@pulumi/keycloak 5.3.0 → 5.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (285) hide show
  1. package/attributeImporterIdentityProviderMapper.d.ts +46 -63
  2. package/attributeImporterIdentityProviderMapper.js +25 -33
  3. package/attributeImporterIdentityProviderMapper.js.map +1 -1
  4. package/attributeToRoleIdentityMapper.d.ts +10 -2
  5. package/attributeToRoleIdentityMapper.js +10 -2
  6. package/attributeToRoleIdentityMapper.js.map +1 -1
  7. package/authentication/bindings.d.ts +2 -0
  8. package/authentication/bindings.js +2 -0
  9. package/authentication/bindings.js.map +1 -1
  10. package/authentication/execution.d.ts +8 -2
  11. package/authentication/execution.js +8 -2
  12. package/authentication/execution.js.map +1 -1
  13. package/authentication/executionConfig.d.ts +12 -2
  14. package/authentication/executionConfig.js +12 -2
  15. package/authentication/executionConfig.js.map +1 -1
  16. package/authentication/flow.d.ts +16 -2
  17. package/authentication/flow.js +16 -2
  18. package/authentication/flow.js.map +1 -1
  19. package/authentication/subflow.d.ts +18 -2
  20. package/authentication/subflow.js +18 -2
  21. package/authentication/subflow.js.map +1 -1
  22. package/customIdentityProviderMapping.d.ts +13 -5
  23. package/customIdentityProviderMapping.js +10 -2
  24. package/customIdentityProviderMapping.js.map +1 -1
  25. package/customUserFederation.d.ts +51 -50
  26. package/customUserFederation.js +27 -14
  27. package/customUserFederation.js.map +1 -1
  28. package/defaultGroups.d.ts +19 -27
  29. package/defaultGroups.js +19 -9
  30. package/defaultGroups.js.map +1 -1
  31. package/defaultRoles.d.ts +13 -2
  32. package/defaultRoles.js +13 -2
  33. package/defaultRoles.js.map +1 -1
  34. package/genericClientProtocolMapper.d.ts +40 -37
  35. package/genericClientProtocolMapper.js +25 -13
  36. package/genericClientProtocolMapper.js.map +1 -1
  37. package/genericClientRoleMapper.d.ts +22 -2
  38. package/genericClientRoleMapper.js +22 -2
  39. package/genericClientRoleMapper.js.map +1 -1
  40. package/genericProtocolMapper.d.ts +8 -2
  41. package/genericProtocolMapper.js +8 -2
  42. package/genericProtocolMapper.js.map +1 -1
  43. package/genericRoleMapper.d.ts +22 -2
  44. package/genericRoleMapper.js +22 -2
  45. package/genericRoleMapper.js.map +1 -1
  46. package/getAuthenticationExecution.d.ts +4 -0
  47. package/getAuthenticationExecution.js +4 -0
  48. package/getAuthenticationExecution.js.map +1 -1
  49. package/getAuthenticationFlow.d.ts +4 -0
  50. package/getAuthenticationFlow.js +4 -0
  51. package/getAuthenticationFlow.js.map +1 -1
  52. package/getClientDescriptionConverter.d.ts +4 -0
  53. package/getClientDescriptionConverter.js +4 -0
  54. package/getClientDescriptionConverter.js.map +1 -1
  55. package/getGroup.d.ts +4 -62
  56. package/getGroup.js +4 -50
  57. package/getGroup.js.map +1 -1
  58. package/getRealm.d.ts +32 -10
  59. package/getRealm.js +32 -4
  60. package/getRealm.js.map +1 -1
  61. package/getRealmKeys.d.ts +8 -28
  62. package/getRealmKeys.js +8 -4
  63. package/getRealmKeys.js.map +1 -1
  64. package/getRole.d.ts +4 -65
  65. package/getRole.js +4 -44
  66. package/getRole.js.map +1 -1
  67. package/getUser.d.ts +4 -0
  68. package/getUser.js +4 -0
  69. package/getUser.js.map +1 -1
  70. package/getUserRealmRoles.d.ts +4 -0
  71. package/getUserRealmRoles.js +4 -0
  72. package/getUserRealmRoles.js.map +1 -1
  73. package/group.d.ts +35 -58
  74. package/group.js +35 -16
  75. package/group.js.map +1 -1
  76. package/groupMemberships.d.ts +27 -43
  77. package/groupMemberships.js +27 -16
  78. package/groupMemberships.js.map +1 -1
  79. package/groupPermissions.d.ts +13 -0
  80. package/groupPermissions.js +13 -0
  81. package/groupPermissions.js.map +1 -1
  82. package/groupRoles.d.ts +32 -91
  83. package/groupRoles.js +32 -55
  84. package/groupRoles.js.map +1 -1
  85. package/hardcodedAttributeIdentityProviderMapper.d.ts +2 -0
  86. package/hardcodedAttributeIdentityProviderMapper.js +2 -0
  87. package/hardcodedAttributeIdentityProviderMapper.js.map +1 -1
  88. package/hardcodedRoleIdentityMapper.d.ts +2 -0
  89. package/hardcodedRoleIdentityMapper.js +2 -0
  90. package/hardcodedRoleIdentityMapper.js.map +1 -1
  91. package/identityProviderTokenExchangeScopePermission.d.ts +10 -2
  92. package/identityProviderTokenExchangeScopePermission.js +10 -2
  93. package/identityProviderTokenExchangeScopePermission.js.map +1 -1
  94. package/ldap/customMapper.d.ts +10 -2
  95. package/ldap/customMapper.js +10 -2
  96. package/ldap/customMapper.js.map +1 -1
  97. package/ldap/fullNameMapper.d.ts +41 -54
  98. package/ldap/fullNameMapper.js +32 -18
  99. package/ldap/fullNameMapper.js.map +1 -1
  100. package/ldap/groupMapper.d.ts +55 -164
  101. package/ldap/groupMapper.js +46 -20
  102. package/ldap/groupMapper.js.map +1 -1
  103. package/ldap/hardcodedAttributeMapper.d.ts +10 -2
