a..44d0d2ef 100644 --- a/sdk/dotnet/RealmUserProfile.cs +++ b/sdk/dotnet/RealmUserProfile.cs @@ -13,11 +13,8 @@ namespace Pulumi.Keycloak /// Allows for managing Realm User Profiles within Keycloak. /// /// A user profile defines a schema for representing user attributes and how they are managed within a realm. - /// This is a preview feature, hence not fully supported and disabled by default. - /// To enable it, start the server with one of the following flags: - /// - WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled` - /// - Quarkus distribution: `--features=preview` or `--features=declarative-user-profile` /// + /// Information for Keycloak versions < 24: /// The realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled. /// It can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`. /// @@ -35,15 +32,12 @@ namespace Pulumi.Keycloak /// var realm = new Keycloak.Realm("realm", new() /// { /// RealmName = "my-realm", - /// Attributes = - /// { - /// { "userProfileEnabled", "true" }, - /// }, /// }); /// /// var userprofile = new Keycloak.RealmUserProfile("userprofile", new() /// { /// RealmId = myRealm.Id, + /// UnmanagedAttributePolicy = "ENABLED", /// Attributes = new[] /// { /// new Keycloak.Inputs.RealmUserProfileAttributeArgs @@ -174,6 +168,12 @@ public partial class RealmUserProfile : global::Pulumi.CustomResource [Output("realmId")] public Output RealmId { get; private set; } = null!; + /// + /// Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + /// + [Output("unmanagedAttributePolicy")] + public Output UnmanagedAttributePolicy { get; private set; } = null!; + /// /// Create a RealmUserProfile resource with the given unique name, arguments, and options. @@ -250,6 +250,12 @@ public InputList Groups [Input("realmId", required: true)] public Input RealmId { get; set; } = null!; + /// + /// Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + /// + [Input("unmanagedAttributePolicy")] + public Input? UnmanagedAttributePolicy { get; set; } + public RealmUserProfileArgs() { } @@ -288,6 +294,12 @@ public InputList Groups [Input("realmId")] public Input? RealmId { get; set; } + /// + /// Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + /// + [Input("unmanagedAttributePolicy")] + public Input? UnmanagedAttributePolicy { get; set; } + public RealmUserProfileState() { } diff --git a/sdk/dotnet/Role.cs b/sdk/dotnet/Role.cs index 4c333a30..e38990ce 100644 --- a/sdk/dotnet/Role.cs +++ b/sdk/dotnet/Role.cs @@ -12,7 +12,7 @@ namespace Pulumi.Keycloak /// /// Allows for creating and managing roles within Keycloak. /// - /// Roles allow you define privileges within Keycloak and map them to users and groups. + /// Roles allow you to define privileges within Keycloak and map them to users and groups. /// /// ## Example Usage /// @@ -216,7 +216,7 @@ public partial class Role : global::Pulumi.CustomResource /// A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars /// [Output("attributes")] - public Output?> Attributes { get; private set; } = null!; + public Output> Attributes { get; private set; } = null!; /// /// When specified, this role will be created as a client role attached to the client with the provided ID @@ -234,7 +234,13 @@ public partial class Role : global::Pulumi.CustomResource /// The description of the role /// [Output("description")] - public Output Description { get; private set; } = null!; + public Output Description { get; private set; } = null!; + + /// + /// When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + /// + [Output("import")] + public Output Import { get; private set; } = null!; /// /// The name of the role @@ -330,6 +336,12 @@ public InputList CompositeRoles [Input("description")] public Input? Description { get; set; } + /// + /// When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + /// + [Input("import")] + public Input? Import { get; set; } + /// /// The name of the role /// @@ -386,6 +398,12 @@ public InputList CompositeRoles [Input("description")] public Input? Description { get; set; } + /// + /// When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + /// + [Input("import")] + public Input? Import { get; set; } + /// /// The name of the role /// diff --git a/sdk/dotnet/Saml/IdentityProvider.cs b/sdk/dotnet/Saml/IdentityProvider.cs index 10ba9672..3725478d 100644 --- a/sdk/dotnet/Saml/IdentityProvider.cs +++ b/sdk/dotnet/Saml/IdentityProvider.cs @@ -158,7 +158,7 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output InternalId { get; private set; } = null!; /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Output("linkOnly")] public Output LinkOnly { get; private set; } = null!; @@ -188,7 +188,7 @@ public partial class IdentityProvider : global::Pulumi.CustomResource public Output PostBindingLogout { get; private set; } = null!; /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. /// [Output("postBindingResponse")] public Output PostBindingResponse { get; private set; } = null!; @@ -440,7 +440,7 @@ public InputMap ExtraConfig public Input? HideOnLoginPage { get; set; } /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Input("linkOnly")] public Input? LinkOnly { get; set; } @@ -470,7 +470,7 @@ public InputMap ExtraConfig public Input? PostBindingLogout { get; set; } /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. /// [Input("postBindingResponse")] public Input? PostBindingResponse { get; set; } @@ -690,7 +690,7 @@ public InputMap ExtraConfig public Input? InternalId { get; set; } /// - /// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + /// When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. /// [Input("linkOnly")] public Input? LinkOnly { get; set; } @@ -720,7 +720,7 @@ public InputMap ExtraConfig public Input? PostBindingLogout { get; set; } /// - /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + /// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. /// [Input("postBindingResponse")] public Input? PostBindingResponse { get; set; } diff --git a/sdk/dotnet/User.cs b/sdk/dotnet/User.cs index 3d3fc4a3..ca32145f 100644 --- a/sdk/dotnet/User.cs +++ b/sdk/dotnet/User.cs @@ -118,6 +118,12 @@ public partial class User : global::Pulumi.CustomResource [Output("firstName")] public Output FirstName { get; private set; } = null!; + /// + /// When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + /// + [Output("import")] + public Output Import { get; private set; } = null!; + /// /// When given, the user's initial password will be set. This attribute is only respected during initial user creation. /// @@ -242,6 +248,12 @@ public InputList FederatedIdentities [Input("firstName")] public Input? FirstName { get; set; } + /// + /// When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + /// + [Input("import")] + public Input? Import { get; set; } + /// /// When given, the user's initial password will be set. This attribute is only respected during initial user creation. /// @@ -334,6 +346,12 @@ public InputList FederatedIdentities [Input("firstName")] public Input? FirstName { get; set; } + /// + /// When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + /// + [Input("import")] + public Input? Import { get; set; } + /// /// When given, the user's initial password will be set. This attribute is only respected during initial user creation. /// diff --git a/sdk/go.mod b/sdk/go.mod index d49ecf4f..1169ab27 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -1,9 +1,10 @@ -module github.com/pulumi/pulumi-keycloak/sdk/v5 +module github.com/pulumi/pulumi-keycloak/sdk/v6 go 1.21 require ( github.com/blang/semver v3.5.1+incompatible + github.com/pulumi/pulumi-keycloak/sdk/v5 v5.4.0 github.com/pulumi/pulumi/sdk/v3 v3.145.0 ) @@ -67,7 +68,6 @@ require ( github.com/spf13/cast v1.4.1 // indirect github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/stretchr/objx v0.5.0 // indirect github.com/texttheater/golang-levenshtein v1.0.1 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect diff --git a/sdk/go.sum b/sdk/go.sum index efb6110f..44668d76 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -150,6 +150,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= +github.com/pulumi/pulumi-keycloak/sdk/v5 v5.4.0 h1:IXMfYM7sDjo6iYBW+eBTjo0FVY+VBgO8X2bRqKRzDeM= +github.com/pulumi/pulumi-keycloak/sdk/v5 v5.4.0/go.mod h1:sGOJEAMV0iyjaFt80IGNlzeG+qqR8OEdDR5oVqiIMTU= github.com/pulumi/pulumi/sdk/v3 v3.145.0 h1:r5iOgz67RElFXJt4GVVY2SBGh5sR24mL9NOcKBiBi/k= github.com/pulumi/pulumi/sdk/v3 v3.145.0/go.mod h1:5pZySnw3RiQKddx8orThjEFmWsXkGAY3ktKOxZj2Ym4= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -175,7 +177,6 @@ github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRM github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -183,8 +184,6 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= diff --git a/sdk/go/keycloak/authentication/execution.go b/sdk/go/keycloak/authentication/execution.go index ab3e3421..b01307e2 100644 --- a/sdk/go/keycloak/authentication/execution.go +++ b/sdk/go/keycloak/authentication/execution.go @@ -17,7 +17,7 @@ import ( // An authentication execution is an action that the user or service may or may not take when authenticating through an authentication // flow. // -// > Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `dependsOn`. Authentication executions that are created first will appear first within the flow. +// > Following limitation affects Keycloak < 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `dependsOn`. Authentication executions that are created first will appear first within the flow. // // ## Example Usage // @@ -49,11 +49,12 @@ import ( // return err // } // // first execution -// executionOne, err := authentication.NewExecution(ctx, "execution_one", &authentication.ExecutionArgs{ +// _, err = authentication.NewExecution(ctx, "execution_one", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, // Authenticator: pulumi.String("auth-cookie"), // Requirement: pulumi.String("ALTERNATIVE"), +// Priority: pulumi.Int(10), // }) // if err != nil { // return err @@ -64,9 +65,8 @@ import ( // ParentFlowAlias: flow.Alias, // Authenticator: pulumi.String("identity-provider-redirector"), // Requirement: pulumi.String("ALTERNATIVE"), -// }, pulumi.DependsOn([]pulumi.Resource{ -// executionOne, -// })) +// Priority: pulumi.Int(20), +// }) // if err != nil { // return err // } @@ -94,6 +94,8 @@ type Execution struct { Authenticator pulumi.StringOutput `pulumi:"authenticator"` // The alias of the flow this execution is attached to. ParentFlowAlias pulumi.StringOutput `pulumi:"parentFlowAlias"` + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority pulumi.IntPtrOutput `pulumi:"priority"` // The realm the authentication execution exists in. RealmId pulumi.StringOutput `pulumi:"realmId"` // The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. @@ -143,6 +145,8 @@ type executionState struct { Authenticator *string `pulumi:"authenticator"` // The alias of the flow this execution is attached to. ParentFlowAlias *string `pulumi:"parentFlowAlias"` + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority *int `pulumi:"priority"` // The realm the authentication execution exists in. RealmId *string `pulumi:"realmId"` // The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. @@ -154,6 +158,8 @@ type ExecutionState struct { Authenticator pulumi.StringPtrInput // The alias of the flow this execution is attached to. ParentFlowAlias pulumi.StringPtrInput + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority pulumi.IntPtrInput // The realm the authentication execution exists in. RealmId pulumi.StringPtrInput // The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. @@ -169,6 +175,8 @@ type executionArgs struct { Authenticator string `pulumi:"authenticator"` // The alias of the flow this execution is attached to. ParentFlowAlias string `pulumi:"parentFlowAlias"` + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority *int `pulumi:"priority"` // The realm the authentication execution exists in. RealmId string `pulumi:"realmId"` // The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. @@ -181,6 +189,8 @@ type ExecutionArgs struct { Authenticator pulumi.StringInput // The alias of the flow this execution is attached to. ParentFlowAlias pulumi.StringInput + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority pulumi.IntPtrInput // The realm the authentication execution exists in. RealmId pulumi.StringInput // The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. @@ -284,6 +294,11 @@ func (o ExecutionOutput) ParentFlowAlias() pulumi.StringOutput { return o.ApplyT(func(v *Execution) pulumi.StringOutput { return v.ParentFlowAlias }).(pulumi.StringOutput) } +// The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). +func (o ExecutionOutput) Priority() pulumi.IntPtrOutput { + return o.ApplyT(func(v *Execution) pulumi.IntPtrOutput { return v.Priority }).(pulumi.IntPtrOutput) +} + // The realm the authentication execution exists in. func (o ExecutionOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *Execution) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) diff --git a/sdk/go/keycloak/authentication/subflow.go b/sdk/go/keycloak/authentication/subflow.go index 393604f0..181fbf85 100644 --- a/sdk/go/keycloak/authentication/subflow.go +++ b/sdk/go/keycloak/authentication/subflow.go @@ -52,6 +52,7 @@ import ( // ParentFlowAlias: flow.Alias, // ProviderId: pulumi.String("basic-flow"), // Requirement: pulumi.String("ALTERNATIVE"), +// Priority: pulumi.Int(10), // }) // if err != nil { // return err @@ -95,6 +96,8 @@ type Subflow struct { Description pulumi.StringPtrOutput `pulumi:"description"` // The alias for the parent authentication flow. ParentFlowAlias pulumi.StringOutput `pulumi:"parentFlowAlias"` + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority pulumi.IntPtrOutput `pulumi:"priority"` // The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` // and `client-flow`. Defaults to `basic-flow`. ProviderId pulumi.StringPtrOutput `pulumi:"providerId"` @@ -153,6 +156,8 @@ type subflowState struct { Description *string `pulumi:"description"` // The alias for the parent authentication flow. ParentFlowAlias *string `pulumi:"parentFlowAlias"` + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority *int `pulumi:"priority"` // The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` // and `client-flow`. Defaults to `basic-flow`. ProviderId *string `pulumi:"providerId"` @@ -173,6 +178,8 @@ type SubflowState struct { Description pulumi.StringPtrInput // The alias for the parent authentication flow. ParentFlowAlias pulumi.StringPtrInput + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority pulumi.IntPtrInput // The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` // and `client-flow`. Defaults to `basic-flow`. ProviderId pulumi.StringPtrInput @@ -197,6 +204,8 @@ type subflowArgs struct { Description *string `pulumi:"description"` // The alias for the parent authentication flow. ParentFlowAlias string `pulumi:"parentFlowAlias"` + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority *int `pulumi:"priority"` // The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` // and `client-flow`. Defaults to `basic-flow`. ProviderId *string `pulumi:"providerId"` @@ -218,6 +227,8 @@ type SubflowArgs struct { Description pulumi.StringPtrInput // The alias for the parent authentication flow. ParentFlowAlias pulumi.StringInput + // The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + Priority pulumi.IntPtrInput // The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` // and `client-flow`. Defaults to `basic-flow`. ProviderId pulumi.StringPtrInput @@ -336,6 +347,11 @@ func (o SubflowOutput) ParentFlowAlias() pulumi.StringOutput { return o.ApplyT(func(v *Subflow) pulumi.StringOutput { return v.ParentFlowAlias }).(pulumi.StringOutput) } +// The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). +func (o SubflowOutput) Priority() pulumi.IntPtrOutput { + return o.ApplyT(func(v *Subflow) pulumi.IntPtrOutput { return v.Priority }).(pulumi.IntPtrOutput) +} + // The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` // and `client-flow`. Defaults to `basic-flow`. func (o SubflowOutput) ProviderId() pulumi.StringPtrOutput { diff --git a/sdk/go/keycloak/customUserFederation.go b/sdk/go/keycloak/customUserFederation.go index 230dbef8..f3eb76f7 100644 --- a/sdk/go/keycloak/customUserFederation.go +++ b/sdk/go/keycloak/customUserFederation.go @@ -76,7 +76,7 @@ type CustomUserFederation struct { CachePolicy pulumi.StringPtrOutput `pulumi:"cachePolicy"` // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. ChangedSyncPeriod pulumi.IntPtrOutput `pulumi:"changedSyncPeriod"` - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + // The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. Config pulumi.StringMapOutput `pulumi:"config"` // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` @@ -134,7 +134,7 @@ type customUserFederationState struct { CachePolicy *string `pulumi:"cachePolicy"` // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. ChangedSyncPeriod *int `pulumi:"changedSyncPeriod"` - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + // The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. Config map[string]string `pulumi:"config"` // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. Enabled *bool `pulumi:"enabled"` @@ -157,7 +157,7 @@ type CustomUserFederationState struct { CachePolicy pulumi.StringPtrInput // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. ChangedSyncPeriod pulumi.IntPtrInput - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + // The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. Config pulumi.StringMapInput // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. Enabled pulumi.BoolPtrInput @@ -184,7 +184,7 @@ type customUserFederationArgs struct { CachePolicy *string `pulumi:"cachePolicy"` // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. ChangedSyncPeriod *int `pulumi:"changedSyncPeriod"` - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + // The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. Config map[string]string `pulumi:"config"` // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. Enabled *bool `pulumi:"enabled"` @@ -208,7 +208,7 @@ type CustomUserFederationArgs struct { CachePolicy pulumi.StringPtrInput // How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. ChangedSyncPeriod pulumi.IntPtrInput - // The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + // The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. Config pulumi.StringMapInput // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. Enabled pulumi.BoolPtrInput @@ -323,7 +323,7 @@ func (o CustomUserFederationOutput) ChangedSyncPeriod() pulumi.IntPtrOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.IntPtrOutput { return v.ChangedSyncPeriod }).(pulumi.IntPtrOutput) } -// The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. +// The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. func (o CustomUserFederationOutput) Config() pulumi.StringMapOutput { return o.ApplyT(func(v *CustomUserFederation) pulumi.StringMapOutput { return v.Config }).(pulumi.StringMapOutput) } diff --git a/sdk/go/keycloak/getAuthenticationExecution.go b/sdk/go/keycloak/getAuthenticationExecution.go index ab2ffb44..5a2cbff9 100644 --- a/sdk/go/keycloak/getAuthenticationExecution.go +++ b/sdk/go/keycloak/getAuthenticationExecution.go @@ -69,8 +69,10 @@ type GetAuthenticationExecutionResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` ParentFlowAlias string `pulumi:"parentFlowAlias"` - ProviderId string `pulumi:"providerId"` - RealmId string `pulumi:"realmId"` + // (Computed) The authenticator priority. + Priority int `pulumi:"priority"` + ProviderId string `pulumi:"providerId"` + RealmId string `pulumi:"realmId"` } func GetAuthenticationExecutionOutput(ctx *pulumi.Context, args GetAuthenticationExecutionOutputArgs, opts ...pulumi.InvokeOption) GetAuthenticationExecutionResultOutput { @@ -120,6 +122,11 @@ func (o GetAuthenticationExecutionResultOutput) ParentFlowAlias() pulumi.StringO return o.ApplyT(func(v GetAuthenticationExecutionResult) string { return v.ParentFlowAlias }).(pulumi.StringOutput) } +// (Computed) The authenticator priority. +func (o GetAuthenticationExecutionResultOutput) Priority() pulumi.IntOutput { + return o.ApplyT(func(v GetAuthenticationExecutionResult) int { return v.Priority }).(pulumi.IntOutput) +} + func (o GetAuthenticationExecutionResultOutput) ProviderId() pulumi.StringOutput { return o.ApplyT(func(v GetAuthenticationExecutionResult) string { return v.ProviderId }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/getClientDescriptionConverter.go b/sdk/go/keycloak/getClientDescriptionConverter.go index bf63e4e8..2f73b18f 100644 --- a/sdk/go/keycloak/getClientDescriptionConverter.go +++ b/sdk/go/keycloak/getClientDescriptionConverter.go @@ -11,7 +11,7 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak +// This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak // client. This data can then be used to manage the client within Keycloak. // // ## Example Usage diff --git a/sdk/go/keycloak/group.go b/sdk/go/keycloak/group.go index c648a57f..a6f5098b 100644 --- a/sdk/go/keycloak/group.go +++ b/sdk/go/keycloak/group.go @@ -92,7 +92,7 @@ import ( type Group struct { pulumi.CustomResourceState - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + // A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars Attributes pulumi.StringMapOutput `pulumi:"attributes"` // The name of the group. Name pulumi.StringOutput `pulumi:"name"` @@ -137,7 +137,7 @@ func GetGroup(ctx *pulumi.Context, // Input properties used for looking up and filtering Group resources. type groupState struct { - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + // A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars Attributes map[string]string `pulumi:"attributes"` // The name of the group. Name *string `pulumi:"name"` @@ -150,7 +150,7 @@ type groupState struct { } type GroupState struct { - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + // A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars Attributes pulumi.StringMapInput // The name of the group. Name pulumi.StringPtrInput @@ -167,7 +167,7 @@ func (GroupState) ElementType() reflect.Type { } type groupArgs struct { - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + // A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars Attributes map[string]string `pulumi:"attributes"` // The name of the group. Name *string `pulumi:"name"` @@ -179,7 +179,7 @@ type groupArgs struct { // The set of arguments for constructing a Group resource. type GroupArgs struct { - // A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + // A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars Attributes pulumi.StringMapInput // The name of the group. Name pulumi.StringPtrInput @@ -276,7 +276,7 @@ func (o GroupOutput) ToGroupOutputWithContext(ctx context.Context) GroupOutput { return o } -// A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars +// A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars func (o GroupOutput) Attributes() pulumi.StringMapOutput { return o.ApplyT(func(v *Group) pulumi.StringMapOutput { return v.Attributes }).(pulumi.StringMapOutput) } diff --git a/sdk/go/keycloak/groupMemberships.go b/sdk/go/keycloak/groupMemberships.go index 48ee47ec..07d8b55b 100644 --- a/sdk/go/keycloak/groupMemberships.go +++ b/sdk/go/keycloak/groupMemberships.go @@ -85,7 +85,7 @@ import ( // // as if it did not already exist on the server. // -// [1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships +// [1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships type GroupMemberships struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/ldap/groupMapper.go b/sdk/go/keycloak/ldap/groupMapper.go index 863bfb16..77b0aaba 100644 --- a/sdk/go/keycloak/ldap/groupMapper.go +++ b/sdk/go/keycloak/ldap/groupMapper.go @@ -102,7 +102,7 @@ type GroupMapper struct { GroupNameLdapAttribute pulumi.StringOutput `pulumi:"groupNameLdapAttribute"` // List of strings representing the object classes for the group. Must contain at least one. GroupObjectClasses pulumi.StringArrayOutput `pulumi:"groupObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. GroupsLdapFilter pulumi.StringPtrOutput `pulumi:"groupsLdapFilter"` // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. GroupsPath pulumi.StringOutput `pulumi:"groupsPath"` @@ -191,7 +191,7 @@ type groupMapperState struct { GroupNameLdapAttribute *string `pulumi:"groupNameLdapAttribute"` // List of strings representing the object classes for the group. Must contain at least one. GroupObjectClasses []string `pulumi:"groupObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. GroupsLdapFilter *string `pulumi:"groupsLdapFilter"` // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. GroupsPath *string `pulumi:"groupsPath"` @@ -230,7 +230,7 @@ type GroupMapperState struct { GroupNameLdapAttribute pulumi.StringPtrInput // List of strings representing the object classes for the group. Must contain at least one. GroupObjectClasses pulumi.StringArrayInput - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. GroupsLdapFilter pulumi.StringPtrInput // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. GroupsPath pulumi.StringPtrInput @@ -273,7 +273,7 @@ type groupMapperArgs struct { GroupNameLdapAttribute string `pulumi:"groupNameLdapAttribute"` // List of strings representing the object classes for the group. Must contain at least one. GroupObjectClasses []string `pulumi:"groupObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. GroupsLdapFilter *string `pulumi:"groupsLdapFilter"` // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. GroupsPath *string `pulumi:"groupsPath"` @@ -313,7 +313,7 @@ type GroupMapperArgs struct { GroupNameLdapAttribute pulumi.StringInput // List of strings representing the object classes for the group. Must contain at least one. GroupObjectClasses pulumi.StringArrayInput - // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. GroupsLdapFilter pulumi.StringPtrInput // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. GroupsPath pulumi.StringPtrInput @@ -447,7 +447,7 @@ func (o GroupMapperOutput) GroupObjectClasses() pulumi.StringArrayOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringArrayOutput { return v.GroupObjectClasses }).(pulumi.StringArrayOutput) } -// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. +// When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. func (o GroupMapperOutput) GroupsLdapFilter() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupMapper) pulumi.StringPtrOutput { return v.GroupsLdapFilter }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/keycloak/ldap/roleMapper.go b/sdk/go/keycloak/ldap/roleMapper.go index eacc1bec..1d765e70 100644 --- a/sdk/go/keycloak/ldap/roleMapper.go +++ b/sdk/go/keycloak/ldap/roleMapper.go @@ -120,7 +120,7 @@ type RoleMapper struct { RoleNameLdapAttribute pulumi.StringOutput `pulumi:"roleNameLdapAttribute"` // List of strings representing the object classes for the role. Must contain at least one. RoleObjectClasses pulumi.StringArrayOutput `pulumi:"roleObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. RolesLdapFilter pulumi.StringPtrOutput `pulumi:"rolesLdapFilter"` // When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. UseRealmRolesMapping pulumi.BoolPtrOutput `pulumi:"useRealmRolesMapping"` @@ -203,7 +203,7 @@ type roleMapperState struct { RoleNameLdapAttribute *string `pulumi:"roleNameLdapAttribute"` // List of strings representing the object classes for the role. Must contain at least one. RoleObjectClasses []string `pulumi:"roleObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. RolesLdapFilter *string `pulumi:"rolesLdapFilter"` // When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. UseRealmRolesMapping *bool `pulumi:"useRealmRolesMapping"` @@ -236,7 +236,7 @@ type RoleMapperState struct { RoleNameLdapAttribute pulumi.StringPtrInput // List of strings representing the object classes for the role. Must contain at least one. RoleObjectClasses pulumi.StringArrayInput - // When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. RolesLdapFilter pulumi.StringPtrInput // When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. UseRealmRolesMapping pulumi.BoolPtrInput @@ -273,7 +273,7 @@ type roleMapperArgs struct { RoleNameLdapAttribute string `pulumi:"roleNameLdapAttribute"` // List of strings representing the object classes for the role. Must contain at least one. RoleObjectClasses []string `pulumi:"roleObjectClasses"` - // When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. RolesLdapFilter *string `pulumi:"rolesLdapFilter"` // When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. UseRealmRolesMapping *bool `pulumi:"useRealmRolesMapping"` @@ -307,7 +307,7 @@ type RoleMapperArgs struct { RoleNameLdapAttribute pulumi.StringInput // List of strings representing the object classes for the role. Must contain at least one. RoleObjectClasses pulumi.StringArrayInput - // When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + // When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. RolesLdapFilter pulumi.StringPtrInput // When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. UseRealmRolesMapping pulumi.BoolPtrInput @@ -462,7 +462,7 @@ func (o RoleMapperOutput) RoleObjectClasses() pulumi.StringArrayOutput { return o.ApplyT(func(v *RoleMapper) pulumi.StringArrayOutput { return v.RoleObjectClasses }).(pulumi.StringArrayOutput) } -// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. +// When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. func (o RoleMapperOutput) RolesLdapFilter() pulumi.StringPtrOutput { return o.ApplyT(func(v *RoleMapper) pulumi.StringPtrOutput { return v.RolesLdapFilter }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/keycloak/ldap/userAttributeMapper.go b/sdk/go/keycloak/ldap/userAttributeMapper.go index 7f45b6af..bfc412f1 100644 --- a/sdk/go/keycloak/ldap/userAttributeMapper.go +++ b/sdk/go/keycloak/ldap/userAttributeMapper.go @@ -94,6 +94,8 @@ type UserAttributeMapper struct { AlwaysReadValueFromLdap pulumi.BoolPtrOutput `pulumi:"alwaysReadValueFromLdap"` // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. AttributeDefaultValue pulumi.StringPtrOutput `pulumi:"attributeDefaultValue"` + // When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + AttributeForceDefault pulumi.BoolPtrOutput `pulumi:"attributeForceDefault"` // Should be true for binary LDAP attributes. IsBinaryAttribute pulumi.BoolPtrOutput `pulumi:"isBinaryAttribute"` // When `true`, this attribute must exist in LDAP. Defaults to `false`. @@ -158,6 +160,8 @@ type userAttributeMapperState struct { AlwaysReadValueFromLdap *bool `pulumi:"alwaysReadValueFromLdap"` // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. AttributeDefaultValue *string `pulumi:"attributeDefaultValue"` + // When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + AttributeForceDefault *bool `pulumi:"attributeForceDefault"` // Should be true for binary LDAP attributes. IsBinaryAttribute *bool `pulumi:"isBinaryAttribute"` // When `true`, this attribute must exist in LDAP. Defaults to `false`. @@ -181,6 +185,8 @@ type UserAttributeMapperState struct { AlwaysReadValueFromLdap pulumi.BoolPtrInput // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. AttributeDefaultValue pulumi.StringPtrInput + // When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + AttributeForceDefault pulumi.BoolPtrInput // Should be true for binary LDAP attributes. IsBinaryAttribute pulumi.BoolPtrInput // When `true`, this attribute must exist in LDAP. Defaults to `false`. @@ -208,6 +214,8 @@ type userAttributeMapperArgs struct { AlwaysReadValueFromLdap *bool `pulumi:"alwaysReadValueFromLdap"` // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. AttributeDefaultValue *string `pulumi:"attributeDefaultValue"` + // When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + AttributeForceDefault *bool `pulumi:"attributeForceDefault"` // Should be true for binary LDAP attributes. IsBinaryAttribute *bool `pulumi:"isBinaryAttribute"` // When `true`, this attribute must exist in LDAP. Defaults to `false`. @@ -232,6 +240,8 @@ type UserAttributeMapperArgs struct { AlwaysReadValueFromLdap pulumi.BoolPtrInput // Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. AttributeDefaultValue pulumi.StringPtrInput + // When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + AttributeForceDefault pulumi.BoolPtrInput // Should be true for binary LDAP attributes. IsBinaryAttribute pulumi.BoolPtrInput // When `true`, this attribute must exist in LDAP. Defaults to `false`. @@ -347,6 +357,11 @@ func (o UserAttributeMapperOutput) AttributeDefaultValue() pulumi.StringPtrOutpu return o.ApplyT(func(v *UserAttributeMapper) pulumi.StringPtrOutput { return v.AttributeDefaultValue }).(pulumi.StringPtrOutput) } +// When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. +func (o UserAttributeMapperOutput) AttributeForceDefault() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *UserAttributeMapper) pulumi.BoolPtrOutput { return v.AttributeForceDefault }).(pulumi.BoolPtrOutput) +} + // Should be true for binary LDAP attributes. func (o UserAttributeMapperOutput) IsBinaryAttribute() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserAttributeMapper) pulumi.BoolPtrOutput { return v.IsBinaryAttribute }).(pulumi.BoolPtrOutput) diff --git a/sdk/go/keycloak/oidc/googleIdentityProvider.go b/sdk/go/keycloak/oidc/googleIdentityProvider.go index 7a98137e..a76f26f9 100644 --- a/sdk/go/keycloak/oidc/googleIdentityProvider.go +++ b/sdk/go/keycloak/oidc/googleIdentityProvider.go @@ -103,7 +103,7 @@ type GoogleIdentityProvider struct { HostedDomain pulumi.StringPtrOutput `pulumi:"hostedDomain"` // (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. InternalId pulumi.StringOutput `pulumi:"internalId"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"` // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"` @@ -200,7 +200,7 @@ type googleIdentityProviderState struct { HostedDomain *string `pulumi:"hostedDomain"` // (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. InternalId *string `pulumi:"internalId"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly *bool `pulumi:"linkOnly"` // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias *string `pulumi:"postBrokerLoginFlowAlias"` @@ -252,7 +252,7 @@ type GoogleIdentityProviderState struct { HostedDomain pulumi.StringPtrInput // (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. InternalId pulumi.StringPtrInput - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrInput @@ -302,7 +302,7 @@ type googleIdentityProviderArgs struct { HideOnLoginPage *bool `pulumi:"hideOnLoginPage"` // Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. HostedDomain *string `pulumi:"hostedDomain"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly *bool `pulumi:"linkOnly"` // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias *string `pulumi:"postBrokerLoginFlowAlias"` @@ -349,7 +349,7 @@ type GoogleIdentityProviderArgs struct { HideOnLoginPage pulumi.BoolPtrInput // Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. HostedDomain pulumi.StringPtrInput - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrInput @@ -535,7 +535,7 @@ func (o GoogleIdentityProviderOutput) InternalId() pulumi.StringOutput { return o.ApplyT(func(v *GoogleIdentityProvider) pulumi.StringOutput { return v.InternalId }).(pulumi.StringOutput) } -// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. +// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. func (o GoogleIdentityProviderOutput) LinkOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GoogleIdentityProvider) pulumi.BoolPtrOutput { return v.LinkOnly }).