@pulumi/keycloak 5.3.0 → 5.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/attributeImporterIdentityProviderMapper.d.ts +46 -63
- package/attributeImporterIdentityProviderMapper.js +25 -33
- package/attributeImporterIdentityProviderMapper.js.map +1 -1
- package/attributeToRoleIdentityMapper.d.ts +10 -2
- package/attributeToRoleIdentityMapper.js +10 -2
- package/attributeToRoleIdentityMapper.js.map +1 -1
- package/authentication/bindings.d.ts +2 -0
- package/authentication/bindings.js +2 -0
- package/authentication/bindings.js.map +1 -1
- package/authentication/execution.d.ts +8 -2
- package/authentication/execution.js +8 -2
- package/authentication/execution.js.map +1 -1
- package/authentication/executionConfig.d.ts +12 -2
- package/authentication/executionConfig.js +12 -2
- package/authentication/executionConfig.js.map +1 -1
- package/authentication/flow.d.ts +16 -2
- package/authentication/flow.js +16 -2
- package/authentication/flow.js.map +1 -1
- package/authentication/subflow.d.ts +18 -2
- package/authentication/subflow.js +18 -2
- package/authentication/subflow.js.map +1 -1
- package/customIdentityProviderMapping.d.ts +13 -5
- package/customIdentityProviderMapping.js +10 -2
- package/customIdentityProviderMapping.js.map +1 -1
- package/customUserFederation.d.ts +51 -50
- package/customUserFederation.js +27 -14
- package/customUserFederation.js.map +1 -1
- package/defaultGroups.d.ts +19 -27
- package/defaultGroups.js +19 -9
- package/defaultGroups.js.map +1 -1
- package/defaultRoles.d.ts +13 -2
- package/defaultRoles.js +13 -2
- package/defaultRoles.js.map +1 -1
- package/genericClientProtocolMapper.d.ts +40 -37
- package/genericClientProtocolMapper.js +25 -13
- package/genericClientProtocolMapper.js.map +1 -1
- package/genericClientRoleMapper.d.ts +22 -2
- package/genericClientRoleMapper.js +22 -2
- package/genericClientRoleMapper.js.map +1 -1
- package/genericProtocolMapper.d.ts +8 -2
- package/genericProtocolMapper.js +8 -2
- package/genericProtocolMapper.js.map +1 -1
- package/genericRoleMapper.d.ts +22 -2
- package/genericRoleMapper.js +22 -2
- package/genericRoleMapper.js.map +1 -1
- package/getAuthenticationExecution.d.ts +4 -0
- package/getAuthenticationExecution.js +4 -0
- package/getAuthenticationExecution.js.map +1 -1
- package/getAuthenticationFlow.d.ts +4 -0
- package/getAuthenticationFlow.js +4 -0
- package/getAuthenticationFlow.js.map +1 -1
- package/getClientDescriptionConverter.d.ts +4 -0
- package/getClientDescriptionConverter.js +4 -0
- package/getClientDescriptionConverter.js.map +1 -1
- package/getGroup.d.ts +4 -62
- package/getGroup.js +4 -50
- package/getGroup.js.map +1 -1
- package/getRealm.d.ts +32 -10
- package/getRealm.js +32 -4
- package/getRealm.js.map +1 -1
- package/getRealmKeys.d.ts +8 -28
- package/getRealmKeys.js +8 -4
- package/getRealmKeys.js.map +1 -1
- package/getRole.d.ts +4 -65
- package/getRole.js +4 -44
- package/getRole.js.map +1 -1
- package/getUser.d.ts +4 -0
- package/getUser.js +4 -0
- package/getUser.js.map +1 -1
- package/getUserRealmRoles.d.ts +4 -0
- package/getUserRealmRoles.js +4 -0
- package/getUserRealmRoles.js.map +1 -1
- package/group.d.ts +35 -58
- package/group.js +35 -16
- package/group.js.map +1 -1
- package/groupMemberships.d.ts +27 -43
- package/groupMemberships.js +27 -16
- package/groupMemberships.js.map +1 -1
- package/groupPermissions.d.ts +13 -0
- package/groupPermissions.js +13 -0
- package/groupPermissions.js.map +1 -1
- package/groupRoles.d.ts +32 -91
- package/groupRoles.js +32 -55
- package/groupRoles.js.map +1 -1
- package/hardcodedAttributeIdentityProviderMapper.d.ts +2 -0
- package/hardcodedAttributeIdentityProviderMapper.js +2 -0
- package/hardcodedAttributeIdentityProviderMapper.js.map +1 -1
- package/hardcodedRoleIdentityMapper.d.ts +2 -0
- package/hardcodedRoleIdentityMapper.js +2 -0
- package/hardcodedRoleIdentityMapper.js.map +1 -1
- package/identityProviderTokenExchangeScopePermission.d.ts +10 -2
- package/identityProviderTokenExchangeScopePermission.js +10 -2
- package/identityProviderTokenExchangeScopePermission.js.map +1 -1
- package/ldap/customMapper.d.ts +10 -2
- package/ldap/customMapper.js +10 -2
- package/ldap/customMapper.js.map +1 -1
- package/ldap/fullNameMapper.d.ts +41 -54
- package/ldap/fullNameMapper.js +32 -18
- package/ldap/fullNameMapper.js.map +1 -1
- package/ldap/groupMapper.d.ts +55 -164
- package/ldap/groupMapper.js +46 -20
- package/ldap/groupMapper.js.map +1 -1
- package/ldap/hardcodedAttributeMapper.d.ts +10 -2
- package/ldap/hardcodedAttributeMapper.js +10 -2
- package/ldap/hardcodedAttributeMapper.js.map +1 -1
- package/ldap/hardcodedGroupMapper.d.ts +10 -2
- package/ldap/hardcodedGroupMapper.js +10 -2
- package/ldap/hardcodedGroupMapper.js.map +1 -1
- package/ldap/hardcodedRoleMapper.d.ts +29 -64
- package/ldap/hardcodedRoleMapper.js +17 -52
- package/ldap/hardcodedRoleMapper.js.map +1 -1
- package/ldap/msadLdsUserAccountControlMapper.d.ts +10 -2
- package/ldap/msadLdsUserAccountControlMapper.js +10 -2
- package/ldap/msadLdsUserAccountControlMapper.js.map +1 -1
- package/ldap/msadUserAccountControlMapper.d.ts +34 -32
- package/ldap/msadUserAccountControlMapper.js +25 -14
- package/ldap/msadUserAccountControlMapper.js.map +1 -1
- package/ldap/roleMapper.d.ts +10 -2
- package/ldap/roleMapper.js +10 -2
- package/ldap/roleMapper.js.map +1 -1
- package/ldap/userAttributeMapper.d.ts +60 -45
- package/ldap/userAttributeMapper.js +30 -15
- package/ldap/userAttributeMapper.js.map +1 -1
- package/ldap/userFederation.d.ts +125 -95
- package/ldap/userFederation.js +53 -20
- package/ldap/userFederation.js.map +1 -1
- package/oidc/googleIdentityProvider.d.ts +8 -2
- package/oidc/googleIdentityProvider.js +8 -2
- package/oidc/googleIdentityProvider.js.map +1 -1
- package/oidc/identityProvider.d.ts +8 -2
- package/oidc/identityProvider.js +8 -2
- package/oidc/identityProvider.js.map +1 -1
- package/openid/audienceProtocolMapper.d.ts +62 -45
- package/openid/audienceProtocolMapper.js +38 -21
- package/openid/audienceProtocolMapper.js.map +1 -1
- package/openid/audienceResolveProtocolMapper.d.ts +17 -3
- package/openid/audienceResolveProtocolMapper.js +17 -3
- package/openid/audienceResolveProtocolMapper.js.map +1 -1
- package/openid/audienceResolveProtocolMappter.d.ts +17 -3
- package/openid/audienceResolveProtocolMappter.js +17 -3
- package/openid/audienceResolveProtocolMappter.js.map +1 -1
- package/openid/client.d.ts +48 -431
- package/openid/client.js +48 -14
- package/openid/client.js.map +1 -1
- package/openid/clientAuthorizationPermission.d.ts +6 -2
- package/openid/clientAuthorizationPermission.js +6 -2
- package/openid/clientAuthorizationPermission.js.map +1 -1
