Documentation ¶
Index ¶
- type FullNameMapper
- type FullNameMapperArgs
- type FullNameMapperArray
- type FullNameMapperArrayInput
- type FullNameMapperArrayOutput
- func (FullNameMapperArrayOutput) ElementType() reflect.Type
- func (o FullNameMapperArrayOutput) Index(i pulumi.IntInput) FullNameMapperOutput
- func (o FullNameMapperArrayOutput) ToFullNameMapperArrayOutput() FullNameMapperArrayOutput
- func (o FullNameMapperArrayOutput) ToFullNameMapperArrayOutputWithContext(ctx context.Context) FullNameMapperArrayOutput
- type FullNameMapperInput
- type FullNameMapperMap
- type FullNameMapperMapInput
- type FullNameMapperMapOutput
- func (FullNameMapperMapOutput) ElementType() reflect.Type
- func (o FullNameMapperMapOutput) MapIndex(k pulumi.StringInput) FullNameMapperOutput
- func (o FullNameMapperMapOutput) ToFullNameMapperMapOutput() FullNameMapperMapOutput
- func (o FullNameMapperMapOutput) ToFullNameMapperMapOutputWithContext(ctx context.Context) FullNameMapperMapOutput
- type FullNameMapperOutput
- func (FullNameMapperOutput) ElementType() reflect.Type
- func (o FullNameMapperOutput) LdapFullNameAttribute() pulumi.StringOutput
- func (o FullNameMapperOutput) LdapUserFederationId() pulumi.StringOutput
- func (o FullNameMapperOutput) Name() pulumi.StringOutput
- func (o FullNameMapperOutput) ReadOnly() pulumi.BoolPtrOutput
- func (o FullNameMapperOutput) RealmId() pulumi.StringOutput
- func (o FullNameMapperOutput) ToFullNameMapperOutput() FullNameMapperOutput
- func (o FullNameMapperOutput) ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput
- func (o FullNameMapperOutput) WriteOnly() pulumi.BoolPtrOutput
- type FullNameMapperState
- type GroupMapper
- type GroupMapperArgs
- type GroupMapperArray
- type GroupMapperArrayInput
- type GroupMapperArrayOutput
- func (GroupMapperArrayOutput) ElementType() reflect.Type
- func (o GroupMapperArrayOutput) Index(i pulumi.IntInput) GroupMapperOutput
- func (o GroupMapperArrayOutput) ToGroupMapperArrayOutput() GroupMapperArrayOutput
- func (o GroupMapperArrayOutput) ToGroupMapperArrayOutputWithContext(ctx context.Context) GroupMapperArrayOutput
- type GroupMapperInput
- type GroupMapperMap
- type GroupMapperMapInput
- type GroupMapperMapOutput
- func (GroupMapperMapOutput) ElementType() reflect.Type
- func (o GroupMapperMapOutput) MapIndex(k pulumi.StringInput) GroupMapperOutput
- func (o GroupMapperMapOutput) ToGroupMapperMapOutput() GroupMapperMapOutput
- func (o GroupMapperMapOutput) ToGroupMapperMapOutputWithContext(ctx context.Context) GroupMapperMapOutput
- type GroupMapperOutput
- func (o GroupMapperOutput) DropNonExistingGroupsDuringSync() pulumi.BoolPtrOutput
- func (GroupMapperOutput) ElementType() reflect.Type
- func (o GroupMapperOutput) GroupNameLdapAttribute() pulumi.StringOutput
- func (o GroupMapperOutput) GroupObjectClasses() pulumi.StringArrayOutput
- func (o GroupMapperOutput) GroupsLdapFilter() pulumi.StringPtrOutput
- func (o GroupMapperOutput) GroupsPath() pulumi.StringOutput
- func (o GroupMapperOutput) IgnoreMissingGroups() pulumi.BoolPtrOutput
- func (o GroupMapperOutput) LdapGroupsDn() pulumi.StringOutput
- func (o GroupMapperOutput) LdapUserFederationId() pulumi.StringOutput
- func (o GroupMapperOutput) MappedGroupAttributes() pulumi.StringArrayOutput
- func (o GroupMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput
- func (o GroupMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput
- func (o GroupMapperOutput) MembershipLdapAttribute() pulumi.StringOutput
- func (o GroupMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput
- func (o GroupMapperOutput) Mode() pulumi.StringPtrOutput
- func (o GroupMapperOutput) Name() pulumi.StringOutput
- func (o GroupMapperOutput) PreserveGroupInheritance() pulumi.BoolPtrOutput
- func (o GroupMapperOutput) RealmId() pulumi.StringOutput
- func (o GroupMapperOutput) ToGroupMapperOutput() GroupMapperOutput
- func (o GroupMapperOutput) ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput
- func (o GroupMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput
- type GroupMapperState
- type HardcodedGroupMapper
- type HardcodedGroupMapperArgs
- type HardcodedGroupMapperArray
- type HardcodedGroupMapperArrayInput
- type HardcodedGroupMapperArrayOutput
- func (HardcodedGroupMapperArrayOutput) ElementType() reflect.Type
- func (o HardcodedGroupMapperArrayOutput) Index(i pulumi.IntInput) HardcodedGroupMapperOutput
- func (o HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput
- func (o HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutputWithContext(ctx context.Context) HardcodedGroupMapperArrayOutput
- type HardcodedGroupMapperInput
- type HardcodedGroupMapperMap
- type HardcodedGroupMapperMapInput
- type HardcodedGroupMapperMapOutput
- func (HardcodedGroupMapperMapOutput) ElementType() reflect.Type
- func (o HardcodedGroupMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedGroupMapperOutput
- func (o HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput
- func (o HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutputWithContext(ctx context.Context) HardcodedGroupMapperMapOutput
- type HardcodedGroupMapperOutput
