@pulumi/keycloak 5.3.0 → 5.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/attributeImporterIdentityProviderMapper.d.ts +46 -63
- package/attributeImporterIdentityProviderMapper.js +25 -33
- package/attributeImporterIdentityProviderMapper.js.map +1 -1
- package/attributeToRoleIdentityMapper.d.ts +10 -2
- package/attributeToRoleIdentityMapper.js +10 -2
- package/attributeToRoleIdentityMapper.js.map +1 -1
- package/authentication/bindings.d.ts +2 -0
- package/authentication/bindings.js +2 -0
- package/authentication/bindings.js.map +1 -1
- package/authentication/execution.d.ts +8 -2
- package/authentication/execution.js +8 -2
- package/authentication/execution.js.map +1 -1
- package/authentication/executionConfig.d.ts +12 -2
- package/authentication/executionConfig.js +12 -2
- package/authentication/executionConfig.js.map +1 -1
- package/authentication/flow.d.ts +16 -2
- package/authentication/flow.js +16 -2
- package/authentication/flow.js.map +1 -1
- package/authentication/subflow.d.ts +18 -2
- package/authentication/subflow.js +18 -2
- package/authentication/subflow.js.map +1 -1
- package/customIdentityProviderMapping.d.ts +13 -5
- package/customIdentityProviderMapping.js +10 -2
- package/customIdentityProviderMapping.js.map +1 -1
- package/customUserFederation.d.ts +51 -50
- package/customUserFederation.js +27 -14
- package/customUserFederation.js.map +1 -1
- package/defaultGroups.d.ts +19 -27
- package/defaultGroups.js +19 -9
- package/defaultGroups.js.map +1 -1
- package/defaultRoles.d.ts +13 -2
- package/defaultRoles.js +13 -2
- package/defaultRoles.js.map +1 -1
- package/genericClientProtocolMapper.d.ts +40 -37
- package/genericClientProtocolMapper.js +25 -13
- package/genericClientProtocolMapper.js.map +1 -1
- package/genericClientRoleMapper.d.ts +22 -2
- package/genericClientRoleMapper.js +22 -2
- package/genericClientRoleMapper.js.map +1 -1
- package/genericProtocolMapper.d.ts +8 -2
- package/genericProtocolMapper.js +8 -2
- package/genericProtocolMapper.js.map +1 -1
- package/genericRoleMapper.d.ts +22 -2
- package/genericRoleMapper.js +22 -2
- package/genericRoleMapper.js.map +1 -1
- package/getAuthenticationExecution.d.ts +4 -0
- package/getAuthenticationExecution.js +4 -0
- package/getAuthenticationExecution.js.map +1 -1
- package/getAuthenticationFlow.d.ts +4 -0
- package/getAuthenticationFlow.js +4 -0
- package/getAuthenticationFlow.js.map +1 -1
- package/getClientDescriptionConverter.d.ts +4 -0
- package/getClientDescriptionConverter.js +4 -0
- package/getClientDescriptionConverter.js.map +1 -1
- package/getGroup.d.ts +4 -62
- package/getGroup.js +4 -50
- package/getGroup.js.map +1 -1
- package/getRealm.d.ts +32 -10
- package/getRealm.js +32 -4
- package/getRealm.js.map +1 -1
- package/getRealmKeys.d.ts +8 -28
- package/getRealmKeys.js +8 -4
- package/getRealmKeys.js.map +1 -1
- package/getRole.d.ts +4 -65
- package/getRole.js +4 -44
- package/getRole.js.map +1 -1
- package/getUser.d.ts +4 -0
- package/getUser.js +4 -0
- package/getUser.js.map +1 -1
- package/getUserRealmRoles.d.ts +4 -0
- package/getUserRealmRoles.js +4 -0
- package/getUserRealmRoles.js.map +1 -1
- package/group.d.ts +35 -58
- package/group.js +35 -16
- package/group.js.map +1 -1
- package/groupMemberships.d.ts +27 -43
- package/groupMemberships.js +27 -16
- package/groupMemberships.js.map +1 -1
- package/groupPermissions.d.ts +13 -0
- package/groupPermissions.js +13 -0
- package/groupPermissions.js.map +1 -1
- package/groupRoles.d.ts +32 -91
- package/groupRoles.js +32 -55
- package/groupRoles.js.map +1 -1
- package/hardcodedAttributeIdentityProviderMapper.d.ts +2 -0
- package/hardcodedAttributeIdentityProviderMapper.js +2 -0
- package/hardcodedAttributeIdentityProviderMapper.js.map +1 -1
- package/hardcodedRoleIdentityMapper.d.ts +2 -0
- package/hardcodedRoleIdentityMapper.js +2 -0
- package/hardcodedRoleIdentityMapper.js.map +1 -1
- package/identityProviderTokenExchangeScopePermission.d.ts +10 -2
- package/identityProviderTokenExchangeScopePermission.js +10 -2
- package/identityProviderTokenExchangeScopePermission.js.map +1 -1
- package/ldap/customMapper.d.ts +10 -2
- package/ldap/customMapper.js +10 -2
- package/ldap/customMapper.js.map +1 -1
- package/ldap/fullNameMapper.d.ts +41 -54
- package/ldap/fullNameMapper.js +32 -18
- package/ldap/fullNameMapper.js.map +1 -1
- package/ldap/groupMapper.d.ts +55 -164
- package/ldap/groupMapper.js +46 -20
- package/ldap/groupMapper.js.map +1 -1
- package/ldap/hardcodedAttributeMapper.d.ts +10 -2
- package/ldap/hardcodedAttributeMapper.js +10 -2
