keycloak.openid.UserClientRoleProtocolMapper
Explore with Pulumi AI
Allows for creating and managing user client role protocol mappers within Keycloak.
User client role protocol mappers allow you to define a claim containing the list of a client roles.
Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.
Example Usage
Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const openidClient = new keycloak.openid.Client("openid_client", {
realmId: realm.id,
clientId: "client",
name: "client",
enabled: true,
accessType: "CONFIDENTIAL",
validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper", {
realmId: realm.id,
clientId: openidClient.id,
name: "user-client-role-mapper",
claimName: "foo",
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
openid_client = keycloak.openid.Client("openid_client",
realm_id=realm.id,
client_id="client",
name="client",
enabled=True,
access_type="CONFIDENTIAL",
valid_redirect_uris=["http://localhost:8080/openid-callback"])
user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper",
realm_id=realm.id,
client_id=openid_client.id,
name="user-client-role-mapper",
claim_name="foo")
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("client"),
Name: pulumi.String("client"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("CONFIDENTIAL"),
ValidRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:8080/openid-callback"),
},
})
if err != nil {
return err
}
_, err = openid.NewUserClientRoleProtocolMapper(ctx, "user_client_role_mapper", &openid.UserClientRoleProtocolMapperArgs{
RealmId: realm.ID(),
ClientId: openidClient.ID(),
Name: pulumi.String("user-client-role-mapper"),
ClaimName: pulumi.String("foo"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var openidClient = new Keycloak.OpenId.Client("openid_client", new()
{
RealmId = realm.Id,
ClientId = "client",
Name = "client",
Enabled = true,
AccessType = "CONFIDENTIAL",
ValidRedirectUris = new[]
{
"http://localhost:8080/openid-callback",
},
});
var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper("user_client_role_mapper", new()
{
RealmId = realm.Id,
ClientId = openidClient.Id,
Name = "user-client-role-mapper",
ClaimName = "foo",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;
import com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var openidClient = new Client("openidClient", ClientArgs.builder()
.realmId(realm.id())
.clientId("client")
.name("client")
.enabled(true)
.accessType("CONFIDENTIAL")
.validRedirectUris("http://localhost:8080/openid-callback")
.build());
var userClientRoleMapper = new UserClientRoleProtocolMapper("userClientRoleMapper", UserClientRoleProtocolMapperArgs.builder()
.realmId(realm.id())
.clientId(openidClient.id())
.name("user-client-role-mapper")
.claimName("foo")
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
openidClient:
type: keycloak:openid:Client
name: openid_client
properties:
realmId: ${realm.id}
clientId: client
name: client
enabled: true
accessType: CONFIDENTIAL
validRedirectUris:
- http://localhost:8080/openid-callback
userClientRoleMapper:
type: keycloak:openid:UserClientRoleProtocolMapper
name: user_client_role_mapper
properties:
realmId: ${realm.id}
clientId: ${openidClient.id}
name: user-client-role-mapper
claimName: foo
Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const clientScope = new keycloak.openid.ClientScope("client_scope", {
realmId: realm.id,
name: "client-scope",
});
const userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper", {
realmId: realm.id,
clientScopeId: clientScope.id,
name: "user-client-role-mapper",
claimName: "foo",
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
client_scope = keycloak.openid.ClientScope("client_scope",
realm_id=realm.id,
name="client-scope")
user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper",
realm_id=realm.id,
client_scope_id=client_scope.id,
name="user-client-role-mapper",
claim_name="foo")
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{
RealmId: realm.ID(),
Name: pulumi.String("client-scope"),
})
if err != nil {
return err
}
_, err = openid.NewUserClientRoleProtocolMapper(ctx, "user_client_role_mapper", &openid.UserClientRoleProtocolMapperArgs{
RealmId: realm.ID(),
ClientScopeId: clientScope.ID(),
Name: pulumi.String("user-client-role-mapper"),
ClaimName: pulumi.String("foo"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new()
{
RealmId = realm.Id,
Name = "client-scope",
});
var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper("user_client_role_mapper", new()
{
RealmId = realm.Id,
ClientScopeId = clientScope.Id,
Name = "user-client-role-mapper",
ClaimName = "foo",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.ClientScope;
import com.pulumi.keycloak.openid.ClientScopeArgs;
import com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;
import com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder()
.realmId(realm.id())
.name("client-scope")
.build());
var userClientRoleMapper = new UserClientRoleProtocolMapper("userClientRoleMapper", UserClientRoleProtocolMapperArgs.builder()
.realmId(realm.id())
.clientScopeId(clientScope.id())