  104. package/ldap/hardcodedAttributeMapper.js +10 -2
  105. package/ldap/hardcodedAttributeMapper.js.map +1 -1
  106. package/ldap/hardcodedGroupMapper.d.ts +10 -2
  107. package/ldap/hardcodedGroupMapper.js +10 -2
  108. package/ldap/hardcodedGroupMapper.js.map +1 -1
  109. package/ldap/hardcodedRoleMapper.d.ts +29 -64
  110. package/ldap/hardcodedRoleMapper.js +17 -52
  111. package/ldap/hardcodedRoleMapper.js.map +1 -1
  112. package/ldap/msadLdsUserAccountControlMapper.d.ts +10 -2
  113. package/ldap/msadLdsUserAccountControlMapper.js +10 -2
  114. package/ldap/msadLdsUserAccountControlMapper.js.map +1 -1
  115. package/ldap/msadUserAccountControlMapper.d.ts +34 -32
  116. package/ldap/msadUserAccountControlMapper.js +25 -14
  117. package/ldap/msadUserAccountControlMapper.js.map +1 -1
  118. package/ldap/roleMapper.d.ts +10 -2
  119. package/ldap/roleMapper.js +10 -2
  120. package/ldap/roleMapper.js.map +1 -1
  121. package/ldap/userAttributeMapper.d.ts +60 -45
  122. package/ldap/userAttributeMapper.js +30 -15
  123. package/ldap/userAttributeMapper.js.map +1 -1
  124. package/ldap/userFederation.d.ts +125 -95
  125. package/ldap/userFederation.js +53 -20
  126. package/ldap/userFederation.js.map +1 -1
  127. package/oidc/googleIdentityProvider.d.ts +8 -2
  128. package/oidc/googleIdentityProvider.js +8 -2
  129. package/oidc/googleIdentityProvider.js.map +1 -1
  130. package/oidc/identityProvider.d.ts +8 -2
  131. package/oidc/identityProvider.js +8 -2
  132. package/oidc/identityProvider.js.map +1 -1
  133. package/openid/audienceProtocolMapper.d.ts +62 -45
  134. package/openid/audienceProtocolMapper.js +38 -21
  135. package/openid/audienceProtocolMapper.js.map +1 -1
  136. package/openid/audienceResolveProtocolMapper.d.ts +17 -3
  137. package/openid/audienceResolveProtocolMapper.js +17 -3
  138. package/openid/audienceResolveProtocolMapper.js.map +1 -1
  139. package/openid/audienceResolveProtocolMappter.d.ts +17 -3
  140. package/openid/audienceResolveProtocolMappter.js +17 -3
  141. package/openid/audienceResolveProtocolMappter.js.map +1 -1
  142. package/openid/client.d.ts +48 -431
  143. package/openid/client.js +48 -14
  144. package/openid/client.js.map +1 -1
  145. package/openid/clientAuthorizationPermission.d.ts +6 -2
  146. package/openid/clientAuthorizationPermission.js +6 -2
  147. package/openid/clientAuthorizationPermission.js.map +1 -1
  148. package/openid/clientDefaultScopes.d.ts +17 -33
  149. package/openid/clientDefaultScopes.js +17 -6
  150. package/openid/clientDefaultScopes.js.map +1 -1
  151. package/openid/clientOptionalScopes.d.ts +17 -34
  152. package/openid/clientOptionalScopes.js +17 -7
  153. package/openid/clientOptionalScopes.js.map +1 -1
  154. package/openid/clientPolicy.d.ts +2 -0
  155. package/openid/clientPolicy.js +2 -0
  156. package/openid/clientPolicy.js.map +1 -1
  157. package/openid/clientScope.d.ts +27 -67
  158. package/openid/clientScope.js +27 -13
  159. package/openid/clientScope.js.map +1 -1
  160. package/openid/clientServiceAccountRealmRole.d.ts +8 -2
  161. package/openid/clientServiceAccountRealmRole.js +8 -2
  162. package/openid/clientServiceAccountRealmRole.js.map +1 -1
  163. package/openid/clientServiceAccountRole.d.ts +8 -2
  164. package/openid/clientServiceAccountRole.js +8 -2
  165. package/openid/clientServiceAccountRole.js.map +1 -1
  166. package/openid/fullNameProtocolMapper.d.ts +49 -61
  167. package/openid/fullNameProtocolMapper.js +37 -22
  168. package/openid/fullNameProtocolMapper.js.map +1 -1
  169. package/openid/getClient.d.ts +32 -14
  170. package/openid/getClient.js +32 -2
  171. package/openid/getClient.js.map +1 -1
  172. package/openid/getClientAuthorizationPolicy.d.ts +4 -0
  173. package/openid/getClientAuthorizationPolicy.js +4 -0
  174. package/openid/getClientAuthorizationPolicy.js.map +1 -1
  175. package/openid/getClientScope.d.ts +4 -0
  176. package/openid/getClientScope.js +4 -0
  177. package/openid/getClientScope.js.map +1 -1
  178. package/openid/getClientServiceAccountUser.d.ts +4 -0
  179. package/openid/getClientServiceAccountUser.js +4 -0
  180. package/openid/getClientServiceAccountUser.js.map +1 -1
  181. package/openid/groupMembershipProtocolMapper.d.ts +53 -81
  182. package/openid/groupMembershipProtocolMapper.js +41 -24
  183. package/openid/groupMembershipProtocolMapper.js.map +1 -1
  184. package/openid/hardcodedClaimProtocolMapper.d.ts +66 -66
  185. package/openid/hardcodedClaimProtocolMapper.js +42 -24
  186. package/openid/hardcodedClaimProtocolMapper.js.map +1 -1
  187. package/openid/hardcodedRoleProtocolMapper.d.ts +48 -43
  188. package/openid/hardcodedRoleProtocolMapper.js +36 -22
  189. package/openid/hardcodedRoleProtocolMapper.js.map +1 -1
  190. package/openid/scriptProtocolMapper.d.ts +17 -3
  191. package/openid/scriptProtocolMapper.js +17 -3
  192. package/openid/scriptProtocolMapper.js.map +1 -1