- package/ldap/hardcodedAttributeMapper.js.map +1 -1
- package/ldap/hardcodedGroupMapper.d.ts +10 -2
- package/ldap/hardcodedGroupMapper.js +10 -2
- package/ldap/hardcodedGroupMapper.js.map +1 -1
- package/ldap/hardcodedRoleMapper.d.ts +29 -64
- package/ldap/hardcodedRoleMapper.js +17 -52
- package/ldap/hardcodedRoleMapper.js.map +1 -1
- package/ldap/msadLdsUserAccountControlMapper.d.ts +10 -2
- package/ldap/msadLdsUserAccountControlMapper.js +10 -2
- package/ldap/msadLdsUserAccountControlMapper.js.map +1 -1
- package/ldap/msadUserAccountControlMapper.d.ts +34 -32
- package/ldap/msadUserAccountControlMapper.js +25 -14
- package/ldap/msadUserAccountControlMapper.js.map +1 -1
- package/ldap/roleMapper.d.ts +10 -2
- package/ldap/roleMapper.js +10 -2
- package/ldap/roleMapper.js.map +1 -1
- package/ldap/userAttributeMapper.d.ts +60 -45
- package/ldap/userAttributeMapper.js +30 -15
- package/ldap/userAttributeMapper.js.map +1 -1
- package/ldap/userFederation.d.ts +125 -95
- package/ldap/userFederation.js +53 -20
- package/ldap/userFederation.js.map +1 -1
- package/oidc/googleIdentityProvider.d.ts +8 -2
- package/oidc/googleIdentityProvider.js +8 -2
- package/oidc/googleIdentityProvider.js.map +1 -1
- package/oidc/identityProvider.d.ts +8 -2
- package/oidc/identityProvider.js +8 -2
- package/oidc/identityProvider.js.map +1 -1
- package/openid/audienceProtocolMapper.d.ts +62 -45
- package/openid/audienceProtocolMapper.js +38 -21
- package/openid/audienceProtocolMapper.js.map +1 -1
- package/openid/audienceResolveProtocolMapper.d.ts +17 -3
- package/openid/audienceResolveProtocolMapper.js +17 -3
- package/openid/audienceResolveProtocolMapper.js.map +1 -1
- package/openid/audienceResolveProtocolMappter.d.ts +17 -3
- package/openid/audienceResolveProtocolMappter.js +17 -3
- package/openid/audienceResolveProtocolMappter.js.map +1 -1
- package/openid/client.d.ts +48 -431
- package/openid/client.js +48 -14
- package/openid/client.js.map +1 -1
- package/openid/clientAuthorizationPermission.d.ts +6 -2
- package/openid/clientAuthorizationPermission.js +6 -2
- package/openid/clientAuthorizationPermission.js.map +1 -1
- package/openid/clientDefaultScopes.d.ts +17 -33
- package/openid/clientDefaultScopes.js +17 -6
- package/openid/clientDefaultScopes.js.map +1 -1
- package/openid/clientOptionalScopes.d.ts +17 -34
- package/openid/clientOptionalScopes.js +17 -7
- package/openid/clientOptionalScopes.js.map +1 -1
- package/openid/clientPolicy.d.ts +2 -0
- package/openid/clientPolicy.js +2 -0
- package/openid/clientPolicy.js.map +1 -1
- package/openid/clientScope.d.ts +27 -67
- package/openid/clientScope.js +27 -13
- package/openid/clientScope.js.map +1 -1
- package/openid/clientServiceAccountRealmRole.d.ts +8 -2
- package/openid/clientServiceAccountRealmRole.js +8 -2
- package/openid/clientServiceAccountRealmRole.js.map +1 -1
- package/openid/clientServiceAccountRole.d.ts +8 -2
- package/openid/clientServiceAccountRole.js +8 -2
- package/openid/clientServiceAccountRole.js.map +1 -1
- package/openid/fullNameProtocolMapper.d.ts +49 -61
- package/openid/fullNameProtocolMapper.js +37 -22
- package/openid/fullNameProtocolMapper.js.map +1 -1
- package/openid/getClient.d.ts +32 -14
- package/openid/getClient.js +32 -2
- package/openid/getClient.js.map +1 -1
- package/openid/getClientAuthorizationPolicy.d.ts +4 -0
- package/openid/getClientAuthorizationPolicy.js +4 -0
- package/openid/getClientAuthorizationPolicy.js.map +1 -1
- package/openid/getClientScope.d.ts +4 -0
- package/openid/getClientScope.js +4 -0
- package/openid/getClientScope.js.map +1 -1
- package/openid/getClientServiceAccountUser.d.ts +4 -0
- package/openid/getClientServiceAccountUser.js +4 -0
- package/openid/getClientServiceAccountUser.js.map +1 -1
- package/openid/groupMembershipProtocolMapper.d.ts +53 -81
- package/openid/groupMembershipProtocolMapper.js +41 -24
- package/openid/groupMembershipProtocolMapper.js.map +1 -1
- package/openid/hardcodedClaimProtocolMapper.d.ts +66 -66
- package/openid/hardcodedClaimProtocolMapper.js +42 -24
- package/openid/hardcodedClaimProtocolMapper.js.map +1 -1
- package/openid/hardcodedRoleProtocolMapper.d.ts +48 -43
- package/openid/hardcodedRoleProtocolMapper.js +36 -22
- package/openid/hardcodedRoleProtocolMapper.js.map +1 -1
- package/openid/scriptProtocolMapper.d.ts +17 -3
- package/openid/scriptProtocolMapper.js +17 -3
- package/openid/scriptProtocolMapper.js.map +1 -1
- package/openid/userAttributeProtocolMapper.d.ts +73 -72
- package/openid/userAttributeProtocolMapper.js +43 -24
- package/openid/userAttributeProtocolMapper.js.map +1 -1