- package/openid/clientDefaultScopes.d.ts +17 -33
- package/openid/clientDefaultScopes.js +17 -6
- package/openid/clientDefaultScopes.js.map +1 -1
- package/openid/clientOptionalScopes.d.ts +17 -34
- package/openid/clientOptionalScopes.js +17 -7
- package/openid/clientOptionalScopes.js.map +1 -1
- package/openid/clientPolicy.d.ts +2 -0
- package/openid/clientPolicy.js +2 -0
- package/openid/clientPolicy.js.map +1 -1
- package/openid/clientScope.d.ts +27 -67
- package/openid/clientScope.js +27 -13
- package/openid/clientScope.js.map +1 -1
- package/openid/clientServiceAccountRealmRole.d.ts +8 -2
- package/openid/clientServiceAccountRealmRole.js +8 -2
- package/openid/clientServiceAccountRealmRole.js.map +1 -1
- package/openid/clientServiceAccountRole.d.ts +8 -2
- package/openid/clientServiceAccountRole.js +8 -2
- package/openid/clientServiceAccountRole.js.map +1 -1
- package/openid/fullNameProtocolMapper.d.ts +49 -61
- package/openid/fullNameProtocolMapper.js +37 -22
- package/openid/fullNameProtocolMapper.js.map +1 -1
- package/openid/getClient.d.ts +32 -14
- package/openid/getClient.js +32 -2
- package/openid/getClient.js.map +1 -1
- package/openid/getClientAuthorizationPolicy.d.ts +4 -0
- package/openid/getClientAuthorizationPolicy.js +4 -0
- package/openid/getClientAuthorizationPolicy.js.map +1 -1
- package/openid/getClientScope.d.ts +4 -0
- package/openid/getClientScope.js +4 -0
- package/openid/getClientScope.js.map +1 -1
- package/openid/getClientServiceAccountUser.d.ts +4 -0
- package/openid/getClientServiceAccountUser.js +4 -0
- package/openid/getClientServiceAccountUser.js.map +1 -1
- package/openid/groupMembershipProtocolMapper.d.ts +53 -81
- package/openid/groupMembershipProtocolMapper.js +41 -24
- package/openid/groupMembershipProtocolMapper.js.map +1 -1
- package/openid/hardcodedClaimProtocolMapper.d.ts +66 -66
- package/openid/hardcodedClaimProtocolMapper.js +42 -24
- package/openid/hardcodedClaimProtocolMapper.js.map +1 -1
- package/openid/hardcodedRoleProtocolMapper.d.ts +48 -43
- package/openid/hardcodedRoleProtocolMapper.js +36 -22
- package/openid/hardcodedRoleProtocolMapper.js.map +1 -1
- package/openid/scriptProtocolMapper.d.ts +17 -3
- package/openid/scriptProtocolMapper.js +17 -3
- package/openid/scriptProtocolMapper.js.map +1 -1
- package/openid/userAttributeProtocolMapper.d.ts +73 -72
- package/openid/userAttributeProtocolMapper.js +43 -24
- package/openid/userAttributeProtocolMapper.js.map +1 -1
- package/openid/userClientRoleProtocolMapper.d.ts +17 -3
- package/openid/userClientRoleProtocolMapper.js +17 -3
- package/openid/userClientRoleProtocolMapper.js.map +1 -1
- package/openid/userPropertyProtocolMapper.d.ts +66 -67
- package/openid/userPropertyProtocolMapper.js +42 -25
- package/openid/userPropertyProtocolMapper.js.map +1 -1
- package/openid/userRealmRoleProtocolMapper.d.ts +73 -63
- package/openid/userRealmRoleProtocolMapper.js +43 -24
- package/openid/userRealmRoleProtocolMapper.js.map +1 -1
- package/openid/userSessionNoteProtocolMapper.d.ts +17 -3
- package/openid/userSessionNoteProtocolMapper.js +17 -3
- package/openid/userSessionNoteProtocolMapper.js.map +1 -1
- package/package.json +1 -1
- package/realm.d.ts +30 -509
- package/realm.js +0 -83
- package/realm.js.map +1 -1
- package/realmEvents.d.ts +20 -74
- package/realmEvents.js +20 -11
- package/realmEvents.js.map +1 -1
- package/realmKeystoreAesGenerated.d.ts +8 -2
- package/realmKeystoreAesGenerated.js +8 -2
- package/realmKeystoreAesGenerated.js.map +1 -1
- package/realmKeystoreEcdsaGenerated.d.ts +8 -2
- package/realmKeystoreEcdsaGenerated.js +8 -2
- package/realmKeystoreEcdsaGenerated.js.map +1 -1
- package/realmKeystoreHmacGenerated.d.ts +8 -2
- package/realmKeystoreHmacGenerated.js +8 -2
- package/realmKeystoreHmacGenerated.js.map +1 -1
- package/realmKeystoreJavaGenerated.d.ts +8 -2
- package/realmKeystoreJavaGenerated.js +8 -2
- package/realmKeystoreJavaGenerated.js.map +1 -1
- package/realmKeystoreRsa.d.ts +6 -2
- package/realmKeystoreRsa.js +6 -2
- package/realmKeystoreRsa.js.map +1 -1
- package/realmKeystoreRsaGenerated.d.ts +8 -2
- package/realmKeystoreRsaGenerated.js +8 -2
- package/realmKeystoreRsaGenerated.js.map +1 -1
- package/realmUserProfile.d.ts +2 -0
- package/realmUserProfile.js +2 -0
- package/realmUserProfile.js.map +1 -1
- package/requiredAction.d.ts +8 -2
- package/requiredAction.js +8 -2
- package/requiredAction.js.map +1 -1
- package/role.d.ts +58 -125
- package/role.js +58 -71
- package/role.js.map +1 -1
- package/saml/client.d.ts +46 -327
- package/saml/client.js +46 -12
- package/saml/client.js.map +1 -1
- package/saml/clientDefaultScope.d.ts +5 -1
- package/saml/clientDefaultScope.js +5 -1
- package/saml/clientDefaultScope.js.map +1 -1
- package/saml/clientScope.d.ts +10 -2
- package/saml/clientScope.js +10 -2
- package/saml/clientScope.js.map +1 -1
- package/saml/getClient.d.ts +4 -0
- package/saml/getClient.js +4 -0
- package/saml/getClient.js.map +1 -1
- package/saml/getClientInstallationProvider.d.ts +4 -0
- package/saml/getClientInstallationProvider.js +4 -0
- package/saml/getClientInstallationProvider.js.map +1 -1
- package/saml/identityProvider.d.ts +163 -117
- package/saml/identityProvider.js +52 -21
- package/saml/identityProvider.js.map +1 -1
- package/saml/scriptProtocolMapper.d.ts +13 -3
- package/saml/scriptProtocolMapper.js +13 -3
- package/saml/scriptProtocolMapper.js.map +1 -1
- package/saml/userAttributeProtocolMapper.d.ts +32 -91
- package/saml/userAttributeProtocolMapper.js +32 -19
- package/saml/userAttributeProtocolMapper.js.map +1 -1
- package/saml/userPropertyProtocolMapper.d.ts +32 -91
- package/saml/userPropertyProtocolMapper.js +32 -19
- package/saml/userPropertyProtocolMapper.js.map +1 -1
- package/types/input.d.ts +74 -183
- package/types/output.d.ts +44 -207
- package/user.d.ts +36 -112
- package/user.js +36 -22
- package/user.js.map +1 -1
- package/userGroups.d.ts +9 -1
- package/userGroups.js +9 -1
- package/userGroups.js.map +1 -1
- package/userRoles.d.ts +11 -2
- package/userRoles.js +11 -2
- package/userRoles.js.map +1 -1
- package/userTemplateImporterIdentityProviderMapper.d.ts +10 -2
- package/userTemplateImporterIdentityProviderMapper.js +10 -2
- package/userTemplateImporterIdentityProviderMapper.js.map +1 -1
- package/usersPermissions.d.ts +10 -25
- package/usersPermissions.js +10 -25
- package/usersPermissions.js.map +1 -1
package/realm.d.ts
CHANGED
|
@@ -1,89 +1,6 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
import * as inputs from "./types/input";
|
|
3
3
|
import * as outputs from "./types/output";
|
|
4
|
-
/**
|
|
5
|
-
* Allows for creating and managing Realms within Keycloak.