- func (HardcodedGroupMapperOutput) ElementType() reflect.Type
- func (o HardcodedGroupMapperOutput) Group() pulumi.StringOutput
- func (o HardcodedGroupMapperOutput) LdapUserFederationId() pulumi.StringOutput
- func (o HardcodedGroupMapperOutput) Name() pulumi.StringOutput
- func (o HardcodedGroupMapperOutput) RealmId() pulumi.StringOutput
- func (o HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput
- func (o HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput
- type HardcodedGroupMapperState
- type HardcodedRoleMapper
- type HardcodedRoleMapperArgs
- type HardcodedRoleMapperArray
- type HardcodedRoleMapperArrayInput
- type HardcodedRoleMapperArrayOutput
- func (HardcodedRoleMapperArrayOutput) ElementType() reflect.Type
- func (o HardcodedRoleMapperArrayOutput) Index(i pulumi.IntInput) HardcodedRoleMapperOutput
- func (o HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput
- func (o HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutputWithContext(ctx context.Context) HardcodedRoleMapperArrayOutput
- type HardcodedRoleMapperInput
- type HardcodedRoleMapperMap
- type HardcodedRoleMapperMapInput
- type HardcodedRoleMapperMapOutput
- func (HardcodedRoleMapperMapOutput) ElementType() reflect.Type
- func (o HardcodedRoleMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedRoleMapperOutput
- func (o HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput
- func (o HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutputWithContext(ctx context.Context) HardcodedRoleMapperMapOutput
- type HardcodedRoleMapperOutput
- func (HardcodedRoleMapperOutput) ElementType() reflect.Type
- func (o HardcodedRoleMapperOutput) LdapUserFederationId() pulumi.StringOutput
- func (o HardcodedRoleMapperOutput) Name() pulumi.StringOutput
- func (o HardcodedRoleMapperOutput) RealmId() pulumi.StringOutput
- func (o HardcodedRoleMapperOutput) Role() pulumi.StringOutput
- func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput
- func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput
- type HardcodedRoleMapperState
- type MsadLdsUserAccountControlMapper
- func GetMsadLdsUserAccountControlMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, ...) (*MsadLdsUserAccountControlMapper, error)
- func NewMsadLdsUserAccountControlMapper(ctx *pulumi.Context, name string, args *MsadLdsUserAccountControlMapperArgs, ...) (*MsadLdsUserAccountControlMapper, error)
- func (*MsadLdsUserAccountControlMapper) ElementType() reflect.Type
- func (i *MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput
- func (i *MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput
- type MsadLdsUserAccountControlMapperArgs
- type MsadLdsUserAccountControlMapperArray
- func (MsadLdsUserAccountControlMapperArray) ElementType() reflect.Type
- func (i MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput
- func (i MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperArrayOutput
- type MsadLdsUserAccountControlMapperArrayInput
- type MsadLdsUserAccountControlMapperArrayOutput
- func (MsadLdsUserAccountControlMapperArrayOutput) ElementType() reflect.Type
- func (o MsadLdsUserAccountControlMapperArrayOutput) Index(i pulumi.IntInput) MsadLdsUserAccountControlMapperOutput
- func (o MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput
- func (o MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperArrayOutput
- type MsadLdsUserAccountControlMapperInput
- type MsadLdsUserAccountControlMapperMap
- func (MsadLdsUserAccountControlMapperMap) ElementType() reflect.Type
- func (i MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput
- func (i MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperMapOutput
- type MsadLdsUserAccountControlMapperMapInput
- type MsadLdsUserAccountControlMapperMapOutput
- func (MsadLdsUserAccountControlMapperMapOutput) ElementType() reflect.Type
- func (o MsadLdsUserAccountControlMapperMapOutput) MapIndex(k pulumi.StringInput) MsadLdsUserAccountControlMapperOutput
- func (o MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput
- func (o MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperMapOutput
- type MsadLdsUserAccountControlMapperOutput
- func (MsadLdsUserAccountControlMapperOutput) ElementType() reflect.Type
- func (o MsadLdsUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput
- func (o MsadLdsUserAccountControlMapperOutput) Name() pulumi.StringOutput
- func (o MsadLdsUserAccountControlMapperOutput) RealmId() pulumi.StringOutput
- func (o MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput
- func (o MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput
- type MsadLdsUserAccountControlMapperState
- type MsadUserAccountControlMapper
- func (*MsadUserAccountControlMapper) ElementType() reflect.Type
- func (i *MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput
- func (i *MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput
- type MsadUserAccountControlMapperArgs
- type MsadUserAccountControlMapperArray
- func (MsadUserAccountControlMapperArray) ElementType() reflect.Type
- func (i MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput
- func (i MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadUserAccountControlMapperArrayOutput
- type MsadUserAccountControlMapperArrayInput
- type MsadUserAccountControlMapperArrayOutput
- func (MsadUserAccountControlMapperArrayOutput) ElementType() reflect.Type
- func (o MsadUserAccountControlMapperArrayOutput) Index(i pulumi.IntInput) MsadUserAccountControlMapperOutput
- func (o MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput
- func (o MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadUserAccountControlMapperArrayOutput
- type MsadUserAccountControlMapperInput
- type MsadUserAccountControlMapperMap
- func (MsadUserAccountControlMapperMap) ElementType() reflect.Type
- func (i MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput
- func (i MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadUserAccountControlMapperMapOutput
- type MsadUserAccountControlMapperMapInput
- type MsadUserAccountControlMapperMapOutput
- func (MsadUserAccountControlMapperMapOutput) ElementType() reflect.Type
- func (o MsadUserAccountControlMapperMapOutput) MapIndex(k pulumi.StringInput) MsadUserAccountControlMapperOutput
- func (o MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput
- func (o MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadUserAccountControlMapperMapOutput
- type MsadUserAccountControlMapperOutput
- func (MsadUserAccountControlMapperOutput) ElementType() reflect.Type
- func (o MsadUserAccountControlMapperOutput) LdapPasswordPolicyHintsEnabled() pulumi.BoolPtrOutput
- func (o MsadUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput
- func (o MsadUserAccountControlMapperOutput) Name() pulumi.StringOutput
- func (o MsadUserAccountControlMapperOutput) RealmId() pulumi.StringOutput
- func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput
- func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput
- type MsadUserAccountControlMapperState
- type RoleMapper
- type RoleMapperArgs
- type RoleMapperArray
- type RoleMapperArrayInput
- type RoleMapperArrayOutput
- func (RoleMapperArrayOutput) ElementType() reflect.Type
- func (o RoleMapperArrayOutput) Index(i pulumi.IntInput) RoleMapperOutput
- func (o RoleMapperArrayOutput) ToRoleMapperArrayOutput() RoleMapperArrayOutput
- func (o RoleMapperArrayOutput) ToRoleMapperArrayOutputWithContext(ctx context.Context) RoleMapperArrayOutput
- type RoleMapperInput
- type RoleMapperMap
- type RoleMapperMapInput
- type RoleMapperMapOutput
- func (RoleMapperMapOutput) ElementType() reflect.Type
- func (o RoleMapperMapOutput) MapIndex(k pulumi.StringInput) RoleMapperOutput
- func (o RoleMapperMapOutput) ToRoleMapperMapOutput() RoleMapperMapOutput
- func (o RoleMapperMapOutput) ToRoleMapperMapOutputWithContext(ctx context.Context) RoleMapperMapOutput
- type RoleMapperOutput
- func (o RoleMapperOutput) ClientId() pulumi.StringPtrOutput
- func (RoleMapperOutput) ElementType() reflect.Type
- func (o RoleMapperOutput) LdapRolesDn() pulumi.StringOutput
- func (o RoleMapperOutput) LdapUserFederationId() pulumi.StringOutput
- func (o RoleMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput
- func (o RoleMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput
- func (o RoleMapperOutput) MembershipLdapAttribute() pulumi.StringOutput
- func (o RoleMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput
- func (o RoleMapperOutput) Mode() pulumi.StringPtrOutput
- func (o RoleMapperOutput) Name() pulumi.StringOutput
- func (o RoleMapperOutput) RealmId() pulumi.StringOutput
- func (o RoleMapperOutput) RoleNameLdapAttribute() pulumi.StringOutput
- func (o RoleMapperOutput) RoleObjectClasses() pulumi.StringArrayOutput
- func (o RoleMapperOutput) RolesLdapFilter() pulumi.StringPtrOutput
- func (o RoleMapperOutput) ToRoleMapperOutput() RoleMapperOutput
- func (o RoleMapperOutput) ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput
- func (o RoleMapperOutput) UseRealmRolesMapping() pulumi.BoolPtrOutput
- func (o RoleMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput
- type RoleMapperState
- type UserAttributeMapper
- type UserAttributeMapperArgs
- type UserAttributeMapperArray
- type UserAttributeMapperArrayInput
- type UserAttributeMapperArrayOutput
- func (UserAttributeMapperArrayOutput) ElementType() reflect.Type
- func (o UserAttributeMapperArrayOutput) Index(i pulumi.IntInput) UserAttributeMapperOutput
- func (o UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput
- func (o UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutputWithContext(ctx context.Context) UserAttributeMapperArrayOutput
- type UserAttributeMapperInput
- type UserAttributeMapperMap
- type UserAttributeMapperMapInput
- type UserAttributeMapperMapOutput
- func (UserAttributeMapperMapOutput) ElementType() reflect.Type
- func (o UserAttributeMapperMapOutput) MapIndex(k pulumi.StringInput) UserAttributeMapperOutput
- func (o UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput
- func (o UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutputWithContext(ctx context.Context) UserAttributeMapperMapOutput
- type UserAttributeMapperOutput
- func (o UserAttributeMapperOutput) AlwaysReadValueFromLdap() pulumi.BoolPtrOutput
- func (UserAttributeMapperOutput) ElementType() reflect.Type
- func (o UserAttributeMapperOutput) IsMandatoryInLdap() pulumi.BoolPtrOutput
