@pulumi/keycloak 5.3.0 → 5.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/attributeImporterIdentityProviderMapper.d.ts +46 -63
- package/attributeImporterIdentityProviderMapper.js +25 -33
- package/attributeImporterIdentityProviderMapper.js.map +1 -1
- package/attributeToRoleIdentityMapper.d.ts +10 -2
- package/attributeToRoleIdentityMapper.js +10 -2
- package/attributeToRoleIdentityMapper.js.map +1 -1
- package/authentication/bindings.d.ts +2 -0
- package/authentication/bindings.js +2 -0
- package/authentication/bindings.js.map +1 -1
- package/authentication/execution.d.ts +8 -2
- package/authentication/execution.js +8 -2
- package/authentication/execution.js.map +1 -1
- package/authentication/executionConfig.d.ts +12 -2
- package/authentication/executionConfig.js +12 -2
- package/authentication/executionConfig.js.map +1 -1
- package/authentication/flow.d.ts +16 -2
- package/authentication/flow.js +16 -2
- package/authentication/flow.js.map +1 -1
- package/authentication/subflow.d.ts +18 -2
- package/authentication/subflow.js +18 -2
- package/authentication/subflow.js.map +1 -1
- package/customIdentityProviderMapping.d.ts +13 -5
- package/customIdentityProviderMapping.js +10 -2
- package/customIdentityProviderMapping.js.map +1 -1
- package/customUserFederation.d.ts +51 -50
- package/customUserFederation.js +27 -14
- package/customUserFederation.js.map +1 -1
- package/defaultGroups.d.ts +19 -27
- package/defaultGroups.js +19 -9
- package/defaultGroups.js.map +1 -1
- package/defaultRoles.d.ts +13 -2
- package/defaultRoles.js +13 -2
- package/defaultRoles.js.map +1 -1
- package/genericClientProtocolMapper.d.ts +40 -37
- package/genericClientProtocolMapper.js +25 -13
- package/genericClientProtocolMapper.js.map +1 -1
- package/genericClientRoleMapper.d.ts +22 -2
- package/genericClientRoleMapper.js +22 -2
- package/genericClientRoleMapper.js.map +1 -1
- package/genericProtocolMapper.d.ts +8 -2
- package/genericProtocolMapper.js +8 -2
- package/genericProtocolMapper.js.map +1 -1
- package/genericRoleMapper.d.ts +22 -2
- package/genericRoleMapper.js +22 -2
- package/genericRoleMapper.js.map +1 -1
- package/getAuthenticationExecution.d.ts +4 -0
- package/getAuthenticationExecution.js +4 -0
- package/getAuthenticationExecution.js.map +1 -1
- package/getAuthenticationFlow.d.ts +4 -0
- package/getAuthenticationFlow.js +4 -0
- package/getAuthenticationFlow.js.map +1 -1
- package/getClientDescriptionConverter.d.ts +4 -0
- package/getClientDescriptionConverter.js +4 -0
- package/getClientDescriptionConverter.js.map +1 -1
- package/getGroup.d.ts +4 -62
- package/getGroup.js +4 -50
- package/getGroup.js.map +1 -1
- package/getRealm.d.ts +32 -10
- package/getRealm.js +32 -4
- package/getRealm.js.map +1 -1
- package/getRealmKeys.d.ts +8 -28
- package/getRealmKeys.js +8 -4
- package/getRealmKeys.js.map +1 -1
- package/getRole.d.ts +4 -65
- package/getRole.js +4 -44
- package/getRole.js.map +1 -1
- package/getUser.d.ts +4 -0
- package/getUser.js +4 -0
- package/getUser.js.map +1 -1
- package/getUserRealmRoles.d.ts +4 -0
- package/getUserRealmRoles.js +4 -0
- package/getUserRealmRoles.js.map +1 -1
- package/group.d.ts +35 -58
- package/group.js +35 -16
- package/group.js.map +1 -1
- package/groupMemberships.d.ts +27 -43
- package/groupMemberships.js +27 -16
- package/groupMemberships.js.map +1 -1
- package/groupPermissions.d.ts +13 -0
- package/groupPermissions.js +13 -0
- package/groupPermissions.js.map +1 -1
- package/groupRoles.d.ts +32 -91
- package/groupRoles.js +32 -55
- package/groupRoles.js.map +1 -1
- package/hardcodedAttributeIdentityProviderMapper.d.ts +2 -0
- package/hardcodedAttributeIdentityProviderMapper.js +2 -0
- package/hardcodedAttributeIdentityProviderMapper.js.map +1 -1
- package/hardcodedRoleIdentityMapper.d.ts +2 -0
- package/hardcodedRoleIdentityMapper.js +2 -0
- package/hardcodedRoleIdentityMapper.js.map +1 -1
- package/identityProviderTokenExchangeScopePermission.d.ts +10 -2
- package/identityProviderTokenExchangeScopePermission.js +10 -2
- package/identityProviderTokenExchangeScopePermission.js.map +1 -1
- package/ldap/customMapper.d.ts +10 -2
- package/ldap/customMapper.js +10 -2
- package/ldap/customMapper.js.map +1 -1
- package/ldap/fullNameMapper.d.ts +41 -54
- package/ldap/fullNameMapper.js +32 -18
- package/ldap/fullNameMapper.js.map +1 -1
- package/ldap/groupMapper.d.ts +55 -164
- package/ldap/groupMapper.js +46 -20
- package/ldap/groupMapper.js.map +1 -1
- package/ldap/hardcodedAttributeMapper.d.ts +10 -2
- package/ldap/hardcodedAttributeMapper.js +10 -2
- package/ldap/hardcodedAttributeMapper.js.map +1 -1
- package/ldap/hardcodedGroupMapper.d.ts +10 -2
- package/ldap/hardcodedGroupMapper.js +10 -2
- package/ldap/hardcodedGroupMapper.js.map +1 -1
- package/ldap/hardcodedRoleMapper.d.ts +29 -64