.name("user-client-role-mapper")
.claimName("foo")
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
clientScope:
type: keycloak:openid:ClientScope
name: client_scope
properties:
realmId: ${realm.id}
name: client-scope
userClientRoleMapper:
type: keycloak:openid:UserClientRoleProtocolMapper
name: user_client_role_mapper
properties:
realmId: ${realm.id}
clientScopeId: ${clientScope.id}
name: user-client-role-mapper
claimName: foo
Create UserClientRoleProtocolMapper Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new UserClientRoleProtocolMapper(name: string, args: UserClientRoleProtocolMapperArgs, opts?: CustomResourceOptions);
@overload
def UserClientRoleProtocolMapper(resource_name: str,
args: UserClientRoleProtocolMapperArgs,
opts: Optional[ResourceOptions] = None)
@overload
def UserClientRoleProtocolMapper(resource_name: str,
opts: Optional[ResourceOptions] = None,
claim_name: Optional[str] = None,
realm_id: Optional[str] = None,
add_to_access_token: Optional[bool] = None,
add_to_id_token: Optional[bool] = None,
add_to_userinfo: Optional[bool] = None,
claim_value_type: Optional[str] = None,
client_id: Optional[str] = None,
client_id_for_role_mappings: Optional[str] = None,
client_role_prefix: Optional[str] = None,
client_scope_id: Optional[str] = None,
multivalued: Optional[bool] = None,
name: Optional[str] = None)
func NewUserClientRoleProtocolMapper(ctx *Context, name string, args UserClientRoleProtocolMapperArgs, opts ...ResourceOption) (*UserClientRoleProtocolMapper, error)
public UserClientRoleProtocolMapper(string name, UserClientRoleProtocolMapperArgs args, CustomResourceOptions? opts = null)
public UserClientRoleProtocolMapper(String name, UserClientRoleProtocolMapperArgs args)
public UserClientRoleProtocolMapper(String name, UserClientRoleProtocolMapperArgs args, CustomResourceOptions options)
type: keycloak:openid:UserClientRoleProtocolMapper
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserClientRoleProtocolMapperArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserClientRoleProtocolMapperArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserClientRoleProtocolMapperArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserClientRoleProtocolMapperArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserClientRoleProtocolMapperArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var userClientRoleProtocolMapperResource = new Keycloak.OpenId.UserClientRoleProtocolMapper("userClientRoleProtocolMapperResource", new()
{
ClaimName = "string",
RealmId = "string",
AddToAccessToken = false,
AddToIdToken = false,
AddToUserinfo = false,
ClaimValueType = "string",
ClientId = "string",
ClientIdForRoleMappings = "string",
ClientRolePrefix = "string",
ClientScopeId = "string",
Multivalued = false,
Name = "string",
});
example, err := openid.NewUserClientRoleProtocolMapper(ctx, "userClientRoleProtocolMapperResource", &openid.UserClientRoleProtocolMapperArgs{
ClaimName: pulumi.String("string"),
RealmId: pulumi.String("string"),
AddToAccessToken: pulumi.Bool(false),
AddToIdToken: pulumi.Bool(false),
AddToUserinfo: pulumi.Bool(false),
ClaimValueType: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientIdForRoleMappings: pulumi.String("string"),
ClientRolePrefix: pulumi.String("string"),
ClientScopeId: pulumi.String("string"),
Multivalued: pulumi.Bool(false),
Name: pulumi.String("string"),
})
var userClientRoleProtocolMapperResource = new UserClientRoleProtocolMapper("userClientRoleProtocolMapperResource", UserClientRoleProtocolMapperArgs.builder()
.claimName("string")
.realmId("string")
.addToAccessToken(false)
.addToIdToken(false)
.addToUserinfo(false)
.claimValueType("string")
.clientId("string")
.clientIdForRoleMappings("string")
.clientRolePrefix("string")
.clientScopeId("string")
.multivalued(false)
.name("string")
.build());
user_client_role_protocol_mapper_resource = keycloak.openid.UserClientRoleProtocolMapper("userClientRoleProtocolMapperResource",
claim_name="string",
realm_id="string",
add_to_access_token=False,
add_to_id_token=False,
add_to_userinfo=False,
claim_value_type="string",
client_id="string",
client_id_for_role_mappings="string",
client_role_prefix="string",
client_scope_id="string",
multivalued=False,
name="string")
const userClientRoleProtocolMapperResource = new keycloak.openid.UserClientRoleProtocolMapper("userClientRoleProtocolMapperResource", {
claimName: "string",
realmId: "string",
addToAccessToken: false,
addToIdToken: false,
addToUserinfo: false,
claimValueType: "string",
clientId: "string",
clientIdForRoleMappings: "string",
clientRolePrefix: "string",
clientScopeId: "string",
multivalued: false,
name: "string",
});
type: keycloak:openid:UserClientRoleProtocolMapper
properties:
addToAccessToken: false
addToIdToken: false
addToUserinfo: false
claimName: string
claimValueType: string
clientId: string
clientIdForRoleMappings: string
clientRolePrefix: string
clientScopeId: string
multivalued: false
name: string
realmId: string
UserClientRoleProtocolMapper Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The UserClientRoleProtocolMapper resource accepts the following input properties:
- Claim
Name string - The name of the claim to insert into a token.
- Realm
Id string - The realm this protocol mapper exists within.
- Add
To boolAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - Add
To boolId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - Add
To boolUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - Claim
Value stringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - Client
Id string - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - Client
Id stringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- Client
Role stringPrefix - A prefix for each Client Role.
- Client
Scope stringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - Multivalued bool
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - Name string
- The display name of this protocol mapper in the GUI.
- Claim
Name string - The name of the claim to insert into a token.
- Realm
Id string - The realm this protocol mapper exists within.
- Add
To boolAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - Add
To boolId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - Add
To boolUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - Claim
Value stringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - Client
Id string - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - Client
Id stringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- Client
Role stringPrefix - A prefix for each Client Role.
- Client
Scope stringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - Multivalued bool
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - Name string
- The display name of this protocol mapper in the GUI.
- claim
Name String - The name of the claim to insert into a token.
- realm
Id String - The realm this protocol mapper exists within.
- add
To BooleanAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - add
To BooleanId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - add
To BooleanUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - claim
Value StringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - client
Id String - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - client
Id StringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- client
Role StringPrefix - A prefix for each Client Role.
- client
Scope StringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - multivalued Boolean
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - name String
- The display name of this protocol mapper in the GUI.
- claim
Name string - The name of the claim to insert into a token.
- realm
Id string - The realm this protocol mapper exists within.
- add
To booleanAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - add
To booleanId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - add
To booleanUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - claim
Value stringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - client
Id string - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - client
Id stringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- client
Role stringPrefix - A prefix for each Client Role.
- client
Scope stringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - multivalued boolean
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - name string
- The display name of this protocol mapper in the GUI.
- claim_
name str - The name of the claim to insert into a token.
- realm_
id str - The realm this protocol mapper exists within.
- add_
to_ boolaccess_ token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - add_
to_ boolid_ token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - add_
to_ booluserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - claim_
value_ strtype - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - client_
id str - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - client_
id_ strfor_ role_ mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- client_
role_ strprefix - A prefix for each Client Role.
- client_
scope_ strid - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - multivalued bool
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - name str
- The display name of this protocol mapper in the GUI.
- claim
Name String - The name of the claim to insert into a token.
- realm
Id String - The realm this protocol mapper exists within.
- add
To BooleanAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - add
To BooleanId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - add
To BooleanUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - claim
Value StringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - client
Id String - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - client
Id StringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- client
Role StringPrefix - A prefix for each Client Role.
- client
Scope StringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - multivalued Boolean
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - name String
- The display name of this protocol mapper in the GUI.