  193. package/openid/userAttributeProtocolMapper.d.ts +73 -72
  194. package/openid/userAttributeProtocolMapper.js +43 -24
  195. package/openid/userAttributeProtocolMapper.js.map +1 -1
  196. package/openid/userClientRoleProtocolMapper.d.ts +17 -3
  197. package/openid/userClientRoleProtocolMapper.js +17 -3
  198. package/openid/userClientRoleProtocolMapper.js.map +1 -1
  199. package/openid/userPropertyProtocolMapper.d.ts +66 -67
  200. package/openid/userPropertyProtocolMapper.js +42 -25
  201. package/openid/userPropertyProtocolMapper.js.map +1 -1
  202. package/openid/userRealmRoleProtocolMapper.d.ts +73 -63
  203. package/openid/userRealmRoleProtocolMapper.js +43 -24
  204. package/openid/userRealmRoleProtocolMapper.js.map +1 -1
  205. package/openid/userSessionNoteProtocolMapper.d.ts +17 -3
  206. package/openid/userSessionNoteProtocolMapper.js +17 -3
  207. package/openid/userSessionNoteProtocolMapper.js.map +1 -1
  208. package/package.json +1 -1
  209. package/realm.d.ts +30 -509
  210. package/realm.js +0 -83
  211. package/realm.js.map +1 -1
  212. package/realmEvents.d.ts +20 -74
  213. package/realmEvents.js +20 -11
  214. package/realmEvents.js.map +1 -1
  215. package/realmKeystoreAesGenerated.d.ts +8 -2
  216. package/realmKeystoreAesGenerated.js +8 -2
  217. package/realmKeystoreAesGenerated.js.map +1 -1
  218. package/realmKeystoreEcdsaGenerated.d.ts +8 -2
  219. package/realmKeystoreEcdsaGenerated.js +8 -2
  220. package/realmKeystoreEcdsaGenerated.js.map +1 -1
  221. package/realmKeystoreHmacGenerated.d.ts +8 -2
  222. package/realmKeystoreHmacGenerated.js +8 -2
  223. package/realmKeystoreHmacGenerated.js.map +1 -1
  224. package/realmKeystoreJavaGenerated.d.ts +8 -2
  225. package/realmKeystoreJavaGenerated.js +8 -2
  226. package/realmKeystoreJavaGenerated.js.map +1 -1
  227. package/realmKeystoreRsa.d.ts +6 -2
  228. package/realmKeystoreRsa.js +6 -2
  229. package/realmKeystoreRsa.js.map +1 -1
  230. package/realmKeystoreRsaGenerated.d.ts +8 -2
  231. package/realmKeystoreRsaGenerated.js +8 -2
  232. package/realmKeystoreRsaGenerated.js.map +1 -1
  233. package/realmUserProfile.d.ts +2 -0
  234. package/realmUserProfile.js +2 -0
  235. package/realmUserProfile.js.map +1 -1
  236. package/requiredAction.d.ts +8 -2
  237. package/requiredAction.js +8 -2
  238. package/requiredAction.js.map +1 -1
  239. package/role.d.ts +58 -125
  240. package/role.js +58 -71
  241. package/role.js.map +1 -1
  242. package/saml/client.d.ts +46 -327
  243. package/saml/client.js +46 -12
  244. package/saml/client.js.map +1 -1
  245. package/saml/clientDefaultScope.d.ts +5 -1
  246. package/saml/clientDefaultScope.js +5 -1
  247. package/saml/clientDefaultScope.js.map +1 -1
  248. package/saml/clientScope.d.ts +10 -2
  249. package/saml/clientScope.js +10 -2
  250. package/saml/clientScope.js.map +1 -1
  251. package/saml/getClient.d.ts +4 -0
  252. package/saml/getClient.js +4 -0
  253. package/saml/getClient.js.map +1 -1
  254. package/saml/getClientInstallationProvider.d.ts +4 -0
  255. package/saml/getClientInstallationProvider.js +4 -0
  256. package/saml/getClientInstallationProvider.js.map +1 -1
  257. package/saml/identityProvider.d.ts +163 -117
  258. package/saml/identityProvider.js +52 -21
  259. package/saml/identityProvider.js.map +1 -1
  260. package/saml/scriptProtocolMapper.d.ts +13 -3
  261. package/saml/scriptProtocolMapper.js +13 -3
  262. package/saml/scriptProtocolMapper.js.map +1 -1
  263. package/saml/userAttributeProtocolMapper.d.ts +32 -91
  264. package/saml/userAttributeProtocolMapper.js +32 -19
  265. package/saml/userAttributeProtocolMapper.js.map +1 -1
  266. package/saml/userPropertyProtocolMapper.d.ts +32 -91
  267. package/saml/userPropertyProtocolMapper.js +32 -19
  268. package/saml/userPropertyProtocolMapper.js.map +1 -1
  269. package/types/input.d.ts +74 -183
  270. package/types/output.d.ts +44 -207
  271. package/user.d.ts +36 -112
  272. package/user.js +36 -22
  273. package/user.js.map +1 -1
  274. package/userGroups.d.ts +9 -1
  275. package/userGroups.js +9 -1
  276. package/userGroups.js.map +1 -1
  277. package/userRoles.d.ts +11 -2
  278. package/userRoles.js +11 -2
  279. package/userRoles.js.map +1 -1
  280. package/userTemplateImporterIdentityProviderMapper.d.ts +10 -2
  281. package/userTemplateImporterIdentityProviderMapper.js +10 -2
  282. package/userTemplateImporterIdentityProviderMapper.js.map +1 -1
  283. package/usersPermissions.d.ts +10 -25
  284. package/usersPermissions.js +10 -25
  285. package/usersPermissions.js.map +1 -1
package/realm.d.ts CHANGED
@@ -1,89 +1,6 @@
1
1
  import * as pulumi from "@pulumi/pulumi";
2
2
  import * as inputs from "./types/input";
3
3
  import * as outputs from "./types/output";
4
- /**
5
- * Allows for creating and managing Realms within Keycloak.
6
- *
7
- * A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated
8
- * from multiple sources.