- package/ldap/hardcodedRoleMapper.js +17 -52
- package/ldap/hardcodedRoleMapper.js.map +1 -1
- package/ldap/msadLdsUserAccountControlMapper.d.ts +10 -2
- package/ldap/msadLdsUserAccountControlMapper.js +10 -2
- package/ldap/msadLdsUserAccountControlMapper.js.map +1 -1
- package/ldap/msadUserAccountControlMapper.d.ts +34 -32
- package/ldap/msadUserAccountControlMapper.js +25 -14
- package/ldap/msadUserAccountControlMapper.js.map +1 -1
- package/ldap/roleMapper.d.ts +10 -2
- package/ldap/roleMapper.js +10 -2
- package/ldap/roleMapper.js.map +1 -1
- package/ldap/userAttributeMapper.d.ts +60 -45
- package/ldap/userAttributeMapper.js +30 -15
- package/ldap/userAttributeMapper.js.map +1 -1
- package/ldap/userFederation.d.ts +125 -95
- package/ldap/userFederation.js +53 -20
- package/ldap/userFederation.js.map +1 -1
- package/oidc/googleIdentityProvider.d.ts +8 -2
- package/oidc/googleIdentityProvider.js +8 -2
- package/oidc/googleIdentityProvider.js.map +1 -1
- package/oidc/identityProvider.d.ts +8 -2
- package/oidc/identityProvider.js +8 -2
- package/oidc/identityProvider.js.map +1 -1
- package/openid/audienceProtocolMapper.d.ts +62 -45
- package/openid/audienceProtocolMapper.js +38 -21
- package/openid/audienceProtocolMapper.js.map +1 -1
- package/openid/audienceResolveProtocolMapper.d.ts +17 -3
- package/openid/audienceResolveProtocolMapper.js +17 -3
- package/openid/audienceResolveProtocolMapper.js.map +1 -1
- package/openid/audienceResolveProtocolMappter.d.ts +17 -3
- package/openid/audienceResolveProtocolMappter.js +17 -3
- package/openid/audienceResolveProtocolMappter.js.map +1 -1
- package/openid/client.d.ts +48 -431
- package/openid/client.js +48 -14
- package/openid/client.js.map +1 -1
- package/openid/clientAuthorizationPermission.d.ts +6 -2
- package/openid/clientAuthorizationPermission.js +6 -2
- package/openid/clientAuthorizationPermission.js.map +1 -1
- package/openid/clientDefaultScopes.d.ts +17 -33
- package/openid/clientDefaultScopes.js +17 -6
- package/openid/clientDefaultScopes.js.map +1 -1
- package/openid/clientOptionalScopes.d.ts +17 -34
- package/openid/clientOptionalScopes.js +17 -7
- package/openid/clientOptionalScopes.js.map +1 -1
- package/openid/clientPolicy.d.ts +2 -0
- package/openid/clientPolicy.js +2 -0
- package/openid/clientPolicy.js.map +1 -1
- package/openid/clientScope.d.ts +27 -67
- package/openid/clientScope.js +27 -13
- package/openid/clientScope.js.map +1 -1
- package/openid/clientServiceAccountRealmRole.d.ts +8 -2
- package/openid/clientServiceAccountRealmRole.js +8 -2
- package/openid/clientServiceAccountRealmRole.js.map +1 -1
- package/openid/clientServiceAccountRole.d.ts +8 -2
- package/openid/clientServiceAccountRole.js +8 -2
- package/openid/clientServiceAccountRole.js.map +1 -1
- package/openid/fullNameProtocolMapper.d.ts +49 -61
- package/openid/fullNameProtocolMapper.js +37 -22
- package/openid/fullNameProtocolMapper.js.map +1 -1
- package/openid/getClient.d.ts +32 -14
- package/openid/getClient.js +32 -2
- package/openid/getClient.js.map +1 -1
- package/openid/getClientAuthorizationPolicy.d.ts +4 -0
- package/openid/getClientAuthorizationPolicy.js +4 -0
- package/openid/getClientAuthorizationPolicy.js.map +1 -1
- package/openid/getClientScope.d.ts +4 -0
- package/openid/getClientScope.js +4 -0
- package/openid/getClientScope.js.map +1 -1
- package/openid/getClientServiceAccountUser.d.ts +4 -0
- package/openid/getClientServiceAccountUser.js +4 -0
- package/openid/getClientServiceAccountUser.js.map +1 -1
- package/openid/groupMembershipProtocolMapper.d.ts +53 -81
- package/openid/groupMembershipProtocolMapper.js +41 -24
- package/openid/groupMembershipProtocolMapper.js.map +1 -1
- package/openid/hardcodedClaimProtocolMapper.d.ts +66 -66
- package/openid/hardcodedClaimProtocolMapper.js +42 -24
- package/openid/hardcodedClaimProtocolMapper.js.map +1 -1
- package/openid/hardcodedRoleProtocolMapper.d.ts +48 -43
- package/openid/hardcodedRoleProtocolMapper.js +36 -22
- package/openid/hardcodedRoleProtocolMapper.js.map +1 -1
- package/openid/scriptProtocolMapper.d.ts +17 -3
- package/openid/scriptProtocolMapper.js +17 -3
- package/openid/scriptProtocolMapper.js.map +1 -1
- package/openid/userAttributeProtocolMapper.d.ts +73 -72
- package/openid/userAttributeProtocolMapper.js +43 -24
- package/openid/userAttributeProtocolMapper.js.map +1 -1
- package/openid/userClientRoleProtocolMapper.d.ts +17 -3
- package/openid/userClientRoleProtocolMapper.js +17 -3
- package/openid/userClientRoleProtocolMapper.js.map +1 -1
- package/openid/userPropertyProtocolMapper.d.ts +66 -67
- package/openid/userPropertyProtocolMapper.js +42 -25
- package/openid/userPropertyProtocolMapper.js.map +1 -1
- package/openid/userRealmRoleProtocolMapper.d.ts +73 -63
- package/openid/userRealmRoleProtocolMapper.js +43 -24