(pulumi.BoolPtrOutput) } diff --git a/sdk/go/keycloak/oidc/identityProvider.go b/sdk/go/keycloak/oidc/identityProvider.go index 14ac6feb..ddf15c6e 100644 --- a/sdk/go/keycloak/oidc/identityProvider.go +++ b/sdk/go/keycloak/oidc/identityProvider.go @@ -76,7 +76,7 @@ type IdentityProvider struct { AcceptsPromptNoneForwardFromClient pulumi.BoolPtrOutput `pulumi:"acceptsPromptNoneForwardFromClient"` // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrOutput `pulumi:"addReadTokenRoleOnCreate"` - // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + // The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. Alias pulumi.StringOutput `pulumi:"alias"` // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrOutput `pulumi:"authenticateByDefault"` @@ -109,11 +109,11 @@ type IdentityProvider struct { Issuer pulumi.StringPtrOutput `pulumi:"issuer"` // JSON Web Key Set URL. JwksUrl pulumi.StringPtrOutput `pulumi:"jwksUrl"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"` // Pass login hint to identity provider. LoginHint pulumi.StringPtrOutput `pulumi:"loginHint"` - // The Logout URL is the end session endpoint to use to logout user from external identity provider. + // The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. LogoutUrl pulumi.StringPtrOutput `pulumi:"logoutUrl"` // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"` @@ -196,7 +196,7 @@ type identityProviderState struct { AcceptsPromptNoneForwardFromClient *bool `pulumi:"acceptsPromptNoneForwardFromClient"` // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate *bool `pulumi:"addReadTokenRoleOnCreate"` - // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + // The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. Alias *string `pulumi:"alias"` // Enable/disable authenticate users by default. AuthenticateByDefault *bool `pulumi:"authenticateByDefault"` @@ -229,11 +229,11 @@ type identityProviderState struct { Issuer *string `pulumi:"issuer"` // JSON Web Key Set URL. JwksUrl *string `pulumi:"jwksUrl"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly *bool `pulumi:"linkOnly"` // Pass login hint to identity provider. LoginHint *string `pulumi:"loginHint"` - // The Logout URL is the end session endpoint to use to logout user from external identity provider. + // The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. LogoutUrl *string `pulumi:"logoutUrl"` // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias *string `pulumi:"postBrokerLoginFlowAlias"` @@ -262,7 +262,7 @@ type IdentityProviderState struct { AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrInput - // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + // The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. Alias pulumi.StringPtrInput // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrInput @@ -295,11 +295,11 @@ type IdentityProviderState struct { Issuer pulumi.StringPtrInput // JSON Web Key Set URL. JwksUrl pulumi.StringPtrInput - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // Pass login hint to identity provider. LoginHint pulumi.StringPtrInput - // The Logout URL is the end session endpoint to use to logout user from external identity provider. + // The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. LogoutUrl pulumi.StringPtrInput // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrInput @@ -332,7 +332,7 @@ type identityProviderArgs struct { AcceptsPromptNoneForwardFromClient *bool `pulumi:"acceptsPromptNoneForwardFromClient"` // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate *bool `pulumi:"addReadTokenRoleOnCreate"` - // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + // The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. Alias string `pulumi:"alias"` // Enable/disable authenticate users by default. AuthenticateByDefault *bool `pulumi:"authenticateByDefault"` @@ -363,11 +363,11 @@ type identityProviderArgs struct { Issuer *string `pulumi:"issuer"` // JSON Web Key Set URL. JwksUrl *string `pulumi:"jwksUrl"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly *bool `pulumi:"linkOnly"` // Pass login hint to identity provider. LoginHint *string `pulumi:"loginHint"` - // The Logout URL is the end session endpoint to use to logout user from external identity provider. + // The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. LogoutUrl *string `pulumi:"logoutUrl"` // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias *string `pulumi:"postBrokerLoginFlowAlias"` @@ -397,7 +397,7 @@ type IdentityProviderArgs struct { AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrInput - // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + // The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. Alias pulumi.StringInput // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrInput @@ -428,11 +428,11 @@ type IdentityProviderArgs struct { Issuer pulumi.StringPtrInput // JSON Web Key Set URL. JwksUrl pulumi.StringPtrInput - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // Pass login hint to identity provider. LoginHint pulumi.StringPtrInput - // The Logout URL is the end session endpoint to use to logout user from external identity provider. + // The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. LogoutUrl pulumi.StringPtrInput // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrInput @@ -553,7 +553,7 @@ func (o IdentityProviderOutput) AddReadTokenRoleOnCreate() pulumi.BoolPtrOutput return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.AddReadTokenRoleOnCreate }).(pulumi.BoolPtrOutput) } -// The alias uniquely identifies an identity provider and it is also used to build the redirect uri. +// The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. func (o IdentityProviderOutput) Alias() pulumi.StringOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringOutput { return v.Alias }).(pulumi.StringOutput) } @@ -637,7 +637,7 @@ func (o IdentityProviderOutput) JwksUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.JwksUrl }).(pulumi.StringPtrOutput) } -// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. +// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. func (o IdentityProviderOutput) LinkOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.LinkOnly }).(pulumi.BoolPtrOutput) } @@ -647,7 +647,7 @@ func (o IdentityProviderOutput) LoginHint() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.LoginHint }).(pulumi.StringPtrOutput) } -// The Logout URL is the end session endpoint to use to logout user from external identity provider. +// The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. func (o IdentityProviderOutput) LogoutUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringPtrOutput { return v.LogoutUrl }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/keycloak/openid/audienceProtocolMapper.go b/sdk/go/keycloak/openid/audienceProtocolMapper.go index a11d116b..b6fc5859 100644 --- a/sdk/go/keycloak/openid/audienceProtocolMapper.go +++ b/sdk/go/keycloak/openid/audienceProtocolMapper.go @@ -14,7 +14,7 @@ import ( // Allows for creating and managing audience protocol mappers within Keycloak. // -// Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom +// Audience protocol mappers allow you to add audiences to the `aud` claim within issued tokens. The audience can be a custom // string, or it can be mapped to the ID of a pre-existing client. // // ## Example Usage diff --git a/sdk/go/keycloak/openid/client.go b/sdk/go/keycloak/openid/client.go index 5b2ebb7f..f4d1fa68 100644 --- a/sdk/go/keycloak/openid/client.go +++ b/sdk/go/keycloak/openid/client.go @@ -180,7 +180,7 @@ type Client struct { // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` // is set to `true`. ValidRedirectUris pulumi.StringArrayOutput `pulumi:"validRedirectUris"` - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. WebOrigins pulumi.StringArrayOutput `pulumi:"webOrigins"` } @@ -330,7 +330,7 @@ type clientState struct { // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` // is set to `true`. ValidRedirectUris []string `pulumi:"validRedirectUris"` - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. WebOrigins []string `pulumi:"webOrigins"` } @@ -435,7 +435,7 @@ type ClientState struct { // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` // is set to `true`. ValidRedirectUris pulumi.StringArrayInput - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. WebOrigins pulumi.StringArrayInput } @@ -540,7 +540,7 @@ type clientArgs struct { // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` // is set to `true`. ValidRedirectUris []string `pulumi:"validRedirectUris"` - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. WebOrigins []string `pulumi:"webOrigins"` } @@ -642,7 +642,7 @@ type ClientArgs struct { // wildcards in the form of an asterisk can be used here. This attribute must be set if either `standardFlowEnabled` or `implicitFlowEnabled` // is set to `true`. ValidRedirectUris pulumi.StringArrayInput - // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + // A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. WebOrigins pulumi.StringArrayInput } @@ -970,7 +970,7 @@ func (o ClientOutput) ValidRedirectUris() pulumi.StringArrayOutput { return o.ApplyT(func(v *Client) pulumi.StringArrayOutput { return v.ValidRedirectUris }).(pulumi.StringArrayOutput) } -// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." +// A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. func (o ClientOutput) WebOrigins() pulumi.StringArrayOutput { return o.ApplyT(func(v *Client) pulumi.StringArrayOutput { return v.WebOrigins }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/keycloak/openid/userPropertyProtocolMapper.go b/sdk/go/keycloak/openid/userPropertyProtocolMapper.go index 60cd3840..99cb2365 100644 --- a/sdk/go/keycloak/openid/userPropertyProtocolMapper.go +++ b/sdk/go/keycloak/openid/userPropertyProtocolMapper.go @@ -158,7 +158,7 @@ type UserPropertyProtocolMapper struct { Name pulumi.StringOutput `pulumi:"name"` // The realm this protocol mapper exists within. RealmId pulumi.StringOutput `pulumi:"realmId"` - // The built in user property (such as email) to map a claim for. + // The built-in user property (such as email) to map a claim for. UserProperty pulumi.StringOutput `pulumi:"userProperty"` } @@ -219,7 +219,7 @@ type userPropertyProtocolMapperState struct { Name *string `pulumi:"name"` // The realm this protocol mapper exists within. RealmId *string `pulumi:"realmId"` - // The built in user property (such as email) to map a claim for. + // The built-in user property (such as email) to map a claim for. UserProperty *string `pulumi:"userProperty"` } @@ -242,7 +242,7 @@ type UserPropertyProtocolMapperState struct { Name pulumi.StringPtrInput // The realm this protocol mapper exists within. RealmId pulumi.StringPtrInput - // The built in user property (such as email) to map a claim for. + // The built-in user property (such as email) to map a claim for. UserProperty pulumi.StringPtrInput } @@ -269,7 +269,7 @@ type userPropertyProtocolMapperArgs struct { Name *string `pulumi:"name"` // The realm this protocol mapper exists within. RealmId string `pulumi:"realmId"` - // The built in user property (such as email) to map a claim for. + // The built-in user property (such as email) to map a claim for. UserProperty string `pulumi:"userProperty"` } @@ -293,7 +293,7 @@ type UserPropertyProtocolMapperArgs struct { Name pulumi.StringPtrInput // The realm this protocol mapper exists within. RealmId pulumi.StringInput - // The built in user property (such as email) to map a claim for. + // The built-in user property (such as email) to map a claim for. UserProperty pulumi.StringInput } @@ -429,7 +429,7 @@ func (o UserPropertyProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// The built in user property (such as email) to map a claim for. +// The built-in user property (such as email) to map a claim for. func (o UserPropertyProtocolMapperOutput) UserProperty() pulumi.StringOutput { return o.ApplyT(func(v *UserPropertyProtocolMapper) pulumi.StringOutput { return v.UserProperty }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go b/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go index 418fe6f2..a7661b7c 100644 --- a/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go +++ b/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go @@ -157,7 +157,7 @@ type UserSessionNoteProtocolMapper struct { Name pulumi.StringOutput `pulumi:"name"` // The realm this protocol mapper exists within. RealmId pulumi.StringOutput `pulumi:"realmId"` - // String value being the name of stored user session note within the UserSessionModel.note map. + // String value being the name of stored user session note within the `UserSessionModel.note` map. SessionNote pulumi.StringPtrOutput `pulumi:"sessionNote"` } @@ -213,7 +213,7 @@ type userSessionNoteProtocolMapperState struct { Name *string `pulumi:"name"` // The realm this protocol mapper exists within. RealmId *string `pulumi:"realmId"` - // String value being the name of stored user session note within the UserSessionModel.note map. + // String value being the name of stored user session note within the `UserSessionModel.note` map. SessionNote *string `pulumi:"sessionNote"` } @@ -234,7 +234,7 @@ type UserSessionNoteProtocolMapperState struct { Name pulumi.StringPtrInput // The realm this protocol mapper exists within. RealmId pulumi.StringPtrInput - // String value being the name of stored user session note within the UserSessionModel.note map. + // String value being the name of stored user session note within the `UserSessionModel.note` map. SessionNote pulumi.StringPtrInput } @@ -259,7 +259,7 @@ type userSessionNoteProtocolMapperArgs struct { Name *string `pulumi:"name"` // The realm this protocol mapper exists within. RealmId string `pulumi:"realmId"` - // String value being the name of stored user session note within the UserSessionModel.note map. + // String value being the name of stored user session note within the `UserSessionModel.note` map. SessionNote *string `pulumi:"sessionNote"` } @@ -281,7 +281,7 @@ type UserSessionNoteProtocolMapperArgs struct { Name pulumi.StringPtrInput // The realm this protocol mapper exists within. RealmId pulumi.StringInput - // String value being the name of stored user session note within the UserSessionModel.note map. + // String value being the name of stored user session note within the `UserSessionModel.note` map. SessionNote pulumi.StringPtrInput } @@ -412,7 +412,7 @@ func (o UserSessionNoteProtocolMapperOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *UserSessionNoteProtocolMapper) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } -// String value being the name of stored user session note within the UserSessionModel.note map. +// String value being the name of stored user session note within the `UserSessionModel.note` map. func (o UserSessionNoteProtocolMapperOutput) SessionNote() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserSessionNoteProtocolMapper) pulumi.StringPtrOutput { return v.SessionNote }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/keycloak/pulumiTypes.go b/sdk/go/keycloak/pulumiTypes.go index 90806b63..f2323ae2 100644 --- a/sdk/go/keycloak/pulumiTypes.go +++ b/sdk/go/keycloak/pulumiTypes.go @@ -2900,7 +2900,7 @@ type RealmWebAuthnPasswordlessPolicy struct { AvoidSameAuthenticatorRegister *bool `pulumi:"avoidSameAuthenticatorRegister"` // The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. CreateTimeout *int `pulumi:"createTimeout"` - // A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + // A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. RelyingPartyEntityName *string `pulumi:"relyingPartyEntityName"` // The WebAuthn relying party ID. RelyingPartyId *string `pulumi:"relyingPartyId"` @@ -2934,7 +2934,7 @@ type RealmWebAuthnPasswordlessPolicyArgs struct { AvoidSameAuthenticatorRegister pulumi.BoolPtrInput `pulumi:"avoidSameAuthenticatorRegister"` // The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. CreateTimeout pulumi.IntPtrInput `pulumi:"createTimeout"` - // A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + // A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. RelyingPartyEntityName pulumi.StringPtrInput `pulumi:"relyingPartyEntityName"` // The WebAuthn relying party ID. RelyingPartyId pulumi.StringPtrInput `pulumi:"relyingPartyId"` @@ -3048,7 +3048,7 @@ func (o RealmWebAuthnPasswordlessPolicyOutput) CreateTimeout() pulumi.IntPtrOutp return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *int { return v.CreateTimeout }).(pulumi.IntPtrOutput) } -// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. +// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. func (o RealmWebAuthnPasswordlessPolicyOutput) RelyingPartyEntityName() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPasswordlessPolicy) *string { return v.RelyingPartyEntityName }).(pulumi.StringPtrOutput) } @@ -3147,7 +3147,7 @@ func (o RealmWebAuthnPasswordlessPolicyPtrOutput) CreateTimeout() pulumi.IntPtrO }).(pulumi.IntPtrOutput) } -// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. +// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. func (o RealmWebAuthnPasswordlessPolicyPtrOutput) RelyingPartyEntityName() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPasswordlessPolicy) *string { if v == nil { @@ -3208,7 +3208,7 @@ type RealmWebAuthnPolicy struct { AvoidSameAuthenticatorRegister *bool `pulumi:"avoidSameAuthenticatorRegister"` // The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. CreateTimeout *int `pulumi:"createTimeout"` - // A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + // A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. RelyingPartyEntityName *string `pulumi:"relyingPartyEntityName"` // The WebAuthn relying party ID. RelyingPartyId *string `pulumi:"relyingPartyId"` @@ -3242,7 +3242,7 @@ type RealmWebAuthnPolicyArgs struct { AvoidSameAuthenticatorRegister pulumi.BoolPtrInput `pulumi:"avoidSameAuthenticatorRegister"` // The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. CreateTimeout pulumi.IntPtrInput `pulumi:"createTimeout"` - // A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + // A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. RelyingPartyEntityName pulumi.StringPtrInput `pulumi:"relyingPartyEntityName"` // The WebAuthn relying party ID. RelyingPartyId pulumi.StringPtrInput `pulumi:"relyingPartyId"` @@ -3356,7 +3356,7 @@ func (o RealmWebAuthnPolicyOutput) CreateTimeout() pulumi.IntPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *int { return v.CreateTimeout }).(pulumi.IntPtrOutput) } -// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. +// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. func (o RealmWebAuthnPolicyOutput) RelyingPartyEntityName() pulumi.StringPtrOutput { return o.ApplyT(func(v RealmWebAuthnPolicy) *string { return v.RelyingPartyEntityName }).(pulumi.StringPtrOutput) } @@ -3455,7 +3455,7 @@ func (o RealmWebAuthnPolicyPtrOutput) CreateTimeout() pulumi.IntPtrOutput { }).(pulumi.IntPtrOutput) } -// A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. +// A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. func (o RealmWebAuthnPolicyPtrOutput) RelyingPartyEntityName() pulumi.StringPtrOutput { return o.ApplyT(func(v *RealmWebAuthnPolicy) *string { if v == nil { @@ -3510,7 +3510,7 @@ type UserFederatedIdentity struct { IdentityProvider string `pulumi:"identityProvider"` // The ID of the user defined in the identity provider UserId string `pulumi:"userId"` - // The user name of the user defined in the identity provider + // The username of the user defined in the identity provider UserName string `pulumi:"userName"` } @@ -3530,7 +3530,7 @@ type UserFederatedIdentityArgs struct { IdentityProvider pulumi.StringInput `pulumi:"identityProvider"` // The ID of the user defined in the identity provider UserId pulumi.StringInput `pulumi:"userId"` - // The user name of the user defined in the identity provider + // The username of the user defined in the identity provider UserName pulumi.StringInput `pulumi:"userName"` } @@ -3595,7 +3595,7 @@ func (o UserFederatedIdentityOutput) UserId() pulumi.StringOutput { return o.ApplyT(func(v UserFederatedIdentity) string { return v.UserId }).(pulumi.StringOutput) } -// The user name of the user defined in the identity provider +// The username of the user defined in the identity provider func (o UserFederatedIdentityOutput) UserName() pulumi.StringOutput { return o.ApplyT(func(v UserFederatedIdentity) string { return v.UserName }).(pulumi.StringOutput) } diff --git a/sdk/go/keycloak/realm.go b/sdk/go/keycloak/realm.go index a8532d52..5f75a9db 100644 --- a/sdk/go/keycloak/realm.go +++ b/sdk/go/keycloak/realm.go @@ -99,8 +99,8 @@ import ( // // ## Default Client Scopes // -// - `defaultDefaultClientScopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. -// - `defaultOptionalClientScopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. +// - `defaultDefaultClientScopes` - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`. +// - `defaultOptionalClientScopes` - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`. // // ## Import // diff --git a/sdk/go/keycloak/realmUserProfile.go b/sdk/go/keycloak/realmUserProfile.go index b5a9480d..89b0078c 100644 --- a/sdk/go/keycloak/realmUserProfile.go +++ b/sdk/go/keycloak/realmUserProfile.go @@ -15,11 +15,8 @@ import ( // Allows for managing Realm User Profiles within Keycloak. // // A user profile defines a schema for representing user attributes and how they are managed within a realm. -// This is a preview feature, hence not fully supported and disabled by default. -// To enable it, start the server with one of the following flags: -// - WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled` -// - Quarkus distribution: `--features=preview` or `--features=declarative-user-profile` // +// Information for Keycloak versions < 24: // The realm linked to the `RealmUserProfile` resource must have the user profile feature enabled. // It can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`. // @@ -41,9 +38,6 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ // Realm: pulumi.String("my-realm"), -// Attributes: pulumi.StringMap{ -// "userProfileEnabled": pulumi.String("true"), -// }, // }) // if err != nil { // return err @@ -70,7 +64,8 @@ import ( // } // json2 := string(tmpJSON2) // _, err = keycloak.NewRealmUserProfile(ctx, "userprofile", &keycloak.RealmUserProfileArgs{ -// RealmId: pulumi.Any(myRealm.Id), +// RealmId: pulumi.Any(myRealm.Id), +// UnmanagedAttributePolicy: pulumi.String("ENABLED"), // Attributes: keycloak.RealmUserProfileAttributeArray{ // &keycloak.RealmUserProfileAttributeArgs{ // Name: pulumi.String("field1"), @@ -162,6 +157,8 @@ type RealmUserProfile struct { Groups RealmUserProfileGroupArrayOutput `pulumi:"groups"` // The ID of the realm the user profile applies to. RealmId pulumi.StringOutput `pulumi:"realmId"` + // Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + UnmanagedAttributePolicy pulumi.StringPtrOutput `pulumi:"unmanagedAttributePolicy"` } // NewRealmUserProfile registers a new resource with the given unique name, arguments, and options. @@ -203,6 +200,8 @@ type realmUserProfileState struct { Groups []RealmUserProfileGroup `pulumi:"groups"` // The ID of the realm the user profile applies to. RealmId *string `pulumi:"realmId"` + // Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + UnmanagedAttributePolicy *string `pulumi:"unmanagedAttributePolicy"` } type RealmUserProfileState struct { @@ -212,6 +211,8 @@ type RealmUserProfileState struct { Groups RealmUserProfileGroupArrayInput // The ID of the realm the user profile applies to. RealmId pulumi.StringPtrInput + // Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + UnmanagedAttributePolicy pulumi.StringPtrInput } func (RealmUserProfileState) ElementType() reflect.Type { @@ -225,6 +226,8 @@ type realmUserProfileArgs struct { Groups []RealmUserProfileGroup `pulumi:"groups"` // The ID of the realm the user profile applies to. RealmId string `pulumi:"realmId"` + // Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + UnmanagedAttributePolicy *string `pulumi:"unmanagedAttributePolicy"` } // The set of arguments for constructing a RealmUserProfile resource. @@ -235,6 +238,8 @@ type RealmUserProfileArgs struct { Groups RealmUserProfileGroupArrayInput // The ID of the realm the user profile applies to. RealmId pulumi.StringInput + // Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + UnmanagedAttributePolicy pulumi.StringPtrInput } func (RealmUserProfileArgs) ElementType() reflect.Type { @@ -339,6 +344,11 @@ func (o RealmUserProfileOutput) RealmId() pulumi.StringOutput { return o.ApplyT(func(v *RealmUserProfile) pulumi.StringOutput { return v.RealmId }).(pulumi.StringOutput) } +// Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` +func (o RealmUserProfileOutput) UnmanagedAttributePolicy() pulumi.StringPtrOutput { + return o.ApplyT(func(v *RealmUserProfile) pulumi.StringPtrOutput { return v.UnmanagedAttributePolicy }).(pulumi.StringPtrOutput) +} + type RealmUserProfileArrayOutput struct{ *pulumi.OutputState } func (RealmUserProfileArrayOutput) ElementType() reflect.Type { diff --git a/sdk/go/keycloak/role.go b/sdk/go/keycloak/role.go index e2ad3941..381f5ac5 100644 --- a/sdk/go/keycloak/role.go +++ b/sdk/go/keycloak/role.go @@ -14,7 +14,7 @@ import ( // Allows for creating and managing roles within Keycloak. // -// Roles allow you define privileges within Keycloak and map them to users and groups. +// Roles allow you to define privileges within Keycloak and map them to users and groups. // // ## Example Usage // @@ -245,7 +245,9 @@ type Role struct { // When specified, this role will be a composite role, composed of all roles that have an ID present within this list. CompositeRoles pulumi.StringArrayOutput `pulumi:"compositeRoles"` // The description of the role - Description pulumi.StringPtrOutput `pulumi:"description"` + Description pulumi.StringOutput `pulumi:"description"` + // When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + Import pulumi.BoolPtrOutput `pulumi:"import"` // The name of the role Name pulumi.StringOutput `pulumi:"name"` // The realm this role exists within. @@ -293,6 +295,8 @@ type roleState struct { CompositeRoles []string `pulumi:"compositeRoles"` // The description of the role Description *string `pulumi:"description"` + // When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + Import *bool `pulumi:"import"` // The name of the role Name *string `pulumi:"name"` // The realm this role exists within. @@ -308,6 +312,8 @@ type RoleState struct { CompositeRoles pulumi.StringArrayInput // The description of the role Description pulumi.StringPtrInput + // When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + Import pulumi.BoolPtrInput // The name of the role Name pulumi.StringPtrInput // The realm this role exists within. @@ -327,6 +333,8 @@ type roleArgs struct { CompositeRoles []string `pulumi:"compositeRoles"` // The description of the role Description *string `pulumi:"description"` + // When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + Import *bool `pulumi:"import"` // The name of the role Name *string `pulumi:"name"` // The realm this role exists within. @@ -343,6 +351,8 @@ type RoleArgs struct { CompositeRoles pulumi.StringArrayInput // The description of the role Description pulumi.StringPtrInput + // When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + Import pulumi.BoolPtrInput // The name of the role Name pulumi.StringPtrInput // The realm this role exists within. @@ -452,8 +462,13 @@ func (o RoleOutput) CompositeRoles() pulumi.StringArrayOutput { } // The description of the role -func (o RoleOutput) Description() pulumi.StringPtrOutput { - return o.ApplyT(func(v *Role) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +func (o RoleOutput) Description() pulumi.StringOutput { + return o.ApplyT(func(v *Role) pulumi.StringOutput { return v.Description }).(pulumi.StringOutput) +} + +// When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. +func (o RoleOutput) Import() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *Role) pulumi.BoolPtrOutput { return v.Import }).(pulumi.BoolPtrOutput) } // The name of the role diff --git a/sdk/go/keycloak/saml/identityProvider.go b/sdk/go/keycloak/saml/identityProvider.go index e97401ba..6efc273c 100644 --- a/sdk/go/keycloak/saml/identityProvider.go +++ b/sdk/go/keycloak/saml/identityProvider.go @@ -106,7 +106,7 @@ type IdentityProvider struct { HideOnLoginPage pulumi.BoolPtrOutput `pulumi:"hideOnLoginPage"` // Internal Identity Provider Id InternalId pulumi.StringOutput `pulumi:"internalId"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"` // Login Hint. LoginHint pulumi.StringPtrOutput `pulumi:"loginHint"` @@ -116,7 +116,7 @@ type IdentityProvider struct { PostBindingAuthnRequest pulumi.BoolPtrOutput `pulumi:"postBindingAuthnRequest"` // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingLogout pulumi.BoolPtrOutput `pulumi:"postBindingLogout"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingResponse pulumi.BoolPtrOutput `pulumi:"postBindingResponse"` // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"` @@ -225,7 +225,7 @@ type identityProviderState struct { HideOnLoginPage *bool `pulumi:"hideOnLoginPage"` // Internal Identity Provider Id InternalId *string `pulumi:"internalId"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly *bool `pulumi:"linkOnly"` // Login Hint. LoginHint *string `pulumi:"loginHint"` @@ -235,7 +235,7 @@ type identityProviderState struct { PostBindingAuthnRequest *bool `pulumi:"postBindingAuthnRequest"` // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingLogout *bool `pulumi:"postBindingLogout"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingResponse *bool `pulumi:"postBindingResponse"` // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. PostBrokerLoginFlowAlias *string `pulumi:"postBrokerLoginFlowAlias"` @@ -303,7 +303,7 @@ type IdentityProviderState struct { HideOnLoginPage pulumi.BoolPtrInput // Internal Identity Provider Id InternalId pulumi.StringPtrInput - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // Login Hint. LoginHint pulumi.StringPtrInput @@ -313,7 +313,7 @@ type IdentityProviderState struct { PostBindingAuthnRequest pulumi.BoolPtrInput // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingLogout pulumi.BoolPtrInput - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingResponse pulumi.BoolPtrInput // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. PostBrokerLoginFlowAlias pulumi.StringPtrInput @@ -383,7 +383,7 @@ type identityProviderArgs struct { GuiOrder *string `pulumi:"guiOrder"` // If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. HideOnLoginPage *bool `pulumi:"hideOnLoginPage"` - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly *bool `pulumi:"linkOnly"` // Login Hint. LoginHint *string `pulumi:"loginHint"` @@ -393,7 +393,7 @@ type identityProviderArgs struct { PostBindingAuthnRequest *bool `pulumi:"postBindingAuthnRequest"` // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingLogout *bool `pulumi:"postBindingLogout"` - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingResponse *bool `pulumi:"postBindingResponse"` // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. PostBrokerLoginFlowAlias *string `pulumi:"postBrokerLoginFlowAlias"` @@ -460,7 +460,7 @@ type IdentityProviderArgs struct { GuiOrder pulumi.StringPtrInput // If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. HideOnLoginPage pulumi.BoolPtrInput - // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + // When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // Login Hint. LoginHint pulumi.StringPtrInput @@ -470,7 +470,7 @@ type IdentityProviderArgs struct { PostBindingAuthnRequest pulumi.BoolPtrInput // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingLogout pulumi.BoolPtrInput - // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + // Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. PostBindingResponse pulumi.BoolPtrInput // Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. PostBrokerLoginFlowAlias pulumi.StringPtrInput @@ -672,7 +672,7 @@ func (o IdentityProviderOutput) InternalId() pulumi.StringOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.StringOutput { return v.InternalId }).(pulumi.StringOutput) } -// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. +// When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. func (o IdentityProviderOutput) LinkOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.LinkOnly }).(pulumi.BoolPtrOutput) } @@ -697,7 +697,7 @@ func (o IdentityProviderOutput) PostBindingLogout() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.PostBindingLogout }).(pulumi.BoolPtrOutput) } -// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. +// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. func (o IdentityProviderOutput) PostBindingResponse() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IdentityProvider) pulumi.BoolPtrOutput { return v.PostBindingResponse }).(pulumi.BoolPtrOutput) } diff --git a/sdk/go/keycloak/user.go b/sdk/go/keycloak/user.go index ce746bda..1790ad45 100644 --- a/sdk/go/keycloak/user.go +++ b/sdk/go/keycloak/user.go @@ -103,6 +103,8 @@ type User struct { FederatedIdentities UserFederatedIdentityArrayOutput `pulumi:"federatedIdentities"` // The user's first name. FirstName pulumi.StringPtrOutput `pulumi:"firstName"` + // When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + Import pulumi.BoolPtrOutput `pulumi:"import"` // When given, the user's initial password will be set. This attribute is only respected during initial user creation. InitialPassword UserInitialPasswordPtrOutput `pulumi:"initialPassword"` // The user's last name. @@ -163,6 +165,8 @@ type userState struct { FederatedIdentities []UserFederatedIdentity `pulumi:"federatedIdentities"` // The user's first name. FirstName *string `pulumi:"firstName"` + // When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + Import *bool `pulumi:"import"` // When given, the user's initial password will be set. This attribute is only respected during initial user creation. InitialPassword *UserInitialPassword `pulumi:"initialPassword"` // The user's last name. @@ -188,6 +192,8 @@ type UserState struct { FederatedIdentities UserFederatedIdentityArrayInput // The user's first name. FirstName pulumi.StringPtrInput + // When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + Import pulumi.BoolPtrInput // When given, the user's initial password will be set. This attribute is only respected during initial user creation. InitialPassword UserInitialPasswordPtrInput // The user's last name. @@ -217,6 +223,8 @@ type userArgs struct { FederatedIdentities []UserFederatedIdentity `pulumi:"federatedIdentities"` // The user's first name. FirstName *string `pulumi:"firstName"` + // When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + Import *bool `pulumi:"import"` // When given, the user's initial password will be set. This attribute is only respected during initial user creation. InitialPassword *UserInitialPassword `pulumi:"initialPassword"` // The user's last name. @@ -243,6 +251,8 @@ type UserArgs struct { FederatedIdentities UserFederatedIdentityArrayInput // The user's first name. FirstName pulumi.StringPtrInput + // When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + Import pulumi.BoolPtrInput // When given, the user's initial password will be set. This attribute is only respected during initial user creation. InitialPassword UserInitialPasswordPtrInput // The user's last name. @@ -372,6 +382,11 @@ func (o UserOutput) FirstName() pulumi.StringPtrOutput { return o.ApplyT(func(v *User) pulumi.StringPtrOutput { return v.FirstName }).