- package/openid/userClientRoleProtocolMapper.d.ts +17 -3
- package/openid/userClientRoleProtocolMapper.js +17 -3
- package/openid/userClientRoleProtocolMapper.js.map +1 -1
- package/openid/userPropertyProtocolMapper.d.ts +66 -67
- package/openid/userPropertyProtocolMapper.js +42 -25
- package/openid/userPropertyProtocolMapper.js.map +1 -1
- package/openid/userRealmRoleProtocolMapper.d.ts +73 -63
- package/openid/userRealmRoleProtocolMapper.js +43 -24
- package/openid/userRealmRoleProtocolMapper.js.map +1 -1
- package/openid/userSessionNoteProtocolMapper.d.ts +17 -3
- package/openid/userSessionNoteProtocolMapper.js +17 -3
- package/openid/userSessionNoteProtocolMapper.js.map +1 -1
- package/package.json +1 -1
- package/realm.d.ts +30 -509
- package/realm.js +0 -83
- package/realm.js.map +1 -1
- package/realmEvents.d.ts +20 -74
- package/realmEvents.js +20 -11
- package/realmEvents.js.map +1 -1
- package/realmKeystoreAesGenerated.d.ts +8 -2
- package/realmKeystoreAesGenerated.js +8 -2
- package/realmKeystoreAesGenerated.js.map +1 -1
- package/realmKeystoreEcdsaGenerated.d.ts +8 -2
- package/realmKeystoreEcdsaGenerated.js +8 -2
- package/realmKeystoreEcdsaGenerated.js.map +1 -1
- package/realmKeystoreHmacGenerated.d.ts +8 -2
- package/realmKeystoreHmacGenerated.js +8 -2
- package/realmKeystoreHmacGenerated.js.map +1 -1
- package/realmKeystoreJavaGenerated.d.ts +8 -2
- package/realmKeystoreJavaGenerated.js +8 -2
- package/realmKeystoreJavaGenerated.js.map +1 -1
- package/realmKeystoreRsa.d.ts +6 -2
- package/realmKeystoreRsa.js +6 -2
- package/realmKeystoreRsa.js.map +1 -1
- package/realmKeystoreRsaGenerated.d.ts +8 -2
- package/realmKeystoreRsaGenerated.js +8 -2
- package/realmKeystoreRsaGenerated.js.map +1 -1
- package/realmUserProfile.d.ts +2 -0
- package/realmUserProfile.js +2 -0
- package/realmUserProfile.js.map +1 -1
- package/requiredAction.d.ts +8 -2
- package/requiredAction.js +8 -2
- package/requiredAction.js.map +1 -1
- package/role.d.ts +58 -125
- package/role.js +58 -71
- package/role.js.map +1 -1
- package/saml/client.d.ts +46 -327
- package/saml/client.js +46 -12
- package/saml/client.js.map +1 -1
- package/saml/clientDefaultScope.d.ts +5 -1
- package/saml/clientDefaultScope.js +5 -1
- package/saml/clientDefaultScope.js.map +1 -1
- package/saml/clientScope.d.ts +10 -2
- package/saml/clientScope.js +10 -2
- package/saml/clientScope.js.map +1 -1
- package/saml/getClient.d.ts +4 -0
- package/saml/getClient.js +4 -0
- package/saml/getClient.js.map +1 -1
- package/saml/getClientInstallationProvider.d.ts +4 -0
- package/saml/getClientInstallationProvider.js +4 -0
- package/saml/getClientInstallationProvider.js.map +1 -1
- package/saml/identityProvider.d.ts +163 -117
- package/saml/identityProvider.js +52 -21
- package/saml/identityProvider.js.map +1 -1
- package/saml/scriptProtocolMapper.d.ts +13 -3
- package/saml/scriptProtocolMapper.js +13 -3
- package/saml/scriptProtocolMapper.js.map +1 -1
- package/saml/userAttributeProtocolMapper.d.ts +32 -91
- package/saml/userAttributeProtocolMapper.js +32 -19
- package/saml/userAttributeProtocolMapper.js.map +1 -1
- package/saml/userPropertyProtocolMapper.d.ts +32 -91
- package/saml/userPropertyProtocolMapper.js +32 -19
- package/saml/userPropertyProtocolMapper.js.map +1 -1
- package/types/input.d.ts +74 -183
- package/types/output.d.ts +44 -207
- package/user.d.ts +36 -112
- package/user.js +36 -22
- package/user.js.map +1 -1
- package/userGroups.d.ts +9 -1
- package/userGroups.js +9 -1
- package/userGroups.js.map +1 -1
- package/userRoles.d.ts +11 -2
- package/userRoles.js +11 -2
- package/userRoles.js.map +1 -1
- package/userTemplateImporterIdentityProviderMapper.d.ts +10 -2
- package/userTemplateImporterIdentityProviderMapper.js +10 -2
- package/userTemplateImporterIdentityProviderMapper.js.map +1 -1
- package/usersPermissions.d.ts +10 -25
- package/usersPermissions.js +10 -25
- package/usersPermissions.js.map +1 -1
|
@@ -1,65 +1,82 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
3
|
+
* ## # keycloak.openid.GroupMembershipProtocolMapper
|
|
4
4
|
*
|
|
5
|
-
*
|
|
5
|
+
* Allows for creating and managing group membership protocol mappers within
|
|
6
|
+
* Keycloak.
|
|
6
7
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
8
|
+
* Group membership protocol mappers allow you to map a user's group memberships
|
|
9
|
+
* to a claim in a token. Protocol mappers can be defined for a single client,
|
|
10
|
+
* or they can be defined for a client scope which can be shared between multiple
|
|
11
|
+
* different clients.