- package/openid/userRealmRoleProtocolMapper.js.map +1 -1
- package/openid/userSessionNoteProtocolMapper.d.ts +17 -3
- package/openid/userSessionNoteProtocolMapper.js +17 -3
- package/openid/userSessionNoteProtocolMapper.js.map +1 -1
- package/package.json +1 -1
- package/realm.d.ts +30 -509
- package/realm.js +0 -83
- package/realm.js.map +1 -1
- package/realmEvents.d.ts +20 -74
- package/realmEvents.js +20 -11
- package/realmEvents.js.map +1 -1
- package/realmKeystoreAesGenerated.d.ts +8 -2
- package/realmKeystoreAesGenerated.js +8 -2
- package/realmKeystoreAesGenerated.js.map +1 -1
- package/realmKeystoreEcdsaGenerated.d.ts +8 -2
- package/realmKeystoreEcdsaGenerated.js +8 -2
- package/realmKeystoreEcdsaGenerated.js.map +1 -1
- package/realmKeystoreHmacGenerated.d.ts +8 -2
- package/realmKeystoreHmacGenerated.js +8 -2
- package/realmKeystoreHmacGenerated.js.map +1 -1
- package/realmKeystoreJavaGenerated.d.ts +8 -2
- package/realmKeystoreJavaGenerated.js +8 -2
- package/realmKeystoreJavaGenerated.js.map +1 -1
- package/realmKeystoreRsa.d.ts +6 -2
- package/realmKeystoreRsa.js +6 -2
- package/realmKeystoreRsa.js.map +1 -1
- package/realmKeystoreRsaGenerated.d.ts +8 -2
- package/realmKeystoreRsaGenerated.js +8 -2
- package/realmKeystoreRsaGenerated.js.map +1 -1
- package/realmUserProfile.d.ts +2 -0
- package/realmUserProfile.js +2 -0
- package/realmUserProfile.js.map +1 -1
- package/requiredAction.d.ts +8 -2
- package/requiredAction.js +8 -2
- package/requiredAction.js.map +1 -1
- package/role.d.ts +58 -125
- package/role.js +58 -71
- package/role.js.map +1 -1
- package/saml/client.d.ts +46 -327
- package/saml/client.js +46 -12
- package/saml/client.js.map +1 -1
- package/saml/clientDefaultScope.d.ts +5 -1
- package/saml/clientDefaultScope.js +5 -1
- package/saml/clientDefaultScope.js.map +1 -1
- package/saml/clientScope.d.ts +10 -2
- package/saml/clientScope.js +10 -2
- package/saml/clientScope.js.map +1 -1
- package/saml/getClient.d.ts +4 -0
- package/saml/getClient.js +4 -0
- package/saml/getClient.js.map +1 -1
- package/saml/getClientInstallationProvider.d.ts +4 -0
- package/saml/getClientInstallationProvider.js +4 -0
- package/saml/getClientInstallationProvider.js.map +1 -1
- package/saml/identityProvider.d.ts +163 -117
- package/saml/identityProvider.js +52 -21
- package/saml/identityProvider.js.map +1 -1
- package/saml/scriptProtocolMapper.d.ts +13 -3
- package/saml/scriptProtocolMapper.js +13 -3
- package/saml/scriptProtocolMapper.js.map +1 -1
- package/saml/userAttributeProtocolMapper.d.ts +32 -91
- package/saml/userAttributeProtocolMapper.js +32 -19
- package/saml/userAttributeProtocolMapper.js.map +1 -1
- package/saml/userPropertyProtocolMapper.d.ts +32 -91
- package/saml/userPropertyProtocolMapper.js +32 -19
- package/saml/userPropertyProtocolMapper.js.map +1 -1
- package/types/input.d.ts +74 -183
- package/types/output.d.ts +44 -207
- package/user.d.ts +36 -112
- package/user.js +36 -22
- package/user.js.map +1 -1
- package/userGroups.d.ts +9 -1
- package/userGroups.js +9 -1
- package/userGroups.js.map +1 -1
- package/userRoles.d.ts +11 -2
- package/userRoles.js +11 -2
- package/userRoles.js.map +1 -1
- package/userTemplateImporterIdentityProviderMapper.d.ts +10 -2
- package/userTemplateImporterIdentityProviderMapper.js +10 -2
- package/userTemplateImporterIdentityProviderMapper.js.map +1 -1
- package/usersPermissions.d.ts +10 -25
- package/usersPermissions.js +10 -25
- package/usersPermissions.js.map +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msadLdsUserAccountControlMapper.js","sourceRoot":"","sources":["../../ldap/msadLdsUserAccountControlMapper.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"msadLdsUserAccountControlMapper.js","sourceRoot":"","sources":["../../ldap/msadLdsUserAccountControlMapper.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AACH,MAAa,+BAAgC,SAAQ,MAAM,CAAC,cAAc;IACtE;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA4C,EAAE,IAAmC;QAC1I,OAAO,IAAI,+BAA+B,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACtF,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,+BAA+B,CAAC,YAAY,CAAC;IAChF,CAAC;IAuBD,YAAY,IAAY,EAAE,WAAwF,EAAE,IAAmC;QACnJ,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA+D,CAAC;YAC9E,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;aAAM;YACH,MAAM,IAAI,GAAG,WAA8D,CAAC;YAC5E,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;aACvE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,+BAA+B,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACpF,CAAC;;AAvEL,0EAwEC;AA1DG,gBAAgB;AACO,4CAAY,GAAG,+EAA+E,CAAC"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
+
* ## # keycloak.ldap.MsadUserAccountControlMapper
|
|
4
|
+
*
|
|
3
5
|
* Allows for creating and managing MSAD user account control mappers for Keycloak
|
|
4
6
|
* users federated via LDAP.