(pulumi.StringPtrOutput) } +// When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. +func (o UserOutput) Import() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *User) pulumi.BoolPtrOutput { return v.Import }).(pulumi.BoolPtrOutput) +} + // When given, the user's initial password will be set. This attribute is only respected during initial user creation. func (o UserOutput) InitialPassword() UserInitialPasswordPtrOutput { return o.ApplyT(func(v *User) UserInitialPasswordPtrOutput { return v.InitialPassword }).(UserInitialPasswordPtrOutput) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java index b93cdef7..b4977f67 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java @@ -117,14 +117,14 @@ public Output> changedSyncPeriod() { return Codegen.optional(this.changedSyncPeriod); } /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * */ @Export(name="config", refs={Map.class,String.class}, tree="[0,1,1]") private Output> config; /** - * @return The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * @return The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * */ public Output>> config() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederationArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederationArgs.java index 6892059d..f404540c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederationArgs.java @@ -50,14 +50,14 @@ public Optional> changedSyncPeriod() { } /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * */ @Import(name="config") private @Nullable Output> config; /** - * @return The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * @return The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * */ public Optional>> config() { @@ -245,7 +245,7 @@ public Builder changedSyncPeriod(Integer changedSyncPeriod) { } /** - * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * * @return builder * @@ -256,7 +256,7 @@ public Builder config(@Nullable Output> config) { } /** - * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/Group.java b/sdk/java/src/main/java/com/pulumi/keycloak/Group.java index ef38c15d..3fa77830 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/Group.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/Group.java @@ -103,14 +103,14 @@ @ResourceType(type="keycloak:index/group:Group") public class Group extends com.pulumi.resources.CustomResource { /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * */ @Export(name="attributes", refs={Map.class,String.class}, tree="[0,1,1]") private Output> attributes; /** - * @return A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * @return A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * */ public Output>> attributes() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupArgs.java index 6e737df3..5acede6e 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupArgs.java @@ -18,14 +18,14 @@ public final class GroupArgs extends com.pulumi.resources.ResourceArgs { public static final GroupArgs Empty = new GroupArgs(); /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * */ @Import(name="attributes") private @Nullable Output> attributes; /** - * @return A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * @return A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * */ public Optional>> attributes() { @@ -105,7 +105,7 @@ public Builder(GroupArgs defaults) { } /** - * @param attributes A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * @param attributes A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * * @return builder * @@ -116,7 +116,7 @@ public Builder attributes(@Nullable Output> attributes) { } /** - * @param attributes A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * @param attributes A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java index 0de8de15..877b0f5a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java @@ -96,7 +96,7 @@ * * as if it did not already exist on the server. * - * [1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships + * [1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships * */ @ResourceType(type="keycloak:index/groupMemberships:GroupMemberships") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java b/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java index 901f41d0..db3cc683 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java @@ -545,7 +545,7 @@ public static CompletableFuture getAuthenticationFl return Deployment.getInstance().invokeAsync("keycloak:index/getAuthenticationFlow:getAuthenticationFlow", TypeShape.of(GetAuthenticationFlowResult.class), args, Utilities.withVersion(options)); } /** - * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage @@ -631,7 +631,7 @@ public static Output getClientDescriptionCo return getClientDescriptionConverter(args, InvokeOptions.Empty); } /** - * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage @@ -717,7 +717,7 @@ public static CompletableFuture getClientDe return getClientDescriptionConverterPlain(args, InvokeOptions.Empty); } /** - * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage @@ -803,7 +803,7 @@ public static Output getClientDescriptionCo return Deployment.getInstance().invoke("keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter", TypeShape.of(GetClientDescriptionConverterResult.class), args, Utilities.withVersion(options)); } /** - * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage @@ -889,7 +889,7 @@ public static Output getClientDescriptionCo return Deployment.getInstance().invoke("keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter", TypeShape.of(GetClientDescriptionConverterResult.class), args, Utilities.withVersion(options)); } /** - * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/Realm.java b/sdk/java/src/main/java/com/pulumi/keycloak/Realm.java index e79090c1..2af423eb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/Realm.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/Realm.java @@ -124,8 +124,8 @@ * * ## Default Client Scopes * - * - `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - * - `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. + * - `default_default_client_scopes` - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`. + * - `default_optional_client_scopes` - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`. * * ## Import * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java index a7a26377..57a28965 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java @@ -21,11 +21,8 @@ * Allows for managing Realm User Profiles within Keycloak. * * A user profile defines a schema for representing user attributes and how they are managed within a realm. - * This is a preview feature, hence not fully supported and disabled by default. - * To enable it, start the server with one of the following flags: - * - WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled` - * - Quarkus distribution: `--features=preview` or `--features=declarative-user-profile` * + * Information for Keycloak versions < 24: * The realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled. * It can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`. * @@ -62,11 +59,11 @@ * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() * .realm("my-realm") - * .attributes(Map.of("userProfileEnabled", true)) * .build()); * * var userprofile = new RealmUserProfile("userprofile", RealmUserProfileArgs.builder() * .realmId(myRealm.id()) + * .unmanagedAttributePolicy("ENABLED") * .attributes( * RealmUserProfileAttributeArgs.builder() * .name("field1") @@ -181,6 +178,20 @@ public Output>> groups() { public Output realmId() { return this.realmId; } + /** + * Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + */ + @Export(name="unmanagedAttributePolicy", refs={String.class}, tree="[0]") + private Output unmanagedAttributePolicy; + + /** + * @return Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + */ + public Output> unmanagedAttributePolicy() { + return Codegen.optional(this.unmanagedAttributePolicy); + } /** * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfileArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfileArgs.java index ed0e6889..4f9dd18a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfileArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfileArgs.java @@ -64,12 +64,28 @@ public Output realmId() { return this.realmId; } + /** + * Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + */ + @Import(name="unmanagedAttributePolicy") + private @Nullable Output unmanagedAttributePolicy; + + /** + * @return Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + */ + public Optional> unmanagedAttributePolicy() { + return Optional.ofNullable(this.unmanagedAttributePolicy); + } + private RealmUserProfileArgs() {} private RealmUserProfileArgs(RealmUserProfileArgs $) { this.attributes = $.attributes; this.groups = $.groups; this.realmId = $.realmId; + this.unmanagedAttributePolicy = $.unmanagedAttributePolicy; } public static Builder builder() { @@ -173,6 +189,27 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } + /** + * @param unmanagedAttributePolicy Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + * @return builder + * + */ + public Builder unmanagedAttributePolicy(@Nullable Output unmanagedAttributePolicy) { + $.unmanagedAttributePolicy = unmanagedAttributePolicy; + return this; + } + + /** + * @param unmanagedAttributePolicy Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + * @return builder + * + */ + public Builder unmanagedAttributePolicy(String unmanagedAttributePolicy) { + return unmanagedAttributePolicy(Output.of(unmanagedAttributePolicy)); + } + public RealmUserProfileArgs build() { if ($.realmId == null) { throw new MissingRequiredPropertyException("RealmUserProfileArgs", "realmId"); diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/Role.java b/sdk/java/src/main/java/com/pulumi/keycloak/Role.java index 386a7491..b3a5afef 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/Role.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/Role.java @@ -10,6 +10,7 @@ import com.pulumi.keycloak.RoleArgs; import com.pulumi.keycloak.Utilities; import com.pulumi.keycloak.inputs.RoleState; +import java.lang.Boolean; import java.lang.String; import java.util.List; import java.util.Map; @@ -19,7 +20,7 @@ /** * Allows for creating and managing roles within Keycloak. * - * Roles allow you define privileges within Keycloak and map them to users and groups. + * Roles allow you to define privileges within Keycloak and map them to users and groups. * * ## Example Usage * @@ -245,14 +246,14 @@ public class Role extends com.pulumi.resources.CustomResource { * */ @Export(name="attributes", refs={Map.class,String.class}, tree="[0,1,1]") - private Output> attributes; + private Output> attributes; /** * @return A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars * */ - public Output>> attributes() { - return Codegen.optional(this.attributes); + public Output> attributes() { + return this.attributes; } /** * When specified, this role will be created as a client role attached to the client with the provided ID @@ -273,28 +274,42 @@ public Output> clientId() { * */ @Export(name="compositeRoles", refs={List.class,String.class}, tree="[0,1]") - private Output> compositeRoles; + private Output> compositeRoles; /** * @return When specified, this role will be a composite role, composed of all roles that have an ID present within this list. * */ - public Output>> compositeRoles() { - return Codegen.optional(this.compositeRoles); + public Output> compositeRoles() { + return this.compositeRoles; } /** * The description of the role * */ @Export(name="description", refs={String.class}, tree="[0]") - private Output description; + private Output description; /** * @return The description of the role * */ - public Output> description() { - return Codegen.optional(this.description); + public Output description() { + return this.description; + } + /** + * When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + */ + @Export(name="import", refs={Boolean.class}, tree="[0]") + private Output import_; + + /** + * @return When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + */ + public Output> import_() { + return Codegen.optional(this.import_); } /** * The name of the role diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RoleArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/RoleArgs.java index 47fabfb5..9b76c2ea 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RoleArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RoleArgs.java @@ -6,6 +6,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; import java.lang.String; import java.util.List; import java.util.Map; @@ -78,6 +79,21 @@ public Optional> description() { return Optional.ofNullable(this.description); } + /** + * When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + */ + @Import(name="import") + private @Nullable Output import_; + + /** + * @return When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + */ + public Optional> import_() { + return Optional.ofNullable(this.import_); + } + /** * The name of the role * @@ -115,6 +131,7 @@ private RoleArgs(RoleArgs $) { this.clientId = $.clientId; this.compositeRoles = $.compositeRoles; this.description = $.description; + this.import_ = $.import_; this.name = $.name; this.realmId = $.realmId; } @@ -231,6 +248,27 @@ public Builder description(String description) { return description(Output.of(description)); } + /** + * @param import_ When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + * @return builder + * + */ + public Builder import_(@Nullable Output import_) { + $.import_ = import_; + return this; + } + + /** + * @param import_ When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + * @return builder + * + */ + public Builder import_(Boolean import_) { + return import_(Output.of(import_)); + } + /** * @param name The name of the role * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/User.java b/sdk/java/src/main/java/com/pulumi/keycloak/User.java index 1e016284..64efd0cf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/User.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/User.java @@ -192,6 +192,20 @@ public Output>> federatedIdentities() { public Output> firstName() { return Codegen.optional(this.firstName); } + /** + * When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + */ + @Export(name="import", refs={Boolean.class}, tree="[0]") + private Output import_; + + /** + * @return When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + */ + public Output> import_() { + return Codegen.optional(this.import_); + } /** * When given, the user's initial password will be set. This attribute is only respected during initial user creation. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UserArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/UserArgs.java index 17d99279..cb54b300 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UserArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UserArgs.java @@ -111,6 +111,21 @@ public Optional> firstName() { return Optional.ofNullable(this.firstName); } + /** + * When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + */ + @Import(name="import") + private @Nullable Output import_; + + /** + * @return When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + */ + public Optional> import_() { + return Optional.ofNullable(this.import_); + } + /** * When given, the user's initial password will be set. This attribute is only respected during initial user creation. * @@ -195,6 +210,7 @@ private UserArgs(UserArgs $) { this.enabled = $.enabled; this.federatedIdentities = $.federatedIdentities; this.firstName = $.firstName; + this.import_ = $.import_; this.initialPassword = $.initialPassword; this.lastName = $.lastName; this.realmId = $.realmId; @@ -356,6 +372,27 @@ public Builder firstName(String firstName) { return firstName(Output.of(firstName)); } + /** + * @param import_ When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + * @return builder + * + */ + public Builder import_(@Nullable Output import_) { + $.import_ = import_; + return this; + } + + /** + * @param import_ When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + * @return builder + * + */ + public Builder import_(Boolean import_) { + return import_(Output.of(import_)); + } + /** * @param initialPassword When given, the user's initial password will be set. This attribute is only respected during initial user creation. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Execution.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Execution.java index c3b2a329..8c58c0a2 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Execution.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Execution.java @@ -10,6 +10,7 @@ import com.pulumi.keycloak.Utilities; import com.pulumi.keycloak.authentication.ExecutionArgs; import com.pulumi.keycloak.authentication.inputs.ExecutionState; +import java.lang.Integer; import java.lang.String; import java.util.Optional; import javax.annotation.Nullable; @@ -20,7 +21,7 @@ * An authentication execution is an action that the user or service may or may not take when authenticating through an authentication * flow. * - * > Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. + * > Following limitation affects Keycloak < 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. * * ## Example Usage * @@ -38,7 +39,6 @@ * import com.pulumi.keycloak.authentication.FlowArgs; * import com.pulumi.keycloak.authentication.Execution; * import com.pulumi.keycloak.authentication.ExecutionArgs; - * import com.pulumi.resources.CustomResourceOptions; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -68,6 +68,7 @@ * .parentFlowAlias(flow.alias()) * .authenticator("auth-cookie") * .requirement("ALTERNATIVE") + * .priority(10) * .build()); * * // second execution @@ -76,9 +77,8 @@ * .parentFlowAlias(flow.alias()) * .authenticator("identity-provider-redirector") * .requirement("ALTERNATIVE") - * .build(), CustomResourceOptions.builder() - * .dependsOn(executionOne) - * .build()); + * .priority(20) + * .build()); * * } * } @@ -129,6 +129,20 @@ public Output authenticator() { public Output parentFlowAlias() { return this.parentFlowAlias; } + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + @Export(name="priority", refs={Integer.class}, tree="[0]") + private Output priority; + + /** + * @return The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + public Output> priority() { + return Codegen.optional(this.priority); + } /** * The realm the authentication execution exists in. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/ExecutionArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/ExecutionArgs.java index e24b2be9..dd591b7f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/ExecutionArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/ExecutionArgs.java @@ -6,6 +6,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Integer; import java.lang.String; import java.util.Objects; import java.util.Optional; @@ -46,6 +47,21 @@ public Output parentFlowAlias() { return this.parentFlowAlias; } + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + @Import(name="priority") + private @Nullable Output priority; + + /** + * @return The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + public Optional> priority() { + return Optional.ofNullable(this.priority); + } + /** * The realm the authentication execution exists in. * @@ -81,6 +97,7 @@ private ExecutionArgs() {} private ExecutionArgs(ExecutionArgs $) { this.authenticator = $.authenticator; this.parentFlowAlias = $.parentFlowAlias; + this.priority = $.priority; this.realmId = $.realmId; this.requirement = $.requirement; } @@ -145,6 +162,27 @@ public Builder parentFlowAlias(String parentFlowAlias) { return parentFlowAlias(Output.of(parentFlowAlias)); } + /** + * @param priority The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + * @return builder + * + */ + public Builder priority(@Nullable Output priority) { + $.priority = priority; + return this; + } + + /** + * @param priority The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + * @return builder + * + */ + public Builder priority(Integer priority) { + return priority(Output.of(priority)); + } + /** * @param realmId The realm the authentication execution exists in. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Subflow.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Subflow.java index 89467481..63975414 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Subflow.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/Subflow.java @@ -10,6 +10,7 @@ import com.pulumi.keycloak.Utilities; import com.pulumi.keycloak.authentication.SubflowArgs; import com.pulumi.keycloak.authentication.inputs.SubflowState; +import java.lang.Integer; import java.lang.String; import java.util.Optional; import javax.annotation.Nullable; @@ -65,6 +66,7 @@ * .parentFlowAlias(flow.alias()) * .providerId("basic-flow") * .requirement("ALTERNATIVE") + * .priority(10) * .build()); * * } @@ -156,6 +158,20 @@ public Output> description() { public Output parentFlowAlias() { return this.parentFlowAlias; } + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + @Export(name="priority", refs={Integer.class}, tree="[0]") + private Output priority; + + /** + * @return The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + public Output> priority() { + return Codegen.optional(this.priority); + } /** * The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` * and `client-flow`. Defaults to `basic-flow`. diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/SubflowArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/SubflowArgs.java index ad99466d..ff418d6d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/SubflowArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/SubflowArgs.java @@ -6,6 +6,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Integer; import java.lang.String; import java.util.Objects; import java.util.Optional; @@ -78,6 +79,21 @@ public Output parentFlowAlias() { return this.parentFlowAlias; } + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + @Import(name="priority") + private @Nullable Output priority; + + /** + * @return The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + public Optional> priority() { + return Optional.ofNullable(this.priority); + } + /** * The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` * and `client-flow`. Defaults to `basic-flow`. @@ -134,6 +150,7 @@ private SubflowArgs(SubflowArgs $) { this.authenticator = $.authenticator; this.description = $.description; this.parentFlowAlias = $.parentFlowAlias; + this.priority = $.priority; this.providerId = $.providerId; this.realmId = $.realmId; this.requirement = $.requirement; @@ -243,6 +260,27 @@ public Builder parentFlowAlias(String parentFlowAlias) { return parentFlowAlias(Output.of(parentFlowAlias)); } + /** + * @param priority The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + * @return builder + * + */ + public Builder priority(@Nullable Output priority) { + $.priority = priority; + return this; + } + + /** + * @param priority The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + * @return builder + * + */ + public Builder priority(Integer priority) { + return priority(Output.of(priority)); + } + /** * @param providerId The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` * and `client-flow`. Defaults to `basic-flow`. diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/inputs/ExecutionState.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/inputs/ExecutionState.java index daec368d..f5260bb1 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/inputs/ExecutionState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/inputs/ExecutionState.java @@ -5,6 +5,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; +import java.lang.Integer; import java.lang.String; import java.util.Objects; import java.util.Optional; @@ -45,6 +46,21 @@ public Optional> parentFlowAlias() { return Optional.ofNullable(this.parentFlowAlias); } + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + @Import(name="priority") + private @Nullable Output priority; + + /** + * @return The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + public Optional> priority() { + return Optional.ofNullable(this.priority); + } + /** * The realm the authentication execution exists in. * @@ -80,6 +96,7 @@ private ExecutionState() {} private ExecutionState(ExecutionState $) { this.authenticator = $.authenticator; this.parentFlowAlias = $.parentFlowAlias; + this.priority = $.priority; this.realmId = $.realmId; this.requirement = $.requirement; } @@ -144,6 +161,27 @@ public Builder parentFlowAlias(String parentFlowAlias) { return parentFlowAlias(Output.of(parentFlowAlias)); } + /** + * @param priority The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + * @return builder + * + */ + public Builder priority(@Nullable Output priority) { + $.priority = priority; + return this; + } + + /** + * @param priority The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + * @return builder + * + */ + public Builder priority(Integer priority) { + return priority(Output.of(priority)); + } + /** * @param realmId The realm the authentication execution exists in. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/inputs/SubflowState.java b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/inputs/SubflowState.java index 7213fb33..c8c70434 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/authentication/inputs/SubflowState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/authentication/inputs/SubflowState.java @@ -5,6 +5,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; +import java.lang.Integer; import java.lang.String; import java.util.Objects; import java.util.Optional; @@ -77,6 +78,21 @@ public Optional> parentFlowAlias() { return Optional.ofNullable(this.parentFlowAlias); } + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + @Import(name="priority") + private @Nullable Output priority; + + /** + * @return The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + */ + public Optional> priority() { + return Optional.ofNullable(this.priority); + } + /** * The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` * and `client-flow`. Defaults to `basic-flow`. @@ -133,6 +149,7 @@ private SubflowState(SubflowState $) { this.authenticator = $.authenticator; this.description = $.description; this.parentFlowAlias = $.parentFlowAlias; + this.priority = $.priority; this.providerId = $.providerId; this.realmId = $.realmId; this.requirement = $.requirement; @@ -242,6 +259,27 @@ public Builder parentFlowAlias(String parentFlowAlias) { return parentFlowAlias(Output.of(parentFlowAlias)); } + /** + * @param priority The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + * @return builder + * + */ + public Builder priority(@Nullable Output priority) { + $.priority = priority; + return this; + } + + /** + * @param priority The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + * + * @return builder + * + */ + public Builder priority(Integer priority) { + return priority(Output.of(priority)); + } + /** * @param providerId The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` * and `client-flow`. Defaults to `basic-flow`. diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomUserFederationState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomUserFederationState.java index a71ff83b..c96e2650 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomUserFederationState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/CustomUserFederationState.java @@ -49,14 +49,14 @@ public Optional> changedSyncPeriod() { } /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * */ @Import(name="config") private @Nullable Output> config; /** - * @return The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * @return The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * */ public Optional>> config() { @@ -244,7 +244,7 @@ public Builder changedSyncPeriod(Integer changedSyncPeriod) { } /** - * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * * @return builder * @@ -255,7 +255,7 @@ public Builder config(@Nullable Output> config) { } /** - * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * @param config The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupState.java index 4aabc0fc..7ab0d04a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/GroupState.java @@ -17,14 +17,14 @@ public final class GroupState extends com.pulumi.resources.ResourceArgs { public static final GroupState Empty = new GroupState(); /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * */ @Import(name="attributes") private @Nullable Output> attributes; /** - * @return A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * @return A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * */ public Optional>> attributes() { @@ -120,7 +120,7 @@ public Builder(GroupState defaults) { } /** - * @param attributes A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * @param attributes A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * * @return builder * @@ -131,7 +131,7 @@ public Builder attributes(@Nullable Output> attributes) { } /** - * @param attributes A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * @param attributes A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmUserProfileState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmUserProfileState.java index e9ac8364..669d28d5 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmUserProfileState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmUserProfileState.java @@ -63,12 +63,28 @@ public Optional> realmId() { return Optional.ofNullable(this.realmId); } + /** + * Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + */ + @Import(name="unmanagedAttributePolicy") + private @Nullable Output unmanagedAttributePolicy; + + /** + * @return Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + */ + public Optional> unmanagedAttributePolicy() { + return Optional.ofNullable(this.unmanagedAttributePolicy); + } + private RealmUserProfileState() {} private RealmUserProfileState(RealmUserProfileState $) { this.attributes = $.attributes; this.groups = $.groups; this.realmId = $.realmId; + this.unmanagedAttributePolicy = $.unmanagedAttributePolicy; } public static Builder builder() { @@ -172,6 +188,27 @@ public Builder realmId(String realmId) { return realmId(Output.of(realmId)); } + /** + * @param unmanagedAttributePolicy Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + * @return builder + * + */ + public Builder unmanagedAttributePolicy(@Nullable Output unmanagedAttributePolicy) { + $.unmanagedAttributePolicy = unmanagedAttributePolicy; + return this; + } + + /** + * @param unmanagedAttributePolicy Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + * + * @return builder + * + */ + public Builder unmanagedAttributePolicy(String unmanagedAttributePolicy) { + return unmanagedAttributePolicy(Output.of(unmanagedAttributePolicy)); + } + public RealmUserProfileState build() { return $; } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPasswordlessPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPasswordlessPolicyArgs.java index 91fc9f28..8b3fdd8c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPasswordlessPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPasswordlessPolicyArgs.java @@ -94,14 +94,14 @@ public Optional> createTimeout() { } /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * */ @Import(name="relyingPartyEntityName") private @Nullable Output relyingPartyEntityName; /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @return A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * */ public Optional> relyingPartyEntityName() { @@ -317,7 +317,7 @@ public Builder createTimeout(Integer createTimeout) { } /** - * @param relyingPartyEntityName A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @param relyingPartyEntityName A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * * @return builder * @@ -328,7 +328,7 @@ public Builder relyingPartyEntityName(@Nullable Output relyingPartyEntit } /** - * @param relyingPartyEntityName A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @param relyingPartyEntityName A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPolicyArgs.java index ac739506..b937d1e5 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RealmWebAuthnPolicyArgs.java @@ -94,14 +94,14 @@ public Optional> createTimeout() { } /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * */ @Import(name="relyingPartyEntityName") private @Nullable Output relyingPartyEntityName; /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @return A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * */ public Optional> relyingPartyEntityName() { @@ -317,7 +317,7 @@ public Builder createTimeout(Integer createTimeout) { } /** - * @param relyingPartyEntityName A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @param relyingPartyEntityName A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * * @return builder * @@ -328,7 +328,7 @@ public Builder relyingPartyEntityName(@Nullable Output relyingPartyEntit } /** - * @param relyingPartyEntityName A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @param relyingPartyEntityName A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RoleState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RoleState.java index 39837bd8..38929d0c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RoleState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/RoleState.java @@ -5,6 +5,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; +import java.lang.Boolean; import java.lang.String; import java.util.List; import java.util.Map; @@ -77,6 +78,21 @@ public Optional> description() { return Optional.ofNullable(this.description); } + /** + * When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + */ + @Import(name="import") + private @Nullable Output import_; + + /** + * @return When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + */ + public Optional> import_() { + return Optional.ofNullable(this.import_); + } + /** * The name of the role * @@ -114,6 +130,7 @@ private RoleState(RoleState $) { this.clientId = $.clientId; this.compositeRoles = $.compositeRoles; this.description = $.description; + this.import_ = $.import_; this.name = $.name; this.realmId = $.realmId; } @@ -230,6 +247,27 @@ public Builder description(String description) { return description(Output.of(description)); } + /** + * @param import_ When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + * @return builder + * + */ + public Builder import_(@Nullable Output import_) { + $.import_ = import_; + return this; + } + + /** + * @param import_ When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + * + * @return builder + * + */ + public Builder import_(Boolean import_) { + return import_(Output.of(import_)); + } + /** * @param name The name of the role * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserFederatedIdentityArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserFederatedIdentityArgs.java index 659f006a..b4fcc780 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserFederatedIdentityArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserFederatedIdentityArgs.java @@ -45,14 +45,14 @@ public Output userId() { } /** - * The user name of the user defined in the identity provider + * The username of the user defined in the identity provider * */ @Import(name="userName", required=true) private Output userName; /** - * @return The user name of the user defined in the identity provider + * @return The username of the user defined in the identity provider * */ public Output userName() { @@ -128,7 +128,7 @@ public Builder userId(String userId) { } /** - * @param userName The user name of the user defined in the identity provider + * @param userName The username of the user defined in the identity provider * * @return builder * @@ -139,7 +139,7 @@ public Builder userName(Output userName) { } /** - * @param userName The user name of the user defined in the identity provider + * @param userName The username of the user defined in the identity provider * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserState.java b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserState.java index 23c5c95f..ad0a851d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/inputs/UserState.java @@ -110,6 +110,21 @@ public Optional> firstName() { return Optional.ofNullable(this.firstName); } + /** + * When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + */ + @Import(name="import") + private @Nullable Output import_; + + /** + * @return When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + */ + public Optional> import_() { + return Optional.ofNullable(this.import_); + } + /** * When given, the user's initial password will be set. This attribute is only respected during initial user creation. * @@ -194,6 +209,7 @@ private UserState(UserState $) { this.enabled = $.enabled; this.federatedIdentities = $.federatedIdentities; this.firstName = $.firstName; + this.import_ = $.import_; this.initialPassword = $.initialPassword; this.lastName = $.lastName; this.realmId = $.realmId; @@ -355,6 +371,27 @@ public Builder firstName(String firstName) { return firstName(Output.of(firstName)); } + /** + * @param import_ When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + * @return builder + * + */ + public Builder import_(@Nullable Output import_) { + $.import_ = import_; + return this; + } + + /** + * @param import_ When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + * + * @return builder + * + */ + public Builder import_(Boolean import_) { + return import_(Output.of(import_)); + } + /** * @param initialPassword When given, the user's initial password will be set. This attribute is only respected during initial user creation. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java index d8700952..4c056367 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java @@ -150,14 +150,14 @@ public Output> groupObjectClasses() { return this.groupObjectClasses; } /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * */ @Export(name="groupsLdapFilter", refs={String.class}, tree="[0]") private Output groupsLdapFilter; /** - * @return When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * @return When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * */ public Output> groupsLdapFilter() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapperArgs.java index 92736c04..a7ef35df 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapperArgs.java @@ -64,14 +64,14 @@ public Output> groupObjectClasses() { } /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * */ @Import(name="groupsLdapFilter") private @Nullable Output groupsLdapFilter; /** - * @return When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * @return When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * */ public Optional> groupsLdapFilter() { @@ -403,7 +403,7 @@ public Builder groupObjectClasses(String... groupObjectClasses) { } /** - * @param groupsLdapFilter When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * @param groupsLdapFilter When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * * @return builder * @@ -414,7 +414,7 @@ public Builder groupsLdapFilter(@Nullable Output groupsLdapFilter) { } /** - * @param groupsLdapFilter When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * @param groupsLdapFilter When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java index f2540489..badb7ee5 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java @@ -276,14 +276,14 @@ public Output> roleObjectClasses() { return this.roleObjectClasses; } /** - * When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * */ @Export(name="rolesLdapFilter", refs={String.class}, tree="[0]") private Output rolesLdapFilter; /** - * @return When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * @return When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * */ public Output> rolesLdapFilter() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapperArgs.java index 66ab3964..2e9792b7 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapperArgs.java @@ -199,14 +199,14 @@ public Output> roleObjectClasses() { } /** - * When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * */ @Import(name="rolesLdapFilter") private @Nullable Output rolesLdapFilter; /** - * @return When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * @return When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * */ public Optional> rolesLdapFilter() { @@ -544,7 +544,7 @@ public Builder roleObjectClasses(String... roleObjectClasses) { } /** - * @param rolesLdapFilter When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * @param rolesLdapFilter When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * * @return builder * @@ -555,7 +555,7 @@ public Builder rolesLdapFilter(@Nullable Output rolesLdapFilter) { } /** - * @param rolesLdapFilter When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * @param rolesLdapFilter When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java index 936772cf..cf576451 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java @@ -130,6 +130,20 @@ public Output> alwaysReadValueFromLdap() { public Output> attributeDefaultValue() { return Codegen.optional(this.attributeDefaultValue); } + /** + * When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + */ + @Export(name="attributeForceDefault", refs={Boolean.class}, tree="[0]") + private Output attributeForceDefault; + + /** + * @return When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + */ + public Output> attributeForceDefault() { + return Codegen.optional(this.attributeForceDefault); + } /** * Should be true for binary LDAP attributes. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapperArgs.java index c23f9ad5..224f6fd1 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapperArgs.java @@ -47,6 +47,21 @@ public Optional> attributeDefaultValue() { return Optional.ofNullable(this.attributeDefaultValue); } + /** + * When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + */ + @Import(name="attributeForceDefault") + private @Nullable Output attributeForceDefault; + + /** + * @return When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + */ + public Optional> attributeForceDefault() { + return Optional.ofNullable(this.attributeForceDefault); + } + /** * Should be true for binary LDAP attributes. * @@ -172,6 +187,7 @@ private UserAttributeMapperArgs() {} private UserAttributeMapperArgs(UserAttributeMapperArgs $) { this.alwaysReadValueFromLdap = $.alwaysReadValueFromLdap; this.attributeDefaultValue = $.attributeDefaultValue; + this.attributeForceDefault = $.attributeForceDefault; this.isBinaryAttribute = $.isBinaryAttribute; this.isMandatoryInLdap = $.isMandatoryInLdap; this.ldapAttribute = $.ldapAttribute; @@ -242,6 +258,27 @@ public Builder attributeDefaultValue(String attributeDefaultValue) { return attributeDefaultValue(Output.of(attributeDefaultValue)); } + /** + * @param attributeForceDefault When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + * @return builder + * + */ + public Builder attributeForceDefault(@Nullable Output attributeForceDefault) { + $.attributeForceDefault = attributeForceDefault; + return this; + } + + /** + * @param attributeForceDefault When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + * @return builder + * + */ + public Builder attributeForceDefault(Boolean attributeForceDefault) { + return attributeForceDefault(Output.of(attributeForceDefault)); + } + /** * @param isBinaryAttribute Should be true for binary LDAP attributes. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/GroupMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/GroupMapperState.java index 94ed461f..ca1eea35 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/GroupMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/GroupMapperState.java @@ -63,14 +63,14 @@ public Optional>> groupObjectClasses() { } /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * */ @Import(name="groupsLdapFilter") private @Nullable Output groupsLdapFilter; /** - * @return When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * @return When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * */ public Optional> groupsLdapFilter() { @@ -402,7 +402,7 @@ public Builder groupObjectClasses(String... groupObjectClasses) { } /** - * @param groupsLdapFilter When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * @param groupsLdapFilter When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * * @return builder * @@ -413,7 +413,7 @@ public Builder groupsLdapFilter(@Nullable Output groupsLdapFilter) { } /** - * @param groupsLdapFilter When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * @param groupsLdapFilter When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/RoleMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/RoleMapperState.java index 4811a9ec..b4c2cc61 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/RoleMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/RoleMapperState.java @@ -198,14 +198,14 @@ public Optional>> roleObjectClasses() { } /** - * When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * */ @Import(name="rolesLdapFilter") private @Nullable Output rolesLdapFilter; /** - * @return When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * @return When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * */ public Optional> rolesLdapFilter() { @@ -543,7 +543,7 @@ public Builder roleObjectClasses(String... roleObjectClasses) { } /** - * @param rolesLdapFilter When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * @param rolesLdapFilter When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * * @return builder * @@ -554,7 +554,7 @@ public Builder rolesLdapFilter(@Nullable Output rolesLdapFilter) { } /** - * @param rolesLdapFilter When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * @param rolesLdapFilter When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserAttributeMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserAttributeMapperState.java index 83d72111..091bc8e6 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserAttributeMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/inputs/UserAttributeMapperState.java @@ -46,6 +46,21 @@ public Optional> attributeDefaultValue() { return Optional.ofNullable(this.attributeDefaultValue); } + /** + * When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + */ + @Import(name="attributeForceDefault") + private @Nullable Output attributeForceDefault; + + /** + * @return When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + */ + public Optional> attributeForceDefault() { + return Optional.ofNullable(this.attributeForceDefault); + } + /** * Should be true for binary LDAP attributes. * @@ -171,6 +186,7 @@ private UserAttributeMapperState() {} private UserAttributeMapperState(UserAttributeMapperState $) { this.alwaysReadValueFromLdap = $.alwaysReadValueFromLdap; this.attributeDefaultValue = $.attributeDefaultValue; + this.attributeForceDefault = $.attributeForceDefault; this.isBinaryAttribute = $.isBinaryAttribute; this.isMandatoryInLdap = $.isMandatoryInLdap; this.ldapAttribute = $.ldapAttribute; @@ -241,6 +257,27 @@ public Builder attributeDefaultValue(String attributeDefaultValue) { return attributeDefaultValue(Output.of(attributeDefaultValue)); } + /** + * @param attributeForceDefault When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + * @return builder + * + */ + public Builder attributeForceDefault(@Nullable Output attributeForceDefault) { + $.attributeForceDefault = attributeForceDefault; + return this; + } + + /** + * @param attributeForceDefault When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + * + * @return builder + * + */ + public Builder attributeForceDefault(Boolean attributeForceDefault) { + return attributeForceDefault(Output.of(attributeForceDefault)); + } + /** * @param isBinaryAttribute Should be true for binary LDAP attributes. * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java index d200459b..43a2db07 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java @@ -302,14 +302,14 @@ public Output internalId() { return this.internalId; } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Export(name="linkOnly", refs={Boolean.class}, tree="[0]") private Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Output> linkOnly() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProviderArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProviderArgs.java index d8c41041..dae4461c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProviderArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProviderArgs.java @@ -206,14 +206,14 @@ public Optional> hostedDomain() { } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Import(name="linkOnly") private @Nullable Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Optional> linkOnly() { @@ -647,7 +647,7 @@ public Builder hostedDomain(String hostedDomain) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -658,7 +658,7 @@ public Builder linkOnly(@Nullable Output linkOnly) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProvider.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProvider.java index d2cc956c..d1a5e2df 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProvider.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProvider.java @@ -114,14 +114,14 @@ public Output> addReadTokenRoleOnCreate() { return Codegen.optional(this.addReadTokenRoleOnCreate); } /** - * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * */ @Export(name="alias", refs={String.class}, tree="[0]") private Output alias; /** - * @return The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * @return The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * */ public Output alias() { @@ -344,14 +344,14 @@ public Output> jwksUrl() { return Codegen.optional(this.jwksUrl); } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Export(name="linkOnly", refs={Boolean.class}, tree="[0]") private Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Output> linkOnly() { @@ -372,14 +372,14 @@ public Output> loginHint() { return Codegen.optional(this.loginHint); } /** - * The Logout URL is the end session endpoint to use to logout user from external identity provider. + * The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * */ @Export(name="logoutUrl", refs={String.class}, tree="[0]") private Output logoutUrl; /** - * @return The Logout URL is the end session endpoint to use to logout user from external identity provider. + * @return The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * */ public Output> logoutUrl() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProviderArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProviderArgs.java index 931ad5e0..5e185312 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProviderArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/IdentityProviderArgs.java @@ -49,14 +49,14 @@ public Optional> addReadTokenRoleOnCreate() { } /** - * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * */ @Import(name="alias", required=true) private Output alias; /** - * @return The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * @return The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * */ public Output alias() { @@ -281,14 +281,14 @@ public Optional> jwksUrl() { } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Import(name="linkOnly") private @Nullable Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Optional> linkOnly() { @@ -311,14 +311,14 @@ public Optional> loginHint() { } /** - * The Logout URL is the end session endpoint to use to logout user from external identity provider. + * The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * */ @Import(name="logoutUrl") private @Nullable Output logoutUrl; /** - * @return The Logout URL is the end session endpoint to use to logout user from external identity provider. + * @return The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * */ public Optional> logoutUrl() { @@ -572,7 +572,7 @@ public Builder addReadTokenRoleOnCreate(Boolean addReadTokenRoleOnCreate) { } /** - * @param alias The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * @param alias The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * * @return builder * @@ -583,7 +583,7 @@ public Builder alias(Output alias) { } /** - * @param alias The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * @param alias The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * * @return builder * @@ -896,7 +896,7 @@ public Builder jwksUrl(String jwksUrl) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -907,7 +907,7 @@ public Builder linkOnly(@Nullable Output linkOnly) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -938,7 +938,7 @@ public Builder loginHint(String loginHint) { } /** - * @param logoutUrl The Logout URL is the end session endpoint to use to logout user from external identity provider. + * @param logoutUrl The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * * @return builder * @@ -949,7 +949,7 @@ public Builder logoutUrl(@Nullable Output logoutUrl) { } /** - * @param logoutUrl The Logout URL is the end session endpoint to use to logout user from external identity provider. + * @param logoutUrl The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/inputs/GoogleIdentityProviderState.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/inputs/GoogleIdentityProviderState.java index 5b123442..02bb9caf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/inputs/GoogleIdentityProviderState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/inputs/GoogleIdentityProviderState.java @@ -250,14 +250,14 @@ public Optional> internalId() { } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Import(name="linkOnly") private @Nullable Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Optional> linkOnly() { @@ -757,7 +757,7 @@ public Builder internalId(String internalId) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -768,7 +768,7 @@ public Builder linkOnly(@Nullable Output linkOnly) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/inputs/IdentityProviderState.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/inputs/IdentityProviderState.java index 7975be84..bc2e0cf3 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/inputs/IdentityProviderState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/inputs/IdentityProviderState.java @@ -48,14 +48,14 @@ public Optional> addReadTokenRoleOnCreate() { } /** - * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * */ @Import(name="alias") private @Nullable Output alias; /** - * @return The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * @return The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * */ public Optional> alias() { @@ -295,14 +295,14 @@ public Optional> jwksUrl() { } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Import(name="linkOnly") private @Nullable Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Optional> linkOnly() { @@ -325,14 +325,14 @@ public Optional> loginHint() { } /** - * The Logout URL is the end session endpoint to use to logout user from external identity provider. + * The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * */ @Import(name="logoutUrl") private @Nullable Output logoutUrl; /** - * @return The Logout URL is the end session endpoint to use to logout user from external identity provider. + * @return The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * */ public Optional> logoutUrl() { @@ -587,7 +587,7 @@ public Builder addReadTokenRoleOnCreate(Boolean addReadTokenRoleOnCreate) { } /** - * @param alias The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * @param alias The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * * @return builder * @@ -598,7 +598,7 @@ public Builder alias(@Nullable Output alias) { } /** - * @param alias The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * @param alias The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. * * @return builder * @@ -932,7 +932,7 @@ public Builder jwksUrl(String jwksUrl) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -943,7 +943,7 @@ public Builder linkOnly(@Nullable Output linkOnly) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -974,7 +974,7 @@ public Builder loginHint(String loginHint) { } /** - * @param logoutUrl The Logout URL is the end session endpoint to use to logout user from external identity provider. + * @param logoutUrl The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * * @return builder * @@ -985,7 +985,7 @@ public Builder logoutUrl(@Nullable Output logoutUrl) { } /** - * @param logoutUrl The Logout URL is the end session endpoint to use to logout user from external identity provider. + * @param logoutUrl The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java index 964c6f09..d2a6d221 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java @@ -18,7 +18,7 @@ /** * Allows for creating and managing audience protocol mappers within Keycloak. * - * Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom + * Audience protocol mappers allow you to add audiences to the `aud` claim within issued tokens. The audience can be a custom * string, or it can be mapped to the ID of a pre-existing client. * * ## Example Usage diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java index 32fd6659..ab6b4c2e 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java @@ -740,14 +740,14 @@ public Output> validRedirectUris() { return this.validRedirectUris; } /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * */ @Export(name="webOrigins", refs={List.class,String.class}, tree="[0,1]") private Output> webOrigins; /** - * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * */ public Output> webOrigins() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientArgs.java index 7824e536..77ad0bfb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientArgs.java @@ -681,14 +681,14 @@ public Optional>> validRedirectUris() { } /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * */ @Import(name="webOrigins") private @Nullable Output> webOrigins; /** - * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * */ public Optional>> webOrigins() { @@ -1698,7 +1698,7 @@ public Builder validRedirectUris(String... validRedirectUris) { } /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * * @return builder * @@ -1709,7 +1709,7 @@ public Builder webOrigins(@Nullable Output> webOrigins) { } /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * * @return builder * @@ -1719,7 +1719,7 @@ public Builder webOrigins(List webOrigins) { } /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java index dbd8f87b..e2076f4a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java @@ -286,14 +286,14 @@ public Output realmId() { return this.realmId; } /** - * The built in user property (such as email) to map a claim for. + * The built-in user property (such as email) to map a claim for. * */ @Export(name="userProperty", refs={String.class}, tree="[0]") private Output userProperty; /** - * @return The built in user property (such as email) to map a claim for. + * @return The built-in user property (such as email) to map a claim for. * */ public Output userProperty() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapperArgs.java index b3fa6ace..8021b290 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapperArgs.java @@ -153,14 +153,14 @@ public Output realmId() { } /** - * The built in user property (such as email) to map a claim for. + * The built-in user property (such as email) to map a claim for. * */ @Import(name="userProperty", required=true) private Output userProperty; /** - * @return The built in user property (such as email) to map a claim for. + * @return The built-in user property (such as email) to map a claim for. * */ public Output userProperty() { @@ -390,7 +390,7 @@ public Builder realmId(String realmId) { } /** - * @param userProperty The built in user property (such as email) to map a claim for. + * @param userProperty The built-in user property (such as email) to map a claim for. * * @return builder * @@ -401,7 +401,7 @@ public Builder userProperty(Output userProperty) { } /** - * @param userProperty The built in user property (such as email) to map a claim for. + * @param userProperty The built-in user property (such as email) to map a claim for. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java index 6814f64b..a8c33817 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java @@ -273,14 +273,14 @@ public Output realmId() { return this.realmId; } /** - * String value being the name of stored user session note within the UserSessionModel.note map. + * String value being the name of stored user session note within the `UserSessionModel.note` map. * */ @Export(name="sessionNote", refs={String.class}, tree="[0]") private Output sessionNote; /** - * @return String value being the name of stored user session note within the UserSessionModel.note map. + * @return String value being the name of stored user session note within the `UserSessionModel.note` map. * */ public Output> sessionNote() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapperArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapperArgs.java index 11e50556..4b3bc398 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapperArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapperArgs.java @@ -138,14 +138,14 @@ public Output realmId() { } /** - * String value being the name of stored user session note within the UserSessionModel.note map. + * String value being the name of stored user session note within the `UserSessionModel.note` map. * */ @Import(name="sessionNote") private @Nullable Output sessionNote; /** - * @return String value being the name of stored user session note within the UserSessionModel.note map. + * @return String value being the name of stored user session note within the `UserSessionModel.note` map. * */ public Optional> sessionNote() { @@ -353,7 +353,7 @@ public Builder realmId(String realmId) { } /** - * @param sessionNote String value being the name of stored user session note within the UserSessionModel.note map. + * @param sessionNote String value being the name of stored user session note within the `UserSessionModel.note` map. * * @return builder * @@ -364,7 +364,7 @@ public Builder sessionNote(@Nullable Output sessionNote) { } /** - * @param sessionNote String value being the name of stored user session note within the UserSessionModel.note map. + * @param sessionNote String value being the name of stored user session note within the `UserSessionModel.note` map. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientState.java index 61aac3b3..2f21aacf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/ClientState.java @@ -710,14 +710,14 @@ public Optional>> validRedirectUris() { } /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * */ @Import(name="webOrigins") private @Nullable Output> webOrigins; /** - * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @return A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * */ public Optional>> webOrigins() { @@ -1771,7 +1771,7 @@ public Builder validRedirectUris(String... validRedirectUris) { } /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * * @return builder * @@ -1782,7 +1782,7 @@ public Builder webOrigins(@Nullable Output> webOrigins) { } /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * * @return builder * @@ -1792,7 +1792,7 @@ public Builder webOrigins(List webOrigins) { } /** - * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * @param webOrigins A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserPropertyProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserPropertyProtocolMapperState.java index 8ad253ce..ee23667f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserPropertyProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserPropertyProtocolMapperState.java @@ -152,14 +152,14 @@ public Optional> realmId() { } /** - * The built in user property (such as email) to map a claim for. + * The built-in user property (such as email) to map a claim for. * */ @Import(name="userProperty") private @Nullable Output userProperty; /** - * @return The built in user property (such as email) to map a claim for. + * @return The built-in user property (such as email) to map a claim for. * */ public Optional> userProperty() { @@ -389,7 +389,7 @@ public Builder realmId(String realmId) { } /** - * @param userProperty The built in user property (such as email) to map a claim for. + * @param userProperty The built-in user property (such as email) to map a claim for. * * @return builder * @@ -400,7 +400,7 @@ public Builder userProperty(@Nullable Output userProperty) { } /** - * @param userProperty The built in user property (such as email) to map a claim for. + * @param userProperty The built-in user property (such as email) to map a claim for. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserSessionNoteProtocolMapperState.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserSessionNoteProtocolMapperState.java index 2c49055e..dd8ccc0d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserSessionNoteProtocolMapperState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/inputs/UserSessionNoteProtocolMapperState.java @@ -137,14 +137,14 @@ public Optional> realmId() { } /** - * String value being the name of stored user session note within the UserSessionModel.note map. + * String value being the name of stored user session note within the `UserSessionModel.note` map. * */ @Import(name="sessionNote") private @Nullable Output sessionNote; /** - * @return String value being the name of stored user session note within the UserSessionModel.note map. + * @return String value being the name of stored user session note within the `UserSessionModel.note` map. * */ public Optional> sessionNote() { @@ -352,7 +352,7 @@ public Builder realmId(String realmId) { } /** - * @param sessionNote String value being the name of stored user session note within the UserSessionModel.note map. + * @param sessionNote String value being the name of stored user session note within the `UserSessionModel.note` map. * * @return builder * @@ -363,7 +363,7 @@ public Builder sessionNote(@Nullable Output sessionNote) { } /** - * @param sessionNote String value being the name of stored user session note within the UserSessionModel.note map. + * @param sessionNote String value being the name of stored user session note within the `UserSessionModel.note` map. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetAuthenticationExecutionResult.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetAuthenticationExecutionResult.java index a8e0e754..80db968b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetAuthenticationExecutionResult.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/GetAuthenticationExecutionResult.java @@ -5,6 +5,7 @@ import com.pulumi.core.annotations.CustomType; import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Integer; import java.lang.String; import java.util.Objects; @@ -16,6 +17,11 @@ public final class GetAuthenticationExecutionResult { */ private String id; private String parentFlowAlias; + /** + * @return (Computed) The authenticator priority. + * + */ + private Integer priority; private String providerId; private String realmId; @@ -30,6 +36,13 @@ public String id() { public String parentFlowAlias() { return this.parentFlowAlias; } + /** + * @return (Computed) The authenticator priority. + * + */ + public Integer priority() { + return this.priority; + } public String providerId() { return this.providerId; } @@ -48,6 +61,7 @@ public static Builder builder(GetAuthenticationExecutionResult defaults) { public static final class Builder { private String id; private String parentFlowAlias; + private Integer priority; private String providerId; private String realmId; public Builder() {} @@ -55,6 +69,7 @@ public Builder(GetAuthenticationExecutionResult defaults) { Objects.requireNonNull(defaults); this.id = defaults.id; this.parentFlowAlias = defaults.parentFlowAlias; + this.priority = defaults.priority; this.providerId = defaults.providerId; this.realmId = defaults.realmId; } @@ -76,6 +91,14 @@ public Builder parentFlowAlias(String parentFlowAlias) { return this; } @CustomType.Setter + public Builder priority(Integer priority) { + if (priority == null) { + throw new MissingRequiredPropertyException("GetAuthenticationExecutionResult", "priority"); + } + this.priority = priority; + return this; + } + @CustomType.Setter public Builder providerId(String providerId) { if (providerId == null) { throw new MissingRequiredPropertyException("GetAuthenticationExecutionResult", "providerId"); @@ -95,6 +118,7 @@ public GetAuthenticationExecutionResult build() { final var _resultValue = new GetAuthenticationExecutionResult(); _resultValue.id = id; _resultValue.parentFlowAlias = parentFlowAlias; + _resultValue.priority = priority; _resultValue.providerId = providerId; _resultValue.realmId = realmId; return _resultValue; diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPasswordlessPolicy.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPasswordlessPolicy.java index 060381b6..b7ca6c25 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPasswordlessPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPasswordlessPolicy.java @@ -40,7 +40,7 @@ public final class RealmWebAuthnPasswordlessPolicy { */ private @Nullable Integer createTimeout; /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @return A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * */ private @Nullable String relyingPartyEntityName; @@ -102,7 +102,7 @@ public Optional createTimeout() { return Optional.ofNullable(this.createTimeout); } /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @return A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * */ public Optional relyingPartyEntityName() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPolicy.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPolicy.java index eacce099..4f988723 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/RealmWebAuthnPolicy.java @@ -40,7 +40,7 @@ public final class RealmWebAuthnPolicy { */ private @Nullable Integer createTimeout; /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @return A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * */ private @Nullable String relyingPartyEntityName; @@ -102,7 +102,7 @@ public Optional createTimeout() { return Optional.ofNullable(this.createTimeout); } /** - * @return A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * @return A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. * */ public Optional relyingPartyEntityName() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserFederatedIdentity.java b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserFederatedIdentity.java index cce00e48..6c40027c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserFederatedIdentity.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/outputs/UserFederatedIdentity.java @@ -21,7 +21,7 @@ public final class UserFederatedIdentity { */ private String userId; /** - * @return The user name of the user defined in the identity provider + * @return The username of the user defined in the identity provider * */ private String userName; @@ -42,7 +42,7 @@ public String userId() { return this.userId; } /** - * @return The user name of the user defined in the identity provider + * @return The username of the user defined in the identity provider * */ public String userName() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java index 97471c54..05d4ae5b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java @@ -307,14 +307,14 @@ public Output internalId() { return this.internalId; } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Export(name="linkOnly", refs={Boolean.class}, tree="[0]") private Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Output> linkOnly() { @@ -377,14 +377,14 @@ public Output> postBindingLogout() { return Codegen.optional(this.postBindingLogout); } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * */ @Export(name="postBindingResponse", refs={Boolean.class}, tree="[0]") private Output postBindingResponse; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * */ public Output> postBindingResponse() { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProviderArgs.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProviderArgs.java index a34361a9..6b6f0ea8 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProviderArgs.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProviderArgs.java @@ -237,14 +237,14 @@ public Optional> hideOnLoginPage() { } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Import(name="linkOnly") private @Nullable Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Optional> linkOnly() { @@ -312,14 +312,14 @@ public Optional> postBindingLogout() { } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * */ @Import(name="postBindingResponse") private @Nullable Output postBindingResponse; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * */ public Optional> postBindingResponse() { @@ -950,7 +950,7 @@ public Builder hideOnLoginPage(Boolean hideOnLoginPage) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -961,7 +961,7 @@ public Builder linkOnly(@Nullable Output linkOnly) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -1055,7 +1055,7 @@ public Builder postBindingLogout(Boolean postBindingLogout) { } /** - * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * * @return builder * @@ -1066,7 +1066,7 @@ public Builder postBindingResponse(@Nullable Output postBindingResponse } /** - * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/IdentityProviderState.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/IdentityProviderState.java index be77fe39..721d2471 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/IdentityProviderState.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/inputs/IdentityProviderState.java @@ -251,14 +251,14 @@ public Optional> internalId() { } /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ @Import(name="linkOnly") private @Nullable Output linkOnly; /** - * @return When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @return When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * */ public Optional> linkOnly() { @@ -326,14 +326,14 @@ public Optional> postBindingLogout() { } /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * */ @Import(name="postBindingResponse") private @Nullable Output postBindingResponse; /** - * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @return Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * */ public Optional> postBindingResponse() { @@ -986,7 +986,7 @@ public Builder internalId(String internalId) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -997,7 +997,7 @@ public Builder linkOnly(@Nullable Output linkOnly) { } /** - * @param linkOnly When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * @param linkOnly When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. * * @return builder * @@ -1091,7 +1091,7 @@ public Builder postBindingLogout(Boolean postBindingLogout) { } /** - * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * * @return builder * @@ -1102,7 +1102,7 @@ public Builder postBindingResponse(@Nullable Output postBindingResponse } /** - * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * @param postBindingResponse Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. * * @return builder * diff --git a/sdk/nodejs/README.md b/sdk/nodejs/README.md index 3f0233a4..f814f415 100644 --- a/sdk/nodejs/README.md +++ b/sdk/nodejs/README.md @@ -1,4 +1,4 @@ -> This provider is a derived work of the [Terraform Provider](https://github.com/mrparkers/terraform-provider-keycloak) +> This provider is a derived work of the [Terraform Provider](https://github.com/keycloak/terraform-provider-keycloak) > distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature, > first check the [`pulumi-keycloak` repo](https://github.com/pulumi/pulumi-keycloak/issues); however, if that doesn't turn up anything, -> please consult the source [`terraform-provider-keycloak` repo](https://github.com/mrparkers/terraform-provider-keycloak/issues). +> please consult the source [`terraform-provider-keycloak` repo](https://github.com/keycloak/terraform-provider-keycloak/issues). diff --git a/sdk/nodejs/authentication/execution.ts b/sdk/nodejs/authentication/execution.ts index d3e68fd5..ebb4a142 100644 --- a/sdk/nodejs/authentication/execution.ts +++ b/sdk/nodejs/authentication/execution.ts @@ -10,7 +10,7 @@ import * as utilities from "../utilities"; * An authentication execution is an action that the user or service may or may not take when authenticating through an authentication * flow. * - * > Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `dependsOn`. Authentication executions that are created first will appear first within the flow. + * > Following limitation affects Keycloak < 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `dependsOn`. Authentication executions that are created first will appear first within the flow. * * ## Example Usage * @@ -32,6 +32,7 @@ import * as utilities from "../utilities"; * parentFlowAlias: flow.alias, * authenticator: "auth-cookie", * requirement: "ALTERNATIVE", + * priority: 10, * }); * // second execution * const executionTwo = new keycloak.authentication.Execution("execution_two", { @@ -39,8 +40,7 @@ import * as utilities from "../utilities"; * parentFlowAlias: flow.alias, * authenticator: "identity-provider-redirector", * requirement: "ALTERNATIVE", - * }, { - * dependsOn: [executionOne], + * priority: 20, * }); * ``` * @@ -92,6 +92,10 @@ export class Execution extends pulumi.CustomResource { * The alias of the flow this execution is attached to. */ public readonly parentFlowAlias!: pulumi.Output; + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + */ + public readonly priority!: pulumi.Output; /** * The realm the authentication execution exists in. */ @@ -116,6 +120,7 @@ export class Execution extends pulumi.CustomResource { const state = argsOrState as ExecutionState | undefined; resourceInputs["authenticator"] = state ? state.authenticator : undefined; resourceInputs["parentFlowAlias"] = state ? state.parentFlowAlias : undefined; + resourceInputs["priority"] = state ? state.priority : undefined; resourceInputs["realmId"] = state ? state.realmId : undefined; resourceInputs["requirement"] = state ? state.requirement : undefined; } else { @@ -131,6 +136,7 @@ export class Execution extends pulumi.CustomResource { } resourceInputs["authenticator"] = args ? args.authenticator : undefined; resourceInputs["parentFlowAlias"] = args ? args.parentFlowAlias : undefined; + resourceInputs["priority"] = args ? args.priority : undefined; resourceInputs["realmId"] = args ? args.realmId : undefined; resourceInputs["requirement"] = args ? args.requirement : undefined; } @@ -151,6 +157,10 @@ export interface ExecutionState { * The alias of the flow this execution is attached to. */ parentFlowAlias?: pulumi.Input; + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + */ + priority?: pulumi.Input; /** * The realm the authentication execution exists in. */ @@ -173,6 +183,10 @@ export interface ExecutionArgs { * The alias of the flow this execution is attached to. */ parentFlowAlias: pulumi.Input; + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + */ + priority?: pulumi.Input; /** * The realm the authentication execution exists in. */ diff --git a/sdk/nodejs/authentication/subflow.ts b/sdk/nodejs/authentication/subflow.ts index 68771e0a..6e0b08d1 100644 --- a/sdk/nodejs/authentication/subflow.ts +++ b/sdk/nodejs/authentication/subflow.ts @@ -30,6 +30,7 @@ import * as utilities from "../utilities"; * parentFlowAlias: flow.alias, * providerId: "basic-flow", * requirement: "ALTERNATIVE", + * priority: 10, * }); * ``` * @@ -100,6 +101,10 @@ export class Subflow extends pulumi.CustomResource { * The alias for the parent authentication flow. */ public readonly parentFlowAlias!: pulumi.Output; + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + */ + public readonly priority!: pulumi.Output; /** * The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` * and `client-flow`. Defaults to `basic-flow`. @@ -132,6 +137,7 @@ export class Subflow extends pulumi.CustomResource { resourceInputs["authenticator"] = state ? state.authenticator : undefined; resourceInputs["description"] = state ? state.description : undefined; resourceInputs["parentFlowAlias"] = state ? state.parentFlowAlias : undefined; + resourceInputs["priority"] = state ? state.priority : undefined; resourceInputs["providerId"] = state ? state.providerId : undefined; resourceInputs["realmId"] = state ? state.realmId : undefined; resourceInputs["requirement"] = state ? state.requirement : undefined; @@ -150,6 +156,7 @@ export class Subflow extends pulumi.CustomResource { resourceInputs["authenticator"] = args ? args.authenticator : undefined; resourceInputs["description"] = args ? args.description : undefined; resourceInputs["parentFlowAlias"] = args ? args.parentFlowAlias : undefined; + resourceInputs["priority"] = args ? args.priority : undefined; resourceInputs["providerId"] = args ? args.providerId : undefined; resourceInputs["realmId"] = args ? args.realmId : undefined; resourceInputs["requirement"] = args ? args.requirement : undefined; @@ -180,6 +187,10 @@ export interface SubflowState { * The alias for the parent authentication flow. */ parentFlowAlias?: pulumi.Input; + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + */ + priority?: pulumi.Input; /** * The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` * and `client-flow`. Defaults to `basic-flow`. @@ -217,6 +228,10 @@ export interface SubflowArgs { * The alias for the parent authentication flow. */ parentFlowAlias: pulumi.Input; + /** + * The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + */ + priority?: pulumi.Input; /** * The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` * and `client-flow`. Defaults to `basic-flow`. diff --git a/sdk/nodejs/customUserFederation.ts b/sdk/nodejs/customUserFederation.ts index 63a127f1..c972a93c 100644 --- a/sdk/nodejs/customUserFederation.ts +++ b/sdk/nodejs/customUserFederation.ts @@ -82,7 +82,7 @@ export class CustomUserFederation extends pulumi.CustomResource { */ public readonly changedSyncPeriod!: pulumi.Output; /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. */ public readonly config!: pulumi.Output<{[key: string]: string} | undefined>; /** @@ -174,7 +174,7 @@ export interface CustomUserFederationState { */ changedSyncPeriod?: pulumi.Input; /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. */ config?: pulumi.Input<{[key: string]: pulumi.Input}>; /** @@ -220,7 +220,7 @@ export interface CustomUserFederationArgs { */ changedSyncPeriod?: pulumi.Input; /** - * The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + * The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. */ config?: pulumi.Input<{[key: string]: pulumi.Input}>; /** diff --git a/sdk/nodejs/getAuthenticationExecution.ts b/sdk/nodejs/getAuthenticationExecution.ts index 89284411..c7d8ba46 100644 --- a/sdk/nodejs/getAuthenticationExecution.ts +++ b/sdk/nodejs/getAuthenticationExecution.ts @@ -60,6 +60,10 @@ export interface GetAuthenticationExecutionResult { */ readonly id: string; readonly parentFlowAlias: string; + /** + * (Computed) The authenticator priority. + */ + readonly priority: number; readonly providerId: string; readonly realmId: string; } diff --git a/sdk/nodejs/getClientDescriptionConverter.ts b/sdk/nodejs/getClientDescriptionConverter.ts index 9bd65def..f9040d16 100644 --- a/sdk/nodejs/getClientDescriptionConverter.ts +++ b/sdk/nodejs/getClientDescriptionConverter.ts @@ -7,7 +7,7 @@ import * as outputs from "./types/output"; import * as utilities from "./utilities"; /** - * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage @@ -126,7 +126,7 @@ export interface GetClientDescriptionConverterResult { readonly webOrigins: string[]; } /** - * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + * This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak * client. This data can then be used to manage the client within Keycloak. * * ## Example Usage diff --git a/sdk/nodejs/group.ts b/sdk/nodejs/group.ts index 5fb373b7..a0f7d277 100644 --- a/sdk/nodejs/group.ts +++ b/sdk/nodejs/group.ts @@ -88,7 +88,7 @@ export class Group extends pulumi.CustomResource { } /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars */ public readonly attributes!: pulumi.Output<{[key: string]: string} | undefined>; /** @@ -147,7 +147,7 @@ export class Group extends pulumi.CustomResource { */ export interface GroupState { /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars */ attributes?: pulumi.Input<{[key: string]: pulumi.Input}>; /** @@ -173,7 +173,7 @@ export interface GroupState { */ export interface GroupArgs { /** - * A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + * A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars */ attributes?: pulumi.Input<{[key: string]: pulumi.Input}>; /** diff --git a/sdk/nodejs/groupMemberships.ts b/sdk/nodejs/groupMemberships.ts index 50fa0e49..112e6e6f 100644 --- a/sdk/nodejs/groupMemberships.ts +++ b/sdk/nodejs/groupMemberships.ts @@ -52,7 +52,7 @@ import * as utilities from "./utilities"; * * as if it did not already exist on the server. * - * [1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships + * [1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships */ export class GroupMemberships extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/ldap/groupMapper.ts b/sdk/nodejs/ldap/groupMapper.ts index 136c31fc..3465599f 100644 --- a/sdk/nodejs/ldap/groupMapper.ts +++ b/sdk/nodejs/ldap/groupMapper.ts @@ -104,7 +104,7 @@ export class GroupMapper extends pulumi.CustomResource { */ public readonly groupObjectClasses!: pulumi.Output; /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. */ public readonly groupsLdapFilter!: pulumi.Output; /** @@ -259,7 +259,7 @@ export interface GroupMapperState { */ groupObjectClasses?: pulumi.Input[]>; /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. */ groupsLdapFilter?: pulumi.Input; /** @@ -337,7 +337,7 @@ export interface GroupMapperArgs { */ groupObjectClasses: pulumi.Input[]>; /** - * When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. */ groupsLdapFilter?: pulumi.Input; /** diff --git a/sdk/nodejs/ldap/roleMapper.ts b/sdk/nodejs/ldap/roleMapper.ts index c75dbaf0..16b7fa61 100644 --- a/sdk/nodejs/ldap/roleMapper.ts +++ b/sdk/nodejs/ldap/roleMapper.ts @@ -140,7 +140,7 @@ export class RoleMapper extends pulumi.CustomResource { */ public readonly roleObjectClasses!: pulumi.Output; /** - * When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. */ public readonly rolesLdapFilter!: pulumi.Output; /** @@ -277,7 +277,7 @@ export interface RoleMapperState { */ roleObjectClasses?: pulumi.Input[]>; /** - * When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. */ rolesLdapFilter?: pulumi.Input; /** @@ -343,7 +343,7 @@ export interface RoleMapperArgs { */ roleObjectClasses: pulumi.Input[]>; /** - * When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + * When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. */ rolesLdapFilter?: pulumi.Input; /** diff --git a/sdk/nodejs/ldap/userAttributeMapper.ts b/sdk/nodejs/ldap/userAttributeMapper.ts index b0219dff..0fdccabc 100644 --- a/sdk/nodejs/ldap/userAttributeMapper.ts +++ b/sdk/nodejs/ldap/userAttributeMapper.ts @@ -95,6 +95,10 @@ export class UserAttributeMapper extends pulumi.CustomResource { * Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. */ public readonly attributeDefaultValue!: pulumi.Output; + /** + * When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + */ + public readonly attributeForceDefault!: pulumi.Output; /** * Should be true for binary LDAP attributes. */ @@ -143,6 +147,7 @@ export class UserAttributeMapper extends pulumi.CustomResource { const state = argsOrState as UserAttributeMapperState | undefined; resourceInputs["alwaysReadValueFromLdap"] = state ? state.alwaysReadValueFromLdap : undefined; resourceInputs["attributeDefaultValue"] = state ? state.attributeDefaultValue : undefined; + resourceInputs["attributeForceDefault"] = state ? state.attributeForceDefault : undefined; resourceInputs["isBinaryAttribute"] = state ? state.isBinaryAttribute : undefined; resourceInputs["isMandatoryInLdap"] = state ? state.isMandatoryInLdap : undefined; resourceInputs["ldapAttribute"] = state ? state.ldapAttribute : undefined; @@ -167,6 +172,7 @@ export class UserAttributeMapper extends pulumi.CustomResource { } resourceInputs["alwaysReadValueFromLdap"] = args ? args.alwaysReadValueFromLdap : undefined; resourceInputs["attributeDefaultValue"] = args ? args.attributeDefaultValue : undefined; + resourceInputs["attributeForceDefault"] = args ? args.attributeForceDefault : undefined; resourceInputs["isBinaryAttribute"] = args ? args.isBinaryAttribute : undefined; resourceInputs["isMandatoryInLdap"] = args ? args.isMandatoryInLdap : undefined; resourceInputs["ldapAttribute"] = args ? args.ldapAttribute : undefined; @@ -193,6 +199,10 @@ export interface UserAttributeMapperState { * Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. */ attributeDefaultValue?: pulumi.Input; + /** + * When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + */ + attributeForceDefault?: pulumi.Input; /** * Should be true for binary LDAP attributes. */ @@ -239,6 +249,10 @@ export interface UserAttributeMapperArgs { * Default value to set in LDAP if `isMandatoryInLdap` is true and the value is empty. */ attributeDefaultValue?: pulumi.Input; + /** + * When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + */ + attributeForceDefault?: pulumi.Input; /** * Should be true for binary LDAP attributes. */ diff --git a/sdk/nodejs/oidc/googleIdentityProvider.ts b/sdk/nodejs/oidc/googleIdentityProvider.ts index d2952925..3714ad21 100644 --- a/sdk/nodejs/oidc/googleIdentityProvider.ts +++ b/sdk/nodejs/oidc/googleIdentityProvider.ts @@ -134,7 +134,7 @@ export class GoogleIdentityProvider extends pulumi.CustomResource { */ public /*out*/ readonly internalId!: pulumi.Output; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ public readonly linkOnly!: pulumi.Output; /** @@ -318,7 +318,7 @@ export interface GoogleIdentityProviderState { */ internalId?: pulumi.Input; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ linkOnly?: pulumi.Input; /** @@ -409,7 +409,7 @@ export interface GoogleIdentityProviderArgs { */ hostedDomain?: pulumi.Input; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ linkOnly?: pulumi.Input; /** diff --git a/sdk/nodejs/oidc/identityProvider.ts b/sdk/nodejs/oidc/identityProvider.ts index e4caece0..eb629a21 100644 --- a/sdk/nodejs/oidc/identityProvider.ts +++ b/sdk/nodejs/oidc/identityProvider.ts @@ -81,7 +81,7 @@ export class IdentityProvider extends pulumi.CustomResource { */ public readonly addReadTokenRoleOnCreate!: pulumi.Output; /** - * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. */ public readonly alias!: pulumi.Output; /** @@ -146,7 +146,7 @@ export class IdentityProvider extends pulumi.CustomResource { */ public readonly jwksUrl!: pulumi.Output; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ public readonly linkOnly!: pulumi.Output; /** @@ -154,7 +154,7 @@ export class IdentityProvider extends pulumi.CustomResource { */ public readonly loginHint!: pulumi.Output; /** - * The Logout URL is the end session endpoint to use to logout user from external identity provider. + * The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. */ public readonly logoutUrl!: pulumi.Output; /** @@ -316,7 +316,7 @@ export interface IdentityProviderState { */ addReadTokenRoleOnCreate?: pulumi.Input; /** - * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. */ alias?: pulumi.Input; /** @@ -381,7 +381,7 @@ export interface IdentityProviderState { */ jwksUrl?: pulumi.Input; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ linkOnly?: pulumi.Input; /** @@ -389,7 +389,7 @@ export interface IdentityProviderState { */ loginHint?: pulumi.Input; /** - * The Logout URL is the end session endpoint to use to logout user from external identity provider. + * The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. */ logoutUrl?: pulumi.Input; /** @@ -447,7 +447,7 @@ export interface IdentityProviderArgs { */ addReadTokenRoleOnCreate?: pulumi.Input; /** - * The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + * The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. */ alias: pulumi.Input; /** @@ -508,7 +508,7 @@ export interface IdentityProviderArgs { */ jwksUrl?: pulumi.Input; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ linkOnly?: pulumi.Input; /** @@ -516,7 +516,7 @@ export interface IdentityProviderArgs { */ loginHint?: pulumi.Input; /** - * The Logout URL is the end session endpoint to use to logout user from external identity provider. + * The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. */ logoutUrl?: pulumi.Input; /** diff --git a/sdk/nodejs/openid/audienceProtocolMapper.ts b/sdk/nodejs/openid/audienceProtocolMapper.ts index 39ba62bb..c75cd8b4 100644 --- a/sdk/nodejs/openid/audienceProtocolMapper.ts +++ b/sdk/nodejs/openid/audienceProtocolMapper.ts @@ -7,7 +7,7 @@ import * as utilities from "../utilities"; /** * Allows for creating and managing audience protocol mappers within Keycloak. * - * Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom + * Audience protocol mappers allow you to add audiences to the `aud` claim within issued tokens. The audience can be a custom * string, or it can be mapped to the ID of a pre-existing client. * * ## Example Usage diff --git a/sdk/nodejs/openid/client.ts b/sdk/nodejs/openid/client.ts index 62e13ab1..f6201ec9 100644 --- a/sdk/nodejs/openid/client.ts +++ b/sdk/nodejs/openid/client.ts @@ -269,7 +269,7 @@ export class Client extends pulumi.CustomResource { */ public readonly validRedirectUris!: pulumi.Output; /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. */ public readonly webOrigins!: pulumi.Output; @@ -590,7 +590,7 @@ export interface ClientState { */ validRedirectUris?: pulumi.Input[]>; /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. */ webOrigins?: pulumi.Input[]>; } @@ -780,7 +780,7 @@ export interface ClientArgs { */ validRedirectUris?: pulumi.Input[]>; /** - * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + * A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. */ webOrigins?: pulumi.Input[]>; } diff --git a/sdk/nodejs/openid/userPropertyProtocolMapper.ts b/sdk/nodejs/openid/userPropertyProtocolMapper.ts index d3562ded..9cafd840 100644 --- a/sdk/nodejs/openid/userPropertyProtocolMapper.ts +++ b/sdk/nodejs/openid/userPropertyProtocolMapper.ts @@ -150,7 +150,7 @@ export class UserPropertyProtocolMapper extends pulumi.CustomResource { */ public readonly realmId!: pulumi.Output; /** - * The built in user property (such as email) to map a claim for. + * The built-in user property (such as email) to map a claim for. */ public readonly userProperty!: pulumi.Output; @@ -245,7 +245,7 @@ export interface UserPropertyProtocolMapperState { */ realmId?: pulumi.Input; /** - * The built in user property (such as email) to map a claim for. + * The built-in user property (such as email) to map a claim for. */ userProperty?: pulumi.Input; } @@ -291,7 +291,7 @@ export interface UserPropertyProtocolMapperArgs { */ realmId: pulumi.Input; /** - * The built in user property (such as email) to map a claim for. + * The built-in user property (such as email) to map a claim for. */ userProperty: pulumi.Input; } diff --git a/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts b/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts index 2f485f25..4b9fab4b 100644 --- a/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts +++ b/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts @@ -147,7 +147,7 @@ export class UserSessionNoteProtocolMapper extends pulumi.CustomResource { */ public readonly realmId!: pulumi.Output; /** - * String value being the name of stored user session note within the UserSessionModel.note map. + * String value being the name of stored user session note within the `UserSessionModel.note` map. */ public readonly sessionNote!: pulumi.Output; @@ -233,7 +233,7 @@ export interface UserSessionNoteProtocolMapperState { */ realmId?: pulumi.Input; /** - * String value being the name of stored user session note within the UserSessionModel.note map. + * String value being the name of stored user session note within the `UserSessionModel.note` map. */ sessionNote?: pulumi.Input; } @@ -275,7 +275,7 @@ export interface UserSessionNoteProtocolMapperArgs { */ realmId: pulumi.Input; /** - * String value being the name of stored user session note within the UserSessionModel.note map. + * String value being the name of stored user session note within the `UserSessionModel.note` map. */ sessionNote?: pulumi.Input; } diff --git a/sdk/nodejs/realm.ts b/sdk/nodejs/realm.ts index cb9a0447..bd9ec3cc 100644 --- a/sdk/nodejs/realm.ts +++ b/sdk/nodejs/realm.ts @@ -79,8 +79,8 @@ import * as utilities from "./utilities"; * * ## Default Client Scopes * - * - `defaultDefaultClientScopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - * - `defaultOptionalClientScopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. + * - `defaultDefaultClientScopes` - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`. + * - `defaultOptionalClientScopes` - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`. * * ## Import * diff --git a/sdk/nodejs/realmUserProfile.ts b/sdk/nodejs/realmUserProfile.ts index a8449abd..385fe4d9 100644 --- a/sdk/nodejs/realmUserProfile.ts +++ b/sdk/nodejs/realmUserProfile.ts @@ -10,11 +10,8 @@ import * as utilities from "./utilities"; * Allows for managing Realm User Profiles within Keycloak. * * A user profile defines a schema for representing user attributes and how they are managed within a realm. - * This is a preview feature, hence not fully supported and disabled by default. - * To enable it, start the server with one of the following flags: - * - WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled` - * - Quarkus distribution: `--features=preview` or `--features=declarative-user-profile` * + * Information for Keycloak versions < 24: * The realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled. * It can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`. * @@ -24,14 +21,10 @@ import * as utilities from "./utilities"; * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * attributes: { - * userProfileEnabled: "true", - * }, - * }); + * const realm = new keycloak.Realm("realm", {realm: "my-realm"}); * const userprofile = new keycloak.RealmUserProfile("userprofile", { * realmId: myRealm.id, + * unmanagedAttributePolicy: "ENABLED", * attributes: [ * { * name: "field1", @@ -144,6 +137,10 @@ export class RealmUserProfile extends pulumi.CustomResource { * The ID of the realm the user profile applies to. */ public readonly realmId!: pulumi.Output; + /** + * Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + */ + public readonly unmanagedAttributePolicy!: pulumi.Output; /** * Create a RealmUserProfile resource with the given unique name, arguments, and options. @@ -161,6 +158,7 @@ export class RealmUserProfile extends pulumi.CustomResource { resourceInputs["attributes"] = state ? state.attributes : undefined; resourceInputs["groups"] = state ? state.groups : undefined; resourceInputs["realmId"] = state ? state.realmId : undefined; + resourceInputs["unmanagedAttributePolicy"] = state ? state.unmanagedAttributePolicy : undefined; } else { const args = argsOrState as RealmUserProfileArgs | undefined; if ((!args || args.realmId === undefined) && !opts.urn) { @@ -169,6 +167,7 @@ export class RealmUserProfile extends pulumi.CustomResource { resourceInputs["attributes"] = args ? args.attributes : undefined; resourceInputs["groups"] = args ? args.groups : undefined; resourceInputs["realmId"] = args ? args.realmId : undefined; + resourceInputs["unmanagedAttributePolicy"] = args ? args.unmanagedAttributePolicy : undefined; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(RealmUserProfile.__pulumiType, name, resourceInputs, opts); @@ -191,6 +190,10 @@ export interface RealmUserProfileState { * The ID of the realm the user profile applies to. */ realmId?: pulumi.Input; + /** + * Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + */ + unmanagedAttributePolicy?: pulumi.Input; } /** @@ -209,4 +212,8 @@ export interface RealmUserProfileArgs { * The ID of the realm the user profile applies to. */ realmId: pulumi.Input; + /** + * Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + */ + unmanagedAttributePolicy?: pulumi.Input; } diff --git a/sdk/nodejs/role.ts b/sdk/nodejs/role.ts index 085049e1..f2092d78 100644 --- a/sdk/nodejs/role.ts +++ b/sdk/nodejs/role.ts @@ -7,7 +7,7 @@ import * as utilities from "./utilities"; /** * Allows for creating and managing roles within Keycloak. * - * Roles allow you define privileges within Keycloak and map them to users and groups. + * Roles allow you to define privileges within Keycloak and map them to users and groups. * * ## Example Usage * @@ -179,7 +179,7 @@ export class Role extends pulumi.CustomResource { /** * A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars */ - public readonly attributes!: pulumi.Output<{[key: string]: string} | undefined>; + public readonly attributes!: pulumi.Output<{[key: string]: string}>; /** * When specified, this role will be created as a client role attached to the client with the provided ID */ @@ -187,11 +187,15 @@ export class Role extends pulumi.CustomResource { /** * When specified, this role will be a composite role, composed of all roles that have an ID present within this list. */ - public readonly compositeRoles!: pulumi.Output; + public readonly compositeRoles!: pulumi.Output; /** * The description of the role */ - public readonly description!: pulumi.Output; + public readonly description!: pulumi.Output; + /** + * When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + */ + public readonly import!: pulumi.Output; /** * The name of the role */ @@ -218,6 +222,7 @@ export class Role extends pulumi.CustomResource { resourceInputs["clientId"] = state ? state.clientId : undefined; resourceInputs["compositeRoles"] = state ? state.compositeRoles : undefined; resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["import"] = state ? state.import : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["realmId"] = state ? state.realmId : undefined; } else { @@ -229,6 +234,7 @@ export class Role extends pulumi.CustomResource { resourceInputs["clientId"] = args ? args.clientId : undefined; resourceInputs["compositeRoles"] = args ? args.compositeRoles : undefined; resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["import"] = args ? args.import : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["realmId"] = args ? args.realmId : undefined; } @@ -257,6 +263,10 @@ export interface RoleState { * The description of the role */ description?: pulumi.Input; + /** + * When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + */ + import?: pulumi.Input; /** * The name of the role */ @@ -287,6 +297,10 @@ export interface RoleArgs { * The description of the role */ description?: pulumi.Input; + /** + * When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + */ + import?: pulumi.Input; /** * The name of the role */ diff --git a/sdk/nodejs/saml/identityProvider.ts b/sdk/nodejs/saml/identityProvider.ts index f3946598..8817a190 100644 --- a/sdk/nodejs/saml/identityProvider.ts +++ b/sdk/nodejs/saml/identityProvider.ts @@ -137,7 +137,7 @@ export class IdentityProvider extends pulumi.CustomResource { */ public /*out*/ readonly internalId!: pulumi.Output; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ public readonly linkOnly!: pulumi.Output; /** @@ -157,7 +157,7 @@ export class IdentityProvider extends pulumi.CustomResource { */ public readonly postBindingLogout!: pulumi.Output; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. */ public readonly postBindingResponse!: pulumi.Output; /** @@ -400,7 +400,7 @@ export interface IdentityProviderState { */ internalId?: pulumi.Input; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ linkOnly?: pulumi.Input; /** @@ -420,7 +420,7 @@ export interface IdentityProviderState { */ postBindingLogout?: pulumi.Input; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. */ postBindingResponse?: pulumi.Input; /** @@ -551,7 +551,7 @@ export interface IdentityProviderArgs { */ hideOnLoginPage?: pulumi.Input; /** - * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + * When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. */ linkOnly?: pulumi.Input; /** @@ -571,7 +571,7 @@ export interface IdentityProviderArgs { */ postBindingLogout?: pulumi.Input; /** - * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. */ postBindingResponse?: pulumi.Input; /** diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index f2f20440..9494f94a 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -511,7 +511,7 @@ export interface RealmWebAuthnPasswordlessPolicy { */ createTimeout?: pulumi.Input; /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. */ relyingPartyEntityName?: pulumi.Input; /** @@ -554,7 +554,7 @@ export interface RealmWebAuthnPolicy { */ createTimeout?: pulumi.Input; /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. */ relyingPartyEntityName?: pulumi.Input; /** @@ -585,7 +585,7 @@ export interface UserFederatedIdentity { */ userId: pulumi.Input; /** - * The user name of the user defined in the identity provider + * The username of the user defined in the identity provider */ userName: pulumi.Input; } diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index f088b39e..912d914a 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -440,7 +440,7 @@ export interface RealmWebAuthnPasswordlessPolicy { */ createTimeout?: number; /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. */ relyingPartyEntityName?: string; /** @@ -483,7 +483,7 @@ export interface RealmWebAuthnPolicy { */ createTimeout?: number; /** - * A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + * A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. */ relyingPartyEntityName?: string; /** @@ -514,7 +514,7 @@ export interface UserFederatedIdentity { */ userId: string; /** - * The user name of the user defined in the identity provider + * The username of the user defined in the identity provider */ userName: string; } diff --git a/sdk/nodejs/user.ts b/sdk/nodejs/user.ts index ea6492db..4e7fcad9 100644 --- a/sdk/nodejs/user.ts +++ b/sdk/nodejs/user.ts @@ -115,6 +115,10 @@ export class User extends pulumi.CustomResource { * The user's first name. */ public readonly firstName!: pulumi.Output; + /** + * When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + */ + public readonly import!: pulumi.Output; /** * When given, the user's initial password will be set. This attribute is only respected during initial user creation. */ @@ -155,6 +159,7 @@ export class User extends pulumi.CustomResource { resourceInputs["enabled"] = state ? state.enabled : undefined; resourceInputs["federatedIdentities"] = state ? state.federatedIdentities : undefined; resourceInputs["firstName"] = state ? state.firstName : undefined; + resourceInputs["import"] = state ? state.import : undefined; resourceInputs["initialPassword"] = state ? state.initialPassword : undefined; resourceInputs["lastName"] = state ? state.lastName : undefined; resourceInputs["realmId"] = state ? state.realmId : undefined; @@ -174,6 +179,7 @@ export class User extends pulumi.CustomResource { resourceInputs["enabled"] = args ? args.enabled : undefined; resourceInputs["federatedIdentities"] = args ? args.federatedIdentities : undefined; resourceInputs["firstName"] = args ? args.firstName : undefined; + resourceInputs["import"] = args ? args.import : undefined; resourceInputs["initialPassword"] = args ? args.initialPassword : undefined; resourceInputs["lastName"] = args ? args.lastName : undefined; resourceInputs["realmId"] = args ? args.realmId : undefined; @@ -213,6 +219,10 @@ export interface UserState { * The user's first name. */ firstName?: pulumi.Input; + /** + * When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + */ + import?: pulumi.Input; /** * When given, the user's initial password will be set. This attribute is only respected during initial user creation. */ @@ -263,6 +273,10 @@ export interface UserArgs { * The user's first name. */ firstName?: pulumi.Input; + /** + * When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + */ + import?: pulumi.Input; /** * When given, the user's initial password will be set. This attribute is only respected during initial user creation. */ diff --git a/sdk/python/README.md b/sdk/python/README.md index 62dc8632..8556d880 100644 --- a/sdk/python/README.md +++ b/sdk/python/README.md @@ -35,7 +35,7 @@ To use from Python, install using `pip`: To use from Go, use `go get` to grab the latest version of the library - $ go get github.com/pulumi/pulumi-keycloak/sdk/v5 + $ go get github.com/pulumi/pulumi-keycloak/sdk/v6 ### .NET diff --git a/sdk/python/pulumi_keycloak/README.md b/sdk/python/pulumi_keycloak/README.md index 6bb37d0e..030ca775 100644 --- a/sdk/python/pulumi_keycloak/README.md +++ b/sdk/python/pulumi_keycloak/README.md @@ -1,4 +1,4 @@ -> This provider is a derived work of the [Terraform Provider](https://github.com/mrparkers/terraform-provider-keycloak) +> This provider is a derived work of the [Terraform Provider](https://github.com/keycloak/terraform-provider-keycloak) > distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature, > first check the [`pulumi-keycloak` repo](https://github.com/pulumi/pulumi-keycloak/issues); however, if that doesn't turn up anything, -> please consult the source [`terraform-provider-keycloak` repo](https://github.com/mrparkers/terraform-provider-keycloak/issues). \ No newline at end of file +> please consult the source [`terraform-provider-keycloak` repo](https://github.com/keycloak/terraform-provider-keycloak/issues). \ No newline at end of file diff --git a/sdk/python/pulumi_keycloak/_inputs.py b/sdk/python/pulumi_keycloak/_inputs.py index 17a9f047..530c3f16 100644 --- a/sdk/python/pulumi_keycloak/_inputs.py +++ b/sdk/python/pulumi_keycloak/_inputs.py @@ -1504,7 +1504,7 @@ class RealmWebAuthnPasswordlessPolicyArgsDict(TypedDict): """ relying_party_entity_name: NotRequired[pulumi.Input[str]] """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. """ relying_party_id: NotRequired[pulumi.Input[str]] """ @@ -1544,7 +1544,7 @@ def __init__(__self__, *, :param pulumi.Input[str] authenticator_attachment: Either platform or cross-platform :param pulumi.Input[bool] avoid_same_authenticator_register: When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. :param pulumi.Input[int] create_timeout: The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - :param pulumi.Input[str] relying_party_entity_name: A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + :param pulumi.Input[str] relying_party_entity_name: A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. :param pulumi.Input[str] relying_party_id: The WebAuthn relying party ID. :param pulumi.Input[str] require_resident_key: Either Yes or No :param pulumi.Input[Sequence[pulumi.Input[str]]] signature_algorithms: Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing @@ -1635,7 +1635,7 @@ def create_timeout(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="relyingPartyEntityName") def relying_party_entity_name(self) -> Optional[pulumi.Input[str]]: """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. """ return pulumi.get(self, "relying_party_entity_name") @@ -1716,7 +1716,7 @@ class RealmWebAuthnPolicyArgsDict(TypedDict): """ relying_party_entity_name: NotRequired[pulumi.Input[str]] """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. """ relying_party_id: NotRequired[pulumi.Input[str]] """ @@ -1756,7 +1756,7 @@ def __init__(__self__, *, :param pulumi.Input[str] authenticator_attachment: Either platform or cross-platform :param pulumi.Input[bool] avoid_same_authenticator_register: When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. :param pulumi.Input[int] create_timeout: The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - :param pulumi.Input[str] relying_party_entity_name: A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + :param pulumi.Input[str] relying_party_entity_name: A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. :param pulumi.Input[str] relying_party_id: The WebAuthn relying party ID. :param pulumi.Input[str] require_resident_key: Either Yes or No :param pulumi.Input[Sequence[pulumi.Input[str]]] signature_algorithms: Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing @@ -1847,7 +1847,7 @@ def create_timeout(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="relyingPartyEntityName") def relying_party_entity_name(self) -> Optional[pulumi.Input[str]]: """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. """ return pulumi.get(self, "relying_party_entity_name") @@ -1916,7 +1916,7 @@ class UserFederatedIdentityArgsDict(TypedDict): """ user_name: pulumi.Input[str] """ - The user name of the user defined in the identity provider + The username of the user defined in the identity provider """ elif False: UserFederatedIdentityArgsDict: TypeAlias = Mapping[str, Any] @@ -1930,7 +1930,7 @@ def __init__(__self__, *, """ :param pulumi.Input[str] identity_provider: The name of the identity provider :param pulumi.Input[str] user_id: The ID of the user defined in the identity provider - :param pulumi.Input[str] user_name: The user name of the user defined in the identity provider + :param pulumi.Input[str] user_name: The username of the user defined in the identity provider """ pulumi.set(__self__, "identity_provider", identity_provider) pulumi.set(__self__, "user_id", user_id) @@ -1964,7 +1964,7 @@ def user_id(self, value: pulumi.Input[str]): @pulumi.getter(name="userName") def user_name(self) -> pulumi.Input[str]: """ - The user name of the user defined in the identity provider + The username of the user defined in the identity provider """ return pulumi.get(self, "user_name") diff --git a/sdk/python/pulumi_keycloak/authentication/execution.py b/sdk/python/pulumi_keycloak/authentication/execution.py index 5ccdbe43..37f6ae5a 100644 --- a/sdk/python/pulumi_keycloak/authentication/execution.py +++ b/sdk/python/pulumi_keycloak/authentication/execution.py @@ -22,17 +22,21 @@ def __init__(__self__, *, authenticator: pulumi.Input[str], parent_flow_alias: pulumi.Input[str], realm_id: pulumi.Input[str], + priority: Optional[pulumi.Input[int]] = None, requirement: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a Execution resource. :param pulumi.Input[str] authenticator: The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools. :param pulumi.Input[str] parent_flow_alias: The alias of the flow this execution is attached to. :param pulumi.Input[str] realm_id: The realm the authentication execution exists in. + :param pulumi.Input[int] priority: The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). :param pulumi.Input[str] requirement: The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. """ pulumi.set(__self__, "authenticator", authenticator) pulumi.set(__self__, "parent_flow_alias", parent_flow_alias) pulumi.set(__self__, "realm_id", realm_id) + if priority is not None: + pulumi.set(__self__, "priority", priority) if requirement is not None: pulumi.set(__self__, "requirement", requirement) @@ -72,6 +76,18 @@ def realm_id(self) -> pulumi.Input[str]: def realm_id(self, value: pulumi.Input[str]): pulumi.set(self, "realm_id", value) + @property + @pulumi.getter + def priority(self) -> Optional[pulumi.Input[int]]: + """ + The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + """ + return pulumi.get(self, "priority") + + @priority.setter + def priority(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "priority", value) + @property @pulumi.getter def requirement(self) -> Optional[pulumi.Input[str]]: @@ -90,12 +106,14 @@ class _ExecutionState: def __init__(__self__, *, authenticator: Optional[pulumi.Input[str]] = None, parent_flow_alias: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, realm_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering Execution resources. :param pulumi.Input[str] authenticator: The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools. :param pulumi.Input[str] parent_flow_alias: The alias of the flow this execution is attached to. + :param pulumi.Input[int] priority: The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). :param pulumi.Input[str] realm_id: The realm the authentication execution exists in. :param pulumi.Input[str] requirement: The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. """ @@ -103,6 +121,8 @@ def __init__(__self__, *, pulumi.set(__self__, "authenticator", authenticator) if parent_flow_alias is not None: pulumi.set(__self__, "parent_flow_alias", parent_flow_alias) + if priority is not None: + pulumi.set(__self__, "priority", priority) if realm_id is not None: pulumi.set(__self__, "realm_id", realm_id) if requirement is not None: @@ -132,6 +152,18 @@ def parent_flow_alias(self) -> Optional[pulumi.Input[str]]: def parent_flow_alias(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "parent_flow_alias", value) + @property + @pulumi.getter + def priority(self) -> Optional[pulumi.Input[int]]: + """ + The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + """ + return pulumi.get(self, "priority") + + @priority.setter + def priority(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "priority", value) + @property @pulumi.getter(name="realmId") def realm_id(self) -> Optional[pulumi.Input[str]]: @@ -164,6 +196,7 @@ def __init__(__self__, opts: Optional[pulumi.ResourceOptions] = None, authenticator: Optional[pulumi.Input[str]] = None, parent_flow_alias: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, realm_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None, __props__=None): @@ -173,7 +206,7 @@ def __init__(__self__, An authentication execution is an action that the user or service may or may not take when authenticating through an authentication flow. - > Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. + > Following limitation affects Keycloak < 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. ## Example Usage @@ -192,14 +225,15 @@ def __init__(__self__, realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="auth-cookie", - requirement="ALTERNATIVE") + requirement="ALTERNATIVE", + priority=10) # second execution execution_two = keycloak.authentication.Execution("execution_two", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="identity-provider-redirector", requirement="ALTERNATIVE", - opts = pulumi.ResourceOptions(depends_on=[execution_one])) + priority=20) ``` ## Import @@ -218,6 +252,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] authenticator: The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools. :param pulumi.Input[str] parent_flow_alias: The alias of the flow this execution is attached to. + :param pulumi.Input[int] priority: The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). :param pulumi.Input[str] realm_id: The realm the authentication execution exists in. :param pulumi.Input[str] requirement: The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. """ @@ -233,7 +268,7 @@ def __init__(__self__, An authentication execution is an action that the user or service may or may not take when authenticating through an authentication flow. - > Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. + > Following limitation affects Keycloak < 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow. ## Example Usage @@ -252,14 +287,15 @@ def __init__(__self__, realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="auth-cookie", - requirement="ALTERNATIVE") + requirement="ALTERNATIVE", + priority=10) # second execution execution_two = keycloak.authentication.Execution("execution_two", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="identity-provider-redirector", requirement="ALTERNATIVE", - opts = pulumi.ResourceOptions(depends_on=[execution_one])) + priority=20) ``` ## Import @@ -291,6 +327,7 @@ def _internal_init(__self__, opts: Optional[pulumi.ResourceOptions] = None, authenticator: Optional[pulumi.Input[str]] = None, parent_flow_alias: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, realm_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None, __props__=None): @@ -308,6 +345,7 @@ def _internal_init(__self__, if parent_flow_alias is None and not opts.urn: raise TypeError("Missing required property 'parent_flow_alias'") __props__.__dict__["parent_flow_alias"] = parent_flow_alias + __props__.__dict__["priority"] = priority if realm_id is None and not opts.urn: raise TypeError("Missing required property 'realm_id'") __props__.__dict__["realm_id"] = realm_id @@ -324,6 +362,7 @@ def get(resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, authenticator: Optional[pulumi.Input[str]] = None, parent_flow_alias: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, realm_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None) -> 'Execution': """ @@ -335,6 +374,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] authenticator: The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools. :param pulumi.Input[str] parent_flow_alias: The alias of the flow this execution is attached to. + :param pulumi.Input[int] priority: The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). :param pulumi.Input[str] realm_id: The realm the authentication execution exists in. :param pulumi.Input[str] requirement: The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`. """ @@ -344,6 +384,7 @@ def get(resource_name: str, __props__.__dict__["authenticator"] = authenticator __props__.__dict__["parent_flow_alias"] = parent_flow_alias + __props__.__dict__["priority"] = priority __props__.__dict__["realm_id"] = realm_id __props__.__dict__["requirement"] = requirement return Execution(resource_name, opts=opts, __props__=__props__) @@ -364,6 +405,14 @@ def parent_flow_alias(self) -> pulumi.Output[str]: """ return pulumi.get(self, "parent_flow_alias") + @property + @pulumi.getter + def priority(self) -> pulumi.Output[Optional[int]]: + """ + The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + """ + return pulumi.get(self, "priority") + @property @pulumi.getter(name="realmId") def realm_id(self) -> pulumi.Output[str]: diff --git a/sdk/python/pulumi_keycloak/authentication/subflow.py b/sdk/python/pulumi_keycloak/authentication/subflow.py index 4cde07b0..c7c5f396 100644 --- a/sdk/python/pulumi_keycloak/authentication/subflow.py +++ b/sdk/python/pulumi_keycloak/authentication/subflow.py @@ -24,6 +24,7 @@ def __init__(__self__, *, realm_id: pulumi.Input[str], authenticator: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, provider_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None): """ @@ -34,6 +35,7 @@ def __init__(__self__, *, :param pulumi.Input[str] authenticator: The name of the authenticator. Might be needed to be set with certain custom subflows with specific authenticators. In general this will remain empty. :param pulumi.Input[str] description: A description for the authentication subflow. + :param pulumi.Input[int] priority: The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). :param pulumi.Input[str] provider_id: The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` and `client-flow`. Defaults to `basic-flow`. :param pulumi.Input[str] requirement: The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, @@ -46,6 +48,8 @@ def __init__(__self__, *, pulumi.set(__self__, "authenticator", authenticator) if description is not None: pulumi.set(__self__, "description", description) + if priority is not None: + pulumi.set(__self__, "priority", priority) if provider_id is not None: pulumi.set(__self__, "provider_id", provider_id) if requirement is not None: @@ -112,6 +116,18 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter + def priority(self) -> Optional[pulumi.Input[int]]: + """ + The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + """ + return pulumi.get(self, "priority") + + @priority.setter + def priority(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "priority", value) + @property @pulumi.getter(name="providerId") def provider_id(self) -> Optional[pulumi.Input[str]]: @@ -146,6 +162,7 @@ def __init__(__self__, *, authenticator: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, parent_flow_alias: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, provider_id: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None): @@ -156,6 +173,7 @@ def __init__(__self__, *, authenticators. In general this will remain empty. :param pulumi.Input[str] description: A description for the authentication subflow. :param pulumi.Input[str] parent_flow_alias: The alias for the parent authentication flow. + :param pulumi.Input[int] priority: The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). :param pulumi.Input[str] provider_id: The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` and `client-flow`. Defaults to `basic-flow`. :param pulumi.Input[str] realm_id: The realm that the authentication subflow exists in. @@ -170,6 +188,8 @@ def __init__(__self__, *, pulumi.set(__self__, "description", description) if parent_flow_alias is not None: pulumi.set(__self__, "parent_flow_alias", parent_flow_alias) + if priority is not None: + pulumi.set(__self__, "priority", priority) if provider_id is not None: pulumi.set(__self__, "provider_id", provider_id) if realm_id is not None: @@ -226,6 +246,18 @@ def parent_flow_alias(self) -> Optional[pulumi.Input[str]]: def parent_flow_alias(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "parent_flow_alias", value) + @property + @pulumi.getter + def priority(self) -> Optional[pulumi.Input[int]]: + """ + The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + """ + return pulumi.get(self, "priority") + + @priority.setter + def priority(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "priority", value) + @property @pulumi.getter(name="providerId") def provider_id(self) -> Optional[pulumi.Input[str]]: @@ -274,6 +306,7 @@ def __init__(__self__, authenticator: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, parent_flow_alias: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, provider_id: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None, @@ -301,7 +334,8 @@ def __init__(__self__, alias="my-subflow-alias", parent_flow_alias=flow.alias, provider_id="basic-flow", - requirement="ALTERNATIVE") + requirement="ALTERNATIVE", + priority=10) ``` ## Import @@ -333,6 +367,7 @@ def __init__(__self__, authenticators. In general this will remain empty. :param pulumi.Input[str] description: A description for the authentication subflow. :param pulumi.Input[str] parent_flow_alias: The alias for the parent authentication flow. + :param pulumi.Input[int] priority: The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). :param pulumi.Input[str] provider_id: The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` and `client-flow`. Defaults to `basic-flow`. :param pulumi.Input[str] realm_id: The realm that the authentication subflow exists in. @@ -368,7 +403,8 @@ def __init__(__self__, alias="my-subflow-alias", parent_flow_alias=flow.alias, provider_id="basic-flow", - requirement="ALTERNATIVE") + requirement="ALTERNATIVE", + priority=10) ``` ## Import @@ -412,6 +448,7 @@ def _internal_init(__self__, authenticator: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, parent_flow_alias: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, provider_id: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None, @@ -432,6 +469,7 @@ def _internal_init(__self__, if parent_flow_alias is None and not opts.urn: raise TypeError("Missing required property 'parent_flow_alias'") __props__.__dict__["parent_flow_alias"] = parent_flow_alias + __props__.__dict__["priority"] = priority __props__.__dict__["provider_id"] = provider_id if realm_id is None and not opts.urn: raise TypeError("Missing required property 'realm_id'") @@ -451,6 +489,7 @@ def get(resource_name: str, authenticator: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, parent_flow_alias: Optional[pulumi.Input[str]] = None, + priority: Optional[pulumi.Input[int]] = None, provider_id: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, requirement: Optional[pulumi.Input[str]] = None) -> 'Subflow': @@ -466,6 +505,7 @@ def get(resource_name: str, authenticators. In general this will remain empty. :param pulumi.Input[str] description: A description for the authentication subflow. :param pulumi.Input[str] parent_flow_alias: The alias for the parent authentication flow. + :param pulumi.Input[int] priority: The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). :param pulumi.Input[str] provider_id: The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow` and `client-flow`. Defaults to `basic-flow`. :param pulumi.Input[str] realm_id: The realm that the authentication subflow exists in. @@ -480,6 +520,7 @@ def get(resource_name: str, __props__.__dict__["authenticator"] = authenticator __props__.__dict__["description"] = description __props__.__dict__["parent_flow_alias"] = parent_flow_alias + __props__.__dict__["priority"] = priority __props__.__dict__["provider_id"] = provider_id __props__.__dict__["realm_id"] = realm_id __props__.__dict__["requirement"] = requirement @@ -518,6 +559,14 @@ def parent_flow_alias(self) -> pulumi.Output[str]: """ return pulumi.get(self, "parent_flow_alias") + @property + @pulumi.getter + def priority(self) -> pulumi.Output[Optional[int]]: + """ + The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). + """ + return pulumi.get(self, "priority") + @property @pulumi.getter(name="providerId") def provider_id(self) -> pulumi.Output[Optional[str]]: diff --git a/sdk/python/pulumi_keycloak/custom_user_federation.py b/sdk/python/pulumi_keycloak/custom_user_federation.py index 98c1bb06..ed24f0e4 100644 --- a/sdk/python/pulumi_keycloak/custom_user_federation.py +++ b/sdk/python/pulumi_keycloak/custom_user_federation.py @@ -35,7 +35,7 @@ def __init__(__self__, *, :param pulumi.Input[str] realm_id: The realm that this provider will provide user federation for. :param pulumi.Input[str] cache_policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. @@ -113,7 +113,7 @@ def changed_sync_period(self, value: Optional[pulumi.Input[int]]): @pulumi.getter def config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: """ - The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. """ return pulumi.get(self, "config") @@ -199,7 +199,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering CustomUserFederation resources. :param pulumi.Input[str] cache_policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. @@ -257,7 +257,7 @@ def changed_sync_period(self, value: Optional[pulumi.Input[int]]): @pulumi.getter def config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: """ - The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. """ return pulumi.get(self, "config") @@ -409,7 +409,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cache_policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. @@ -540,7 +540,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cache_policy: Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. :param pulumi.Input[int] changed_sync_period: How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] config: The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. :param pulumi.Input[bool] enabled: When `false`, this provider will not be used when performing queries for users. Defaults to `true`. :param pulumi.Input[int] full_sync_period: How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. :param pulumi.Input[str] name: Display name of the provider when displayed in the console. @@ -585,7 +585,7 @@ def changed_sync_period(self) -> pulumi.Output[Optional[int]]: @pulumi.getter def config(self) -> pulumi.Output[Optional[Mapping[str, str]]]: """ - The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. + The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. """ return pulumi.get(self, "config") diff --git a/sdk/python/pulumi_keycloak/get_authentication_execution.py b/sdk/python/pulumi_keycloak/get_authentication_execution.py index cd761fcf..5a8256fa 100644 --- a/sdk/python/pulumi_keycloak/get_authentication_execution.py +++ b/sdk/python/pulumi_keycloak/get_authentication_execution.py @@ -26,13 +26,16 @@ class GetAuthenticationExecutionResult: """ A collection of values returned by getAuthenticationExecution. """ - def __init__(__self__, id=None, parent_flow_alias=None, provider_id=None, realm_id=None): + def __init__(__self__, id=None, parent_flow_alias=None, priority=None, provider_id=None, realm_id=None): if id and not isinstance(id, str): raise TypeError("Expected argument 'id' to be a str") pulumi.set(__self__, "id", id) if parent_flow_alias and not isinstance(parent_flow_alias, str): raise TypeError("Expected argument 'parent_flow_alias' to be a str") pulumi.set(__self__, "parent_flow_alias", parent_flow_alias) + if priority and not isinstance(priority, int): + raise TypeError("Expected argument 'priority' to be a int") + pulumi.set(__self__, "priority", priority) if provider_id and not isinstance(provider_id, str): raise TypeError("Expected argument 'provider_id' to be a str") pulumi.set(__self__, "provider_id", provider_id) @@ -53,6 +56,14 @@ def id(self) -> str: def parent_flow_alias(self) -> str: return pulumi.get(self, "parent_flow_alias") + @property + @pulumi.getter + def priority(self) -> int: + """ + (Computed) The authenticator priority. + """ + return pulumi.get(self, "priority") + @property @pulumi.getter(name="providerId") def provider_id(self) -> str: @@ -72,6 +83,7 @@ def __await__(self): return GetAuthenticationExecutionResult( id=self.id, parent_flow_alias=self.parent_flow_alias, + priority=self.priority, provider_id=self.provider_id, realm_id=self.realm_id) @@ -112,6 +124,7 @@ def get_authentication_execution(parent_flow_alias: Optional[str] = None, return AwaitableGetAuthenticationExecutionResult( id=pulumi.get(__ret__, 'id'), parent_flow_alias=pulumi.get(__ret__, 'parent_flow_alias'), + priority=pulumi.get(__ret__, 'priority'), provider_id=pulumi.get(__ret__, 'provider_id'), realm_id=pulumi.get(__ret__, 'realm_id')) def get_authentication_execution_output(parent_flow_alias: Optional[pulumi.Input[str]] = None, @@ -149,5 +162,6 @@ def get_authentication_execution_output(parent_flow_alias: Optional[pulumi.Input return __ret__.apply(lambda __response__: GetAuthenticationExecutionResult( id=pulumi.get(__response__, 'id'), parent_flow_alias=pulumi.get(__response__, 'parent_flow_alias'), + priority=pulumi.get(__response__, 'priority'), provider_id=pulumi.get(__response__, 'provider_id'), realm_id=pulumi.get(__response__, 'realm_id'))) diff --git a/sdk/python/pulumi_keycloak/get_client_description_converter.py b/sdk/python/pulumi_keycloak/get_client_description_converter.py index 8557512b..554e11f2 100644 --- a/sdk/python/pulumi_keycloak/get_client_description_converter.py +++ b/sdk/python/pulumi_keycloak/get_client_description_converter.py @@ -387,7 +387,7 @@ def get_client_description_converter(body: Optional[str] = None, realm_id: Optional[str] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetClientDescriptionConverterResult: """ - This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak client. This data can then be used to manage the client within Keycloak. ## Example Usage @@ -486,7 +486,7 @@ def get_client_description_converter_output(body: Optional[pulumi.Input[str]] = realm_id: Optional[pulumi.Input[str]] = None, opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetClientDescriptionConverterResult]: """ - This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak + This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak client. This data can then be used to manage the client within Keycloak. ## Example Usage diff --git a/sdk/python/pulumi_keycloak/group.py b/sdk/python/pulumi_keycloak/group.py index cb1567a1..79c6ba1c 100644 --- a/sdk/python/pulumi_keycloak/group.py +++ b/sdk/python/pulumi_keycloak/group.py @@ -26,7 +26,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a Group resource. :param pulumi.Input[str] realm_id: The realm this group exists in. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attributes: A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attributes: A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars :param pulumi.Input[str] name: The name of the group. :param pulumi.Input[str] parent_id: The ID of this group's parent. If omitted, this group will be defined at the root level. """ @@ -54,7 +54,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: """ - A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars """ return pulumi.get(self, "attributes") @@ -97,7 +97,7 @@ def __init__(__self__, *, realm_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering Group resources. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attributes: A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attributes: A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars :param pulumi.Input[str] name: The name of the group. :param pulumi.Input[str] parent_id: The ID of this group's parent. If omitted, this group will be defined at the root level. :param pulumi.Input[str] path: (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. @@ -118,7 +118,7 @@ def __init__(__self__, *, @pulumi.getter def attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: """ - A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars """ return pulumi.get(self, "attributes") @@ -238,7 +238,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attributes: A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attributes: A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars :param pulumi.Input[str] name: The name of the group. :param pulumi.Input[str] parent_id: The ID of this group's parent. If omitted, this group will be defined at the root level. :param pulumi.Input[str] realm_id: The realm this group exists in. @@ -357,7 +357,7 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attributes: A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attributes: A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars :param pulumi.Input[str] name: The name of the group. :param pulumi.Input[str] parent_id: The ID of this group's parent. If omitted, this group will be defined at the root level. :param pulumi.Input[str] path: (Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`. @@ -378,7 +378,7 @@ def get(resource_name: str, @pulumi.getter def attributes(self) -> pulumi.Output[Optional[Mapping[str, str]]]: """ - A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars + A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars """ return pulumi.get(self, "attributes") diff --git a/sdk/python/pulumi_keycloak/group_memberships.py b/sdk/python/pulumi_keycloak/group_memberships.py index 152fc355..a7f01388 100644 --- a/sdk/python/pulumi_keycloak/group_memberships.py +++ b/sdk/python/pulumi_keycloak/group_memberships.py @@ -179,7 +179,7 @@ def __init__(__self__, as if it did not already exist on the server. - [1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships + [1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -237,7 +237,7 @@ def __init__(__self__, as if it did not already exist on the server. - [1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships + [1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships :param str resource_name: The name of the resource. :param GroupMembershipsArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_keycloak/ldap/group_mapper.py b/sdk/python/pulumi_keycloak/ldap/group_mapper.py index 33ba7b2c..db9a568a 100644 --- a/sdk/python/pulumi_keycloak/ldap/group_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/group_mapper.py @@ -47,7 +47,7 @@ def __init__(__self__, *, :param pulumi.Input[str] membership_user_ldap_attribute: The name of the LDAP attribute on a user that is used for membership mappings. :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. :param pulumi.Input[bool] drop_non_existing_groups_during_sync: When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. - :param pulumi.Input[str] groups_ldap_filter: When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + :param pulumi.Input[str] groups_ldap_filter: When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. :param pulumi.Input[str] groups_path: Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. :param pulumi.Input[bool] ignore_missing_groups: When `true`, missing groups in the hierarchy will be ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] mapped_group_attributes: Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. @@ -188,7 +188,7 @@ def drop_non_existing_groups_during_sync(self, value: Optional[pulumi.Input[bool @pulumi.getter(name="groupsLdapFilter") def groups_ldap_filter(self) -> Optional[pulumi.Input[str]]: """ - When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. """ return pulumi.get(self, "groups_ldap_filter") @@ -331,7 +331,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] drop_non_existing_groups_during_sync: When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. :param pulumi.Input[str] group_name_ldap_attribute: The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. :param pulumi.Input[Sequence[pulumi.Input[str]]] group_object_classes: List of strings representing the object classes for the group. Must contain at least one. - :param pulumi.Input[str] groups_ldap_filter: When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + :param pulumi.Input[str] groups_ldap_filter: When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. :param pulumi.Input[str] groups_path: Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. :param pulumi.Input[bool] ignore_missing_groups: When `true`, missing groups in the hierarchy will be ignored. :param pulumi.Input[str] ldap_groups_dn: The LDAP DN where groups can be found. @@ -424,7 +424,7 @@ def group_object_classes(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="groupsLdapFilter") def groups_ldap_filter(self) -> Optional[pulumi.Input[str]]: """ - When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. """ return pulumi.get(self, "groups_ldap_filter") @@ -686,7 +686,7 @@ def __init__(__self__, :param pulumi.Input[bool] drop_non_existing_groups_during_sync: When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. :param pulumi.Input[str] group_name_ldap_attribute: The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. :param pulumi.Input[Sequence[pulumi.Input[str]]] group_object_classes: List of strings representing the object classes for the group. Must contain at least one. - :param pulumi.Input[str] groups_ldap_filter: When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + :param pulumi.Input[str] groups_ldap_filter: When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. :param pulumi.Input[str] groups_path: Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. :param