|
|
9
12
|
*
|
|
10
|
-
*
|
|
11
|
-
* ### Client)
|
|
13
|
+
* ### Example Usage (Client)
|
|
12
14
|
*
|
|
15
|
+
* <!--Start PulumiCodeChooser -->
|
|
13
16
|
* ```typescript
|
|
14
17
|
* import * as pulumi from "@pulumi/pulumi";
|
|
15
18
|
* import * as keycloak from "@pulumi/keycloak";
|
|
16
19
|
*
|
|
17
20
|
* const realm = new keycloak.Realm("realm", {
|
|
18
|
-
* realm: "my-realm",
|
|
19
21
|
* enabled: true,
|
|
22
|
+
* realm: "my-realm",
|
|
20
23
|
* });
|
|
21
24
|
* const openidClient = new keycloak.openid.Client("openidClient", {
|
|
22
|
-
* realmId: realm.id,
|
|
23
|
-
* clientId: "client",
|
|
24
|
-
* enabled: true,
|
|
25
25
|
* accessType: "CONFIDENTIAL",
|
|
26
|
+
* clientId: "test-client",
|
|
27
|
+
* enabled: true,
|
|
28
|
+
* realmId: realm.id,
|
|
26
29
|
* validRedirectUris: ["http://localhost:8080/openid-callback"],
|
|
27
30
|
* });
|
|
28
31
|
* const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", {
|
|
29
|
-
* realmId: realm.id,
|
|
30
|
-
* clientId: openidClient.id,
|
|
31
32
|
* claimName: "groups",
|
|
33
|
+
* clientId: openidClient.id,
|
|
34
|
+
* realmId: realm.id,
|
|
32
35
|
* });
|
|
33
36
|
* ```
|
|
34
|
-
*
|
|
37
|
+
* <!--End PulumiCodeChooser -->
|
|
35
38
|
*
|
|
39
|
+
* ### Example Usage (Client Scope)
|
|
40
|
+
*
|
|
41
|
+
* <!--Start PulumiCodeChooser -->
|
|
36
42
|
* ```typescript
|
|
37
43
|
* import * as pulumi from "@pulumi/pulumi";
|
|
38
44
|
* import * as keycloak from "@pulumi/keycloak";
|
|
39
45
|
*
|
|
40
46
|
* const realm = new keycloak.Realm("realm", {
|
|
41
|
-
* realm: "my-realm",
|
|
42
47
|
* enabled: true,
|
|
48
|
+
* realm: "my-realm",
|
|
43
49
|
* });
|
|
44
50
|
* const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id});
|
|
45
51
|
* const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", {
|
|
46
|
-
* realmId: realm.id,
|
|
47
|
-
* clientScopeId: clientScope.id,
|
|
48
52
|
* claimName: "groups",
|
|
53
|
+
* clientScopeId: clientScope.id,
|
|
54
|
+
* realmId: realm.id,
|
|
49
55
|
* });
|
|
50
56
|
* ```
|
|
57
|
+
* <!--End PulumiCodeChooser -->
|
|
51
58
|
*
|
|
52
|
-
*
|
|
59
|
+
* ### Argument Reference
|
|
53
60
|
*
|
|
54
|
-
*
|
|
61
|
+
* The following arguments are supported:
|
|
55
62
|
*
|
|
56
|
-
*
|
|
57
|
-
*
|
|
58
|
-
*
|
|
63
|
+
* - `realmId` - (Required) The realm this protocol mapper exists within.
|
|
64
|
+
* - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to.
|
|
65
|
+
* - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to.
|
|
66
|
+
* - `name` - (Required) The display name of this protocol mapper in the GUI.
|
|
67
|
+
* - `claimName` - (Required) The name of the claim to insert into a token.
|
|
68
|
+
* - `fullPath` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`.
|
|
69
|
+
* - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.
|
|
70
|
+
* - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.
|
|
71
|
+
* - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.
|
|
59
72
|
*
|
|
60
|
-
*
|
|
61
|
-
*
|
|
62
|
-
*
|
|
73
|
+
* ### Import
|
|
74
|
+
*
|
|
75
|
+
* Protocol mappers can be imported using one of the following formats:
|
|
76
|
+
* - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`
|
|
77
|
+
* - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`
|
|
78
|
+
*
|
|
79
|
+
* Example:
|
|
63
80
|
*/
|
|
64
81
|
export declare class GroupMembershipProtocolMapper extends pulumi.CustomResource {
|
|
65
82
|
/**
|
|
@@ -77,40 +94,25 @@ export declare class GroupMembershipProtocolMapper extends pulumi.CustomResource
|
|
|
77
94
|
* when multiple copies of the Pulumi SDK have been loaded into the same process.
|
|
78
95
|
*/
|
|
79
96
|
static isInstance(obj: any): obj is GroupMembershipProtocolMapper;
|
|
80
|
-
/**
|
|
81
|
-
* Indicates if the property should be added as a claim to the access token. Defaults to `true`.
|
|
82
|
-
*/
|
|
83
97
|
readonly addToAccessToken: pulumi.Output<boolean | undefined>;
|
|
84
|
-
/**
|
|
85
|
-
* Indicates if the property should be added as a claim to the id token. Defaults to `true`.
|
|
86
|
-
*/
|
|
87
98
|
readonly addToIdToken: pulumi.Output<boolean | undefined>;
|
|
88
|
-
/**
|
|
89
|
-
* Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.
|
|
90
|
-
*/
|
|
91
99
|
readonly addToUserinfo: pulumi.Output<boolean | undefined>;
|
|
92
|
-
/**
|
|
93
|
-
* The name of the claim to insert into a token.
|
|
94
|
-
*/
|
|
95
100
|
readonly claimName: pulumi.Output<string>;
|
|
96
101
|
/**
|
|
97
|
-
* The
|
|
102
|
+
* The mapper's associated client. Cannot be used at the same time as client_scope_id.
|
|
98
103
|
*/
|
|
99
104
|
readonly clientId: pulumi.Output<string | undefined>;
|
|
100
105
|
/**
|
|
101
|
-
* The
|
|
106
|
+
* The mapper's associated client scope. Cannot be used at the same time as client_id.
|
|
102
107
|
*/
|
|
103
108
|
readonly clientScopeId: pulumi.Output<string | undefined>;
|
|
104
|
-
/**
|
|
105
|
-
* Indicates whether the full path of the group including its parents will be used. Defaults to `true`.
|
|
106
|
-
*/
|
|
107
109
|
readonly fullPath: pulumi.Output<boolean | undefined>;
|
|
108
110
|
/**
|
|
109
|
-
*
|
|
111
|
+
* A human-friendly name that will appear in the Keycloak console.
|
|
110
112
|
*/
|
|
111
113
|
readonly name: pulumi.Output<string>;
|
|
112
114
|
/**
|
|
113
|
-
* The realm
|
|
115
|
+
* The realm id where the associated client or client scope exists.
|
|
114
116
|
*/
|
|
115
117
|
readonly realmId: pulumi.Output<string>;
|
|
116
118
|
/**
|
|
@@ -126,40 +128,25 @@ export declare class GroupMembershipProtocolMapper extends pulumi.CustomResource
|
|
|
126
128
|
* Input properties used for looking up and filtering GroupMembershipProtocolMapper resources.
|
|
127
129
|
*/
|
|
128
130
|
export interface GroupMembershipProtocolMapperState {
|
|
129
|
-
/**
|
|
130
|
-
* Indicates if the property should be added as a claim to the access token. Defaults to `true`.