- func (o UserAttributeMapperOutput) LdapAttribute() pulumi.StringOutput
- func (o UserAttributeMapperOutput) LdapUserFederationId() pulumi.StringOutput
- func (o UserAttributeMapperOutput) Name() pulumi.StringOutput
- func (o UserAttributeMapperOutput) ReadOnly() pulumi.BoolPtrOutput
- func (o UserAttributeMapperOutput) RealmId() pulumi.StringOutput
- func (o UserAttributeMapperOutput) ToUserAttributeMapperOutput() UserAttributeMapperOutput
- func (o UserAttributeMapperOutput) ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput
- func (o UserAttributeMapperOutput) UserModelAttribute() pulumi.StringOutput
- type UserAttributeMapperState
- type UserFederation
- type UserFederationArgs
- type UserFederationArray
- type UserFederationArrayInput
- type UserFederationArrayOutput
- func (UserFederationArrayOutput) ElementType() reflect.Type
- func (o UserFederationArrayOutput) Index(i pulumi.IntInput) UserFederationOutput
- func (o UserFederationArrayOutput) ToUserFederationArrayOutput() UserFederationArrayOutput
- func (o UserFederationArrayOutput) ToUserFederationArrayOutputWithContext(ctx context.Context) UserFederationArrayOutput
- type UserFederationCache
- type UserFederationCacheArgs
- func (UserFederationCacheArgs) ElementType() reflect.Type
- func (i UserFederationCacheArgs) ToUserFederationCacheOutput() UserFederationCacheOutput
- func (i UserFederationCacheArgs) ToUserFederationCacheOutputWithContext(ctx context.Context) UserFederationCacheOutput
- func (i UserFederationCacheArgs) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput
- func (i UserFederationCacheArgs) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput
- type UserFederationCacheInput
- type UserFederationCacheOutput
- func (UserFederationCacheOutput) ElementType() reflect.Type
- func (o UserFederationCacheOutput) EvictionDay() pulumi.IntPtrOutput
- func (o UserFederationCacheOutput) EvictionHour() pulumi.IntPtrOutput
- func (o UserFederationCacheOutput) EvictionMinute() pulumi.IntPtrOutput
- func (o UserFederationCacheOutput) MaxLifespan() pulumi.StringPtrOutput
- func (o UserFederationCacheOutput) Policy() pulumi.StringPtrOutput
- func (o UserFederationCacheOutput) ToUserFederationCacheOutput() UserFederationCacheOutput
- func (o UserFederationCacheOutput) ToUserFederationCacheOutputWithContext(ctx context.Context) UserFederationCacheOutput
- func (o UserFederationCacheOutput) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput
- func (o UserFederationCacheOutput) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput
- type UserFederationCachePtrInput
- type UserFederationCachePtrOutput
- func (o UserFederationCachePtrOutput) Elem() UserFederationCacheOutput
- func (UserFederationCachePtrOutput) ElementType() reflect.Type
- func (o UserFederationCachePtrOutput) EvictionDay() pulumi.IntPtrOutput
- func (o UserFederationCachePtrOutput) EvictionHour() pulumi.IntPtrOutput
- func (o UserFederationCachePtrOutput) EvictionMinute() pulumi.IntPtrOutput
- func (o UserFederationCachePtrOutput) MaxLifespan() pulumi.StringPtrOutput
- func (o UserFederationCachePtrOutput) Policy() pulumi.StringPtrOutput
- func (o UserFederationCachePtrOutput) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput
- func (o UserFederationCachePtrOutput) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput
- type UserFederationInput
- type UserFederationKerberos
- type UserFederationKerberosArgs
- func (UserFederationKerberosArgs) ElementType() reflect.Type
- func (i UserFederationKerberosArgs) ToUserFederationKerberosOutput() UserFederationKerberosOutput
- func (i UserFederationKerberosArgs) ToUserFederationKerberosOutputWithContext(ctx context.Context) UserFederationKerberosOutput
- func (i UserFederationKerberosArgs) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput
- func (i UserFederationKerberosArgs) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput
- type UserFederationKerberosInput
- type UserFederationKerberosOutput
- func (UserFederationKerberosOutput) ElementType() reflect.Type
- func (o UserFederationKerberosOutput) KerberosRealm() pulumi.StringOutput
- func (o UserFederationKerberosOutput) KeyTab() pulumi.StringOutput
- func (o UserFederationKerberosOutput) ServerPrincipal() pulumi.StringOutput
- func (o UserFederationKerberosOutput) ToUserFederationKerberosOutput() UserFederationKerberosOutput
- func (o UserFederationKerberosOutput) ToUserFederationKerberosOutputWithContext(ctx context.Context) UserFederationKerberosOutput
- func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput
- func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput
- func (o UserFederationKerberosOutput) UseKerberosForPasswordAuthentication() pulumi.BoolPtrOutput
- type UserFederationKerberosPtrInput
- type UserFederationKerberosPtrOutput
- func (o UserFederationKerberosPtrOutput) Elem() UserFederationKerberosOutput
- func (UserFederationKerberosPtrOutput) ElementType() reflect.Type
- func (o UserFederationKerberosPtrOutput) KerberosRealm() pulumi.StringPtrOutput
- func (o UserFederationKerberosPtrOutput) KeyTab() pulumi.StringPtrOutput