|
|
5
7
|
*
|
|
@@ -8,44 +10,53 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
8
10
|
* AD user state to Keycloak in order to enforce settings like expired passwords
|
|
9
11
|
* or disabled accounts.
|
|
10
12
|
*
|
|
11
|
-
*
|
|
13
|
+
* ### Example Usage
|
|
12
14
|
*
|
|
15
|
+
* <!--Start PulumiCodeChooser -->
|
|
13
16
|
* ```typescript
|
|
14
17
|
* import * as pulumi from "@pulumi/pulumi";
|
|
15
18
|
* import * as keycloak from "@pulumi/keycloak";
|
|
16
19
|
*
|
|
17
20
|
* const realm = new keycloak.Realm("realm", {
|
|
18
|
-
* realm: "my-realm",
|
|
19
21
|
* enabled: true,
|
|
22
|
+
* realm: "test",
|
|
20
23
|
* });
|
|
21
24
|
* const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", {
|
|
22
|
-
*
|
|
23
|
-
*
|
|
25
|
+
* bindCredential: "admin",
|
|
26
|
+
* bindDn: "cn=admin,dc=example,dc=org",
|
|
27
|
+
* connectionUrl: "ldap://my-ad-server",
|
|
24
28
|
* rdnLdapAttribute: "cn",
|
|
25
|
-
*
|
|
29
|
+
* realmId: realm.id,
|
|
26
30
|
* userObjectClasses: [
|
|
27
31
|
* "person",
|
|
28
32
|
* "organizationalPerson",
|
|
29
33
|
* "user",
|
|
30
34
|
* ],
|
|
31
|
-
*
|
|
35
|
+
* usernameLdapAttribute: "cn",
|
|
32
36
|
* usersDn: "dc=example,dc=org",
|
|
33
|
-
*
|
|
34
|
-
* bindCredential: "admin",
|
|
37
|
+
* uuidLdapAttribute: "objectGUID",
|
|
35
38
|
* });
|
|
36
39
|
* const msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", {
|
|
37
|
-
* realmId: realm.id,
|
|
38
40
|
* ldapUserFederationId: ldapUserFederation.id,
|
|
41
|
+
* realmId: realm.id,
|
|
39
42
|
* });
|
|
40
43
|
* ```
|
|
44
|
+
* <!--End PulumiCodeChooser -->
|
|
41
45
|
*
|
|
42
|
-
*
|
|
46
|
+
* ### Argument Reference
|
|
43
47
|
*
|
|
44
|
-
*
|
|
48
|
+
* The following arguments are supported:
|
|
45
49
|
*
|
|
46
|
-
*
|
|
47
|
-
*
|
|
48
|
-
*
|
|
50
|
+
* - `realmId` - (Required) The realm that this LDAP mapper will exist in.
|
|
51
|
+
* - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to.
|
|
52
|
+
* - `name` - (Required) Display name of this mapper when displayed in the console.
|
|
53
|
+
* - `ldapPasswordPolicyHintsEnabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
|
|
54
|
+
*
|
|
55
|
+
* ### Import
|
|
56
|
+
*
|
|
57
|
+
* LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.
|
|
58
|
+
* The ID of the LDAP user federation provider and the mapper can be found within
|
|
59
|
+
* the Keycloak GUI, and they are typically GUIDs:
|
|
49
60
|
*/
|
|
50
61
|
export declare class MsadUserAccountControlMapper extends pulumi.CustomResource {
|
|
51
62
|
/**
|
|
@@ -63,20 +74,17 @@ export declare class MsadUserAccountControlMapper extends pulumi.CustomResource
|
|
|
63
74
|
* when multiple copies of the Pulumi SDK have been loaded into the same process.
|
|
64
75
|
*/
|
|
65
76
|
static isInstance(obj: any): obj is MsadUserAccountControlMapper;
|
|
66
|
-
/**
|
|
67
|
-
* When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
|
|
68
|
-
*/
|
|
69
77
|
readonly ldapPasswordPolicyHintsEnabled: pulumi.Output<boolean | undefined>;
|
|
70
78
|
/**
|
|
71
|
-
* The
|
|
79
|
+
* The ldap user federation provider to attach this mapper to.
|
|
72
80
|
*/
|
|
73
81
|
readonly ldapUserFederationId: pulumi.Output<string>;
|
|
74
82
|
/**
|
|
75
|
-
* Display name of
|
|
83
|
+
* Display name of the mapper when displayed in the console.
|
|
76
84
|
*/
|
|
77
85
|
readonly name: pulumi.Output<string>;
|
|
78
86
|
/**
|
|
79
|
-
* The realm
|
|
87
|
+
* The realm in which the ldap user federation provider exists.
|
|
80
88
|
*/
|
|
81
89
|
readonly realmId: pulumi.Output<string>;
|
|
82
90
|
/**
|
|
@@ -92,20 +100,17 @@ export declare class MsadUserAccountControlMapper extends pulumi.CustomResource
|
|
|
92
100
|
* Input properties used for looking up and filtering MsadUserAccountControlMapper resources.
|
|
93
101
|
*/
|
|
94
102
|
export interface MsadUserAccountControlMapperState {
|
|
95
|
-
/**
|
|
96
|
-
* When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
|
|
97
|
-
*/
|
|
98
103
|
ldapPasswordPolicyHintsEnabled?: pulumi.Input<boolean>;
|
|
99
104
|
/**
|
|
100
|
-
* The
|
|
105
|
+
* The ldap user federation provider to attach this mapper to.
|
|
101
106
|
*/
|
|
102
107
|
ldapUserFederationId?: pulumi.Input<string>;
|
|
103
108
|
/**
|
|
104
|
-
* Display name of
|
|
109
|
+
* Display name of the mapper when displayed in the console.