|
|
131
|
-
*/
|
|
132
131
|
addToAccessToken?: pulumi.Input<boolean>;
|
|
133
|
-
/**
|
|
134
|
-
* Indicates if the property should be added as a claim to the id token. Defaults to `true`.
|
|
135
|
-
*/
|
|
136
132
|
addToIdToken?: pulumi.Input<boolean>;
|
|
137
|
-
/**
|
|
138
|
-
* Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.
|
|
139
|
-
*/
|
|
140
133
|
addToUserinfo?: pulumi.Input<boolean>;
|
|
141
|
-
/**
|
|
142
|
-
* The name of the claim to insert into a token.
|
|
143
|
-
*/
|
|
144
134
|
claimName?: pulumi.Input<string>;
|
|
145
135
|
/**
|
|
146
|
-
* The
|
|
136
|
+
* The mapper's associated client. Cannot be used at the same time as client_scope_id.
|
|
147
137
|
*/
|
|
148
138
|
clientId?: pulumi.Input<string>;
|
|
149
139
|
/**
|
|
150
|
-
* The
|
|
140
|
+
* The mapper's associated client scope. Cannot be used at the same time as client_id.
|
|
151
141
|
*/
|
|
152
142
|
clientScopeId?: pulumi.Input<string>;
|
|
153
|
-
/**
|
|
154
|
-
* Indicates whether the full path of the group including its parents will be used. Defaults to `true`.
|
|
155
|
-
*/
|
|
156
143
|
fullPath?: pulumi.Input<boolean>;
|
|
157
144
|
/**
|
|
158
|
-
*
|
|
145
|
+
* A human-friendly name that will appear in the Keycloak console.
|
|
159
146
|
*/
|
|
160
147
|
name?: pulumi.Input<string>;
|
|
161
148
|
/**
|
|
162
|
-
* The realm
|
|
149
|
+
* The realm id where the associated client or client scope exists.
|
|
163
150
|
*/
|
|
164
151
|
realmId?: pulumi.Input<string>;
|
|
165
152
|
}
|
|
@@ -167,40 +154,25 @@ export interface GroupMembershipProtocolMapperState {
|
|
|
167
154
|
* The set of arguments for constructing a GroupMembershipProtocolMapper resource.
|
|
168
155
|
*/
|
|
169
156
|
export interface GroupMembershipProtocolMapperArgs {
|
|
170
|
-
/**
|
|
171
|
-
* Indicates if the property should be added as a claim to the access token. Defaults to `true`.
|
|
172
|
-
*/
|
|
173
157
|
addToAccessToken?: pulumi.Input<boolean>;
|
|
174
|
-
/**
|
|
175
|
-
* Indicates if the property should be added as a claim to the id token. Defaults to `true`.
|
|
176
|
-
*/
|
|
177
158
|
addToIdToken?: pulumi.Input<boolean>;
|
|
178
|
-
/**
|
|
179
|
-
* Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.
|
|
180
|
-
*/
|
|
181
159
|
addToUserinfo?: pulumi.Input<boolean>;
|
|
182
|
-
/**
|
|
183
|
-
* The name of the claim to insert into a token.
|
|
184
|
-
*/
|
|
185
160
|
claimName: pulumi.Input<string>;
|
|
186
161
|
/**
|
|
187
|
-
* The
|
|
162
|
+
* The mapper's associated client. Cannot be used at the same time as client_scope_id.
|
|
188
163
|
*/
|
|
189
164
|
clientId?: pulumi.Input<string>;
|
|
190
165
|
/**
|
|
191
|
-
* The
|
|
166
|
+
* The mapper's associated client scope. Cannot be used at the same time as client_id.
|
|
192
167
|
*/
|
|
193
168
|
clientScopeId?: pulumi.Input<string>;
|
|
194
|
-
/**
|
|
195
|
-
* Indicates whether the full path of the group including its parents will be used. Defaults to `true`.
|
|
196
|
-
*/
|
|
197
169
|
fullPath?: pulumi.Input<boolean>;
|
|
198
170
|
/**
|
|
199
|
-
*
|
|
171
|
+
* A human-friendly name that will appear in the Keycloak console.
|
|
200
172
|
*/
|
|
201
173
|
name?: pulumi.Input<string>;
|
|
202
174
|
/**
|
|
203
|
-
* The realm
|
|
175
|
+
* The realm id where the associated client or client scope exists.
|
|
204
176
|
*/
|
|
205
177
|
realmId: pulumi.Input<string>;
|
|
206
178
|
}
|
|
@@ -6,66 +6,83 @@ exports.GroupMembershipProtocolMapper = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
8
|
/**
|
|
9
|
-
*
|
|
9
|
+
* ## # keycloak.openid.GroupMembershipProtocolMapper
|
|
10
10
|
*
|
|
11
|
-
*
|
|
11
|
+
* Allows for creating and managing group membership protocol mappers within
|
|
12
|
+
* Keycloak.
|
|
12
13
|
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
14
|
+
* Group membership protocol mappers allow you to map a user's group memberships
|
|
15
|
+
* to a claim in a token. Protocol mappers can be defined for a single client,
|
|
16
|
+
* or they can be defined for a client scope which can be shared between multiple
|
|
17
|
+
* different clients.