- func (o UserFederationKerberosPtrOutput) ServerPrincipal() pulumi.StringPtrOutput
- func (o UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput
- func (o UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput
- func (o UserFederationKerberosPtrOutput) UseKerberosForPasswordAuthentication() pulumi.BoolPtrOutput
- type UserFederationMap
- type UserFederationMapInput
- type UserFederationMapOutput
- func (UserFederationMapOutput) ElementType() reflect.Type
- func (o UserFederationMapOutput) MapIndex(k pulumi.StringInput) UserFederationOutput
- func (o UserFederationMapOutput) ToUserFederationMapOutput() UserFederationMapOutput
- func (o UserFederationMapOutput) ToUserFederationMapOutputWithContext(ctx context.Context) UserFederationMapOutput
- type UserFederationOutput
- func (o UserFederationOutput) BatchSizeForSync() pulumi.IntPtrOutput
- func (o UserFederationOutput) BindCredential() pulumi.StringPtrOutput
- func (o UserFederationOutput) BindDn() pulumi.StringPtrOutput
- func (o UserFederationOutput) Cache() UserFederationCachePtrOutput
- func (o UserFederationOutput) ChangedSyncPeriod() pulumi.IntPtrOutput
- func (o UserFederationOutput) ConnectionTimeout() pulumi.StringPtrOutput
- func (o UserFederationOutput) ConnectionUrl() pulumi.StringOutput
- func (o UserFederationOutput) CustomUserSearchFilter() pulumi.StringPtrOutput
- func (o UserFederationOutput) EditMode() pulumi.StringPtrOutput
- func (UserFederationOutput) ElementType() reflect.Type
- func (o UserFederationOutput) Enabled() pulumi.BoolPtrOutput
- func (o UserFederationOutput) FullSyncPeriod() pulumi.IntPtrOutput
- func (o UserFederationOutput) ImportEnabled() pulumi.BoolPtrOutput
- func (o UserFederationOutput) Kerberos() UserFederationKerberosPtrOutput
- func (o UserFederationOutput) Name() pulumi.StringOutput
- func (o UserFederationOutput) Pagination() pulumi.BoolPtrOutput
- func (o UserFederationOutput) Priority() pulumi.IntPtrOutput
- func (o UserFederationOutput) RdnLdapAttribute() pulumi.StringOutput
- func (o UserFederationOutput) ReadTimeout() pulumi.StringPtrOutput
- func (o UserFederationOutput) RealmId() pulumi.StringOutput
- func (o UserFederationOutput) SearchScope() pulumi.StringPtrOutput
- func (o UserFederationOutput) StartTls() pulumi.BoolPtrOutput
- func (o UserFederationOutput) SyncRegistrations() pulumi.BoolPtrOutput
- func (o UserFederationOutput) ToUserFederationOutput() UserFederationOutput
- func (o UserFederationOutput) ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput
- func (o UserFederationOutput) TrustEmail() pulumi.BoolPtrOutput
- func (o UserFederationOutput) UsePasswordModifyExtendedOp() pulumi.BoolPtrOutput
- func (o UserFederationOutput) UseTruststoreSpi() pulumi.StringPtrOutput
- func (o UserFederationOutput) UserObjectClasses() pulumi.StringArrayOutput
- func (o UserFederationOutput) UsernameLdapAttribute() pulumi.StringOutput
- func (o UserFederationOutput) UsersDn() pulumi.StringOutput
- func (o UserFederationOutput) UuidLdapAttribute() pulumi.StringOutput
- func (o UserFederationOutput) ValidatePasswordPolicy() pulumi.BoolPtrOutput
- func (o UserFederationOutput) Vendor() pulumi.StringPtrOutput
- type UserFederationState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FullNameMapper ¶
type FullNameMapper struct { pulumi.CustomResourceState // The name of the LDAP attribute containing the user's full name. LdapFullNameAttribute pulumi.StringOutput `pulumi:"ldapFullNameAttribute"` // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` // Display name of this mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` // The realm that this LDAP mapper will exist in. RealmId pulumi.StringOutput `pulumi:"realmId"` // When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. WriteOnly pulumi.BoolPtrOutput `pulumi:"writeOnly"` }
Allows for creating and managing full name mappers for Keycloak users federated via LDAP.
The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a Keycloak user.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("entryDN"), UserObjectClasses: pulumi.StringArray{ pulumi.String("simpleSecurityObject"), pulumi.String("organizationalRole"), }, ConnectionUrl: pulumi.String("ldap://openldap"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), }) if err != nil { return err } _, err = ldap.NewFullNameMapper(ctx, "ldapFullNameMapper", &ldap.FullNameMapperArgs{ RealmId: realm.ID(), LdapUserFederationId: ldapUserFederation.ID(), LdapFullNameAttribute: pulumi.String("cn"), }) if err != nil { return err } return nil }) }
```
## Import
LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash
```sh
$ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
```
func GetFullNameMapper ¶
func GetFullNameMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, state *FullNameMapperState, opts ...pulumi.ResourceOption) (*FullNameMapper, error)
GetFullNameMapper gets an existing FullNameMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewFullNameMapper ¶
func NewFullNameMapper(ctx *pulumi.Context, name string, args *FullNameMapperArgs, opts ...pulumi.ResourceOption) (*FullNameMapper, error)
NewFullNameMapper registers a new resource with the given unique name, arguments, and options.