9
- *
10
- * ## Example Usage
11
- *
12
- * ```typescript
13
- * import * as pulumi from "@pulumi/pulumi";
14
- * import * as keycloak from "@pulumi/keycloak";
15
- *
16
- * const realm = new keycloak.Realm("realm", {
17
- * accessCodeLifespan: "1h",
18
- * attributes: {
19
- * mycustomAttribute: "myCustomValue",
20
- * },
21
- * displayName: "my realm",
22
- * displayNameHtml: "<b>my realm</b>",
23
- * enabled: true,
24
- * internationalization: {
25
- * defaultLocale: "en",
26
- * supportedLocales: [
27
- * "en",
28
- * "de",
29
- * "es",
30
- * ],
31
- * },
32
- * loginTheme: "base",
33
- * passwordPolicy: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
34
- * realm: "my-realm",
35
- * securityDefenses: {
36
- * bruteForceDetection: {
37
- * failureResetTimeSeconds: 43200,
38
- * maxFailureWaitSeconds: 900,
39
- * maxLoginFailures: 30,
40
- * minimumQuickLoginWaitSeconds: 60,
41
- * permanentLockout: false,
42
- * quickLoginCheckMilliSeconds: 1000,
43
- * waitIncrementSeconds: 60,
44
- * },
45
- * headers: {
46
- * contentSecurityPolicy: "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
47
- * contentSecurityPolicyReportOnly: "",
48
- * strictTransportSecurity: "max-age=31536000; includeSubDomains",
49
- * xContentTypeOptions: "nosniff",
50
- * xFrameOptions: "DENY",
51
- * xRobotsTag: "none",
52
- * xXssProtection: "1; mode=block",
53
- * },
54
- * },
55
- * smtpServer: {
56
- * auth: {
57
- * password: "password",
58
- * username: "tom",
59
- * },
60
- * from: "example@example.com",
61
- * host: "smtp.example.com",
62
- * },
63
- * sslRequired: "external",
64
- * webAuthnPolicy: {
65
- * relyingPartyEntityName: "Example",
66
- * relyingPartyId: "keycloak.example.com",
67
- * signatureAlgorithms: [
68
- * "ES256",
69
- * "RS256",
70
- * ],
71
- * },
72
- * });
73
- * ```
74
- * ## Default Client Scopes
75
- *
76
- * - `defaultDefaultClientScopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes.
77
- * - `defaultOptionalClientScopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes.
78
- *
79
- * ## Import
80
- *
81
- * Realms can be imported using their name. Examplebash
82
- *
83
- * ```sh
84
- * $ pulumi import keycloak:index/realm:Realm realm my-realm
85
- * ```
86
- */
87
4
  export declare class Realm extends pulumi.CustomResource {
88
5
  /**
89
6
  * Get an existing Realm resource's state with the given name, ID, and optional extra
@@ -100,221 +17,89 @@ export declare class Realm extends pulumi.CustomResource {
100
17
  * when multiple copies of the Pulumi SDK have been loaded into the same process.
101
18
  */
102
19
  static isInstance(obj: any): obj is Realm;
103
- /**
104
- * The maximum amount of time a client has to finish the authorization code flow.
105
- */
106
20
  readonly accessCodeLifespan: pulumi.Output<string>;
107
- /**
108
- * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.
109
- */
110
21
  readonly accessCodeLifespanLogin: pulumi.Output<string>;
111
- /**
112
- * The maximum amount of time a user has to complete login related actions, such as updating a password.
113
- */
114
22
  readonly accessCodeLifespanUserAction: pulumi.Output<string>;
115
- /**
116
- * The amount of time an access token can be used before it expires.
117
- */
118
23
  readonly accessTokenLifespan: pulumi.Output<string>;
119
- /**
120
- * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.
121
- */
122
24
  readonly accessTokenLifespanForImplicitFlow: pulumi.Output<string>;
123
- /**
124
- * Used for account management pages.
125
- */
126
25
  readonly accountTheme: pulumi.Output<string | undefined>;
127
- /**
128
- * The maximum time a user has to use an admin-generated permit before it expires.
129
- */
130
26
  readonly actionTokenGeneratedByAdminLifespan: pulumi.Output<string>;
131
- /**
132
- * The maximum time a user has to use a user-generated permit before it expires.
133
- */
134
27
  readonly actionTokenGeneratedByUserLifespan: pulumi.Output<string>;
135
- /**
136
- * Used for the admin console.
137
- */
138
28
  readonly adminTheme: pulumi.Output<string | undefined>;
139
- /**
140
- * A map of custom attributes to add to the realm.
141
- */
142
29
  readonly attributes: pulumi.Output<{
143
30
  [key: string]: any;
144
31
  } | undefined>;
145
32
  /**
146
- * The desired flow for browser authentication. Defaults to `browser`.
33
+ * Which flow should be used for BrowserFlow
147
34
  */
148
35
  readonly browserFlow: pulumi.Output<string>;
149
36
  /**
150
- * The desired flow for client authentication. Defaults to `clients`.
37
+ * Which flow should be used for ClientAuthenticationFlow
151
38
  */
152
39
  readonly clientAuthenticationFlow: pulumi.Output<string>;
153
- /**
154
- * The amount of time a session can be idle before it expires. Users can override it for individual clients.
155
- */
156
40
  readonly clientSessionIdleTimeout: pulumi.Output<string>;
157
- /**
158
- * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.
159
- */
160
41
  readonly clientSessionMaxLifespan: pulumi.Output<string>;
161
42
  readonly defaultDefaultClientScopes: pulumi.Output<string[] | undefined>;
162
43
  readonly defaultOptionalClientScopes: pulumi.Output<string[] | undefined>;
163
- /**
164
- * Default algorithm used to sign tokens for the realm.
165
- */
166
44
  readonly defaultSignatureAlgorithm: pulumi.Output<string | undefined>;
167
45
  /**
168
- * The desired flow for direct access authentication. Defaults to `direct grant`.
46
+ * Which flow should be used for DirectGrantFlow
169
47
  */
170
48
  readonly directGrantFlow: pulumi.Output<string>;
171
- /**
172
- * The display name for the realm that is shown when logging in to the admin console.
173
- */
174
49
  readonly displayName: pulumi.Output<string | undefined>;
175
- /**
176
- * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
177
- */
178
50
  readonly displayNameHtml: pulumi.Output<string | undefined>;
179
51
  /**
180
- * The desired flow for Docker authentication. Defaults to `docker auth`.