|
|
15
18
|
*
|
|
16
|
-
*
|
|
17
|
-
* ### Client)
|
|
19
|
+
* ### Example Usage (Client)
|
|
18
20
|
*
|
|
21
|
+
* <!--Start PulumiCodeChooser -->
|
|
19
22
|
* ```typescript
|
|
20
23
|
* import * as pulumi from "@pulumi/pulumi";
|
|
21
24
|
* import * as keycloak from "@pulumi/keycloak";
|
|
22
25
|
*
|
|
23
26
|
* const realm = new keycloak.Realm("realm", {
|
|
24
|
-
* realm: "my-realm",
|
|
25
27
|
* enabled: true,
|
|
28
|
+
* realm: "my-realm",
|
|
26
29
|
* });
|
|
27
30
|
* const openidClient = new keycloak.openid.Client("openidClient", {
|
|
28
|
-
* realmId: realm.id,
|
|
29
|
-
* clientId: "client",
|
|
30
|
-
* enabled: true,
|
|
31
31
|
* accessType: "CONFIDENTIAL",
|
|
32
|
+
* clientId: "test-client",
|
|
33
|
+
* enabled: true,
|
|
34
|
+
* realmId: realm.id,
|
|
32
35
|
* validRedirectUris: ["http://localhost:8080/openid-callback"],
|
|
33
36
|
* });
|
|
34
37
|
* const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", {
|
|
35
|
-
* realmId: realm.id,
|
|
36
|
-
* clientId: openidClient.id,
|
|
37
38
|
* claimName: "groups",
|
|
39
|
+
* clientId: openidClient.id,
|
|
40
|
+
* realmId: realm.id,
|
|
38
41
|
* });
|
|
39
42
|
* ```
|
|
40
|
-
*
|
|
43
|
+
* <!--End PulumiCodeChooser -->
|
|
44
|
+
*
|
|
45
|
+
* ### Example Usage (Client Scope)
|
|
41
46
|
*
|
|
47
|
+
* <!--Start PulumiCodeChooser -->
|
|
42
48
|
* ```typescript
|
|
43
49
|
* import * as pulumi from "@pulumi/pulumi";
|
|
44
50
|
* import * as keycloak from "@pulumi/keycloak";
|
|
45
51
|
*
|
|
46
52
|
* const realm = new keycloak.Realm("realm", {
|
|
47
|
-
* realm: "my-realm",
|
|
48
53
|
* enabled: true,
|
|
54
|
+
* realm: "my-realm",
|
|
49
55
|
* });
|
|
50
56
|
* const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id});
|
|
51
57
|
* const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", {
|
|
52
|
-
* realmId: realm.id,
|
|
53
|
-
* clientScopeId: clientScope.id,
|
|
54
58
|
* claimName: "groups",
|
|
59
|
+
* clientScopeId: clientScope.id,
|
|
60
|
+
* realmId: realm.id,
|
|
55
61
|
* });
|
|
56
62
|
* ```
|
|
63
|
+
* <!--End PulumiCodeChooser -->
|
|
57
64
|
*
|
|
58
|
-
*
|
|
65
|
+
* ### Argument Reference
|
|
59
66
|
*
|
|
60
|
-
*
|
|
67
|
+
* The following arguments are supported:
|
|
61
68
|
*
|
|
62
|
-
*
|
|
63
|
-
*
|
|
64
|
-
*
|
|
69
|
+
* - `realmId` - (Required) The realm this protocol mapper exists within.
|
|
70
|
+
* - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to.
|
|
71
|
+
* - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to.
|
|
72
|
+
* - `name` - (Required) The display name of this protocol mapper in the GUI.
|
|
73
|
+
* - `claimName` - (Required) The name of the claim to insert into a token.
|
|
74
|
+
* - `fullPath` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`.
|
|
75
|
+
* - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.
|
|
76
|
+
* - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.
|
|
77
|
+
* - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.
|
|
65
78
|
*
|
|
66
|
-
*
|
|
67
|
-
*
|
|
68
|
-
*
|
|
79
|
+
* ### Import
|
|
80
|
+
*
|
|
81
|
+
* Protocol mappers can be imported using one of the following formats:
|
|
82
|
+
* - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`
|
|
83
|
+
* - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`
|
|
84
|
+
*
|
|
85
|
+
* Example:
|
|
69
86
|
*/
|
|
70
87
|
class GroupMembershipProtocolMapper extends pulumi.CustomResource {
|
|
71
88
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"groupMembershipProtocolMapper.js","sourceRoot":"","sources":["../../openid/groupMembershipProtocolMapper.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"groupMembershipProtocolMapper.js","sourceRoot":"","sources":["../../openid/groupMembershipProtocolMapper.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8EG;AACH,MAAa,6BAA8B,SAAQ,MAAM,CAAC,cAAc;IACpE;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA0C,EAAE,IAAmC;QACxI,OAAO,IAAI,6BAA6B,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACpF,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,6BAA6B,CAAC,YAAY,CAAC;IAC9E,CAAC;IAgCD,YAAY,IAAY,EAAE,WAAoF,EAAE,IAAmC;QAC/I,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA6D,CAAC;YAC5E,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;aAAM;YACH,MAAM,IAAI,GAAG,WAA4D,CAAC;YAC1E,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,6BAA6B,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAClF,CAAC;;AA5FL,sEA6FC;AA/EG,gBAAgB;AACO,0CAAY,GAAG,6EAA6E,CAAC"}
|
|
@@ -1,67 +1,85 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
3
|
+
* ## # keycloak.openid.HardcodedClaimProtocolMapper
|
|
4
4
|
*
|
|
5
|
-
*
|
|
5
|
+
* Allows for creating and managing hardcoded claim protocol mappers within
|
|
6
|
+
* Keycloak.
|
|
6
7
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
8
|
+
* Hardcoded claim protocol mappers allow you to define a claim with a hardcoded
|
|
9
|
+
* value. Protocol mappers can be defined for a single client, or they can
|
|
10
|
+
* be defined for a client scope which can be shared between multiple different
|
|
11
|
+
* clients.