func (*FullNameMapper) ElementType ¶
func (*FullNameMapper) ElementType() reflect.Type
func (*FullNameMapper) ToFullNameMapperOutput ¶
func (i *FullNameMapper) ToFullNameMapperOutput() FullNameMapperOutput
func (*FullNameMapper) ToFullNameMapperOutputWithContext ¶
func (i *FullNameMapper) ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput
type FullNameMapperArgs ¶
type FullNameMapperArgs struct { // The name of the LDAP attribute containing the user's full name. LdapFullNameAttribute pulumi.StringInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. ReadOnly pulumi.BoolPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringInput // When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. WriteOnly pulumi.BoolPtrInput }
The set of arguments for constructing a FullNameMapper resource.
func (FullNameMapperArgs) ElementType ¶
func (FullNameMapperArgs) ElementType() reflect.Type
type FullNameMapperArray ¶
type FullNameMapperArray []FullNameMapperInput
func (FullNameMapperArray) ElementType ¶
func (FullNameMapperArray) ElementType() reflect.Type
func (FullNameMapperArray) ToFullNameMapperArrayOutput ¶
func (i FullNameMapperArray) ToFullNameMapperArrayOutput() FullNameMapperArrayOutput
func (FullNameMapperArray) ToFullNameMapperArrayOutputWithContext ¶
func (i FullNameMapperArray) ToFullNameMapperArrayOutputWithContext(ctx context.Context) FullNameMapperArrayOutput
type FullNameMapperArrayInput ¶
type FullNameMapperArrayInput interface { pulumi.Input ToFullNameMapperArrayOutput() FullNameMapperArrayOutput ToFullNameMapperArrayOutputWithContext(context.Context) FullNameMapperArrayOutput }
FullNameMapperArrayInput is an input type that accepts FullNameMapperArray and FullNameMapperArrayOutput values. You can construct a concrete instance of `FullNameMapperArrayInput` via:
FullNameMapperArray{ FullNameMapperArgs{...} }
type FullNameMapperArrayOutput ¶
type FullNameMapperArrayOutput struct{ *pulumi.OutputState }
func (FullNameMapperArrayOutput) ElementType ¶
func (FullNameMapperArrayOutput) ElementType() reflect.Type
func (FullNameMapperArrayOutput) Index ¶
func (o FullNameMapperArrayOutput) Index(i pulumi.IntInput) FullNameMapperOutput
func (FullNameMapperArrayOutput) ToFullNameMapperArrayOutput ¶
func (o FullNameMapperArrayOutput) ToFullNameMapperArrayOutput() FullNameMapperArrayOutput
func (FullNameMapperArrayOutput) ToFullNameMapperArrayOutputWithContext ¶
func (o FullNameMapperArrayOutput) ToFullNameMapperArrayOutputWithContext(ctx context.Context) FullNameMapperArrayOutput
type FullNameMapperInput ¶
type FullNameMapperInput interface { pulumi.Input ToFullNameMapperOutput() FullNameMapperOutput ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput }
type FullNameMapperMap ¶
type FullNameMapperMap map[string]FullNameMapperInput
func (FullNameMapperMap) ElementType ¶
func (FullNameMapperMap) ElementType() reflect.Type
func (FullNameMapperMap) ToFullNameMapperMapOutput ¶
func (i FullNameMapperMap) ToFullNameMapperMapOutput() FullNameMapperMapOutput
func (FullNameMapperMap) ToFullNameMapperMapOutputWithContext ¶
func (i FullNameMapperMap) ToFullNameMapperMapOutputWithContext(ctx context.Context) FullNameMapperMapOutput
type FullNameMapperMapInput ¶
type FullNameMapperMapInput interface { pulumi.Input ToFullNameMapperMapOutput() FullNameMapperMapOutput ToFullNameMapperMapOutputWithContext(context.Context) FullNameMapperMapOutput }
FullNameMapperMapInput is an input type that accepts FullNameMapperMap and FullNameMapperMapOutput values. You can construct a concrete instance of `FullNameMapperMapInput` via:
FullNameMapperMap{ "key": FullNameMapperArgs{...} }
type FullNameMapperMapOutput ¶
type FullNameMapperMapOutput struct{ *pulumi.OutputState }
func (FullNameMapperMapOutput) ElementType ¶
func (FullNameMapperMapOutput) ElementType() reflect.Type
func (FullNameMapperMapOutput) MapIndex ¶
func (o FullNameMapperMapOutput) MapIndex(k pulumi.StringInput) FullNameMapperOutput
func (FullNameMapperMapOutput) ToFullNameMapperMapOutput ¶
func (o FullNameMapperMapOutput) ToFullNameMapperMapOutput() FullNameMapperMapOutput
func (FullNameMapperMapOutput) ToFullNameMapperMapOutputWithContext ¶
func (o FullNameMapperMapOutput) ToFullNameMapperMapOutputWithContext(ctx context.Context) FullNameMapperMapOutput
type FullNameMapperOutput ¶
type FullNameMapperOutput struct{ *pulumi.OutputState }
func (FullNameMapperOutput) ElementType ¶
func (FullNameMapperOutput) ElementType() reflect.Type
func (FullNameMapperOutput) LdapFullNameAttribute ¶ added in v4.11.0
func (o FullNameMapperOutput) LdapFullNameAttribute() pulumi.StringOutput
The name of the LDAP attribute containing the user's full name.