52
+ * Which flow should be used for DockerAuthenticationFlow
181
53
  */
182
54
  readonly dockerAuthenticationFlow: pulumi.Output<string>;
183
- /**
184
- * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`.
185
- */
186
55
  readonly duplicateEmailsAllowed: pulumi.Output<boolean>;
187
- /**
188
- * When true, the username field is editable.
189
- */
190
56
  readonly editUsernameAllowed: pulumi.Output<boolean>;
191
- /**
192
- * Used for emails that are sent by Keycloak.
193
- */
194
57
  readonly emailTheme: pulumi.Output<string | undefined>;
195
- /**
196
- * When `false`, users and clients will not be able to access this realm. Defaults to `true`.
197
- */
198
58
  readonly enabled: pulumi.Output<boolean | undefined>;
199
- /**
200
- * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
201
- */
202
59
  readonly internalId: pulumi.Output<string>;
203
60
  readonly internationalization: pulumi.Output<outputs.RealmInternationalization | undefined>;
204
- /**
205
- * Used for the login, forgot password, and registration pages.
206
- */
207
61
  readonly loginTheme: pulumi.Output<string | undefined>;
208
- /**
209
- * When true, users may log in with their email address.
210
- */
211
62
  readonly loginWithEmailAllowed: pulumi.Output<boolean>;
212
- /**
213
- * The maximum amount of time a client has to finish the device code flow before it expires.
214
- *
215
- * The attributes below should be specified in seconds.
216
- */
217
63
  readonly oauth2DeviceCodeLifespan: pulumi.Output<string>;
218
- /**
219
- * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.
220
- */
221
64
  readonly oauth2DevicePollingInterval: pulumi.Output<number>;
222
- /**
223
- * The amount of time an offline session can be idle before it expires.
224
- */
225
65
  readonly offlineSessionIdleTimeout: pulumi.Output<string>;
226
- /**
227
- * The maximum amount of time before an offline session expires regardless of activity.
228
- */
229
66
  readonly offlineSessionMaxLifespan: pulumi.Output<string>;
230
- /**
231
- * Enable `offlineSessionMaxLifespan`.
232
- */
233
67
  readonly offlineSessionMaxLifespanEnabled: pulumi.Output<boolean | undefined>;
234
68
  readonly otpPolicy: pulumi.Output<outputs.RealmOtpPolicy>;
235
69
  /**
236
- * The password policy for users within the realm.
237
- *
238
- * The arguments below can be used to configure authentication flow bindings:
70
+ * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies
71
+ * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365)
72
+ * and notUsername(undefined)"
239
73
  */
240
74
  readonly passwordPolicy: pulumi.Output<string | undefined>;
241
- /**
242
- * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
243
- */
244
75
  readonly realm: pulumi.Output<string>;
245
- /**
246
- * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.
247
- *
248
- * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.
249
- */
250
76
  readonly refreshTokenMaxReuse: pulumi.Output<number | undefined>;
251
- /**
252
- * When true, user registration will be enabled, and a link for registration will be displayed on the login page.
253
- */
254
77
  readonly registrationAllowed: pulumi.Output<boolean>;
255
- /**
256
- * When true, the user's email will be used as their username during registration.
257
- */
258
78
  readonly registrationEmailAsUsername: pulumi.Output<boolean>;
259
79
  /**
260
- * The desired flow for user registration. Defaults to `registration`.
80
+ * Which flow should be used for RegistrationFlow
261
81
  */
262
82
  readonly registrationFlow: pulumi.Output<string>;
263
- /**
264
- * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.
265
- */
266
83
  readonly rememberMe: pulumi.Output<boolean>;
267
84
  /**
268
- * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`.
85
+ * Which flow should be used for ResetCredentialsFlow
269
86
  */
270
87
  readonly resetCredentialsFlow: pulumi.Output<string>;
271
- /**
272
- * When true, a "forgot password" link will be displayed on the login page.
273
- */
274
88
  readonly resetPasswordAllowed: pulumi.Output<boolean>;
275
- /**
276
- * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.
277
- */
278
89
  readonly revokeRefreshToken: pulumi.Output<boolean | undefined>;
279
90
  readonly securityDefenses: pulumi.Output<outputs.RealmSecurityDefenses | undefined>;
280
91
  readonly smtpServer: pulumi.Output<outputs.RealmSmtpServer | undefined>;
281
92
  /**
282
- * Can be one of following values: 'none, 'external' or 'all'
93
+ * SSL Required: Values can be 'none', 'external' or 'all'.
283
94
  */
284
95
  readonly sslRequired: pulumi.Output<string | undefined>;
285
- /**
286
- * The amount of time a session can be idle before it expires.
287
- */
288
96
  readonly ssoSessionIdleTimeout: pulumi.Output<string>;
289
- /**
290
- * Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`.
291
- */
292
97
  readonly ssoSessionIdleTimeoutRememberMe: pulumi.Output<string>;
293
- /**
294
- * The maximum amount of time before a session expires regardless of activity.
295
- */
296
98
  readonly ssoSessionMaxLifespan: pulumi.Output<string>;
297
- /**
298
- * Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`.
299
- */
300
99
  readonly ssoSessionMaxLifespanRememberMe: pulumi.Output<string>;
301
- /**
302
- * When `true`, users are allowed to manage their own resources. Defaults to `false`.
303
- */
304
100
  readonly userManagedAccess: pulumi.Output<boolean | undefined>;
305
- /**
306
- * When true, users are required to verify their email address after registration and after email address changes.
307
- */
308
101
  readonly verifyEmail: pulumi.Output<boolean>;
309
- /**
310
- * Configuration for WebAuthn Passwordless Policy authentication.
311
- *
312
- * Each of these attributes are blocks with the following attributes:
313
- */
314
102
  readonly webAuthnPasswordlessPolicy: pulumi.Output<outputs.RealmWebAuthnPasswordlessPolicy>;
315
- /**
316
- * Configuration for WebAuthn Policy authentication.
317
- */
318
103
  readonly webAuthnPolicy: pulumi.Output<outputs.RealmWebAuthnPolicy>;
319
104
  /**
320
105
  * Create a Realm resource with the given unique name, arguments, and options.