|
|
9
12
|
*
|
|
10
|
-
*
|
|
11
|
-
* ### Client)
|
|
13
|
+
* ### Example Usage (Client)
|
|
12
14
|
*
|
|
15
|
+
* <!--Start PulumiCodeChooser -->
|
|
13
16
|
* ```typescript
|
|
14
17
|
* import * as pulumi from "@pulumi/pulumi";
|
|
15
18
|
* import * as keycloak from "@pulumi/keycloak";
|
|
16
19
|
*
|
|
17
20
|
* const realm = new keycloak.Realm("realm", {
|
|
18
|
-
* realm: "my-realm",
|
|
19
21
|
* enabled: true,
|
|
22
|
+
* realm: "my-realm",
|
|
20
23
|
* });
|
|
21
24
|
* const openidClient = new keycloak.openid.Client("openidClient", {
|
|
22
|
-
* realmId: realm.id,
|
|
23
|
-
* clientId: "client",
|
|
24
|
-
* enabled: true,
|
|
25
25
|
* accessType: "CONFIDENTIAL",
|
|
26
|
+
* clientId: "test-client",
|
|
27
|
+
* enabled: true,
|
|
28
|
+
* realmId: realm.id,
|
|
26
29
|
* validRedirectUris: ["http://localhost:8080/openid-callback"],
|
|
27
30
|
* });
|
|
28
31
|
* const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", {
|
|
29
|
-
* realmId: realm.id,
|
|
30
|
-
* clientId: openidClient.id,
|
|
31
32
|
* claimName: "foo",
|
|
32
33
|
* claimValue: "bar",
|
|
34
|
+
* clientId: openidClient.id,
|
|
35
|
+
* realmId: realm.id,
|
|
33
36
|
* });
|
|
34
37
|
* ```
|
|
35
|
-
*
|
|
38
|
+
* <!--End PulumiCodeChooser -->
|
|
39
|
+
*
|
|
40
|
+
* ### Example Usage (Client Scope)
|
|
36
41
|
*
|
|
42
|
+
* <!--Start PulumiCodeChooser -->
|
|
37
43
|
* ```typescript
|
|
38
44
|
* import * as pulumi from "@pulumi/pulumi";
|
|
39
45
|
* import * as keycloak from "@pulumi/keycloak";
|
|
40
46
|
*
|
|
41
47
|
* const realm = new keycloak.Realm("realm", {
|
|
42
|
-
* realm: "my-realm",
|
|
43
48
|
* enabled: true,
|
|
49
|
+
* realm: "my-realm",
|
|
44
50
|
* });
|
|
45
51
|
* const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id});
|
|
46
52
|
* const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", {
|
|
47
|
-
* realmId: realm.id,
|
|
48
|
-
* clientScopeId: clientScope.id,
|
|
49
53
|
* claimName: "foo",
|
|
50
54
|
* claimValue: "bar",
|
|
55
|
+
* clientScopeId: clientScope.id,
|
|
56
|
+
* realmId: realm.id,
|
|
51
57
|
* });
|
|
52
58
|
* ```
|
|
59
|
+
* <!--End PulumiCodeChooser -->
|
|
53
60
|
*
|
|
54
|
-
*
|
|
61
|
+
* ### Argument Reference
|
|
55
62
|
*
|
|
56
|
-
*
|
|
63
|
+
* The following arguments are supported:
|
|
57
64
|
*
|
|
58
|
-
*
|
|
59
|
-
*
|
|
60
|
-
*
|
|
65
|
+
* - `realmId` - (Required) The realm this protocol mapper exists within.
|
|
66
|
+
* - `clientId` - (Required if `clientScopeId` is not specified) The client this protocol mapper is attached to.
|
|
67
|
+
* - `clientScopeId` - (Required if `clientId` is not specified) The client scope this protocol mapper is attached to.
|
|
68
|
+
* - `name` - (Required) The display name of this protocol mapper in the GUI.
|
|
69
|
+
* - `claimName` - (Required) The name of the claim to insert into a token.
|
|
70
|
+
* - `claimValue` - (Required) The hardcoded value of the claim.
|
|
71
|
+
* - `claimValueType` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.
|
|
72
|
+
* - `addToIdToken` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.
|
|
73
|
+
* - `addToAccessToken` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.
|
|
74
|
+
* - `addToUserinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.
|
|
61
75
|
*
|
|
62
|
-
*
|
|
63
|
-
*
|
|
64
|
-
*
|
|
76
|
+
* ### Import
|
|
77
|
+
*
|
|
78
|
+
* Protocol mappers can be imported using one of the following formats:
|
|
79
|
+
* - Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`
|
|
80
|
+
* - Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`
|
|
81
|
+
*
|
|
82
|
+
* Example:
|
|
65
83
|
*/
|
|
66
84
|
export declare class HardcodedClaimProtocolMapper extends pulumi.CustomResource {
|
|
67
85
|
/**
|
|
@@ -80,43 +98,37 @@ export declare class HardcodedClaimProtocolMapper extends pulumi.CustomResource
|
|
|
80
98
|
*/
|
|
81
99
|
static isInstance(obj: any): obj is HardcodedClaimProtocolMapper;
|
|
82
100
|
/**
|
|
83
|
-
* Indicates if the
|
|
101
|
+
* Indicates if the attribute should be a claim in the access token.
|
|
84
102
|
*/
|
|
85
103
|
readonly addToAccessToken: pulumi.Output<boolean | undefined>;
|
|
86
104
|
/**
|
|
87
|
-
* Indicates if the
|
|
105
|
+
* Indicates if the attribute should be a claim in the id token.
|
|
88
106
|
*/
|
|
89
107
|
readonly addToIdToken: pulumi.Output<boolean | undefined>;
|
|
90
108
|
/**
|
|
91
|
-
* Indicates if the
|
|
109
|
+
* Indicates if the attribute should appear in the userinfo response body.
|
|
92
110
|
*/
|
|
93
111
|
readonly addToUserinfo: pulumi.Output<boolean | undefined>;
|
|
94
|
-
/**
|
|
95
|
-
* The name of the claim to insert into a token.
|
|
96
|
-
*/
|
|
97
112
|
readonly claimName: pulumi.Output<string>;
|
|
98
|
-
/**
|
|
99
|
-
* The hardcoded value of the claim.
|
|
100
|
-
*/
|
|
101
113
|
readonly claimValue: pulumi.Output<string>;
|
|
102
114
|
/**
|
|
103
|
-
*
|
|
115
|
+
* Claim type used when serializing tokens.
|
|
104
116
|
*/
|
|
105
117
|
readonly claimValueType: pulumi.Output<string | undefined>;
|
|
106
118
|
/**
|
|
107
|
-
* The
|
|
119
|
+
* The mapper's associated client. Cannot be used at the same time as client_scope_id.
|
|
108
120
|
*/
|
|
109
121
|
readonly clientId: pulumi.Output<string | undefined>;
|
|
110
122
|
/**
|
|
111
|
-
* The
|
|
123
|
+
* The mapper's associated client scope. Cannot be used at the same time as client_id.