|
|
6
|
-
*
|
|
7
|
-
* A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated
|
|
8
|
-
* from multiple sources.
|
|
9
|
-
*
|
|
10
|
-
* ## Example Usage
|
|
11
|
-
*
|
|
12
|
-
* ```typescript
|
|
13
|
-
* import * as pulumi from "@pulumi/pulumi";
|
|
14
|
-
* import * as keycloak from "@pulumi/keycloak";
|
|
15
|
-
*
|
|
16
|
-
* const realm = new keycloak.Realm("realm", {
|
|
17
|
-
* accessCodeLifespan: "1h",
|
|
18
|
-
* attributes: {
|
|
19
|
-
* mycustomAttribute: "myCustomValue",
|
|
20
|
-
* },
|
|
21
|
-
* displayName: "my realm",
|
|
22
|
-
* displayNameHtml: "<b>my realm</b>",
|
|
23
|
-
* enabled: true,
|
|
24
|
-
* internationalization: {
|
|
25
|
-
* defaultLocale: "en",
|
|
26
|
-
* supportedLocales: [
|
|
27
|
-
* "en",
|
|
28
|
-
* "de",
|
|
29
|
-
* "es",
|
|
30
|
-
* ],
|
|
31
|
-
* },
|
|
32
|
-
* loginTheme: "base",
|
|
33
|
-
* passwordPolicy: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
|
|
34
|
-
* realm: "my-realm",
|
|
35
|
-
* securityDefenses: {
|
|
36
|
-
* bruteForceDetection: {
|
|
37
|
-
* failureResetTimeSeconds: 43200,
|
|
38
|
-
* maxFailureWaitSeconds: 900,
|
|
39
|
-
* maxLoginFailures: 30,
|
|
40
|
-
* minimumQuickLoginWaitSeconds: 60,
|
|
41
|
-
* permanentLockout: false,
|
|
42
|
-
* quickLoginCheckMilliSeconds: 1000,
|
|
43
|
-
* waitIncrementSeconds: 60,
|
|
44
|
-
* },
|
|
45
|
-
* headers: {
|
|
46
|
-
* contentSecurityPolicy: "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
|
47
|
-
* contentSecurityPolicyReportOnly: "",
|
|
48
|
-
* strictTransportSecurity: "max-age=31536000; includeSubDomains",
|
|
49
|
-
* xContentTypeOptions: "nosniff",
|
|
50
|
-
* xFrameOptions: "DENY",
|
|
51
|
-
* xRobotsTag: "none",
|
|
52
|
-
* xXssProtection: "1; mode=block",
|
|
53
|
-
* },
|
|
54
|
-
* },
|
|
55
|
-
* smtpServer: {
|
|
56
|
-
* auth: {
|
|
57
|
-
* password: "password",
|
|
58
|
-
* username: "tom",
|
|
59
|
-
* },
|
|
60
|
-
* from: "example@example.com",
|
|
61
|
-
* host: "smtp.example.com",
|
|
62
|
-
* },
|
|
63
|
-
* sslRequired: "external",
|
|
64
|
-
* webAuthnPolicy: {
|
|
65
|
-
* relyingPartyEntityName: "Example",
|
|
66
|
-
* relyingPartyId: "keycloak.example.com",
|
|
67
|
-
* signatureAlgorithms: [
|
|
68
|
-
* "ES256",
|
|
69
|
-
* "RS256",
|
|
70
|
-
* ],
|
|
71
|
-
* },
|
|
72
|
-
* });
|
|
73
|
-
* ```
|
|
74
|
-
* ## Default Client Scopes
|
|
75
|
-
*
|
|
76
|
-
* - `defaultDefaultClientScopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes.
|
|
77
|
-
* - `defaultOptionalClientScopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes.
|
|
78
|
-
*
|
|
79
|
-
* ## Import
|
|
80
|
-
*
|
|
81
|
-
* Realms can be imported using their name. Examplebash
|
|
82
|
-
*
|
|
83
|
-
* ```sh
|
|
84
|
-
* $ pulumi import keycloak:index/realm:Realm realm my-realm
|
|
85
|
-
* ```
|
|
86
|
-
*/
|
|
87
4
|
export declare class Realm extends pulumi.CustomResource {
|
|
88
5
|
/**
|
|
89
6
|
* Get an existing Realm resource's state with the given name, ID, and optional extra
|
|
@@ -100,221 +17,89 @@ export declare class Realm extends pulumi.CustomResource {
|
|
|
100
17
|
* when multiple copies of the Pulumi SDK have been loaded into the same process.
|
|
101
18
|
*/
|
|
102
19
|
static isInstance(obj: any): obj is Realm;
|
|
103
|
-
/**
|
|
104
|
-
* The maximum amount of time a client has to finish the authorization code flow.
|
|
105
|
-
*/
|
|
106
20
|
readonly accessCodeLifespan: pulumi.Output<string>;
|
|
107
|
-
/**
|
|
108
|
-
* The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.
|
|
109
|
-
*/
|
|
110
21
|
readonly accessCodeLifespanLogin: pulumi.Output<string>;
|
|
111
|
-
/**
|
|
112
|
-
* The maximum amount of time a user has to complete login related actions, such as updating a password.
|
|
113
|
-
*/
|
|
114
22
|
readonly accessCodeLifespanUserAction: pulumi.Output<string>;
|
|
115
|
-
/**
|
|
116
|
-
* The amount of time an access token can be used before it expires.
|
|
117
|
-
*/
|
|
118
23
|
readonly accessTokenLifespan: pulumi.Output<string>;
|
|
119
|
-
/**
|
|
120
|
-
* The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.
|
|
121
|
-
*/
|
|
122
24
|
readonly accessTokenLifespanForImplicitFlow: pulumi.Output<string>;
|
|
123
|
-
/**
|
|
124
|
-
* Used for account management pages.