func (FullNameMapperOutput) LdapUserFederationId ¶ added in v4.11.0
func (o FullNameMapperOutput) LdapUserFederationId() pulumi.StringOutput
The ID of the LDAP user federation provider to attach this mapper to.
func (FullNameMapperOutput) Name ¶ added in v4.11.0
func (o FullNameMapperOutput) Name() pulumi.StringOutput
Display name of this mapper when displayed in the console.
func (FullNameMapperOutput) ReadOnly ¶ added in v4.11.0
func (o FullNameMapperOutput) ReadOnly() pulumi.BoolPtrOutput
When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.
func (FullNameMapperOutput) RealmId ¶ added in v4.11.0
func (o FullNameMapperOutput) RealmId() pulumi.StringOutput
The realm that this LDAP mapper will exist in.
func (FullNameMapperOutput) ToFullNameMapperOutput ¶
func (o FullNameMapperOutput) ToFullNameMapperOutput() FullNameMapperOutput
func (FullNameMapperOutput) ToFullNameMapperOutputWithContext ¶
func (o FullNameMapperOutput) ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput
func (FullNameMapperOutput) WriteOnly ¶ added in v4.11.0
func (o FullNameMapperOutput) WriteOnly() pulumi.BoolPtrOutput
When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.
type FullNameMapperState ¶
type FullNameMapperState struct { // The name of the LDAP attribute containing the user's full name. LdapFullNameAttribute pulumi.StringPtrInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. ReadOnly pulumi.BoolPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringPtrInput // When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`. WriteOnly pulumi.BoolPtrInput }
func (FullNameMapperState) ElementType ¶
func (FullNameMapperState) ElementType() reflect.Type
type GroupMapper ¶
type GroupMapper struct { pulumi.CustomResourceState // When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. DropNonExistingGroupsDuringSync pulumi.BoolPtrOutput `pulumi:"dropNonExistingGroupsDuringSync"` // The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. GroupNameLdapAttribute pulumi.StringOutput `pulumi:"groupNameLdapAttribute"` // List of strings representing the object classes for the group. Must contain at least one. GroupObjectClasses pulumi.StringArrayOutput `pulumi:"groupObjectClasses"` // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. GroupsLdapFilter pulumi.StringPtrOutput `pulumi:"groupsLdapFilter"` // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. GroupsPath pulumi.StringOutput `pulumi:"groupsPath"` // When `true`, missing groups in the hierarchy will be ignored. IgnoreMissingGroups pulumi.BoolPtrOutput `pulumi:"ignoreMissingGroups"` // The LDAP DN where groups can be found. LdapGroupsDn pulumi.StringOutput `pulumi:"ldapGroupsDn"` // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` // Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. MappedGroupAttributes pulumi.StringArrayOutput `pulumi:"mappedGroupAttributes"` // Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. MemberofLdapAttribute pulumi.StringPtrOutput `pulumi:"memberofLdapAttribute"` // Can be one of `DN` or `UID`. Defaults to `DN`. MembershipAttributeType pulumi.StringPtrOutput `pulumi:"membershipAttributeType"` // The name of the LDAP attribute that is used for membership mappings. MembershipLdapAttribute pulumi.StringOutput `pulumi:"membershipLdapAttribute"` // The name of the LDAP attribute on a user that is used for membership mappings. MembershipUserLdapAttribute pulumi.StringOutput `pulumi:"membershipUserLdapAttribute"` // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. Mode pulumi.StringPtrOutput `pulumi:"mode"` // Display name of this mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. PreserveGroupInheritance pulumi.BoolPtrOutput `pulumi:"preserveGroupInheritance"` // The realm that this LDAP mapper will exist in. RealmId pulumi.StringOutput `pulumi:"realmId"` // Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. UserRolesRetrieveStrategy pulumi.StringPtrOutput `pulumi:"userRolesRetrieveStrategy"` }
Allows for creating and managing group mappers for Keycloak users federated via LDAP.
The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also create the groups within Keycloak if they do not already exist.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("entryDN"), UserObjectClasses: pulumi.StringArray{ pulumi.String("simpleSecurityObject"), pulumi.String("organizationalRole"), }, ConnectionUrl: pulumi.String("ldap://openldap"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), }) if err != nil { return err } _, err = ldap.NewGroupMapper(ctx, "ldapGroupMapper", &ldap.GroupMapperArgs{ RealmId: realm.ID(), LdapUserFederationId: ldapUserFederation.ID(), LdapGroupsDn: pulumi.String("dc=example,dc=org"), GroupNameLdapAttribute: pulumi.String("cn"), GroupObjectClasses: pulumi.StringArray{ pulumi.String("groupOfNames"), }, MembershipAttributeType: pulumi.String("DN"), MembershipLdapAttribute: pulumi.String("member"), MembershipUserLdapAttribute: pulumi.String("cn"), MemberofLdapAttribute: pulumi.String("memberOf"), }) if err != nil { return err } return nil }) }
```
## Import
LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash
```sh
$ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
```
func GetGroupMapper ¶
func GetGroupMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, state *GroupMapperState, opts ...pulumi.ResourceOption) (*GroupMapper, error)
GetGroupMapper gets an existing GroupMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewGroupMapper ¶
func NewGroupMapper(ctx *pulumi.Context, name string, args *GroupMapperArgs, opts ...pulumi.ResourceOption) (*GroupMapper, error)
NewGroupMapper registers a new resource with the given unique name, arguments, and options.