|
|
105
110
|
*/
|
|
106
111
|
name?: pulumi.Input<string>;
|
|
107
112
|
/**
|
|
108
|
-
* The realm
|
|
113
|
+
* The realm in which the ldap user federation provider exists.
|
|
109
114
|
*/
|
|
110
115
|
realmId?: pulumi.Input<string>;
|
|
111
116
|
}
|
|
@@ -113,20 +118,17 @@ export interface MsadUserAccountControlMapperState {
|
|
|
113
118
|
* The set of arguments for constructing a MsadUserAccountControlMapper resource.
|
|
114
119
|
*/
|
|
115
120
|
export interface MsadUserAccountControlMapperArgs {
|
|
116
|
-
/**
|
|
117
|
-
* When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
|
|
118
|
-
*/
|
|
119
121
|
ldapPasswordPolicyHintsEnabled?: pulumi.Input<boolean>;
|
|
120
122
|
/**
|
|
121
|
-
* The
|
|
123
|
+
* The ldap user federation provider to attach this mapper to.
|
|
122
124
|
*/
|
|
123
125
|
ldapUserFederationId: pulumi.Input<string>;
|
|
124
126
|
/**
|
|
125
|
-
* Display name of
|
|
127
|
+
* Display name of the mapper when displayed in the console.
|
|
126
128
|
*/
|
|
127
129
|
name?: pulumi.Input<string>;
|
|
128
130
|
/**
|
|
129
|
-
* The realm
|
|
131
|
+
* The realm in which the ldap user federation provider exists.
|
|
130
132
|
*/
|
|
131
133
|
realmId: pulumi.Input<string>;
|
|
132
134
|
}
|
|
@@ -6,6 +6,8 @@ exports.MsadUserAccountControlMapper = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
8
|
/**
|
|
9
|
+
* ## # keycloak.ldap.MsadUserAccountControlMapper
|
|
10
|
+
*
|
|
9
11
|
* Allows for creating and managing MSAD user account control mappers for Keycloak
|
|
10
12
|
* users federated via LDAP.
|
|
11
13
|
*
|
|
@@ -14,44 +16,53 @@ const utilities = require("../utilities");
|
|
|
14
16
|
* AD user state to Keycloak in order to enforce settings like expired passwords
|
|
15
17
|
* or disabled accounts.
|
|
16
18
|
*
|
|
17
|
-
*
|
|
19
|
+
* ### Example Usage
|
|
18
20
|
*
|
|
21
|
+
* <!--Start PulumiCodeChooser -->
|
|
19
22
|
* ```typescript
|
|
20
23
|
* import * as pulumi from "@pulumi/pulumi";
|
|
21
24
|
* import * as keycloak from "@pulumi/keycloak";
|
|
22
25
|
*
|
|
23
26
|
* const realm = new keycloak.Realm("realm", {
|
|
24
|
-
* realm: "my-realm",
|
|
25
27
|
* enabled: true,
|
|
28
|
+
* realm: "test",
|
|
26
29
|
* });
|
|
27
30
|
* const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", {
|
|
28
|
-
*
|
|
29
|
-
*
|
|
31
|
+
* bindCredential: "admin",
|
|
32
|
+
* bindDn: "cn=admin,dc=example,dc=org",
|
|
33
|
+
* connectionUrl: "ldap://my-ad-server",
|
|
30
34
|
* rdnLdapAttribute: "cn",
|
|
31
|
-
*
|
|
35
|
+
* realmId: realm.id,
|
|
32
36
|
* userObjectClasses: [
|
|
33
37
|
* "person",
|
|
34
38
|
* "organizationalPerson",
|
|
35
39
|
* "user",
|
|
36
40
|
* ],
|
|
37
|
-
*
|
|
41
|
+
* usernameLdapAttribute: "cn",
|
|
38
42
|
* usersDn: "dc=example,dc=org",
|
|
39
|
-
*
|
|
40
|
-
* bindCredential: "admin",
|
|
43
|
+
* uuidLdapAttribute: "objectGUID",
|
|
41
44
|
* });
|
|
42
45
|
* const msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", {
|
|
43
|
-
* realmId: realm.id,
|
|
44
46
|
* ldapUserFederationId: ldapUserFederation.id,
|
|
47
|
+
* realmId: realm.id,
|
|
45
48
|
* });
|
|
46
49
|
* ```
|
|
50
|
+
* <!--End PulumiCodeChooser -->
|
|
47
51
|
*
|
|
48
|
-
*
|
|
52
|
+
* ### Argument Reference
|
|
49
53
|
*
|
|
50
|
-
*
|
|
54
|
+
* The following arguments are supported:
|
|
51
55
|
*
|
|
52
|
-
*
|
|
53
|
-
*
|
|
54
|
-
*
|
|
56
|
+
* - `realmId` - (Required) The realm that this LDAP mapper will exist in.
|
|
57
|
+
* - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to.
|
|
58
|
+
* - `name` - (Required) Display name of this mapper when displayed in the console.
|
|
59
|
+
* - `ldapPasswordPolicyHintsEnabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
|
|
60
|
+
*
|
|
61
|
+
* ### Import
|
|
62
|
+
*
|
|
63
|
+
* LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.