@@ -329,441 +114,177 @@ export declare class Realm extends pulumi.CustomResource {
329
114
  * Input properties used for looking up and filtering Realm resources.
330
115
  */
331
116
  export interface RealmState {
332
- /**
333
- * The maximum amount of time a client has to finish the authorization code flow.
334
- */
335
117
  accessCodeLifespan?: pulumi.Input<string>;
336
- /**
337
- * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.
338
- */
339
118
  accessCodeLifespanLogin?: pulumi.Input<string>;
340
- /**
341
- * The maximum amount of time a user has to complete login related actions, such as updating a password.
342
- */
343
119
  accessCodeLifespanUserAction?: pulumi.Input<string>;
344
- /**
345
- * The amount of time an access token can be used before it expires.
346
- */
347
120
  accessTokenLifespan?: pulumi.Input<string>;
348
- /**
349
- * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.
350
- */
351
121
  accessTokenLifespanForImplicitFlow?: pulumi.Input<string>;
352
- /**
353
- * Used for account management pages.
354
- */
355
122
  accountTheme?: pulumi.Input<string>;
356
- /**
357
- * The maximum time a user has to use an admin-generated permit before it expires.
358
- */
359
123
  actionTokenGeneratedByAdminLifespan?: pulumi.Input<string>;
360
- /**
361
- * The maximum time a user has to use a user-generated permit before it expires.
362
- */
363
124
  actionTokenGeneratedByUserLifespan?: pulumi.Input<string>;
364
- /**
365
- * Used for the admin console.
366
- */
367
125
  adminTheme?: pulumi.Input<string>;
368
- /**
369
- * A map of custom attributes to add to the realm.
370
- */
371
126
  attributes?: pulumi.Input<{
372
127
  [key: string]: any;
373
128
  }>;
374
129
  /**
375
- * The desired flow for browser authentication. Defaults to `browser`.
130
+ * Which flow should be used for BrowserFlow
376
131
  */
377
132
  browserFlow?: pulumi.Input<string>;
378
133
  /**
379
- * The desired flow for client authentication. Defaults to `clients`.
134
+ * Which flow should be used for ClientAuthenticationFlow
380
135
  */
381
136
  clientAuthenticationFlow?: pulumi.Input<string>;
382
- /**
383
- * The amount of time a session can be idle before it expires. Users can override it for individual clients.
384
- */
385
137
  clientSessionIdleTimeout?: pulumi.Input<string>;
386
- /**
387
- * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.
388
- */
389
138
  clientSessionMaxLifespan?: pulumi.Input<string>;
390
139
  defaultDefaultClientScopes?: pulumi.Input<pulumi.Input<string>[]>;
391
140
  defaultOptionalClientScopes?: pulumi.Input<pulumi.Input<string>[]>;
392
- /**
393
- * Default algorithm used to sign tokens for the realm.
394
- */
395
141
  defaultSignatureAlgorithm?: pulumi.Input<string>;
396
142
  /**
397
- * The desired flow for direct access authentication. Defaults to `direct grant`.
143
+ * Which flow should be used for DirectGrantFlow
398
144
  */
399
145
  directGrantFlow?: pulumi.Input<string>;
400
- /**
401
- * The display name for the realm that is shown when logging in to the admin console.
402
- */
403
146
  displayName?: pulumi.Input<string>;
404
- /**
405
- * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
406
- */
407
147
  displayNameHtml?: pulumi.Input<string>;
408
148
  /**
409
- * The desired flow for Docker authentication. Defaults to `docker auth`.
149
+ * Which flow should be used for DockerAuthenticationFlow
410
150
  */
411
151
  dockerAuthenticationFlow?: pulumi.Input<string>;
412
- /**
413
- * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`.
414
- */
415
152
  duplicateEmailsAllowed?: pulumi.Input<boolean>;
416
- /**
417
- * When true, the username field is editable.
418
- */
419
153
  editUsernameAllowed?: pulumi.Input<boolean>;
420
- /**
421
- * Used for emails that are sent by Keycloak.
422
- */
423
154
  emailTheme?: pulumi.Input<string>;
424
- /**
425
- * When `false`, users and clients will not be able to access this realm. Defaults to `true`.
426
- */
427
155
  enabled?: pulumi.Input<boolean>;
428
- /**
429
- * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
430
- */
431
156
  internalId?: pulumi.Input<string>;
432
157
  internationalization?: pulumi.Input<inputs.RealmInternationalization>;
433
- /**
434
- * Used for the login, forgot password, and registration pages.
435
- */
436
158
  loginTheme?: pulumi.Input<string>;
437
- /**
438
- * When true, users may log in with their email address.
439
- */
440
159
  loginWithEmailAllowed?: pulumi.Input<boolean>;
441
- /**
442
- * The maximum amount of time a client has to finish the device code flow before it expires.
443
- *
444
- * The attributes below should be specified in seconds.
445
- */
446
160
  oauth2DeviceCodeLifespan?: pulumi.Input<string>;
447
- /**
448
- * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.
449
- */
450
161
  oauth2DevicePollingInterval?: pulumi.Input<number>;
451
- /**
452
- * The amount of time an offline session can be idle before it expires.
453
- */
454
162
  offlineSessionIdleTimeout?: pulumi.Input<string>;
455
- /**
456
- * The maximum amount of time before an offline session expires regardless of activity.
457
- */
458
163
  offlineSessionMaxLifespan?: pulumi.Input<string>;
459
- /**
460
- * Enable `offlineSessionMaxLifespan`.
461
- */
462
164
  offlineSessionMaxLifespanEnabled?: pulumi.Input<boolean>;
463
165
  otpPolicy?: pulumi.Input<inputs.RealmOtpPolicy>;
464
166
  /**
465
- * The password policy for users within the realm.
466
- *
467
- * The arguments below can be used to configure authentication flow bindings:
167
+ * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies
168
+ * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365)
169
+ * and notUsername(undefined)"
468
170
  */
469
171
  passwordPolicy?: pulumi.Input<string>;
470
- /**
471
- * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
472
- */
473
172
  realm?: pulumi.Input<string>;
474
- /**
475
- * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.
476
- *
477
- * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.