Outputs
All input properties are implicitly available as output properties. Additionally, the UserClientRoleProtocolMapper resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing UserClientRoleProtocolMapper Resource
Get an existing UserClientRoleProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserClientRoleProtocolMapperState, opts?: CustomResourceOptions): UserClientRoleProtocolMapper
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
add_to_access_token: Optional[bool] = None,
add_to_id_token: Optional[bool] = None,
add_to_userinfo: Optional[bool] = None,
claim_name: Optional[str] = None,
claim_value_type: Optional[str] = None,
client_id: Optional[str] = None,
client_id_for_role_mappings: Optional[str] = None,
client_role_prefix: Optional[str] = None,
client_scope_id: Optional[str] = None,
multivalued: Optional[bool] = None,
name: Optional[str] = None,
realm_id: Optional[str] = None) -> UserClientRoleProtocolMapper
func GetUserClientRoleProtocolMapper(ctx *Context, name string, id IDInput, state *UserClientRoleProtocolMapperState, opts ...ResourceOption) (*UserClientRoleProtocolMapper, error)
public static UserClientRoleProtocolMapper Get(string name, Input<string> id, UserClientRoleProtocolMapperState? state, CustomResourceOptions? opts = null)
public static UserClientRoleProtocolMapper get(String name, Output<String> id, UserClientRoleProtocolMapperState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Add
To boolAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - Add
To boolId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - Add
To boolUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - Claim
Name string - The name of the claim to insert into a token.
- Claim
Value stringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - Client
Id string - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - Client
Id stringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- Client
Role stringPrefix - A prefix for each Client Role.
- Client
Scope stringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - Multivalued bool
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - Name string
- The display name of this protocol mapper in the GUI.
- Realm
Id string - The realm this protocol mapper exists within.
- Add
To boolAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - Add
To boolId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - Add
To boolUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - Claim
Name string - The name of the claim to insert into a token.
- Claim
Value stringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - Client
Id string - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - Client
Id stringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- Client
Role stringPrefix - A prefix for each Client Role.
- Client
Scope stringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - Multivalued bool
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - Name string
- The display name of this protocol mapper in the GUI.
- Realm
Id string - The realm this protocol mapper exists within.
- add
To BooleanAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - add
To BooleanId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - add
To BooleanUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - claim
Name String - The name of the claim to insert into a token.
- claim
Value StringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - client
Id String - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - client
Id StringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- client
Role StringPrefix - A prefix for each Client Role.
- client
Scope StringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - multivalued Boolean
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - name String
- The display name of this protocol mapper in the GUI.
- realm
Id String - The realm this protocol mapper exists within.
- add
To booleanAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - add
To booleanId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - add
To booleanUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - claim
Name string - The name of the claim to insert into a token.
- claim
Value stringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - client
Id string - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - client
Id stringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- client
Role stringPrefix - A prefix for each Client Role.
- client
Scope stringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - multivalued boolean
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - name string
- The display name of this protocol mapper in the GUI.
- realm
Id string - The realm this protocol mapper exists within.
- add_
to_ boolaccess_ token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - add_
to_ boolid_ token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - add_
to_ booluserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - claim_
name str - The name of the claim to insert into a token.
- claim_
value_ strtype - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - client_
id str - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - client_
id_ strfor_ role_ mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- client_
role_ strprefix - A prefix for each Client Role.
- client_
scope_ strid - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - multivalued bool
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - name str
- The display name of this protocol mapper in the GUI.
- realm_
id str - The realm this protocol mapper exists within.
- add
To BooleanAccess Token - Indicates if the property should be added as a claim to the access token. Defaults to
true
. - add
To BooleanId Token - Indicates if the property should be added as a claim to the id token. Defaults to
true
. - add
To BooleanUserinfo - Indicates if the property should be added as a claim to the UserInfo response body. Defaults to
true
. - claim
Name String - The name of the claim to insert into a token.
- claim
Value StringType - The claim type used when serializing JSON tokens. Can be one of
String
,JSON
,long
,int
, orboolean
. Defaults toString
. - client
Id String - The client this protocol mapper should be attached to. Conflicts with
client_scope_id
. One ofclient_id
orclient_scope_id
must be specified. - client
Id StringFor Role Mappings - The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
- client
Role StringPrefix - A prefix for each Client Role.
- client
Scope StringId - The client scope this protocol mapper should be attached to. Conflicts with
client_id
. One ofclient_id
orclient_scope_id
must be specified. - multivalued Boolean
- Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to
false
. - name String
- The display name of this protocol mapper in the GUI.
- realm
Id String - The realm this protocol mapper exists within.
Import
Protocol mappers can be imported using one of the following formats:
Client:
{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}
Client Scope:
{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}
Example:
bash
$ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4
$ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloak
Terraform Provider.