|
|
64
|
+
* The ID of the LDAP user federation provider and the mapper can be found within
|
|
65
|
+
* the Keycloak GUI, and they are typically GUIDs:
|
|
55
66
|
*/
|
|
56
67
|
class MsadUserAccountControlMapper extends pulumi.CustomResource {
|
|
57
68
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msadUserAccountControlMapper.js","sourceRoot":"","sources":["../../ldap/msadUserAccountControlMapper.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"msadUserAccountControlMapper.js","sourceRoot":"","sources":["../../ldap/msadUserAccountControlMapper.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AACH,MAAa,4BAA6B,SAAQ,MAAM,CAAC,cAAc;IACnE;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAyC,EAAE,IAAmC;QACvI,OAAO,IAAI,4BAA4B,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACnF,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,4BAA4B,CAAC,YAAY,CAAC;IAC7E,CAAC;IAwBD,YAAY,IAAY,EAAE,WAAkF,EAAE,IAAmC;QAC7I,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA4D,CAAC;YAC3E,cAAc,CAAC,gCAAgC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5G,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;aAAM;YACH,MAAM,IAAI,GAAG,WAA2D,CAAC;YACzE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;aACvE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,cAAc,CAAC,gCAAgC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1G,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,4BAA4B,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACjF,CAAC;;AA1EL,oEA2EC;AA7DG,gBAAgB;AACO,yCAAY,GAAG,yEAAyE,CAAC"}
|
package/ldap/roleMapper.d.ts
CHANGED
|
@@ -6,6 +6,7 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
6
6
|
*
|
|
7
7
|
* ## Example Usage
|
|
8
8
|
*
|
|
9
|
+
* <!--Start PulumiCodeChooser -->
|
|
9
10
|
* ```typescript
|
|
10
11
|
* import * as pulumi from "@pulumi/pulumi";
|
|
11
12
|
* import * as keycloak from "@pulumi/keycloak";
|
|
@@ -41,13 +42,20 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
41
42
|
* memberofLdapAttribute: "memberOf",
|
|
42
43
|
* });
|
|
43
44
|
* ```
|
|
45
|
+
* <!--End PulumiCodeChooser -->
|
|
44
46
|
*
|
|
45
47
|
* ## Import
|
|
46
48
|
*
|
|
47
|
-
* LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.
|
|
49
|
+
* LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.
|
|
50
|
+
*
|
|
51
|
+
* The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.
|
|
52
|
+
*
|
|
53
|
+
* Example:
|
|
54
|
+
*
|
|
55
|
+
* bash
|
|
48
56
|
*
|
|
49
57
|
* ```sh
|
|
50
|
-
*
|
|
58
|
+
* $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
|
|
51
59
|
* ```
|
|
52
60
|
*/
|
|
53
61
|
export declare class RoleMapper extends pulumi.CustomResource {
|
package/ldap/roleMapper.js
CHANGED
|
@@ -12,6 +12,7 @@ const utilities = require("../utilities");
|
|
|
12
12
|
*
|
|
13
13
|
* ## Example Usage
|
|
14
14
|
*
|
|
15
|
+
* <!--Start PulumiCodeChooser -->
|
|
15
16
|
* ```typescript
|
|
16
17
|
* import * as pulumi from "@pulumi/pulumi";
|
|
17
18
|
* import * as keycloak from "@pulumi/keycloak";
|
|
@@ -47,13 +48,20 @@ const utilities = require("../utilities");
|
|
|
47
48
|
* memberofLdapAttribute: "memberOf",
|
|
48
49
|
* });
|
|
49
50
|
* ```
|
|
51
|
+
* <!--End PulumiCodeChooser -->
|
|
50
52
|
*
|
|
51
53
|
* ## Import
|
|
52
54
|
*
|
|
53
|
-
* LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.
|
|
55
|
+
* LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.
|
|
56
|
+
*
|
|
57
|
+
* The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.
|
|
58
|
+
*
|
|
59
|
+
* Example:
|
|
60
|
+
*
|
|
61
|
+
* bash
|
|
54
62
|
*
|
|
55
63
|
* ```sh
|
|
56
|
-
*
|
|
64
|
+
* $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
|
|
57
65
|
* ```
|
|
58
66
|
*/
|
|
59
67
|
class RoleMapper extends pulumi.CustomResource {
|
package/ldap/roleMapper.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"roleMapper.js","sourceRoot":"","sources":["../../ldap/roleMapper.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"roleMapper.js","sourceRoot":"","sources":["../../ldap/roleMapper.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AACH,MAAa,UAAW,SAAQ,MAAM,CAAC,cAAc;IACjD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAuB,EAAE,IAAmC;QACrH,OAAO,IAAI,UAAU,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACjE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,UAAU,CAAC,YAAY,CAAC;IAC3D,CAAC;IAuED,YAAY,IAAY,EAAE,WAA8C,EAAE,IAAmC;QACzG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA0C,CAAC;YACzD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;SACrG;aAAM;YACH,MAAM,IAAI,GAAG,WAAyC,CAAC;YACvD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;aACvE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,uBAAuB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;aAC1E;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,2BAA2B,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;aAC9E;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,qBAAqB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;aACxE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC9D,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;aACpE;YACD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,SAAS,CAAC;YACpG,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,2BAA2B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;SACnG;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;;AA9JL,gCA+JC;AAjJG,gBAAgB;AACO,uBAAY,GAAG,qCAAqC,CAAC"}
|
|
@@ -1,50 +1,65 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
+
* ## # keycloak.ldap.UserAttributeMapper
|
|
4
|
+
*
|
|
3
5
|
* Allows for creating and managing user attribute mappers for Keycloak users
|
|
4
6
|
* federated via LDAP.
|
|
5
7
|
*
|
|
6
8
|
* The LDAP user attribute mapper can be used to map a single LDAP attribute
|
|
7
9
|
* to an attribute on the Keycloak user model.