|
|
125
|
-
*/
|
|
126
25
|
readonly accountTheme: pulumi.Output<string | undefined>;
|
|
127
|
-
/**
|
|
128
|
-
* The maximum time a user has to use an admin-generated permit before it expires.
|
|
129
|
-
*/
|
|
130
26
|
readonly actionTokenGeneratedByAdminLifespan: pulumi.Output<string>;
|
|
131
|
-
/**
|
|
132
|
-
* The maximum time a user has to use a user-generated permit before it expires.
|
|
133
|
-
*/
|
|
134
27
|
readonly actionTokenGeneratedByUserLifespan: pulumi.Output<string>;
|
|
135
|
-
/**
|
|
136
|
-
* Used for the admin console.
|
|
137
|
-
*/
|
|
138
28
|
readonly adminTheme: pulumi.Output<string | undefined>;
|
|
139
|
-
/**
|
|
140
|
-
* A map of custom attributes to add to the realm.
|
|
141
|
-
*/
|
|
142
29
|
readonly attributes: pulumi.Output<{
|
|
143
30
|
[key: string]: any;
|
|
144
31
|
} | undefined>;
|
|
145
32
|
/**
|
|
146
|
-
*
|
|
33
|
+
* Which flow should be used for BrowserFlow
|
|
147
34
|
*/
|
|
148
35
|
readonly browserFlow: pulumi.Output<string>;
|
|
149
36
|
/**
|
|
150
|
-
*
|
|
37
|
+
* Which flow should be used for ClientAuthenticationFlow
|
|
151
38
|
*/
|
|
152
39
|
readonly clientAuthenticationFlow: pulumi.Output<string>;
|
|
153
|
-
/**
|
|
154
|
-
* The amount of time a session can be idle before it expires. Users can override it for individual clients.
|
|
155
|
-
*/
|
|
156
40
|
readonly clientSessionIdleTimeout: pulumi.Output<string>;
|
|
157
|
-
/**
|
|
158
|
-
* The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.
|
|
159
|
-
*/
|
|
160
41
|
readonly clientSessionMaxLifespan: pulumi.Output<string>;
|
|
161
42
|
readonly defaultDefaultClientScopes: pulumi.Output<string[] | undefined>;
|
|
162
43
|
readonly defaultOptionalClientScopes: pulumi.Output<string[] | undefined>;
|
|
163
|
-
/**
|
|
164
|
-
* Default algorithm used to sign tokens for the realm.
|
|
165
|
-
*/
|
|
166
44
|
readonly defaultSignatureAlgorithm: pulumi.Output<string | undefined>;
|
|
167
45
|
/**
|
|
168
|
-
*
|
|
46
|
+
* Which flow should be used for DirectGrantFlow
|
|
169
47
|
*/
|
|
170
48
|
readonly directGrantFlow: pulumi.Output<string>;
|
|
171
|
-
/**
|
|
172
|
-
* The display name for the realm that is shown when logging in to the admin console.
|
|
173
|
-
*/
|
|
174
49
|
readonly displayName: pulumi.Output<string | undefined>;
|
|
175
|
-
/**
|
|
176
|
-
* The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
|
|
177
|
-
*/
|
|
178
50
|
readonly displayNameHtml: pulumi.Output<string | undefined>;
|
|
179
51
|
/**
|
|
180
|
-
*
|
|
52
|
+
* Which flow should be used for DockerAuthenticationFlow
|
|
181
53
|
*/
|
|
182
54
|
readonly dockerAuthenticationFlow: pulumi.Output<string>;
|
|
183
|
-
/**
|
|
184
|
-
* When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`.
|
|
185
|
-
*/
|
|
186
55
|
readonly duplicateEmailsAllowed: pulumi.Output<boolean>;
|
|
187
|
-
/**
|
|
188
|
-
* When true, the username field is editable.
|
|
189
|
-
*/
|
|
190
56
|
readonly editUsernameAllowed: pulumi.Output<boolean>;
|
|
191
|
-
/**
|
|
192
|
-
* Used for emails that are sent by Keycloak.
|
|
193
|
-
*/
|
|
194
57
|
readonly emailTheme: pulumi.Output<string | undefined>;
|
|
195
|
-
/**
|
|
196
|
-
* When `false`, users and clients will not be able to access this realm. Defaults to `true`.
|
|
197
|
-
*/
|
|
198
58
|
readonly enabled: pulumi.Output<boolean | undefined>;
|
|
199
|
-
/**
|
|
200
|
-
* When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
|
|
201
|
-
*/
|
|
202
59
|
readonly internalId: pulumi.Output<string>;
|
|
203
60
|
readonly internationalization: pulumi.Output<outputs.RealmInternationalization | undefined>;
|
|
204
|
-
/**
|
|
205
|
-
* Used for the login, forgot password, and registration pages.
|
|
206
|
-
*/
|
|
207
61
|
readonly loginTheme: pulumi.Output<string | undefined>;
|
|
208
|
-
/**
|
|
209
|
-
* When true, users may log in with their email address.
|
|
210
|
-
*/
|
|
211
62
|
readonly loginWithEmailAllowed: pulumi.Output<boolean>;
|
|
212
|
-
/**
|
|
213
|
-
* The maximum amount of time a client has to finish the device code flow before it expires.
|
|
214
|
-
*
|
|
215
|
-
* The attributes below should be specified in seconds.
|
|
216
|
-
*/
|
|
217
63
|
readonly oauth2DeviceCodeLifespan: pulumi.Output<string>;
|
|
218
|
-
/**
|
|
219
|
-
* The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.
|
|
220
|
-
*/
|
|
221
64
|
readonly oauth2DevicePollingInterval: pulumi.Output<number>;
|
|
222
|
-
/**
|
|
223
|
-
* The amount of time an offline session can be idle before it expires.
|
|
224
|
-
*/
|
|
225
65
|
readonly offlineSessionIdleTimeout: pulumi.Output<string>;
|
|
226
|
-
/**
|
|
227
|
-
* The maximum amount of time before an offline session expires regardless of activity.
|
|
228
|
-
*/
|
|
229
66
|
readonly offlineSessionMaxLifespan: pulumi.Output<string>;
|
|
230
|
-
/**
|
|
231
|
-
* Enable `offlineSessionMaxLifespan`.
|
|
232
|
-
*/
|
|
233
67
|
readonly offlineSessionMaxLifespanEnabled: pulumi.Output<boolean | undefined>;
|
|
234
68
|
readonly otpPolicy: pulumi.Output<outputs.RealmOtpPolicy>;
|
|
235
69
|
/**
|
|
236
|
-
*
|
|
237
|
-
*
|
|
238
|
-
*
|
|
70
|
+
* String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies
|
|
71
|
+
* can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365)
|
|
72
|
+
* and notUsername(undefined)"
|
|
239
73
|
*/
|
|
240
74
|
readonly passwordPolicy: pulumi.Output<string | undefined>;
|
|
241
|
-
/**
|
|
242
|
-
* The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
|
|
243
|
-
*/
|
|
244
75
|
readonly realm: pulumi.Output<string>;
|
|
245
|
-
/**
|
|
246
|
-
* Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.
|
|
247
|
-
*
|
|
248
|
-
* The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.
|
|
249
|
-
*/
|
|
250
76
|
readonly refreshTokenMaxReuse: pulumi.Output<number | undefined>;
|
|
251
|
-
/**
|
|
252
|
-
* When true, user registration will be enabled, and a link for registration will be displayed on the login page.