|
|
112
124
|
*/
|
|
113
125
|
readonly clientScopeId: pulumi.Output<string | undefined>;
|
|
114
126
|
/**
|
|
115
|
-
*
|
|
127
|
+
* A human-friendly name that will appear in the Keycloak console.
|
|
116
128
|
*/
|
|
117
129
|
readonly name: pulumi.Output<string>;
|
|
118
130
|
/**
|
|
119
|
-
* The realm
|
|
131
|
+
* The realm id where the associated client or client scope exists.
|
|
120
132
|
*/
|
|
121
133
|
readonly realmId: pulumi.Output<string>;
|
|
122
134
|
/**
|
|
@@ -133,43 +145,37 @@ export declare class HardcodedClaimProtocolMapper extends pulumi.CustomResource
|
|
|
133
145
|
*/
|
|
134
146
|
export interface HardcodedClaimProtocolMapperState {
|
|
135
147
|
/**
|
|
136
|
-
* Indicates if the
|
|
148
|
+
* Indicates if the attribute should be a claim in the access token.
|
|
137
149
|
*/
|
|
138
150
|
addToAccessToken?: pulumi.Input<boolean>;
|
|
139
151
|
/**
|
|
140
|
-
* Indicates if the
|
|
152
|
+
* Indicates if the attribute should be a claim in the id token.
|
|
141
153
|
*/
|
|
142
154
|
addToIdToken?: pulumi.Input<boolean>;
|
|
143
155
|
/**
|
|
144
|
-
* Indicates if the
|
|
156
|
+
* Indicates if the attribute should appear in the userinfo response body.
|
|
145
157
|
*/
|
|
146
158
|
addToUserinfo?: pulumi.Input<boolean>;
|
|
147
|
-
/**
|
|
148
|
-
* The name of the claim to insert into a token.
|
|
149
|
-
*/
|
|
150
159
|
claimName?: pulumi.Input<string>;
|
|
151
|
-
/**
|
|
152
|
-
* The hardcoded value of the claim.
|
|
153
|
-
*/
|
|
154
160
|
claimValue?: pulumi.Input<string>;
|
|
155
161
|
/**
|
|
156
|
-
*
|
|
162
|
+
* Claim type used when serializing tokens.
|
|
157
163
|
*/
|
|
158
164
|
claimValueType?: pulumi.Input<string>;
|
|
159
165
|
/**
|
|
160
|
-
* The
|
|
166
|
+
* The mapper's associated client. Cannot be used at the same time as client_scope_id.
|
|
161
167
|
*/
|
|
162
168
|
clientId?: pulumi.Input<string>;
|
|
163
169
|
/**
|
|
164
|
-
* The
|
|
170
|
+
* The mapper's associated client scope. Cannot be used at the same time as client_id.
|
|
165
171
|
*/
|
|
166
172
|
clientScopeId?: pulumi.Input<string>;
|
|
167
173
|
/**
|
|
168
|
-
*
|
|
174
|
+
* A human-friendly name that will appear in the Keycloak console.
|
|
169
175
|
*/
|
|
170
176
|
name?: pulumi.Input<string>;
|
|
171
177
|
/**
|
|
172
|
-
* The realm
|
|
178
|
+
* The realm id where the associated client or client scope exists.
|
|
173
179
|
*/
|
|
174
180
|
realmId?: pulumi.Input<string>;
|
|
175
181
|
}
|
|
@@ -178,43 +184,37 @@ export interface HardcodedClaimProtocolMapperState {
|
|
|
178
184
|
*/
|
|
179
185
|
export interface HardcodedClaimProtocolMapperArgs {
|
|
180
186
|
/**
|
|
181
|
-
* Indicates if the
|
|
187
|
+
* Indicates if the attribute should be a claim in the access token.
|
|
182
188
|
*/
|
|
183
189
|
addToAccessToken?: pulumi.Input<boolean>;
|
|
184
190
|
/**
|
|
185
|
-
* Indicates if the
|
|
191
|
+
* Indicates if the attribute should be a claim in the id token.
|
|
186
192
|
*/
|
|
187
193
|
addToIdToken?: pulumi.Input<boolean>;
|
|
188
194
|
/**
|
|
189
|
-
* Indicates if the
|
|
195
|
+
* Indicates if the attribute should appear in the userinfo response body.
|
|
190
196
|
*/
|
|
191
197
|
addToUserinfo?: pulumi.Input<boolean>;
|
|
192
|
-
/**
|
|
193
|
-
* The name of the claim to insert into a token.
|
|
194
|
-
*/
|
|
195
198
|
claimName: pulumi.Input<string>;
|
|
196
|
-
/**
|
|
197
|
-
* The hardcoded value of the claim.
|
|
198
|
-
*/
|
|
199
199
|
claimValue: pulumi.Input<string>;
|
|
200
200
|
/**
|
|
201
|
-
*
|
|
201
|
+
* Claim type used when serializing tokens.
|
|
202
202
|
*/
|
|
203
203
|
claimValueType?: pulumi.Input<string>;
|
|
204
204
|
/**
|
|
205
|
-
* The
|
|
205
|
+
* The mapper's associated client. Cannot be used at the same time as client_scope_id.
|
|
206
206
|
*/
|
|
207
207
|
clientId?: pulumi.Input<string>;
|
|
208
208
|
/**
|
|
209
|
-
* The
|
|
209
|
+
* The mapper's associated client scope. Cannot be used at the same time as client_id.
|
|
210
210
|
*/
|
|
211
211
|
clientScopeId?: pulumi.Input<string>;
|
|
212
212
|
/**
|
|
213
|
-
*
|
|
213
|
+
* A human-friendly name that will appear in the Keycloak console.
|
|
214
214
|
*/
|
|
215
215
|
name?: pulumi.Input<string>;
|
|
216
216
|
/**
|
|
217
|
-
* The realm
|
|
217
|
+
* The realm id where the associated client or client scope exists.
|
|
218
218
|
*/
|
|
219
219
|
realmId: pulumi.Input<string>;
|
|
220
220
|
}
|