478
- */
479
173
  refreshTokenMaxReuse?: pulumi.Input<number>;
480
- /**
481
- * When true, user registration will be enabled, and a link for registration will be displayed on the login page.
482
- */
483
174
  registrationAllowed?: pulumi.Input<boolean>;
484
- /**
485
- * When true, the user's email will be used as their username during registration.
486
- */
487
175
  registrationEmailAsUsername?: pulumi.Input<boolean>;
488
176
  /**
489
- * The desired flow for user registration. Defaults to `registration`.
177
+ * Which flow should be used for RegistrationFlow
490
178
  */
491
179
  registrationFlow?: pulumi.Input<string>;
492
- /**
493
- * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.
494
- */
495
180
  rememberMe?: pulumi.Input<boolean>;
496
181
  /**
497
- * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`.
182
+ * Which flow should be used for ResetCredentialsFlow
498
183
  */
499
184
  resetCredentialsFlow?: pulumi.Input<string>;
500
- /**
501
- * When true, a "forgot password" link will be displayed on the login page.
502
- */
503
185
  resetPasswordAllowed?: pulumi.Input<boolean>;
504
- /**
505
- * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.
506
- */
507
186
  revokeRefreshToken?: pulumi.Input<boolean>;
508
187
  securityDefenses?: pulumi.Input<inputs.RealmSecurityDefenses>;
509
188
  smtpServer?: pulumi.Input<inputs.RealmSmtpServer>;
510
189
  /**
511
- * Can be one of following values: 'none, 'external' or 'all'
190
+ * SSL Required: Values can be 'none', 'external' or 'all'.
512
191
  */
513
192
  sslRequired?: pulumi.Input<string>;
514
- /**
515
- * The amount of time a session can be idle before it expires.
516
- */
517
193
  ssoSessionIdleTimeout?: pulumi.Input<string>;
518
- /**
519
- * Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`.
520
- */
521
194
  ssoSessionIdleTimeoutRememberMe?: pulumi.Input<string>;
522
- /**
523
- * The maximum amount of time before a session expires regardless of activity.
524
- */
525
195
  ssoSessionMaxLifespan?: pulumi.Input<string>;
526
- /**
527
- * Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`.
528
- */
529
196
  ssoSessionMaxLifespanRememberMe?: pulumi.Input<string>;
530
- /**
531
- * When `true`, users are allowed to manage their own resources. Defaults to `false`.
532
- */
533
197
  userManagedAccess?: pulumi.Input<boolean>;
534
- /**
535
- * When true, users are required to verify their email address after registration and after email address changes.
536
- */
537
198
  verifyEmail?: pulumi.Input<boolean>;
538
- /**
539
- * Configuration for WebAuthn Passwordless Policy authentication.
540
- *
541
- * Each of these attributes are blocks with the following attributes:
542
- */
543
199
  webAuthnPasswordlessPolicy?: pulumi.Input<inputs.RealmWebAuthnPasswordlessPolicy>;
544
- /**
545
- * Configuration for WebAuthn Policy authentication.
546
- */
547
200
  webAuthnPolicy?: pulumi.Input<inputs.RealmWebAuthnPolicy>;
548
201
  }
549
202
  /**
550
203
  * The set of arguments for constructing a Realm resource.
551
204
  */
552
205
  export interface RealmArgs {
553
- /**
554
- * The maximum amount of time a client has to finish the authorization code flow.
555
- */
556
206
  accessCodeLifespan?: pulumi.Input<string>;
557
- /**
558
- * The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.
559
- */
560
207
  accessCodeLifespanLogin?: pulumi.Input<string>;
561
- /**
562
- * The maximum amount of time a user has to complete login related actions, such as updating a password.
563
- */
564
208
  accessCodeLifespanUserAction?: pulumi.Input<string>;
565
- /**
566
- * The amount of time an access token can be used before it expires.
567
- */
568
209
  accessTokenLifespan?: pulumi.Input<string>;
569
- /**
570
- * The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.
571
- */
572
210
  accessTokenLifespanForImplicitFlow?: pulumi.Input<string>;
573
- /**
574
- * Used for account management pages.
575
- */
576
211
  accountTheme?: pulumi.Input<string>;
577
- /**
578
- * The maximum time a user has to use an admin-generated permit before it expires.
579
- */
580
212
  actionTokenGeneratedByAdminLifespan?: pulumi.Input<string>;
581
- /**
582
- * The maximum time a user has to use a user-generated permit before it expires.
583
- */
584
213
  actionTokenGeneratedByUserLifespan?: pulumi.Input<string>;
585
- /**
586
- * Used for the admin console.
587
- */
588
214
  adminTheme?: pulumi.Input<string>;
589
- /**
590
- * A map of custom attributes to add to the realm.
591
- */
592
215
  attributes?: pulumi.Input<{
593
216
  [key: string]: any;
594
217
  }>;
595
218
  /**
596
- * The desired flow for browser authentication. Defaults to `browser`.
219
+ * Which flow should be used for BrowserFlow
597
220
  */
598
221
  browserFlow?: pulumi.Input<string>;
599
222
  /**
600
- * The desired flow for client authentication. Defaults to `clients`.
223
+ * Which flow should be used for ClientAuthenticationFlow
601
224
  */
602
225
  clientAuthenticationFlow?: pulumi.Input<string>;
603
- /**
604
- * The amount of time a session can be idle before it expires. Users can override it for individual clients.
605
- */
606
226
  clientSessionIdleTimeout?: pulumi.Input<string>;
607
- /**
608
- * The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.
609
- */
610
227
  clientSessionMaxLifespan?: pulumi.Input<string>;
611
228
  defaultDefaultClientScopes?: pulumi.Input<pulumi.Input<string>[]>;
612
229
  defaultOptionalClientScopes?: pulumi.Input<pulumi.Input<string>[]>;
613
- /**
614
- * Default algorithm used to sign tokens for the realm.
615
- */
616
230
  defaultSignatureAlgorithm?: pulumi.Input<string>;
617
231
  /**
618
- * The desired flow for direct access authentication. Defaults to `direct grant`.
232
+ * Which flow should be used for DirectGrantFlow
619
233
  */
620
234
  directGrantFlow?: pulumi.Input<string>;
621
- /**
622
- * The display name for the realm that is shown when logging in to the admin console.