pulumi.Input[bool] ignore_missing_groups: When `true`, missing groups in the hierarchy will be ignored. :param pulumi.Input[str] ldap_groups_dn: The LDAP DN where groups can be found. @@ -876,7 +876,7 @@ def get(resource_name: str, :param pulumi.Input[bool] drop_non_existing_groups_during_sync: When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. :param pulumi.Input[str] group_name_ldap_attribute: The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. :param pulumi.Input[Sequence[pulumi.Input[str]]] group_object_classes: List of strings representing the object classes for the group. Must contain at least one. - :param pulumi.Input[str] groups_ldap_filter: When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + :param pulumi.Input[str] groups_ldap_filter: When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. :param pulumi.Input[str] groups_path: Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. :param pulumi.Input[bool] ignore_missing_groups: When `true`, missing groups in the hierarchy will be ignored. :param pulumi.Input[str] ldap_groups_dn: The LDAP DN where groups can be found. @@ -944,7 +944,7 @@ def group_object_classes(self) -> pulumi.Output[Sequence[str]]: @pulumi.getter(name="groupsLdapFilter") def groups_ldap_filter(self) -> pulumi.Output[Optional[str]]: """ - When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. + When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. """ return pulumi.get(self, "groups_ldap_filter") diff --git a/sdk/python/pulumi_keycloak/ldap/role_mapper.py b/sdk/python/pulumi_keycloak/ldap/role_mapper.py index fb8de105..2b17779a 100644 --- a/sdk/python/pulumi_keycloak/ldap/role_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/role_mapper.py @@ -48,7 +48,7 @@ def __init__(__self__, *, :param pulumi.Input[str] membership_attribute_type: Can be one of `DN` or `UID`. Defaults to `DN`. :param pulumi.Input[str] mode: Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. - :param pulumi.Input[str] roles_ldap_filter: When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + :param pulumi.Input[str] roles_ldap_filter: When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. :param pulumi.Input[bool] use_realm_roles_mapping: When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. :param pulumi.Input[str] user_roles_retrieve_strategy: Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`. """ @@ -224,7 +224,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="rolesLdapFilter") def roles_ldap_filter(self) -> Optional[pulumi.Input[str]]: """ - When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. """ return pulumi.get(self, "roles_ldap_filter") @@ -289,7 +289,7 @@ def __init__(__self__, *, :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. :param pulumi.Input[str] role_name_ldap_attribute: The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`. :param pulumi.Input[Sequence[pulumi.Input[str]]] role_object_classes: List of strings representing the object classes for the role. Must contain at least one. - :param pulumi.Input[str] roles_ldap_filter: When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + :param pulumi.Input[str] roles_ldap_filter: When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. :param pulumi.Input[bool] use_realm_roles_mapping: When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. :param pulumi.Input[str] user_roles_retrieve_strategy: Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`. """ @@ -472,7 +472,7 @@ def role_object_classes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input @pulumi.getter(name="rolesLdapFilter") def roles_ldap_filter(self) -> Optional[pulumi.Input[str]]: """ - When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. """ return pulumi.get(self, "roles_ldap_filter") @@ -596,7 +596,7 @@ def __init__(__self__, :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. :param pulumi.Input[str] role_name_ldap_attribute: The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`. :param pulumi.Input[Sequence[pulumi.Input[str]]] role_object_classes: List of strings representing the object classes for the role. Must contain at least one. - :param pulumi.Input[str] roles_ldap_filter: When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + :param pulumi.Input[str] roles_ldap_filter: When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. :param pulumi.Input[bool] use_realm_roles_mapping: When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. :param pulumi.Input[str] user_roles_retrieve_strategy: Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`. """ @@ -774,7 +774,7 @@ def get(resource_name: str, :param pulumi.Input[str] realm_id: The realm that this LDAP mapper will exist in. :param pulumi.Input[str] role_name_ldap_attribute: The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`. :param pulumi.Input[Sequence[pulumi.Input[str]]] role_object_classes: List of strings representing the object classes for the role. Must contain at least one. - :param pulumi.Input[str] roles_ldap_filter: When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + :param pulumi.Input[str] roles_ldap_filter: When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. :param pulumi.Input[bool] use_realm_roles_mapping: When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. :param pulumi.Input[str] user_roles_retrieve_strategy: Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`. """ @@ -899,7 +899,7 @@ def role_object_classes(self) -> pulumi.Output[Sequence[str]]: @pulumi.getter(name="rolesLdapFilter") def roles_ldap_filter(self) -> pulumi.Output[Optional[str]]: """ - When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. + When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. """ return pulumi.get(self, "roles_ldap_filter") diff --git a/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py b/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py index 4712a007..bce7d7df 100644 --- a/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py @@ -25,6 +25,7 @@ def __init__(__self__, *, user_model_attribute: pulumi.Input[str], always_read_value_from_ldap: Optional[pulumi.Input[bool]] = None, attribute_default_value: Optional[pulumi.Input[str]] = None, + attribute_force_default: Optional[pulumi.Input[bool]] = None, is_binary_attribute: Optional[pulumi.Input[bool]] = None, is_mandatory_in_ldap: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, @@ -37,6 +38,7 @@ def __init__(__self__, *, :param pulumi.Input[str] user_model_attribute: Name of the user property or attribute you want to map the LDAP attribute into. :param pulumi.Input[bool] always_read_value_from_ldap: When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + :param pulumi.Input[bool] attribute_force_default: When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes. :param pulumi.Input[bool] is_mandatory_in_ldap: When `true`, this attribute must exist in LDAP. Defaults to `false`. :param pulumi.Input[str] name: Display name of this mapper when displayed in the console. @@ -50,6 +52,8 @@ def __init__(__self__, *, pulumi.set(__self__, "always_read_value_from_ldap", always_read_value_from_ldap) if attribute_default_value is not None: pulumi.set(__self__, "attribute_default_value", attribute_default_value) + if attribute_force_default is not None: + pulumi.set(__self__, "attribute_force_default", attribute_force_default) if is_binary_attribute is not None: pulumi.set(__self__, "is_binary_attribute", is_binary_attribute) if is_mandatory_in_ldap is not None: @@ -131,6 +135,18 @@ def attribute_default_value(self) -> Optional[pulumi.Input[str]]: def attribute_default_value(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "attribute_default_value", value) + @property + @pulumi.getter(name="attributeForceDefault") + def attribute_force_default(self) -> Optional[pulumi.Input[bool]]: + """ + When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + """ + return pulumi.get(self, "attribute_force_default") + + @attribute_force_default.setter + def attribute_force_default(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "attribute_force_default", value) + @property @pulumi.getter(name="isBinaryAttribute") def is_binary_attribute(self) -> Optional[pulumi.Input[bool]]: @@ -185,6 +201,7 @@ class _UserAttributeMapperState: def __init__(__self__, *, always_read_value_from_ldap: Optional[pulumi.Input[bool]] = None, attribute_default_value: Optional[pulumi.Input[str]] = None, + attribute_force_default: Optional[pulumi.Input[bool]] = None, is_binary_attribute: Optional[pulumi.Input[bool]] = None, is_mandatory_in_ldap: Optional[pulumi.Input[bool]] = None, ldap_attribute: Optional[pulumi.Input[str]] = None, @@ -197,6 +214,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering UserAttributeMapper resources. :param pulumi.Input[bool] always_read_value_from_ldap: When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + :param pulumi.Input[bool] attribute_force_default: When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes. :param pulumi.Input[bool] is_mandatory_in_ldap: When `true`, this attribute must exist in LDAP. Defaults to `false`. :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on the LDAP object. @@ -210,6 +228,8 @@ def __init__(__self__, *, pulumi.set(__self__, "always_read_value_from_ldap", always_read_value_from_ldap) if attribute_default_value is not None: pulumi.set(__self__, "attribute_default_value", attribute_default_value) + if attribute_force_default is not None: + pulumi.set(__self__, "attribute_force_default", attribute_force_default) if is_binary_attribute is not None: pulumi.set(__self__, "is_binary_attribute", is_binary_attribute) if is_mandatory_in_ldap is not None: @@ -251,6 +271,18 @@ def attribute_default_value(self) -> Optional[pulumi.Input[str]]: def attribute_default_value(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "attribute_default_value", value) + @property + @pulumi.getter(name="attributeForceDefault") + def attribute_force_default(self) -> Optional[pulumi.Input[bool]]: + """ + When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + """ + return pulumi.get(self, "attribute_force_default") + + @attribute_force_default.setter + def attribute_force_default(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "attribute_force_default", value) + @property @pulumi.getter(name="isBinaryAttribute") def is_binary_attribute(self) -> Optional[pulumi.Input[bool]]: @@ -355,6 +387,7 @@ def __init__(__self__, opts: Optional[pulumi.ResourceOptions] = None, always_read_value_from_ldap: Optional[pulumi.Input[bool]] = None, attribute_default_value: Optional[pulumi.Input[str]] = None, + attribute_force_default: Optional[pulumi.Input[bool]] = None, is_binary_attribute: Optional[pulumi.Input[bool]] = None, is_mandatory_in_ldap: Optional[pulumi.Input[bool]] = None, ldap_attribute: Optional[pulumi.Input[str]] = None, @@ -420,6 +453,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[bool] always_read_value_from_ldap: When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + :param pulumi.Input[bool] attribute_force_default: When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes. :param pulumi.Input[bool] is_mandatory_in_ldap: When `true`, this attribute must exist in LDAP. Defaults to `false`. :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on the LDAP object. @@ -504,6 +538,7 @@ def _internal_init(__self__, opts: Optional[pulumi.ResourceOptions] = None, always_read_value_from_ldap: Optional[pulumi.Input[bool]] = None, attribute_default_value: Optional[pulumi.Input[str]] = None, + attribute_force_default: Optional[pulumi.Input[bool]] = None, is_binary_attribute: Optional[pulumi.Input[bool]] = None, is_mandatory_in_ldap: Optional[pulumi.Input[bool]] = None, ldap_attribute: Optional[pulumi.Input[str]] = None, @@ -523,6 +558,7 @@ def _internal_init(__self__, __props__.__dict__["always_read_value_from_ldap"] = always_read_value_from_ldap __props__.__dict__["attribute_default_value"] = attribute_default_value + __props__.__dict__["attribute_force_default"] = attribute_force_default __props__.__dict__["is_binary_attribute"] = is_binary_attribute __props__.__dict__["is_mandatory_in_ldap"] = is_mandatory_in_ldap if ldap_attribute is None and not opts.urn: @@ -551,6 +587,7 @@ def get(resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, always_read_value_from_ldap: Optional[pulumi.Input[bool]] = None, attribute_default_value: Optional[pulumi.Input[str]] = None, + attribute_force_default: Optional[pulumi.Input[bool]] = None, is_binary_attribute: Optional[pulumi.Input[bool]] = None, is_mandatory_in_ldap: Optional[pulumi.Input[bool]] = None, ldap_attribute: Optional[pulumi.Input[str]] = None, @@ -568,6 +605,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[bool] always_read_value_from_ldap: When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. :param pulumi.Input[str] attribute_default_value: Default value to set in LDAP if `is_mandatory_in_ldap` is true and the value is empty. + :param pulumi.Input[bool] attribute_force_default: When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. :param pulumi.Input[bool] is_binary_attribute: Should be true for binary LDAP attributes. :param pulumi.Input[bool] is_mandatory_in_ldap: When `true`, this attribute must exist in LDAP. Defaults to `false`. :param pulumi.Input[str] ldap_attribute: Name of the mapped attribute on the LDAP object. @@ -583,6 +621,7 @@ def get(resource_name: str, __props__.__dict__["always_read_value_from_ldap"] = always_read_value_from_ldap __props__.__dict__["attribute_default_value"] = attribute_default_value + __props__.__dict__["attribute_force_default"] = attribute_force_default __props__.__dict__["is_binary_attribute"] = is_binary_attribute __props__.__dict__["is_mandatory_in_ldap"] = is_mandatory_in_ldap __props__.__dict__["ldap_attribute"] = ldap_attribute @@ -609,6 +648,14 @@ def attribute_default_value(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "attribute_default_value") + @property + @pulumi.getter(name="attributeForceDefault") + def attribute_force_default(self) -> pulumi.Output[Optional[bool]]: + """ + When `true`, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to `true`. + """ + return pulumi.get(self, "attribute_force_default") + @property @pulumi.getter(name="isBinaryAttribute") def is_binary_attribute(self) -> pulumi.Output[Optional[bool]]: diff --git a/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py b/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py index 76bb3883..76bd523c 100644 --- a/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py +++ b/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py @@ -56,7 +56,7 @@ def __init__(__self__, *, :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. :param pulumi.Input[bool] hide_on_login_page: When `true`, this identity provider will be hidden on the login page. Defaults to `false`. :param pulumi.Input[str] hosted_domain: Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] post_broker_login_flow_alias: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation. :param pulumi.Input[bool] request_refresh_token: Sets the "access_type" query parameter to "offline" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline. @@ -276,7 +276,7 @@ def hosted_domain(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="linkOnly") def link_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") @@ -414,7 +414,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] hide_on_login_page: When `true`, this identity provider will be hidden on the login page. Defaults to `false`. :param pulumi.Input[str] hosted_domain: Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. :param pulumi.Input[str] internal_id: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] post_broker_login_flow_alias: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation. :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. @@ -668,7 +668,7 @@ def internal_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="linkOnly") def link_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") @@ -853,7 +853,7 @@ def __init__(__self__, :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. :param pulumi.Input[bool] hide_on_login_page: When `true`, this identity provider will be hidden on the login page. Defaults to `false`. :param pulumi.Input[str] hosted_domain: Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] post_broker_login_flow_alias: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation. :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. @@ -1043,7 +1043,7 @@ def get(resource_name: str, :param pulumi.Input[bool] hide_on_login_page: When `true`, this identity provider will be hidden on the login page. Defaults to `false`. :param pulumi.Input[str] hosted_domain: Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. :param pulumi.Input[str] internal_id: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] post_broker_login_flow_alias: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation. :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. @@ -1213,7 +1213,7 @@ def internal_id(self) -> pulumi.Output[str]: @pulumi.getter(name="linkOnly") def link_only(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") diff --git a/sdk/python/pulumi_keycloak/oidc/identity_provider.py b/sdk/python/pulumi_keycloak/oidc/identity_provider.py index 71c8cdb5..306dcf0e 100644 --- a/sdk/python/pulumi_keycloak/oidc/identity_provider.py +++ b/sdk/python/pulumi_keycloak/oidc/identity_provider.py @@ -52,7 +52,7 @@ def __init__(__self__, *, validate_signature: Optional[pulumi.Input[bool]] = None): """ The set of arguments for constructing a IdentityProvider resource. - :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. :param pulumi.Input[str] authorization_url: The Authorization Url. :param pulumi.Input[str] client_id: The client or client identifier registered within the identity provider. :param pulumi.Input[str] client_secret: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. @@ -71,9 +71,9 @@ def __init__(__self__, *, :param pulumi.Input[bool] hide_on_login_page: When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`. :param pulumi.Input[str] issuer: The issuer identifier for the issuer of the response. If not provided, no validation will be performed. :param pulumi.Input[str] jwks_url: JSON Web Key Set URL. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] login_hint: Pass login hint to identity provider. - :param pulumi.Input[str] logout_url: The Logout URL is the end session endpoint to use to logout user from external identity provider. + :param pulumi.Input[str] logout_url: The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. :param pulumi.Input[str] post_broker_login_flow_alias: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation. :param pulumi.Input[bool] store_token: When `true`, tokens will be stored after authenticating users. Defaults to `true`. @@ -144,7 +144,7 @@ def __init__(__self__, *, @pulumi.getter def alias(self) -> pulumi.Input[str]: """ - The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. """ return pulumi.get(self, "alias") @@ -381,7 +381,7 @@ def jwks_url(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="linkOnly") def link_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") @@ -405,7 +405,7 @@ def login_hint(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="logoutUrl") def logout_url(self) -> Optional[pulumi.Input[str]]: """ - The Logout URL is the end session endpoint to use to logout user from external identity provider. + The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. """ return pulumi.get(self, "logout_url") @@ -549,7 +549,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering IdentityProvider resources. :param pulumi.Input[bool] accepts_prompt_none_forward_from_client: When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`. :param pulumi.Input[bool] add_read_token_role_on_create: When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. - :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. :param pulumi.Input[bool] authenticate_by_default: Enable/disable authenticate users by default. :param pulumi.Input[str] authorization_url: The Authorization Url. :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout? Defaults to `true`. @@ -565,9 +565,9 @@ def __init__(__self__, *, :param pulumi.Input[str] internal_id: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. :param pulumi.Input[str] issuer: The issuer identifier for the issuer of the response. If not provided, no validation will be performed. :param pulumi.Input[str] jwks_url: JSON Web Key Set URL. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] login_hint: Pass login hint to identity provider. - :param pulumi.Input[str] logout_url: The Logout URL is the end session endpoint to use to logout user from external identity provider. + :param pulumi.Input[str] logout_url: The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. :param pulumi.Input[str] post_broker_login_flow_alias: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation. :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. @@ -672,7 +672,7 @@ def add_read_token_role_on_create(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def alias(self) -> Optional[pulumi.Input[str]]: """ - The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. """ return pulumi.get(self, "alias") @@ -873,7 +873,7 @@ def jwks_url(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="linkOnly") def link_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") @@ -897,7 +897,7 @@ def login_hint(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="logoutUrl") def logout_url(self) -> Optional[pulumi.Input[str]]: """ - The Logout URL is the end session endpoint to use to logout user from external identity provider. + The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. """ return pulumi.get(self, "logout_url") @@ -1105,7 +1105,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[bool] accepts_prompt_none_forward_from_client: When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`. :param pulumi.Input[bool] add_read_token_role_on_create: When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. - :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. :param pulumi.Input[bool] authenticate_by_default: Enable/disable authenticate users by default. :param pulumi.Input[str] authorization_url: The Authorization Url. :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout? Defaults to `true`. @@ -1120,9 +1120,9 @@ def __init__(__self__, :param pulumi.Input[bool] hide_on_login_page: When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`. :param pulumi.Input[str] issuer: The issuer identifier for the issuer of the response. If not provided, no validation will be performed. :param pulumi.Input[str] jwks_url: JSON Web Key Set URL. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] login_hint: Pass login hint to identity provider. - :param pulumi.Input[str] logout_url: The Logout URL is the end session endpoint to use to logout user from external identity provider. + :param pulumi.Input[str] logout_url: The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. :param pulumi.Input[str] post_broker_login_flow_alias: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation. :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. @@ -1330,7 +1330,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[bool] accepts_prompt_none_forward_from_client: When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`. :param pulumi.Input[bool] add_read_token_role_on_create: When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. - :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + :param pulumi.Input[str] alias: The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. :param pulumi.Input[bool] authenticate_by_default: Enable/disable authenticate users by default. :param pulumi.Input[str] authorization_url: The Authorization Url. :param pulumi.Input[bool] backchannel_supported: Does the external IDP support backchannel logout? Defaults to `true`. @@ -1346,9 +1346,9 @@ def get(resource_name: str, :param pulumi.Input[str] internal_id: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. :param pulumi.Input[str] issuer: The issuer identifier for the issuer of the response. If not provided, no validation will be performed. :param pulumi.Input[str] jwks_url: JSON Web Key Set URL. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] login_hint: Pass login hint to identity provider. - :param pulumi.Input[str] logout_url: The Logout URL is the end session endpoint to use to logout user from external identity provider. + :param pulumi.Input[str] logout_url: The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. :param pulumi.Input[str] post_broker_login_flow_alias: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. :param pulumi.Input[str] provider_id: The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation. :param pulumi.Input[str] realm: The name of the realm. This is unique across Keycloak. @@ -1418,7 +1418,7 @@ def add_read_token_role_on_create(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def alias(self) -> pulumi.Output[str]: """ - The alias uniquely identifies an identity provider and it is also used to build the redirect uri. + The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. """ return pulumi.get(self, "alias") @@ -1551,7 +1551,7 @@ def jwks_url(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="linkOnly") def link_only(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") @@ -1567,7 +1567,7 @@ def login_hint(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="logoutUrl") def logout_url(self) -> pulumi.Output[Optional[str]]: """ - The Logout URL is the end session endpoint to use to logout user from external identity provider. + The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. """ return pulumi.get(self, "logout_url") diff --git a/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py index 400cced5..a383b271 100644 --- a/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py @@ -304,7 +304,7 @@ def __init__(__self__, """ Allows for creating and managing audience protocol mappers within Keycloak. - Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom + Audience protocol mappers allow you to add audiences to the `aud` claim within issued tokens. The audience can be a custom string, or it can be mapped to the ID of a pre-existing client. ## Example Usage @@ -391,7 +391,7 @@ def __init__(__self__, """ Allows for creating and managing audience protocol mappers within Keycloak. - Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom + Audience protocol mappers allow you to add audiences to the `aud` claim within issued tokens. The audience can be a custom string, or it can be mapped to the ID of a pre-existing client. ## Example Usage diff --git a/sdk/python/pulumi_keycloak/openid/client.py b/sdk/python/pulumi_keycloak/openid/client.py index 37418b05..f324038f 100644 --- a/sdk/python/pulumi_keycloak/openid/client.py +++ b/sdk/python/pulumi_keycloak/openid/client.py @@ -120,7 +120,7 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` is set to `true`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. """ pulumi.set(__self__, "access_type", access_type) pulumi.set(__self__, "client_id", client_id) @@ -736,7 +736,7 @@ def valid_redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input @pulumi.getter(name="webOrigins") def web_origins(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. """ return pulumi.get(self, "web_origins") @@ -851,7 +851,7 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` is set to `true`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. """ if access_token_lifespan is not None: pulumi.set(__self__, "access_token_lifespan", access_token_lifespan) @@ -1498,7 +1498,7 @@ def valid_redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input @pulumi.getter(name="webOrigins") def web_origins(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. """ return pulumi.get(self, "web_origins") @@ -1656,7 +1656,7 @@ def __init__(__self__, :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` is set to `true`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. """ ... @overload @@ -1948,7 +1948,7 @@ def get(resource_name: str, :param pulumi.Input[Sequence[pulumi.Input[str]]] valid_redirect_uris: A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` is set to `true`. - :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + :param pulumi.Input[Sequence[pulumi.Input[str]]] web_origins: A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -2374,7 +2374,7 @@ def valid_redirect_uris(self) -> pulumi.Output[Sequence[str]]: @pulumi.getter(name="webOrigins") def web_origins(self) -> pulumi.Output[Sequence[str]]: """ - A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." + A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. """ return pulumi.get(self, "web_origins") diff --git a/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py index e263889c..eda30a52 100644 --- a/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py @@ -33,7 +33,7 @@ def __init__(__self__, *, The set of arguments for constructing a UserPropertyProtocolMapper resource. :param pulumi.Input[str] claim_name: The name of the claim to insert into a token. :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_property: The built in user property (such as email) to map a claim for. + :param pulumi.Input[str] user_property: The built-in user property (such as email) to map a claim for. :param pulumi.Input[bool] add_to_access_token: Indicates if the property should be added as a claim to the access token. Defaults to `true`. :param pulumi.Input[bool] add_to_id_token: Indicates if the property should be added as a claim to the id token. Defaults to `true`. :param pulumi.Input[bool] add_to_userinfo: Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. @@ -88,7 +88,7 @@ def realm_id(self, value: pulumi.Input[str]): @pulumi.getter(name="userProperty") def user_property(self) -> pulumi.Input[str]: """ - The built in user property (such as email) to map a claim for. + The built-in user property (such as email) to map a claim for. """ return pulumi.get(self, "user_property") @@ -205,7 +205,7 @@ def __init__(__self__, *, :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_property: The built in user property (such as email) to map a claim for. + :param pulumi.Input[str] user_property: The built-in user property (such as email) to map a claim for. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -340,7 +340,7 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="userProperty") def user_property(self) -> Optional[pulumi.Input[str]]: """ - The built in user property (such as email) to map a claim for. + The built-in user property (such as email) to map a claim for. """ return pulumi.get(self, "user_property") @@ -451,7 +451,7 @@ def __init__(__self__, :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_property: The built in user property (such as email) to map a claim for. + :param pulumi.Input[str] user_property: The built-in user property (such as email) to map a claim for. """ ... @overload @@ -620,7 +620,7 @@ def get(resource_name: str, :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] user_property: The built in user property (such as email) to map a claim for. + :param pulumi.Input[str] user_property: The built-in user property (such as email) to map a claim for. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -714,7 +714,7 @@ def realm_id(self) -> pulumi.Output[str]: @pulumi.getter(name="userProperty") def user_property(self) -> pulumi.Output[str]: """ - The built in user property (such as email) to map a claim for. + The built-in user property (such as email) to map a claim for. """ return pulumi.get(self, "user_property") diff --git a/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py index 837b76a1..b18ddab9 100644 --- a/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py @@ -38,7 +38,7 @@ def __init__(__self__, *, :param pulumi.Input[str] client_id: The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. - :param pulumi.Input[str] session_note: String value being the name of stored user session note within the UserSessionModel.note map. + :param pulumi.Input[str] session_note: String value being the name of stored user session note within the `UserSessionModel.note` map. """ pulumi.set(__self__, "claim_name", claim_name) pulumi.set(__self__, "realm_id", realm_id) @@ -157,7 +157,7 @@ def name(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="sessionNote") def session_note(self) -> Optional[pulumi.Input[str]]: """ - String value being the name of stored user session note within the UserSessionModel.note map. + String value being the name of stored user session note within the `UserSessionModel.note` map. """ return pulumi.get(self, "session_note") @@ -188,7 +188,7 @@ def __init__(__self__, *, :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] session_note: String value being the name of stored user session note within the UserSessionModel.note map. + :param pulumi.Input[str] session_note: String value being the name of stored user session note within the `UserSessionModel.note` map. """ if add_to_access_token is not None: pulumi.set(__self__, "add_to_access_token", add_to_access_token) @@ -309,7 +309,7 @@ def realm_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="sessionNote") def session_note(self) -> Optional[pulumi.Input[str]]: """ - String value being the name of stored user session note within the UserSessionModel.note map. + String value being the name of stored user session note within the `UserSessionModel.note` map. """ return pulumi.get(self, "session_note") @@ -419,7 +419,7 @@ def __init__(__self__, :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] session_note: String value being the name of stored user session note within the UserSessionModel.note map. + :param pulumi.Input[str] session_note: String value being the name of stored user session note within the `UserSessionModel.note` map. """ ... @overload @@ -583,7 +583,7 @@ def get(resource_name: str, :param pulumi.Input[str] client_scope_id: The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. :param pulumi.Input[str] name: The display name of this protocol mapper in the GUI. :param pulumi.Input[str] realm_id: The realm this protocol mapper exists within. - :param pulumi.Input[str] session_note: String value being the name of stored user session note within the UserSessionModel.note map. + :param pulumi.Input[str] session_note: String value being the name of stored user session note within the `UserSessionModel.note` map. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -668,7 +668,7 @@ def realm_id(self) -> pulumi.Output[str]: @pulumi.getter(name="sessionNote") def session_note(self) -> pulumi.Output[Optional[str]]: """ - String value being the name of stored user session note within the UserSessionModel.note map. + String value being the name of stored user session note within the `UserSessionModel.note` map. """ return pulumi.get(self, "session_note") diff --git a/sdk/python/pulumi_keycloak/outputs.py b/sdk/python/pulumi_keycloak/outputs.py index 97337845..1c1cf736 100644 --- a/sdk/python/pulumi_keycloak/outputs.py +++ b/sdk/python/pulumi_keycloak/outputs.py @@ -1203,7 +1203,7 @@ def __init__(__self__, *, :param str authenticator_attachment: Either platform or cross-platform :param bool avoid_same_authenticator_register: When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. :param int create_timeout: The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - :param str relying_party_entity_name: A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + :param str relying_party_entity_name: A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. :param str relying_party_id: The WebAuthn relying party ID. :param str require_resident_key: Either Yes or No :param Sequence[str] signature_algorithms: Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing @@ -1274,7 +1274,7 @@ def create_timeout(self) -> Optional[int]: @pulumi.getter(name="relyingPartyEntityName") def relying_party_entity_name(self) -> Optional[str]: """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. """ return pulumi.get(self, "relying_party_entity_name") @@ -1365,7 +1365,7 @@ def __init__(__self__, *, :param str authenticator_attachment: Either platform or cross-platform :param bool avoid_same_authenticator_register: When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. :param int create_timeout: The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - :param str relying_party_entity_name: A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + :param str relying_party_entity_name: A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. :param str relying_party_id: The WebAuthn relying party ID. :param str require_resident_key: Either Yes or No :param Sequence[str] signature_algorithms: Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing @@ -1436,7 +1436,7 @@ def create_timeout(self) -> Optional[int]: @pulumi.getter(name="relyingPartyEntityName") def relying_party_entity_name(self) -> Optional[str]: """ - A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. + A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. """ return pulumi.get(self, "relying_party_entity_name") @@ -1503,7 +1503,7 @@ def __init__(__self__, *, """ :param str identity_provider: The name of the identity provider :param str user_id: The ID of the user defined in the identity provider - :param str user_name: The user name of the user defined in the identity provider + :param str user_name: The username of the user defined in the identity provider """ pulumi.set(__self__, "identity_provider", identity_provider) pulumi.set(__self__, "user_id", user_id) @@ -1529,7 +1529,7 @@ def user_id(self) -> str: @pulumi.getter(name="userName") def user_name(self) -> str: """ - The user name of the user defined in the identity provider + The username of the user defined in the identity provider """ return pulumi.get(self, "user_name") diff --git a/sdk/python/pulumi_keycloak/realm.py b/sdk/python/pulumi_keycloak/realm.py index 7ac37657..07576d9d 100644 --- a/sdk/python/pulumi_keycloak/realm.py +++ b/sdk/python/pulumi_keycloak/realm.py @@ -1639,8 +1639,8 @@ def __init__(__self__, ## Default Client Scopes - - `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - - `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. + - `default_default_client_scopes` - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`. + - `default_optional_client_scopes` - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`. ## Import @@ -1752,8 +1752,8 @@ def __init__(__self__, ## Default Client Scopes - - `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. - - `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. + - `default_default_client_scopes` - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`. + - `default_optional_client_scopes` - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`. ## Import diff --git a/sdk/python/pulumi_keycloak/realm_user_profile.py b/sdk/python/pulumi_keycloak/realm_user_profile.py index 6e61ed1f..86eb50ac 100644 --- a/sdk/python/pulumi_keycloak/realm_user_profile.py +++ b/sdk/python/pulumi_keycloak/realm_user_profile.py @@ -23,18 +23,22 @@ class RealmUserProfileArgs: def __init__(__self__, *, realm_id: pulumi.Input[str], attributes: Optional[pulumi.Input[Sequence[pulumi.Input['RealmUserProfileAttributeArgs']]]] = None, - groups: Optional[pulumi.Input[Sequence[pulumi.Input['RealmUserProfileGroupArgs']]]] = None): + groups: Optional[pulumi.Input[Sequence[pulumi.Input['RealmUserProfileGroupArgs']]]] = None, + unmanaged_attribute_policy: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RealmUserProfile resource. :param pulumi.Input[str] realm_id: The ID of the realm the user profile applies to. :param pulumi.Input[Sequence[pulumi.Input['RealmUserProfileAttributeArgs']]] attributes: An ordered list of attributes. :param pulumi.Input[Sequence[pulumi.Input['RealmUserProfileGroupArgs']]] groups: A list of groups. + :param pulumi.Input[str] unmanaged_attribute_policy: Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` """ pulumi.set(__self__, "realm_id", realm_id) if attributes is not None: pulumi.set(__self__, "attributes", attributes) if groups is not None: pulumi.set(__self__, "groups", groups) + if unmanaged_attribute_policy is not None: + pulumi.set(__self__, "unmanaged_attribute_policy", unmanaged_attribute_policy) @property @pulumi.getter(name="realmId") @@ -72,18 +76,32 @@ def groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['RealmUserProfil def groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['RealmUserProfileGroupArgs']]]]): pulumi.set(self, "groups", value) + @property + @pulumi.getter(name="unmanagedAttributePolicy") + def unmanaged_attribute_policy(self) -> Optional[pulumi.Input[str]]: + """ + Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + """ + return pulumi.get(self, "unmanaged_attribute_policy") + + @unmanaged_attribute_policy.setter + def unmanaged_attribute_policy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "unmanaged_attribute_policy", value) + @pulumi.input_type class _RealmUserProfileState: def __init__(__self__, *, attributes: Optional[pulumi.Input[Sequence[pulumi.Input['RealmUserProfileAttributeArgs']]]] = None, groups: Optional[pulumi.Input[Sequence[pulumi.Input['RealmUserProfileGroupArgs']]]] = None, - realm_id: Optional[pulumi.Input[str]] = None): + realm_id: Optional[pulumi.Input[str]] = None, + unmanaged_attribute_policy: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering RealmUserProfile resources. :param pulumi.Input[Sequence[pulumi.Input['RealmUserProfileAttributeArgs']]] attributes: An ordered list of attributes. :param pulumi.Input[Sequence[pulumi.Input['RealmUserProfileGroupArgs']]] groups: A list of groups. :param pulumi.Input[str] realm_id: The ID of the realm the user profile applies to. + :param pulumi.Input[str] unmanaged_attribute_policy: Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` """ if attributes is not None: pulumi.set(__self__, "attributes", attributes) @@ -91,6 +109,8 @@ def __init__(__self__, *, pulumi.set(__self__, "groups", groups) if realm_id is not None: pulumi.set(__self__, "realm_id", realm_id) + if unmanaged_attribute_policy is not None: + pulumi.set(__self__, "unmanaged_attribute_policy", unmanaged_attribute_policy) @property @pulumi.getter @@ -128,6 +148,18 @@ def realm_id(self) -> Optional[pulumi.Input[str]]: def realm_id(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "realm_id", value) + @property + @pulumi.getter(name="unmanagedAttributePolicy") + def unmanaged_attribute_policy(self) -> Optional[pulumi.Input[str]]: + """ + Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + """ + return pulumi.get(self, "unmanaged_attribute_policy") + + @unmanaged_attribute_policy.setter + def unmanaged_attribute_policy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "unmanaged_attribute_policy", value) + class RealmUserProfile(pulumi.CustomResource): @overload @@ -137,16 +169,14 @@ def __init__(__self__, attributes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileAttributeArgs', 'RealmUserProfileAttributeArgsDict']]]]] = None, groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileGroupArgs', 'RealmUserProfileGroupArgsDict']]]]] = None, realm_id: Optional[pulumi.Input[str]] = None, + unmanaged_attribute_policy: Optional[pulumi.Input[str]] = None, __props__=None): """ Allows for managing Realm User Profiles within Keycloak. A user profile defines a schema for representing user attributes and how they are managed within a realm. - This is a preview feature, hence not fully supported and disabled by default. - To enable it, start the server with one of the following flags: - - WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled` - - Quarkus distribution: `--features=preview` or `--features=declarative-user-profile` + Information for Keycloak versions < 24: The realm linked to the `RealmUserProfile` resource must have the user profile feature enabled. It can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`. @@ -157,13 +187,10 @@ def __init__(__self__, import json import pulumi_keycloak as keycloak - realm = keycloak.Realm("realm", - realm="my-realm", - attributes={ - "userProfileEnabled": "true", - }) + realm = keycloak.Realm("realm", realm="my-realm") userprofile = keycloak.RealmUserProfile("userprofile", realm_id=my_realm["id"], + unmanaged_attribute_policy="ENABLED", attributes=[ { "name": "field1", @@ -240,6 +267,7 @@ def __init__(__self__, :param pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileAttributeArgs', 'RealmUserProfileAttributeArgsDict']]]] attributes: An ordered list of attributes. :param pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileGroupArgs', 'RealmUserProfileGroupArgsDict']]]] groups: A list of groups. :param pulumi.Input[str] realm_id: The ID of the realm the user profile applies to. + :param pulumi.Input[str] unmanaged_attribute_policy: Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` """ ... @overload @@ -251,11 +279,8 @@ def __init__(__self__, Allows for managing Realm User Profiles within Keycloak. A user profile defines a schema for representing user attributes and how they are managed within a realm. - This is a preview feature, hence not fully supported and disabled by default. - To enable it, start the server with one of the following flags: - - WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled` - - Quarkus distribution: `--features=preview` or `--features=declarative-user-profile` + Information for Keycloak versions < 24: The realm linked to the `RealmUserProfile` resource must have the user profile feature enabled. It can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`. @@ -266,13 +291,10 @@ def __init__(__self__, import json import pulumi_keycloak as keycloak - realm = keycloak.Realm("realm", - realm="my-realm", - attributes={ - "userProfileEnabled": "true", - }) + realm = keycloak.Realm("realm", realm="my-realm") userprofile = keycloak.RealmUserProfile("userprofile", realm_id=my_realm["id"], + unmanaged_attribute_policy="ENABLED", attributes=[ { "name": "field1", @@ -362,6 +384,7 @@ def _internal_init(__self__, attributes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileAttributeArgs', 'RealmUserProfileAttributeArgsDict']]]]] = None, groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileGroupArgs', 'RealmUserProfileGroupArgsDict']]]]] = None, realm_id: Optional[pulumi.Input[str]] = None, + unmanaged_attribute_policy: Optional[pulumi.Input[str]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) if not isinstance(opts, pulumi.ResourceOptions): @@ -376,6 +399,7 @@ def _internal_init(__self__, if realm_id is None and not opts.urn: raise TypeError("Missing required property 'realm_id'") __props__.__dict__["realm_id"] = realm_id + __props__.__dict__["unmanaged_attribute_policy"] = unmanaged_attribute_policy super(RealmUserProfile, __self__).__init__( 'keycloak:index/realmUserProfile:RealmUserProfile', resource_name, @@ -388,7 +412,8 @@ def get(resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, attributes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileAttributeArgs', 'RealmUserProfileAttributeArgsDict']]]]] = None, groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileGroupArgs', 'RealmUserProfileGroupArgsDict']]]]] = None, - realm_id: Optional[pulumi.Input[str]] = None) -> 'RealmUserProfile': + realm_id: Optional[pulumi.Input[str]] = None, + unmanaged_attribute_policy: Optional[pulumi.Input[str]] = None) -> 'RealmUserProfile': """ Get an existing RealmUserProfile resource's state with the given name, id, and optional extra properties used to qualify the lookup. @@ -399,6 +424,7 @@ def get(resource_name: str, :param pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileAttributeArgs', 'RealmUserProfileAttributeArgsDict']]]] attributes: An ordered list of attributes. :param pulumi.Input[Sequence[pulumi.Input[Union['RealmUserProfileGroupArgs', 'RealmUserProfileGroupArgsDict']]]] groups: A list of groups. :param pulumi.Input[str] realm_id: The ID of the realm the user profile applies to. + :param pulumi.Input[str] unmanaged_attribute_policy: Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -407,6 +433,7 @@ def get(resource_name: str, __props__.__dict__["attributes"] = attributes __props__.__dict__["groups"] = groups __props__.__dict__["realm_id"] = realm_id + __props__.__dict__["unmanaged_attribute_policy"] = unmanaged_attribute_policy return RealmUserProfile(resource_name, opts=opts, __props__=__props__) @property @@ -433,3 +460,11 @@ def realm_id(self) -> pulumi.Output[str]: """ return pulumi.get(self, "realm_id") + @property + @pulumi.getter(name="unmanagedAttributePolicy") + def unmanaged_attribute_policy(self) -> pulumi.Output[Optional[str]]: + """ + Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED` + """ + return pulumi.get(self, "unmanaged_attribute_policy") + diff --git a/sdk/python/pulumi_keycloak/role.py b/sdk/python/pulumi_keycloak/role.py index b92f9ef4..88f3d130 100644 --- a/sdk/python/pulumi_keycloak/role.py +++ b/sdk/python/pulumi_keycloak/role.py @@ -24,6 +24,7 @@ def __init__(__self__, *, client_id: Optional[pulumi.Input[str]] = None, composite_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, description: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a Role resource. @@ -32,6 +33,7 @@ def __init__(__self__, *, :param pulumi.Input[str] client_id: When specified, this role will be created as a client role attached to the client with the provided ID :param pulumi.Input[Sequence[pulumi.Input[str]]] composite_roles: When specified, this role will be a composite role, composed of all roles that have an ID present within this list. :param pulumi.Input[str] description: The description of the role + :param pulumi.Input[bool] import_: When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. :param pulumi.Input[str] name: The name of the role """ pulumi.set(__self__, "realm_id", realm_id) @@ -43,6 +45,8 @@ def __init__(__self__, *, pulumi.set(__self__, "composite_roles", composite_roles) if description is not None: pulumi.set(__self__, "description", description) + if import_ is not None: + pulumi.set(__self__, "import_", import_) if name is not None: pulumi.set(__self__, "name", name) @@ -106,6 +110,18 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="import") + def import_(self) -> Optional[pulumi.Input[bool]]: + """ + When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + """ + return pulumi.get(self, "import_") + + @import_.setter + def import_(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "import_", value) + @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: @@ -126,6 +142,7 @@ def __init__(__self__, *, client_id: Optional[pulumi.Input[str]] = None, composite_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, description: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None): """ @@ -134,6 +151,7 @@ def __init__(__self__, *, :param pulumi.Input[str] client_id: When specified, this role will be created as a client role attached to the client with the provided ID :param pulumi.Input[Sequence[pulumi.Input[str]]] composite_roles: When specified, this role will be a composite role, composed of all roles that have an ID present within this list. :param pulumi.Input[str] description: The description of the role + :param pulumi.Input[bool] import_: When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. :param pulumi.Input[str] name: The name of the role :param pulumi.Input[str] realm_id: The realm this role exists within. """ @@ -145,6 +163,8 @@ def __init__(__self__, *, pulumi.set(__self__, "composite_roles", composite_roles) if description is not None: pulumi.set(__self__, "description", description) + if import_ is not None: + pulumi.set(__self__, "import_", import_) if name is not None: pulumi.set(__self__, "name", name) if realm_id is not None: @@ -198,6 +218,18 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="import") + def import_(self) -> Optional[pulumi.Input[bool]]: + """ + When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + """ + return pulumi.get(self, "import_") + + @import_.setter + def import_(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "import_", value) + @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: @@ -232,13 +264,14 @@ def __init__(__self__, client_id: Optional[pulumi.Input[str]] = None, composite_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, description: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): """ Allows for creating and managing roles within Keycloak. - Roles allow you define privileges within Keycloak and map them to users and groups. + Roles allow you to define privileges within Keycloak and map them to users and groups. ## Example Usage @@ -372,6 +405,7 @@ def __init__(__self__, :param pulumi.Input[str] client_id: When specified, this role will be created as a client role attached to the client with the provided ID :param pulumi.Input[Sequence[pulumi.Input[str]]] composite_roles: When specified, this role will be a composite role, composed of all roles that have an ID present within this list. :param pulumi.Input[str] description: The description of the role + :param pulumi.Input[bool] import_: When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. :param pulumi.Input[str] name: The name of the role :param pulumi.Input[str] realm_id: The realm this role exists within. """ @@ -384,7 +418,7 @@ def __init__(__self__, """ Allows for creating and managing roles within Keycloak. - Roles allow you define privileges within Keycloak and map them to users and groups. + Roles allow you to define privileges within Keycloak and map them to users and groups. ## Example Usage @@ -531,6 +565,7 @@ def _internal_init(__self__, client_id: Optional[pulumi.Input[str]] = None, composite_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, description: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, __props__=None): @@ -546,6 +581,7 @@ def _internal_init(__self__, __props__.__dict__["client_id"] = client_id __props__.__dict__["composite_roles"] = composite_roles __props__.__dict__["description"] = description + __props__.__dict__["import_"] = import_ __props__.__dict__["name"] = name if realm_id is None and not opts.urn: raise TypeError("Missing required property 'realm_id'") @@ -564,6 +600,7 @@ def get(resource_name: str, client_id: Optional[pulumi.Input[str]] = None, composite_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, description: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None) -> 'Role': """ @@ -577,6 +614,7 @@ def get(resource_name: str, :param pulumi.Input[str] client_id: When specified, this role will be created as a client role attached to the client with the provided ID :param pulumi.Input[Sequence[pulumi.Input[str]]] composite_roles: When specified, this role will be a composite role, composed of all roles that have an ID present within this list. :param pulumi.Input[str] description: The description of the role + :param pulumi.Input[bool] import_: When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. :param pulumi.Input[str] name: The name of the role :param pulumi.Input[str] realm_id: The realm this role exists within. """ @@ -588,13 +626,14 @@ def get(resource_name: str, __props__.__dict__["client_id"] = client_id __props__.__dict__["composite_roles"] = composite_roles __props__.__dict__["description"] = description + __props__.__dict__["import_"] = import_ __props__.__dict__["name"] = name __props__.__dict__["realm_id"] = realm_id return Role(resource_name, opts=opts, __props__=__props__) @property @pulumi.getter - def attributes(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + def attributes(self) -> pulumi.Output[Mapping[str, str]]: """ A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars """ @@ -610,7 +649,7 @@ def client_id(self) -> pulumi.Output[Optional[str]]: @property @pulumi.getter(name="compositeRoles") - def composite_roles(self) -> pulumi.Output[Optional[Sequence[str]]]: + def composite_roles(self) -> pulumi.Output[Sequence[str]]: """ When specified, this role will be a composite role, composed of all roles that have an ID present within this list. """ @@ -618,12 +657,20 @@ def composite_roles(self) -> pulumi.Output[Optional[Sequence[str]]]: @property @pulumi.getter - def description(self) -> pulumi.Output[Optional[str]]: + def description(self) -> pulumi.Output[str]: """ The description of the role """ return pulumi.get(self, "description") + @property + @pulumi.getter(name="import") + def import_(self) -> pulumi.Output[Optional[bool]]: + """ + When `true`, the role with the specified `name` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if `import` is `true`. + """ + return pulumi.get(self, "import_") + @property @pulumi.getter def name(self) -> pulumi.Output[str]: diff --git a/sdk/python/pulumi_keycloak/saml/identity_provider.py b/sdk/python/pulumi_keycloak/saml/identity_provider.py index 810d6eaa..fff7b1ac 100644 --- a/sdk/python/pulumi_keycloak/saml/identity_provider.py +++ b/sdk/python/pulumi_keycloak/saml/identity_provider.py @@ -74,12 +74,12 @@ def __init__(__self__, *, :param pulumi.Input[bool] force_authn: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. :param pulumi.Input[bool] hide_on_login_page: If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] login_hint: Login Hint. :param pulumi.Input[str] name_id_policy_format: Specifies the URI reference corresponding to a name identifier format. Defaults to empty. :param pulumi.Input[bool] post_binding_authn_request: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. :param pulumi.Input[bool] post_binding_logout: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. :param pulumi.Input[str] principal_attribute: The principal attribute. :param pulumi.Input[str] principal_type: The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. @@ -371,7 +371,7 @@ def hide_on_login_page(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="linkOnly") def link_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") @@ -431,7 +431,7 @@ def post_binding_logout(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="postBindingResponse") def post_binding_response(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. """ return pulumi.get(self, "post_binding_response") @@ -666,12 +666,12 @@ def __init__(__self__, *, :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. :param pulumi.Input[bool] hide_on_login_page: If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. :param pulumi.Input[str] internal_id: Internal Identity Provider Id - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] login_hint: Login Hint. :param pulumi.Input[str] name_id_policy_format: Specifies the URI reference corresponding to a name identifier format. Defaults to empty. :param pulumi.Input[bool] post_binding_authn_request: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. :param pulumi.Input[bool] post_binding_logout: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. :param pulumi.Input[str] principal_attribute: The principal attribute. :param pulumi.Input[str] principal_type: The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. @@ -959,7 +959,7 @@ def internal_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="linkOnly") def link_only(self) -> Optional[pulumi.Input[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") @@ -1019,7 +1019,7 @@ def post_binding_logout(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="postBindingResponse") def post_binding_response(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. """ return pulumi.get(self, "post_binding_response") @@ -1320,12 +1320,12 @@ def __init__(__self__, :param pulumi.Input[bool] force_authn: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. :param pulumi.Input[bool] hide_on_login_page: If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] login_hint: Login Hint. :param pulumi.Input[str] name_id_policy_format: Specifies the URI reference corresponding to a name identifier format. Defaults to empty. :param pulumi.Input[bool] post_binding_authn_request: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. :param pulumi.Input[bool] post_binding_logout: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. :param pulumi.Input[str] principal_attribute: The principal attribute. :param pulumi.Input[str] principal_type: The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. @@ -1567,12 +1567,12 @@ def get(resource_name: str, :param pulumi.Input[str] gui_order: A number defining the order of this identity provider in the GUI. :param pulumi.Input[bool] hide_on_login_page: If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. :param pulumi.Input[str] internal_id: Internal Identity Provider Id - :param pulumi.Input[bool] link_only: When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + :param pulumi.Input[bool] link_only: When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. :param pulumi.Input[str] login_hint: Login Hint. :param pulumi.Input[str] name_id_policy_format: Specifies the URI reference corresponding to a name identifier format. Defaults to empty. :param pulumi.Input[bool] post_binding_authn_request: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. :param pulumi.Input[bool] post_binding_logout: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + :param pulumi.Input[bool] post_binding_response: Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. :param pulumi.Input[str] post_broker_login_flow_alias: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. :param pulumi.Input[str] principal_attribute: The principal attribute. :param pulumi.Input[str] principal_type: The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`. @@ -1763,7 +1763,7 @@ def internal_id(self) -> pulumi.Output[str]: @pulumi.getter(name="linkOnly") def link_only(self) -> pulumi.Output[Optional[bool]]: """ - When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. + When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. """ return pulumi.get(self, "link_only") @@ -1803,7 +1803,7 @@ def post_binding_logout(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="postBindingResponse") def post_binding_response(self) -> pulumi.Output[Optional[bool]]: """ - Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. + Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. """ return pulumi.get(self, "post_binding_response") diff --git a/sdk/python/pulumi_keycloak/user.py b/sdk/python/pulumi_keycloak/user.py index 21ca5db3..3ca5aef7 100644 --- a/sdk/python/pulumi_keycloak/user.py +++ b/sdk/python/pulumi_keycloak/user.py @@ -29,6 +29,7 @@ def __init__(__self__, *, enabled: Optional[pulumi.Input[bool]] = None, federated_identities: Optional[pulumi.Input[Sequence[pulumi.Input['UserFederatedIdentityArgs']]]] = None, first_name: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, initial_password: Optional[pulumi.Input['UserInitialPasswordArgs']] = None, last_name: Optional[pulumi.Input[str]] = None, required_actions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): @@ -42,6 +43,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] enabled: When false, this user cannot log in. Defaults to `true`. :param pulumi.Input[Sequence[pulumi.Input['UserFederatedIdentityArgs']]] federated_identities: When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. :param pulumi.Input[str] first_name: The user's first name. + :param pulumi.Input[bool] import_: When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. :param pulumi.Input['UserInitialPasswordArgs'] initial_password: When given, the user's initial password will be set. This attribute is only respected during initial user creation. :param pulumi.Input[str] last_name: The user's last name. :param pulumi.Input[Sequence[pulumi.Input[str]]] required_actions: A list of required user actions. @@ -60,6 +62,8 @@ def __init__(__self__, *, pulumi.set(__self__, "federated_identities", federated_identities) if first_name is not None: pulumi.set(__self__, "first_name", first_name) + if import_ is not None: + pulumi.set(__self__, "import_", import_) if initial_password is not None: pulumi.set(__self__, "initial_password", initial_password) if last_name is not None: @@ -163,6 +167,18 @@ def first_name(self) -> Optional[pulumi.Input[str]]: def first_name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "first_name", value) + @property + @pulumi.getter(name="import") + def import_(self) -> Optional[pulumi.Input[bool]]: + """ + When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + """ + return pulumi.get(self, "import_") + + @import_.setter + def import_(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "import_", value) + @property @pulumi.getter(name="initialPassword") def initial_password(self) -> Optional[pulumi.Input['UserInitialPasswordArgs']]: @@ -209,6 +225,7 @@ def __init__(__self__, *, enabled: Optional[pulumi.Input[bool]] = None, federated_identities: Optional[pulumi.Input[Sequence[pulumi.Input['UserFederatedIdentityArgs']]]] = None, first_name: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, initial_password: Optional[pulumi.Input['UserInitialPasswordArgs']] = None, last_name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, @@ -222,6 +239,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] enabled: When false, this user cannot log in. Defaults to `true`. :param pulumi.Input[Sequence[pulumi.Input['UserFederatedIdentityArgs']]] federated_identities: When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. :param pulumi.Input[str] first_name: The user's first name. + :param pulumi.Input[bool] import_: When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. :param pulumi.Input['UserInitialPasswordArgs'] initial_password: When given, the user's initial password will be set. This attribute is only respected during initial user creation. :param pulumi.Input[str] last_name: The user's last name. :param pulumi.Input[str] realm_id: The realm this user belongs to. @@ -240,6 +258,8 @@ def __init__(__self__, *, pulumi.set(__self__, "federated_identities", federated_identities) if first_name is not None: pulumi.set(__self__, "first_name", first_name) + if import_ is not None: + pulumi.set(__self__, "import_", import_) if initial_password is not None: pulumi.set(__self__, "initial_password", initial_password) if last_name is not None: @@ -323,6 +343,18 @@ def first_name(self) -> Optional[pulumi.Input[str]]: def first_name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "first_name", value) + @property + @pulumi.getter(name="import") + def import_(self) -> Optional[pulumi.Input[bool]]: + """ + When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + """ + return pulumi.get(self, "import_") + + @import_.setter + def import_(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "import_", value) + @property @pulumi.getter(name="initialPassword") def initial_password(self) -> Optional[pulumi.Input['UserInitialPasswordArgs']]: @@ -395,6 +427,7 @@ def __init__(__self__, enabled: Optional[pulumi.Input[bool]] = None, federated_identities: Optional[pulumi.Input[Sequence[pulumi.Input[Union['UserFederatedIdentityArgs', 'UserFederatedIdentityArgsDict']]]]] = None, first_name: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, initial_password: Optional[pulumi.Input[Union['UserInitialPasswordArgs', 'UserInitialPasswordArgsDict']]] = None, last_name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, @@ -463,6 +496,7 @@ def __init__(__self__, :param pulumi.Input[bool] enabled: When false, this user cannot log in. Defaults to `true`. :param pulumi.Input[Sequence[pulumi.Input[Union['UserFederatedIdentityArgs', 'UserFederatedIdentityArgsDict']]]] federated_identities: When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. :param pulumi.Input[str] first_name: The user's first name. + :param pulumi.Input[bool] import_: When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. :param pulumi.Input[Union['UserInitialPasswordArgs', 'UserInitialPasswordArgsDict']] initial_password: When given, the user's initial password will be set. This attribute is only respected during initial user creation. :param pulumi.Input[str] last_name: The user's last name. :param pulumi.Input[str] realm_id: The realm this user belongs to. @@ -550,6 +584,7 @@ def _internal_init(__self__, enabled: Optional[pulumi.Input[bool]] = None, federated_identities: Optional[pulumi.Input[Sequence[pulumi.Input[Union['UserFederatedIdentityArgs', 'UserFederatedIdentityArgsDict']]]]] = None, first_name: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, initial_password: Optional[pulumi.Input[Union['UserInitialPasswordArgs', 'UserInitialPasswordArgsDict']]] = None, last_name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, @@ -570,6 +605,7 @@ def _internal_init(__self__, __props__.__dict__["enabled"] = enabled __props__.__dict__["federated_identities"] = federated_identities __props__.__dict__["first_name"] = first_name + __props__.__dict__["import_"] = import_ __props__.__dict__["initial_password"] = initial_password __props__.__dict__["last_name"] = last_name if realm_id is None and not opts.urn: @@ -595,6 +631,7 @@ def get(resource_name: str, enabled: Optional[pulumi.Input[bool]] = None, federated_identities: Optional[pulumi.Input[Sequence[pulumi.Input[Union['UserFederatedIdentityArgs', 'UserFederatedIdentityArgsDict']]]]] = None, first_name: Optional[pulumi.Input[str]] = None, + import_: Optional[pulumi.Input[bool]] = None, initial_password: Optional[pulumi.Input[Union['UserInitialPasswordArgs', 'UserInitialPasswordArgsDict']]] = None, last_name: Optional[pulumi.Input[str]] = None, realm_id: Optional[pulumi.Input[str]] = None, @@ -613,6 +650,7 @@ def get(resource_name: str, :param pulumi.Input[bool] enabled: When false, this user cannot log in. Defaults to `true`. :param pulumi.Input[Sequence[pulumi.Input[Union['UserFederatedIdentityArgs', 'UserFederatedIdentityArgsDict']]]] federated_identities: When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details. :param pulumi.Input[str] first_name: The user's first name. + :param pulumi.Input[bool] import_: When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. :param pulumi.Input[Union['UserInitialPasswordArgs', 'UserInitialPasswordArgsDict']] initial_password: When given, the user's initial password will be set. This attribute is only respected during initial user creation. :param pulumi.Input[str] last_name: The user's last name. :param pulumi.Input[str] realm_id: The realm this user belongs to. @@ -629,6 +667,7 @@ def get(resource_name: str, __props__.__dict__["enabled"] = enabled __props__.__dict__["federated_identities"] = federated_identities __props__.__dict__["first_name"] = first_name + __props__.__dict__["import_"] = import_ __props__.__dict__["initial_password"] = initial_password __props__.__dict__["last_name"] = last_name __props__.__dict__["realm_id"] = realm_id @@ -684,6 +723,14 @@ def first_name(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "first_name") + @property + @pulumi.getter(name="import") + def import_(self) -> pulumi.Output[Optional[bool]]: + """ + When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. + """ + return pulumi.get(self, "import_") + @property @pulumi.getter(name="initialPassword") def initial_password(self) -> pulumi.Output[Optional['outputs.UserInitialPassword']]: diff --git a/upstream b/upstream index f87470c9..855e6f9d 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit f87470c95855fd4e920df68c1c9b54480bd7cb1b +Subproject commit 855e6f9dadc4f68fe192f72a58e59401f3473f2e