|
|
8
10
|
*
|
|
9
|
-
*
|
|
11
|
+
* ### Example Usage
|
|
10
12
|
*
|
|
13
|
+
* <!--Start PulumiCodeChooser -->
|
|
11
14
|
* ```typescript
|
|
12
15
|
* import * as pulumi from "@pulumi/pulumi";
|
|
13
16
|
* import * as keycloak from "@pulumi/keycloak";
|
|
14
17
|
*
|
|
15
18
|
* const realm = new keycloak.Realm("realm", {
|
|
16
|
-
* realm: "my-realm",
|
|
17
19
|
* enabled: true,
|
|
20
|
+
* realm: "test",
|
|
18
21
|
* });
|
|
19
22
|
* const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", {
|
|
20
|
-
*
|
|
21
|
-
*
|
|
23
|
+
* bindCredential: "admin",
|
|
24
|
+
* bindDn: "cn=admin,dc=example,dc=org",
|
|
25
|
+
* connectionUrl: "ldap://openldap",
|
|
22
26
|
* rdnLdapAttribute: "cn",
|
|
23
|
-
*
|
|
27
|
+
* realmId: realm.id,
|
|
24
28
|
* userObjectClasses: [
|
|
25
29
|
* "simpleSecurityObject",
|
|
26
30
|
* "organizationalRole",
|
|
27
31
|
* ],
|
|
28
|
-
*
|
|
32
|
+
* usernameLdapAttribute: "cn",
|
|
29
33
|
* usersDn: "dc=example,dc=org",
|
|
30
|
-
*
|
|
31
|
-
* bindCredential: "admin",
|
|
34
|
+
* uuidLdapAttribute: "entryDN",
|
|
32
35
|
* });
|
|
33
36
|
* const ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper("ldapUserAttributeMapper", {
|
|
34
|
-
*
|
|
37
|
+
* ldapAttribute: "bar",
|
|
35
38
|
* ldapUserFederationId: ldapUserFederation.id,
|
|
39
|
+
* realmId: realm.id,
|
|
36
40
|
* userModelAttribute: "foo",
|
|
37
|
-
* ldapAttribute: "bar",
|
|
38
41
|
* });
|
|
39
42
|
* ```
|
|
43
|
+
* <!--End PulumiCodeChooser -->
|
|
40
44
|
*
|
|
41
|
-
*
|
|
45
|
+
* ### Argument Reference
|
|
42
46
|
*
|
|
43
|
-
*
|
|
47
|
+
* The following arguments are supported:
|
|
44
48
|
*
|
|
45
|
-
*
|
|
46
|
-
*
|
|
47
|
-
*
|
|
49
|
+
* - `realmId` - (Required) The realm that this LDAP mapper will exist in.
|
|
50
|
+
* - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to.
|
|
51
|
+
* - `name` - (Required) Display name of this mapper when displayed in the console.
|
|
52
|
+
* - `userModelAttribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into.
|
|
53
|
+
* - `ldapAttribute` - (Required) Name of the mapped attribute on the LDAP object.
|
|
54
|
+
* - `readOnly` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.
|
|
55
|
+
* - `alwaysReadValueFromLdap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.
|
|
56
|
+
* - `isMandatoryInLdap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`.
|
|
57
|
+
*
|
|
58
|
+
* ### Import
|
|
59
|
+
*
|
|
60
|
+
* LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.
|
|
61
|
+
* The ID of the LDAP user federation provider and the mapper can be found within
|
|
62
|
+
* the Keycloak GUI, and they are typically GUIDs:
|
|
48
63
|
*/
|
|
49
64
|
export declare class UserAttributeMapper extends pulumi.CustomResource {
|
|
50
65
|
/**
|
|
@@ -63,43 +78,43 @@ export declare class UserAttributeMapper extends pulumi.CustomResource {
|
|
|
63
78
|
*/
|
|
64
79
|
static isInstance(obj: any): obj is UserAttributeMapper;
|
|
65
80
|
/**
|
|
66
|
-
* When
|
|
81
|
+
* When true, the value fetched from LDAP will override the value stored in Keycloak.
|
|
67
82
|
*/
|
|
68
83
|
readonly alwaysReadValueFromLdap: pulumi.Output<boolean | undefined>;
|
|
69
84
|
/**
|
|
70
|
-
* Default value to set in LDAP if
|
|
85
|
+
* Default value to set in LDAP if is_mandatory_in_ldap and the value is empty
|
|
71
86
|
*/
|
|
72
87
|
readonly attributeDefaultValue: pulumi.Output<string | undefined>;
|
|
73
88
|
/**
|
|
74
|
-
* Should be true for binary LDAP attributes
|
|
89
|
+
* Should be true for binary LDAP attributes
|
|
75
90
|
*/
|
|
76
91
|
readonly isBinaryAttribute: pulumi.Output<boolean | undefined>;
|
|
77
92
|
/**
|
|
78
|
-
* When
|
|
93
|
+
* When true, this attribute must exist in LDAP.
|
|
79
94
|
*/
|
|
80
95
|
readonly isMandatoryInLdap: pulumi.Output<boolean | undefined>;
|
|
81
96
|
/**
|
|
82
|
-
* Name of the mapped attribute on
|
|
97
|
+
* Name of the mapped attribute on LDAP object.
|
|
83
98
|
*/
|
|
84
99
|
readonly ldapAttribute: pulumi.Output<string>;
|
|
85
100
|
/**
|
|
86
|
-
* The
|
|
101
|
+
* The ldap user federation provider to attach this mapper to.
|
|
87
102
|
*/
|
|
88
103
|
readonly ldapUserFederationId: pulumi.Output<string>;
|
|
89
104
|
/**
|
|
90
|
-
* Display name of
|
|
105
|
+
* Display name of the mapper when displayed in the console.
|
|
91
106
|
*/
|
|
92
107
|
readonly name: pulumi.Output<string>;
|
|
93
108
|
/**
|
|
94
|
-
* When
|
|
109
|
+
* When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.
|
|
95
110
|
*/
|
|
96
111
|
readonly readOnly: pulumi.Output<boolean | undefined>;
|
|
97
112
|
/**
|
|
98
|
-
* The realm
|
|
113
|
+
* The realm in which the ldap user federation provider exists.
|
|
99
114
|
*/
|
|
100
115
|
readonly realmId: pulumi.Output<string>;
|
|
101
116
|
/**
|
|
102
|
-
* Name of the
|
|
117
|
+
* Name of the UserModel property or attribute you want to map the LDAP attribute into.