623
- */
624
235
  displayName?: pulumi.Input<string>;
625
- /**
626
- * The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
627
- */
628
236
  displayNameHtml?: pulumi.Input<string>;
629
237
  /**
630
- * The desired flow for Docker authentication. Defaults to `docker auth`.
238
+ * Which flow should be used for DockerAuthenticationFlow
631
239
  */
632
240
  dockerAuthenticationFlow?: pulumi.Input<string>;
633
- /**
634
- * When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`.
635
- */
636
241
  duplicateEmailsAllowed?: pulumi.Input<boolean>;
637
- /**
638
- * When true, the username field is editable.
639
- */
640
242
  editUsernameAllowed?: pulumi.Input<boolean>;
641
- /**
642
- * Used for emails that are sent by Keycloak.
643
- */
644
243
  emailTheme?: pulumi.Input<string>;
645
- /**
646
- * When `false`, users and clients will not be able to access this realm. Defaults to `true`.
647
- */
648
244
  enabled?: pulumi.Input<boolean>;
649
- /**
650
- * When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
651
- */
652
245
  internalId?: pulumi.Input<string>;
653
246
  internationalization?: pulumi.Input<inputs.RealmInternationalization>;
654
- /**
655
- * Used for the login, forgot password, and registration pages.
656
- */
657
247
  loginTheme?: pulumi.Input<string>;
658
- /**
659
- * When true, users may log in with their email address.
660
- */
661
248
  loginWithEmailAllowed?: pulumi.Input<boolean>;
662
- /**
663
- * The maximum amount of time a client has to finish the device code flow before it expires.
664
- *
665
- * The attributes below should be specified in seconds.
666
- */
667
249
  oauth2DeviceCodeLifespan?: pulumi.Input<string>;
668
- /**
669
- * The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.
670
- */
671
250
  oauth2DevicePollingInterval?: pulumi.Input<number>;
672
- /**
673
- * The amount of time an offline session can be idle before it expires.
674
- */
675
251
  offlineSessionIdleTimeout?: pulumi.Input<string>;
676
- /**
677
- * The maximum amount of time before an offline session expires regardless of activity.
678
- */
679
252
  offlineSessionMaxLifespan?: pulumi.Input<string>;
680
- /**
681
- * Enable `offlineSessionMaxLifespan`.
682
- */
683
253
  offlineSessionMaxLifespanEnabled?: pulumi.Input<boolean>;
684
254
  otpPolicy?: pulumi.Input<inputs.RealmOtpPolicy>;
685
255
  /**
686
- * The password policy for users within the realm.
687
- *
688
- * The arguments below can be used to configure authentication flow bindings:
256
+ * String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies
257
+ * can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365)
258
+ * and notUsername(undefined)"
689
259
  */
690
260
  passwordPolicy?: pulumi.Input<string>;
691
- /**
692
- * The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
693
- */
694
261
  realm: pulumi.Input<string>;
695
- /**
696
- * Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.
697
- *
698
- * The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.
699
- */
700
262
  refreshTokenMaxReuse?: pulumi.Input<number>;
701
- /**
702
- * When true, user registration will be enabled, and a link for registration will be displayed on the login page.
703
- */
704
263
  registrationAllowed?: pulumi.Input<boolean>;
705
- /**
706
- * When true, the user's email will be used as their username during registration.
707
- */
708
264
  registrationEmailAsUsername?: pulumi.Input<boolean>;
709
265
  /**
710
- * The desired flow for user registration. Defaults to `registration`.
266
+ * Which flow should be used for RegistrationFlow
711
267
  */
712
268
  registrationFlow?: pulumi.Input<string>;
713
- /**
714
- * When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.
715
- */
716
269
  rememberMe?: pulumi.Input<boolean>;
717
270
  /**
718
- * The desired flow to use when a user attempts to reset their credentials. Defaults to `reset credentials`.
271
+ * Which flow should be used for ResetCredentialsFlow
719
272
  */
720
273
  resetCredentialsFlow?: pulumi.Input<string>;
721
- /**
722
- * When true, a "forgot password" link will be displayed on the login page.
723
- */
724
274
  resetPasswordAllowed?: pulumi.Input<boolean>;
725
- /**
726
- * If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.
727
- */
728
275
  revokeRefreshToken?: pulumi.Input<boolean>;
729
276
  securityDefenses?: pulumi.Input<inputs.RealmSecurityDefenses>;
730
277
  smtpServer?: pulumi.Input<inputs.RealmSmtpServer>;
731
278
  /**
732
- * Can be one of following values: 'none, 'external' or 'all'
279
+ * SSL Required: Values can be 'none', 'external' or 'all'.
733
280
  */
734
281
  sslRequired?: pulumi.Input<string>;
735
- /**
736
- * The amount of time a session can be idle before it expires.
737
- */
738
282
  ssoSessionIdleTimeout?: pulumi.Input<string>;
739
- /**
740
- * Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`.
741
- */
742
283
  ssoSessionIdleTimeoutRememberMe?: pulumi.Input<string>;
743
- /**
744
- * The maximum amount of time before a session expires regardless of activity.
745
- */
746
284
  ssoSessionMaxLifespan?: pulumi.Input<string>;
747
- /**
748
- * Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`.
749
- */
750
285
  ssoSessionMaxLifespanRememberMe?: pulumi.Input<string>;
751
- /**
752
- * When `true`, users are allowed to manage their own resources. Defaults to `false`.
753
- */
754
286
  userManagedAccess?: pulumi.Input<boolean>;
755
- /**
756
- * When true, users are required to verify their email address after registration and after email address changes.
757
- */
758
287
  verifyEmail?: pulumi.Input<boolean>;
759
- /**
760
- * Configuration for WebAuthn Passwordless Policy authentication.
761
- *
762
- * Each of these attributes are blocks with the following attributes:
763
- */
764
288
  webAuthnPasswordlessPolicy?: pulumi.Input<inputs.RealmWebAuthnPasswordlessPolicy>;
765
- /**
766
- * Configuration for WebAuthn Policy authentication.
767
- */
768
289
  webAuthnPolicy?: pulumi.Input<inputs.RealmWebAuthnPolicy>;
769
290
  }