|
|
253
|
-
*/
|
|
254
77
|
readonly registrationAllowed: pulumi.Output<boolean>;
|
|
255
|
-
/**
|
|
256
|
-
* When true, the user's email will be used as their username during registration.
|
|
257
|
-
*/
|
|
258
78
|
readonly registrationEmailAsUsername: pulumi.Output<boolean>;
|
|
259
79
|
/**
|
|
260
|
-
*
|
|
80
|
+
* Which flow should be used for RegistrationFlow
|
|
261
81
|
*/
|
|
262
82
|
readonly registrationFlow: pulumi.Output<string>;
|
|
263
|
-
/**
|
|
264
|
-
* When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.
|
|
265
|
-
*/
|
|
266
83
|
readonly rememberMe: pulumi.Output<boolean>;
|
|
267
84
|
/**
|
|
268
|
-
*
|
|
85
|
+
* Which flow should be used for ResetCredentialsFlow
|
|
269
86
|
*/
|
|
270
87
|
readonly resetCredentialsFlow: pulumi.Output<string>;
|
|
271
|
-
/**
|
|
272
|
-
* When true, a "forgot password" link will be displayed on the login page.
|
|
273
|
-
*/
|
|
274
88
|
readonly resetPasswordAllowed: pulumi.Output<boolean>;
|
|
275
|
-
/**
|
|
276
|
-
* If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.
|
|
277
|
-
*/
|
|
278
89
|
readonly revokeRefreshToken: pulumi.Output<boolean | undefined>;
|
|
279
90
|
readonly securityDefenses: pulumi.Output<outputs.RealmSecurityDefenses | undefined>;
|
|
280
91
|
readonly smtpServer: pulumi.Output<outputs.RealmSmtpServer | undefined>;
|
|
281
92
|
/**
|
|
282
|
-
*
|
|
93
|
+
* SSL Required: Values can be 'none', 'external' or 'all'.
|
|
283
94
|
*/
|
|
284
95
|
readonly sslRequired: pulumi.Output<string | undefined>;
|
|
285
|
-
/**
|
|
286
|
-
* The amount of time a session can be idle before it expires.
|
|
287
|
-
*/
|
|
288
96
|
readonly ssoSessionIdleTimeout: pulumi.Output<string>;
|
|
289
|
-
/**
|
|
290
|
-
* Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`.
|
|
291
|
-
*/
|
|
292
97
|
readonly ssoSessionIdleTimeoutRememberMe: pulumi.Output<string>;
|
|
293
|
-
/**
|
|
294
|
-
* The maximum amount of time before a session expires regardless of activity.
|
|
295
|
-
*/
|
|
296
98
|
readonly ssoSessionMaxLifespan: pulumi.Output<string>;
|
|
297
|
-
/**
|
|
298
|
-
* Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`.
|
|
299
|
-
*/
|
|
300
99
|
readonly ssoSessionMaxLifespanRememberMe: pulumi.Output<string>;
|
|
301
|
-
/**
|
|
302
|
-
* When `true`, users are allowed to manage their own resources. Defaults to `false`.
|
|
303
|
-
*/
|
|
304
100
|
readonly userManagedAccess: pulumi.Output<boolean | undefined>;
|
|
305
|
-
/**
|
|
306
|
-
* When true, users are required to verify their email address after registration and after email address changes.
|
|
307
|
-
*/
|
|
308
101
|
readonly verifyEmail: pulumi.Output<boolean>;
|
|
309
|
-
/**
|
|
310
|
-
* Configuration for WebAuthn Passwordless Policy authentication.
|
|
311
|
-
*
|
|
312
|
-
* Each of these attributes are blocks with the following attributes:
|
|
313
|
-
*/
|
|
314
102
|
readonly webAuthnPasswordlessPolicy: pulumi.Output<outputs.RealmWebAuthnPasswordlessPolicy>;
|
|
315
|
-
/**
|
|
316
|
-
* Configuration for WebAuthn Policy authentication.
|
|
317
|
-
*/
|
|
318
103
|
readonly webAuthnPolicy: pulumi.Output<outputs.RealmWebAuthnPolicy>;
|
|
319
104
|
/**
|
|
320
105
|
* Create a Realm resource with the given unique name, arguments, and options.
|
|
@@ -329,441 +114,177 @@ export declare class Realm extends pulumi.CustomResource {
|
|
|
329
114
|
* Input properties used for looking up and filtering Realm resources.
|
|
330
115
|
*/
|
|
331
116
|
export interface RealmState {
|
|
332
|
-
/**
|
|
333
|
-
* The maximum amount of time a client has to finish the authorization code flow.
|
|
334
|
-
*/
|
|
335
117
|
accessCodeLifespan?: pulumi.Input<string>;
|
|
336
|
-
/**
|
|
337
|
-
* The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.
|
|
338
|
-
*/
|
|
339
118
|
accessCodeLifespanLogin?: pulumi.Input<string>;
|
|
340
|
-
/**
|
|
341
|
-
* The maximum amount of time a user has to complete login related actions, such as updating a password.
|
|
342
|
-
*/
|
|
343
119
|
accessCodeLifespanUserAction?: pulumi.Input<string>;
|
|
344
|
-
/**
|
|
345
|
-
* The amount of time an access token can be used before it expires.
|
|
346
|
-
*/
|
|
347
120
|
accessTokenLifespan?: pulumi.Input<string>;
|
|
348
|
-
/**
|
|
349
|
-
* The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.
|
|
350
|
-
*/
|
|
351
121
|
accessTokenLifespanForImplicitFlow?: pulumi.Input<string>;
|
|
352
|
-
/**
|
|
353
|
-
* Used for account management pages.
|
|
354
|
-
*/
|
|
355
122
|
accountTheme?: pulumi.Input<string>;
|
|
356
|
-
/**
|
|
357
|
-
* The maximum time a user has to use an admin-generated permit before it expires.
|
|
358
|
-
*/
|
|
359
123
|
actionTokenGeneratedByAdminLifespan?: pulumi.Input<string>;
|
|
360
|
-
/**
|
|
361
|
-
* The maximum time a user has to use a user-generated permit before it expires.
|
|
362
|
-
*/
|
|
363
124
|
actionTokenGeneratedByUserLifespan?: pulumi.Input<string>;
|
|
364
|
-
/**
|
|
365
|
-
* Used for the admin console.
|
|
366
|
-
*/
|
|
367
125
|
adminTheme?: pulumi.Input<string>;
|
|
368
|
-
/**
|
|
369
|
-
* A map of custom attributes to add to the realm.
|
|
370
|
-
*/
|
|
371
126
|
attributes?: pulumi.Input<{
|
|
372
127
|
[key: string]: any;
|
|
373
128
|
}>;
|
|
374
129
|
/**
|
|
375
|
-
*
|
|
130
|
+
* Which flow should be used for BrowserFlow
|
|
376
131
|
*/
|
|
377
132
|
browserFlow?: pulumi.Input<string>;
|
|
378
133
|
/**
|
|
379
|
-
*
|
|
134
|
+
* Which flow should be used for ClientAuthenticationFlow
|
|
380
135
|
*/
|
|
381
136
|
clientAuthenticationFlow?: pulumi.Input<string>;
|
|
382
|
-
/**
|
|
383
|
-
* The amount of time a session can be idle before it expires. Users can override it for individual clients.
|
|
384
|
-
*/
|
|
385
137
|
clientSessionIdleTimeout?: pulumi.Input<string>;
|
|
386
|
-
/**
|
|
387
|
-
* The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.