|
|
103
118
|
*/
|
|
104
119
|
readonly userModelAttribute: pulumi.Output<string>;
|
|
105
120
|
/**
|
|
@@ -116,43 +131,43 @@ export declare class UserAttributeMapper extends pulumi.CustomResource {
|
|
|
116
131
|
*/
|
|
117
132
|
export interface UserAttributeMapperState {
|
|
118
133
|
/**
|
|
119
|
-
* When
|
|
134
|
+
* When true, the value fetched from LDAP will override the value stored in Keycloak.
|
|
120
135
|
*/
|
|
121
136
|
alwaysReadValueFromLdap?: pulumi.Input<boolean>;
|
|
122
137
|
/**
|
|
123
|
-
* Default value to set in LDAP if
|
|
138
|
+
* Default value to set in LDAP if is_mandatory_in_ldap and the value is empty
|
|
124
139
|
*/
|
|
125
140
|
attributeDefaultValue?: pulumi.Input<string>;
|
|
126
141
|
/**
|
|
127
|
-
* Should be true for binary LDAP attributes
|
|
142
|
+
* Should be true for binary LDAP attributes
|
|
128
143
|
*/
|
|
129
144
|
isBinaryAttribute?: pulumi.Input<boolean>;
|
|
130
145
|
/**
|
|
131
|
-
* When
|
|
146
|
+
* When true, this attribute must exist in LDAP.
|
|
132
147
|
*/
|
|
133
148
|
isMandatoryInLdap?: pulumi.Input<boolean>;
|
|
134
149
|
/**
|
|
135
|
-
* Name of the mapped attribute on
|
|
150
|
+
* Name of the mapped attribute on LDAP object.
|
|
136
151
|
*/
|
|
137
152
|
ldapAttribute?: pulumi.Input<string>;
|
|
138
153
|
/**
|
|
139
|
-
* The
|
|
154
|
+
* The ldap user federation provider to attach this mapper to.
|
|
140
155
|
*/
|
|
141
156
|
ldapUserFederationId?: pulumi.Input<string>;
|
|
142
157
|
/**
|
|
143
|
-
* Display name of
|
|
158
|
+
* Display name of the mapper when displayed in the console.
|
|
144
159
|
*/
|
|
145
160
|
name?: pulumi.Input<string>;
|
|
146
161
|
/**
|
|
147
|
-
* When
|
|
162
|
+
* When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.
|
|
148
163
|
*/
|
|
149
164
|
readOnly?: pulumi.Input<boolean>;
|
|
150
165
|
/**
|
|
151
|
-
* The realm
|
|
166
|
+
* The realm in which the ldap user federation provider exists.
|
|
152
167
|
*/
|
|
153
168
|
realmId?: pulumi.Input<string>;
|
|
154
169
|
/**
|
|
155
|
-
* Name of the
|
|
170
|
+
* Name of the UserModel property or attribute you want to map the LDAP attribute into.
|
|
156
171
|
*/
|
|
157
172
|
userModelAttribute?: pulumi.Input<string>;
|
|
158
173
|
}
|
|
@@ -161,43 +176,43 @@ export interface UserAttributeMapperState {
|
|
|
161
176
|
*/
|
|
162
177
|
export interface UserAttributeMapperArgs {
|
|
163
178
|
/**
|
|
164
|
-
* When
|
|
179
|
+
* When true, the value fetched from LDAP will override the value stored in Keycloak.
|
|
165
180
|
*/
|
|
166
181
|
alwaysReadValueFromLdap?: pulumi.Input<boolean>;
|
|
167
182
|
/**
|
|
168
|
-
* Default value to set in LDAP if
|
|
183
|
+
* Default value to set in LDAP if is_mandatory_in_ldap and the value is empty
|
|
169
184
|
*/
|
|
170
185
|
attributeDefaultValue?: pulumi.Input<string>;
|
|
171
186
|
/**
|
|
172
|
-
* Should be true for binary LDAP attributes
|
|
187
|
+
* Should be true for binary LDAP attributes
|
|
173
188
|
*/
|
|
174
189
|
isBinaryAttribute?: pulumi.Input<boolean>;
|
|
175
190
|
/**
|
|
176
|
-
* When
|
|
191
|
+
* When true, this attribute must exist in LDAP.
|
|
177
192
|
*/
|
|
178
193
|
isMandatoryInLdap?: pulumi.Input<boolean>;
|
|
179
194
|
/**
|
|
180
|
-
* Name of the mapped attribute on
|
|
195
|
+
* Name of the mapped attribute on LDAP object.
|
|
181
196
|
*/
|
|
182
197
|
ldapAttribute: pulumi.Input<string>;
|
|
183
198
|
/**
|
|
184
|
-
* The
|
|
199
|
+
* The ldap user federation provider to attach this mapper to.
|
|
185
200
|
*/
|
|
186
201
|
ldapUserFederationId: pulumi.Input<string>;
|
|
187
202
|
/**
|
|
188
|
-
* Display name of
|
|
203
|
+
* Display name of the mapper when displayed in the console.
|
|
189
204
|
*/
|
|
190
205
|
name?: pulumi.Input<string>;
|
|
191
206
|
/**
|
|
192
|
-
* When
|
|
207
|
+
* When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.
|
|
193
208
|
*/
|
|
194
209
|
readOnly?: pulumi.Input<boolean>;
|
|
195
210
|
/**
|
|
196
|
-
* The realm
|
|
211
|
+
* The realm in which the ldap user federation provider exists.
|
|
197
212
|
*/
|
|
198
213
|
realmId: pulumi.Input<string>;
|
|
199
214
|
/**
|
|
200
|
-
* Name of the
|
|
215
|
+
* Name of the UserModel property or attribute you want to map the LDAP attribute into.
|
|
201
216
|
*/
|
|
202
217
|
userModelAttribute: pulumi.Input<string>;
|
|
203
218
|
}
|