|
|
388
|
-
*/
|
|
389
138
|
clientSessionMaxLifespan?: pulumi.Input<string>;
|
|
390
139
|
defaultDefaultClientScopes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
391
140
|
defaultOptionalClientScopes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
392
|
-
/**
|
|
393
|
-
* Default algorithm used to sign tokens for the realm.
|
|
394
|
-
*/
|
|
395
141
|
defaultSignatureAlgorithm?: pulumi.Input<string>;
|
|
396
142
|
/**
|
|
397
|
-
*
|
|
143
|
+
* Which flow should be used for DirectGrantFlow
|
|
398
144
|
*/
|
|
399
145
|
directGrantFlow?: pulumi.Input<string>;
|
|
400
|
-
/**
|
|
401
|
-
* The display name for the realm that is shown when logging in to the admin console.
|
|
402
|
-
*/
|
|
403
146
|
displayName?: pulumi.Input<string>;
|
|
404
|
-
/**
|
|
405
|
-
* The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
|
|
406
|
-
*/
|
|
407
147
|
displayNameHtml?: pulumi.Input<string>;
|
|
408
148
|
/**
|
|
409
|
-
*
|
|
149
|
+
* Which flow should be used for DockerAuthenticationFlow
|
|
410
150
|
*/
|
|
411
151
|
dockerAuthenticationFlow?: pulumi.Input<string>;
|
|
412
|
-
/**
|
|
413
|
-
* When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`.
|
|
414
|
-
*/
|
|
415
152
|
duplicateEmailsAllowed?: pulumi.Input<boolean>;
|
|
416
|
-
/**
|
|
417
|
-
* When true, the username field is editable.
|
|
418
|
-
*/
|
|
419
153
|
editUsernameAllowed?: pulumi.Input<boolean>;
|
|
420
|
-
/**
|
|
421
|
-
* Used for emails that are sent by Keycloak.
|
|
422
|
-
*/
|
|
423
154
|
emailTheme?: pulumi.Input<string>;
|
|
424
|
-
/**
|
|
425
|
-
* When `false`, users and clients will not be able to access this realm. Defaults to `true`.
|
|
426
|
-
*/
|
|
427
155
|
enabled?: pulumi.Input<boolean>;
|
|
428
|
-
/**
|
|
429
|
-
* When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
|
|
430
|
-
*/
|
|
431
156
|
internalId?: pulumi.Input<string>;
|
|
432
157
|
internationalization?: pulumi.Input<inputs.RealmInternationalization>;
|
|
433
|
-
/**
|
|
434
|
-
* Used for the login, forgot password, and registration pages.
|
|
435
|
-
*/
|
|
436
158
|
loginTheme?: pulumi.Input<string>;
|
|
437
|
-
/**
|
|
438
|
-
* When true, users may log in with their email address.
|
|
439
|
-
*/
|
|
440
159
|
loginWithEmailAllowed?: pulumi.Input<boolean>;
|
|
441
|
-
/**
|
|
442
|
-
* The maximum amount of time a client has to finish the device code flow before it expires.
|
|
443
|
-
*
|
|
444
|
-
* The attributes below should be specified in seconds.
|
|
445
|
-
*/
|
|
446
160
|
oauth2DeviceCodeLifespan?: pulumi.Input<string>;
|
|
447
|
-
/**
|
|
448
|
-
* The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.
|
|
449
|
-
*/
|
|
450
161
|
oauth2DevicePollingInterval?: pulumi.Input<number>;
|
|
451
|
-
/**
|
|
452
|
-
* The amount of time an offline session can be idle before it expires.
|
|
453
|
-
*/
|
|
454
162
|
offlineSessionIdleTimeout?: pulumi.Input<string>;
|
|
455
|
-
/**
|
|
456
|
-
* The maximum amount of time before an offline session expires regardless of activity.
|
|
457
|
-
*/
|
|
458
163
|
offlineSessionMaxLifespan?: pulumi.Input<string>;
|
|
459
|
-
/**
|
|
460
|
-
* Enable `offlineSessionMaxLifespan`.
|
|
461
|
-
*/
|
|
462
164
|
offlineSessionMaxLifespanEnabled?: pulumi.Input<boolean>;
|
|
463
165
|
otpPolicy?: pulumi.Input<inputs.RealmOtpPolicy>;
|
|
464
166
|
/**
|
|
465
|
-
*
|
|
466
|
-
*
|
|
467
|
-
*
|
|
167
|
+
* String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies
|
|
168
|
+
* can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365)
|
|
169
|
+
* and notUsername(undefined)"
|
|
468
170
|
*/
|
|
469
171
|
passwordPolicy?: pulumi.Input<string>;
|
|
470
|
-
/**
|
|
471
|
-
* The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
|
|
472
|
-
*/
|
|
473
172
|
realm?: pulumi.Input<string>;
|
|
474
|
-
/**
|
|
475
|
-
* Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.
|
|
476
|
-
*
|
|
477
|
-
* The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.
|
|
478
|
-
*/
|
|
479
173
|
refreshTokenMaxReuse?: pulumi.Input<number>;
|
|
480
|
-
/**
|
|
481
|
-
* When true, user registration will be enabled, and a link for registration will be displayed on the login page.
|
|
482
|
-
*/
|
|
483
174
|
registrationAllowed?: pulumi.Input<boolean>;
|
|
484
|
-
/**
|
|
485
|
-
* When true, the user's email will be used as their username during registration.
|
|
486
|
-
*/
|
|
487
175
|
registrationEmailAsUsername?: pulumi.Input<boolean>;
|
|
488
176
|
/**
|
|
489
|
-
*
|
|
177
|
+
* Which flow should be used for RegistrationFlow
|
|
490
178
|
*/
|
|
491
179
|
registrationFlow?: pulumi.Input<string>;
|
|
492
|
-
/**
|
|
493
|
-
* When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.
|
|
494
|
-
*/
|
|
495
180
|
rememberMe?: pulumi.Input<boolean>;
|
|
496
181
|
/**
|
|
497
|
-
*
|
|
182
|
+
* Which flow should be used for ResetCredentialsFlow
|
|
498
183
|
*/
|
|
499
184
|
resetCredentialsFlow?: pulumi.Input<string>;
|
|
500
|
-
/**
|
|
501
|
-
* When true, a "forgot password" link will be displayed on the login page.
|
|
502
|
-
*/
|
|
503
185
|
resetPasswordAllowed?: pulumi.Input<boolean>;
|
|
504
|
-
/**
|
|
505
|
-
* If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.
|
|
506
|
-
*/
|
|
507
186
|
revokeRefreshToken?: pulumi.Input<boolean>;
|
|
508
187
|
securityDefenses?: pulumi.Input<inputs.RealmSecurityDefenses>;
|
|
509
188
|
smtpServer?: pulumi.Input<inputs.RealmSmtpServer>;
|
|
510
189
|
/**
|
|
511
|
-
*
|
|
190
|
+
* SSL Required: Values can be 'none', 'external' or 'all'.
|
|
512
191
|
*/
|
|
513
192
|
sslRequired?: pulumi.Input<string>;
|
|
514
|
-
/**
|
|
515
|
-
* The amount of time a session can be idle before it expires.
|
|
516
|
-
*/
|
|
517
193
|
ssoSessionIdleTimeout?: pulumi.Input<string>;
|
|
518
|
-
/**
|
|
519
|
-
* Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`.
|
|
520
|
-
*/
|
|
521
194
|
ssoSessionIdleTimeoutRememberMe?: pulumi.Input<string>;
|
|
522
|
-
/**
|
|
523
|
-
* The maximum amount of time before a session expires regardless of activity.
|
|
524
|
-
*/
|
|
525
195
|
ssoSessionMaxLifespan?: pulumi.Input<string>;
|
|
526
|
-
/**
|
|
527
|
-
* Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`.
|
|
528
|
-
*/
|
|
529
196
|
ssoSessionMaxLifespanRememberMe?: pulumi.Input<string>;
|
|
530
|
-
/**
|
|
531
|
-
* When `true`, users are allowed to manage their own resources. Defaults to `false`.
|
|
532
|
-
*/
|
|
533
197
|
userManagedAccess?: pulumi.Input<boolean>;
|
|
534
|
-
/**
|
|
535
|
-
* When true, users are required to verify their email address after registration and after email address changes.
|
|
536
|
-
*/
|
|
537
198
|
verifyEmail?: pulumi.Input<boolean>;
|
|
538
|
-
/**
|
|
539
|
-
* Configuration for WebAuthn Passwordless Policy authentication.
|
|
540
|
-
*
|
|
541
|
-
* Each of these attributes are blocks with the following attributes:
|
|
542
|
-
*/
|
|
543
199
|
webAuthnPasswordlessPolicy?: pulumi.Input<inputs.RealmWebAuthnPasswordlessPolicy>;
|
|
544
|
-
/**
|
|
545
|
-
* Configuration for WebAuthn Policy authentication.
|
|
546
|
-
*/
|
|
547
200
|
webAuthnPolicy?: pulumi.Input<inputs.RealmWebAuthnPolicy>;
|
|
548
201
|
}
|
|
549
202
|
/**
|
|
550
203
|
* The set of arguments for constructing a Realm resource.
|
|
551
204
|
*/
|
|
552
205
|
export interface RealmArgs {
|
|
553
|
-
/**
|
|
554
|
-
* The maximum amount of time a client has to finish the authorization code flow.
|
|
555
|
-
*/
|
|
556
206
|
accessCodeLifespan?: pulumi.Input<string>;
|
|
557
|
-
/**
|
|
558
|
-
* The maximum amount of time a user is permitted to stay on the login page before the authentication process must be restarted.
|
|
559
|
-
*/
|
|
560
207
|
accessCodeLifespanLogin?: pulumi.Input<string>;
|
|
561
|
-
/**
|
|
562
|
-
* The maximum amount of time a user has to complete login related actions, such as updating a password.
|
|
563
|
-
*/
|
|
564
208
|
accessCodeLifespanUserAction?: pulumi.Input<string>;
|
|
565
|
-
/**
|
|
566
|
-
* The amount of time an access token can be used before it expires.
|
|
567
|
-
*/
|
|
568
209
|
accessTokenLifespan?: pulumi.Input<string>;
|
|
569
|
-
/**
|
|
570
|
-
* The amount of time an access token issued with the OpenID Connect Implicit Flow can be used before it expires.
|
|
571
|
-
*/
|
|
572
210
|
accessTokenLifespanForImplicitFlow?: pulumi.Input<string>;
|
|
573
|
-
/**
|
|
574
|
-
* Used for account management pages.
|
|
575
|
-
*/
|
|
576
211
|
accountTheme?: pulumi.Input<string>;
|
|
577
|
-
/**
|
|
578
|
-
* The maximum time a user has to use an admin-generated permit before it expires.
|
|
579
|
-
*/
|
|
580
212
|
actionTokenGeneratedByAdminLifespan?: pulumi.Input<string>;
|
|
581
|
-
/**
|
|
582
|
-
* The maximum time a user has to use a user-generated permit before it expires.
|
|
583
|
-
*/
|
|
584
213
|
actionTokenGeneratedByUserLifespan?: pulumi.Input<string>;
|
|
585
|
-
/**
|
|
586
|
-
* Used for the admin console.
|
|
587
|
-
*/
|
|
588
214
|
adminTheme?: pulumi.Input<string>;
|
|
589
|
-
/**
|
|
590
|
-
* A map of custom attributes to add to the realm.
|
|
591
|
-
*/
|
|
592
215
|
attributes?: pulumi.Input<{
|
|
593
216
|
[key: string]: any;
|
|
594
217
|
}>;
|
|
595
218
|
/**
|
|
596
|
-
*
|
|
219
|
+
* Which flow should be used for BrowserFlow
|
|
597
220
|
*/
|
|
598
221
|
browserFlow?: pulumi.Input<string>;
|
|
599
222
|
/**
|
|
600
|
-
*
|
|
223
|
+
* Which flow should be used for ClientAuthenticationFlow
|
|
601
224
|
*/
|
|
602
225
|
clientAuthenticationFlow?: pulumi.Input<string>;
|
|
603
|
-
/**
|
|
604
|
-
* The amount of time a session can be idle before it expires. Users can override it for individual clients.
|
|
605
|
-
*/
|
|
606
226
|
clientSessionIdleTimeout?: pulumi.Input<string>;
|
|
607
|
-
/**
|
|
608
|
-
* The maximum amount of time before a session expires regardless of activity. Users can override it for individual clients.
|
|
609
|
-
*/
|
|
610
227
|
clientSessionMaxLifespan?: pulumi.Input<string>;
|
|
611
228
|
defaultDefaultClientScopes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
612
229
|
defaultOptionalClientScopes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
613
|
-
/**
|
|
614
|
-
* Default algorithm used to sign tokens for the realm.
|
|
615
|
-
*/
|
|
616
230
|
defaultSignatureAlgorithm?: pulumi.Input<string>;
|
|
617
231
|
/**
|
|
618
|
-
*
|
|
232
|
+
* Which flow should be used for DirectGrantFlow
|
|
619
233
|
*/
|
|
620
234
|
directGrantFlow?: pulumi.Input<string>;
|
|
621
|
-
/**
|
|
622
|
-
* The display name for the realm that is shown when logging in to the admin console.
|
|
623
|
-
*/
|
|
624
235
|
displayName?: pulumi.Input<string>;
|
|
625
|
-
/**
|
|
626
|
-
* The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
|
|
627
|
-
*/
|
|
628
236
|
displayNameHtml?: pulumi.Input<string>;
|
|
629
237
|
/**
|
|
630
|
-
*
|
|
238
|
+
* Which flow should be used for DockerAuthenticationFlow
|
|
631
239
|
*/
|
|
632
240
|
dockerAuthenticationFlow?: pulumi.Input<string>;
|
|
633
|
-
/**
|
|
634
|
-
* When true, multiple users will be allowed to have the same email address. This argument must be set to `false` if `loginWithEmailAllowed` is set to `true`.
|
|
635
|
-
*/
|
|
636
241
|
duplicateEmailsAllowed?: pulumi.Input<boolean>;
|
|
637
|
-
/**
|
|
638
|
-
* When true, the username field is editable.
|
|
639
|
-
*/
|
|
640
242
|
editUsernameAllowed?: pulumi.Input<boolean>;
|
|
641
|
-
/**
|
|
642
|
-
* Used for emails that are sent by Keycloak.
|
|
643
|
-
*/
|
|
644
243
|
emailTheme?: pulumi.Input<string>;
|
|
645
|
-
/**
|
|
646
|
-
* When `false`, users and clients will not be able to access this realm. Defaults to `true`.
|
|
647
|
-
*/
|
|
648
244
|
enabled?: pulumi.Input<boolean>;
|
|
649
|
-
/**
|
|
650
|
-
* When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
|
|
651
|
-
*/
|
|
652
245
|
internalId?: pulumi.Input<string>;
|
|
653
246
|
internationalization?: pulumi.Input<inputs.RealmInternationalization>;
|
|
654
|
-
/**
|
|
655
|
-
* Used for the login, forgot password, and registration pages.
|
|
656
|
-
*/
|
|
657
247
|
loginTheme?: pulumi.Input<string>;
|
|
658
|
-
/**
|
|
659
|
-
* When true, users may log in with their email address.
|
|
660
|
-
*/
|
|
661
248
|
loginWithEmailAllowed?: pulumi.Input<boolean>;
|
|
662
|
-
/**
|
|
663
|
-
* The maximum amount of time a client has to finish the device code flow before it expires.
|
|
664
|
-
*
|
|
665
|
-
* The attributes below should be specified in seconds.
|
|
666
|
-
*/
|
|
667
249
|
oauth2DeviceCodeLifespan?: pulumi.Input<string>;
|
|
668
|
-
/**
|
|
669
|
-
* The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.
|
|
670
|
-
*/
|
|
671
250
|
oauth2DevicePollingInterval?: pulumi.Input<number>;
|
|
672
|
-
/**
|
|
673
|
-
* The amount of time an offline session can be idle before it expires.
|
|
674
|
-
*/
|
|
675
251
|
offlineSessionIdleTimeout?: pulumi.Input<string>;
|
|
676
|
-
/**
|
|
677
|
-
* The maximum amount of time before an offline session expires regardless of activity.
|
|
678
|
-
*/
|
|
679
252
|
offlineSessionMaxLifespan?: pulumi.Input<string>;
|
|
680
|
-
/**
|
|
681
|
-
* Enable `offlineSessionMaxLifespan`.
|
|
682
|
-
*/
|
|
683
253
|
offlineSessionMaxLifespanEnabled?: pulumi.Input<boolean>;
|
|
684
254
|
otpPolicy?: pulumi.Input<inputs.RealmOtpPolicy>;
|
|
685
255
|
/**
|
|
686
|
-
*
|
|
687
|
-
*
|
|
688
|
-
*
|
|
256
|
+
* String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies
|
|
257
|
+
* can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365)
|
|
258
|
+
* and notUsername(undefined)"
|
|
689
259
|
*/
|
|
690
260
|
passwordPolicy?: pulumi.Input<string>;
|
|
691
|
-
/**
|
|
692
|
-
* The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
|
|
693
|
-
*/
|
|
694
261
|
realm: pulumi.Input<string>;
|
|
695
|
-
/**
|
|
696
|
-
* Maximum number of times a refresh token can be reused before they are revoked. If unspecified and 'revoke_refresh_token' is enabled the default value is 0 and refresh tokens can not be reused.
|
|
697
|
-
*
|
|
698
|
-
* The arguments below should be specified as [Go duration strings](https://golang.org/pkg/time/#Duration.String). They will default to Keycloak's default settings.
|
|
699
|
-
*/
|
|
700
262
|
refreshTokenMaxReuse?: pulumi.Input<number>;
|
|
701
|
-
/**
|
|
702
|
-
* When true, user registration will be enabled, and a link for registration will be displayed on the login page.
|
|
703
|
-
*/
|
|
704
263
|
registrationAllowed?: pulumi.Input<boolean>;
|
|
705
|
-
/**
|
|
706
|
-
* When true, the user's email will be used as their username during registration.
|
|
707
|
-
*/
|
|
708
264
|
registrationEmailAsUsername?: pulumi.Input<boolean>;
|
|
709
265
|
/**
|
|
710
|
-
*
|
|
266
|
+
* Which flow should be used for RegistrationFlow
|
|
711
267
|
*/
|
|
712
268
|
registrationFlow?: pulumi.Input<string>;
|
|
713
|
-
/**
|
|
714
|
-
* When true, a "remember me" checkbox will be displayed on the login page, and the user's session will not expire between browser restarts.
|
|
715
|
-
*/
|
|
716
269
|
rememberMe?: pulumi.Input<boolean>;
|
|
717
270
|
/**
|
|
718
|
-
*
|
|
271
|
+
* Which flow should be used for ResetCredentialsFlow
|
|
719
272
|
*/
|
|
720
273
|
resetCredentialsFlow?: pulumi.Input<string>;
|
|
721
|
-
/**
|
|
722
|
-
* When true, a "forgot password" link will be displayed on the login page.
|
|
723
|
-
*/
|
|
724
274
|
resetPasswordAllowed?: pulumi.Input<boolean>;
|
|
725
|
-
/**
|
|
726
|
-
* If enabled a refresh token can only be used number of times specified in 'refresh_token_max_reuse' before they are revoked. If unspecified, refresh tokens can be reused.
|
|
727
|
-
*/
|
|
728
275
|
revokeRefreshToken?: pulumi.Input<boolean>;
|
|
729
276
|
securityDefenses?: pulumi.Input<inputs.RealmSecurityDefenses>;
|
|
730
277
|
smtpServer?: pulumi.Input<inputs.RealmSmtpServer>;
|
|
731
278
|
/**
|
|
732
|
-
*
|
|
279
|
+
* SSL Required: Values can be 'none', 'external' or 'all'.
|
|
733
280
|
*/
|
|
734
281
|
sslRequired?: pulumi.Input<string>;
|
|
735
|
-
/**
|
|
736
|
-
* The amount of time a session can be idle before it expires.
|
|
737
|
-
*/
|
|
738
282
|
ssoSessionIdleTimeout?: pulumi.Input<string>;
|
|
739
|
-
/**
|
|
740
|
-
* Similar to `ssoSessionIdleTimeout`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionIdleTimeout`.
|
|
741
|
-
*/
|
|
742
283
|
ssoSessionIdleTimeoutRememberMe?: pulumi.Input<string>;
|
|
743
|
-
/**
|
|
744
|
-
* The maximum amount of time before a session expires regardless of activity.
|
|
745
|
-
*/
|
|
746
284
|
ssoSessionMaxLifespan?: pulumi.Input<string>;
|
|
747
|
-
/**
|
|
748
|
-
* Similar to `ssoSessionMaxLifespan`, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of `ssoSessionMaxLifespan`.
|
|
749
|
-
*/
|
|
750
285
|
ssoSessionMaxLifespanRememberMe?: pulumi.Input<string>;
|
|
751
|
-
/**
|
|
752
|
-
* When `true`, users are allowed to manage their own resources. Defaults to `false`.
|
|
753
|
-
*/
|
|
754
286
|
userManagedAccess?: pulumi.Input<boolean>;
|
|
755
|
-
/**
|
|
756
|
-
* When true, users are required to verify their email address after registration and after email address changes.
|
|
757
|
-
*/
|
|
758
287
|
verifyEmail?: pulumi.Input<boolean>;
|
|
759
|
-
/**
|
|
760
|
-
* Configuration for WebAuthn Passwordless Policy authentication.
|
|
761
|
-
*
|
|
762
|
-
* Each of these attributes are blocks with the following attributes:
|
|
763
|
-
*/
|
|
764
288
|
webAuthnPasswordlessPolicy?: pulumi.Input<inputs.RealmWebAuthnPasswordlessPolicy>;
|
|
765
|
-
/**
|
|
766
|
-
* Configuration for WebAuthn Policy authentication.
|
|
767
|
-
*/
|
|
768
289
|
webAuthnPolicy?: pulumi.Input<inputs.RealmWebAuthnPolicy>;
|
|
769
290
|
}
|