func (*GroupMapper) ElementType ¶
func (*GroupMapper) ElementType() reflect.Type
func (*GroupMapper) ToGroupMapperOutput ¶
func (i *GroupMapper) ToGroupMapperOutput() GroupMapperOutput
func (*GroupMapper) ToGroupMapperOutputWithContext ¶
func (i *GroupMapper) ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput
type GroupMapperArgs ¶
type GroupMapperArgs struct { // When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. DropNonExistingGroupsDuringSync pulumi.BoolPtrInput // The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. GroupNameLdapAttribute pulumi.StringInput // List of strings representing the object classes for the group. Must contain at least one. GroupObjectClasses pulumi.StringArrayInput // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. GroupsLdapFilter pulumi.StringPtrInput // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. GroupsPath pulumi.StringPtrInput // When `true`, missing groups in the hierarchy will be ignored. IgnoreMissingGroups pulumi.BoolPtrInput // The LDAP DN where groups can be found. LdapGroupsDn pulumi.StringInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput // Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. MappedGroupAttributes pulumi.StringArrayInput // Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. MemberofLdapAttribute pulumi.StringPtrInput // Can be one of `DN` or `UID`. Defaults to `DN`. MembershipAttributeType pulumi.StringPtrInput // The name of the LDAP attribute that is used for membership mappings. MembershipLdapAttribute pulumi.StringInput // The name of the LDAP attribute on a user that is used for membership mappings. MembershipUserLdapAttribute pulumi.StringInput // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. Mode pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. PreserveGroupInheritance pulumi.BoolPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringInput // Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. UserRolesRetrieveStrategy pulumi.StringPtrInput }
The set of arguments for constructing a GroupMapper resource.
func (GroupMapperArgs) ElementType ¶
func (GroupMapperArgs) ElementType() reflect.Type
type GroupMapperArray ¶
type GroupMapperArray []GroupMapperInput
func (GroupMapperArray) ElementType ¶
func (GroupMapperArray) ElementType() reflect.Type
func (GroupMapperArray) ToGroupMapperArrayOutput ¶
func (i GroupMapperArray) ToGroupMapperArrayOutput() GroupMapperArrayOutput
func (GroupMapperArray) ToGroupMapperArrayOutputWithContext ¶
func (i GroupMapperArray) ToGroupMapperArrayOutputWithContext(ctx context.Context) GroupMapperArrayOutput
type GroupMapperArrayInput ¶
type GroupMapperArrayInput interface { pulumi.Input ToGroupMapperArrayOutput() GroupMapperArrayOutput ToGroupMapperArrayOutputWithContext(context.Context) GroupMapperArrayOutput }
GroupMapperArrayInput is an input type that accepts GroupMapperArray and GroupMapperArrayOutput values. You can construct a concrete instance of `GroupMapperArrayInput` via:
GroupMapperArray{ GroupMapperArgs{...} }
type GroupMapperArrayOutput ¶
type GroupMapperArrayOutput struct{ *pulumi.OutputState }
func (GroupMapperArrayOutput) ElementType ¶
func (GroupMapperArrayOutput) ElementType() reflect.Type
func (GroupMapperArrayOutput) Index ¶
func (o GroupMapperArrayOutput) Index(i pulumi.IntInput) GroupMapperOutput
func (GroupMapperArrayOutput) ToGroupMapperArrayOutput ¶
func (o GroupMapperArrayOutput) ToGroupMapperArrayOutput() GroupMapperArrayOutput
func (GroupMapperArrayOutput) ToGroupMapperArrayOutputWithContext ¶
func (o GroupMapperArrayOutput) ToGroupMapperArrayOutputWithContext(ctx context.Context) GroupMapperArrayOutput
type GroupMapperInput ¶
type GroupMapperInput interface { pulumi.Input ToGroupMapperOutput() GroupMapperOutput ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput }
type GroupMapperMap ¶
type GroupMapperMap map[string]GroupMapperInput
func (GroupMapperMap) ElementType ¶
func (GroupMapperMap) ElementType() reflect.Type
func (GroupMapperMap) ToGroupMapperMapOutput ¶
func (i GroupMapperMap) ToGroupMapperMapOutput() GroupMapperMapOutput
func (GroupMapperMap) ToGroupMapperMapOutputWithContext ¶
func (i GroupMapperMap) ToGroupMapperMapOutputWithContext(ctx context.Context) GroupMapperMapOutput
type GroupMapperMapInput ¶
type GroupMapperMapInput interface { pulumi.Input ToGroupMapperMapOutput() GroupMapperMapOutput ToGroupMapperMapOutputWithContext(context.Context) GroupMapperMapOutput }
GroupMapperMapInput is an input type that accepts GroupMapperMap and GroupMapperMapOutput values. You can construct a concrete instance of `GroupMapperMapInput` via:
GroupMapperMap{ "key": GroupMapperArgs{...} }
type GroupMapperMapOutput ¶
type GroupMapperMapOutput struct{ *pulumi.OutputState }
func (GroupMapperMapOutput) ElementType ¶
func (GroupMapperMapOutput) ElementType() reflect.Type
func (GroupMapperMapOutput) MapIndex ¶
func (o GroupMapperMapOutput) MapIndex(k pulumi.StringInput) GroupMapperOutput
func (GroupMapperMapOutput) ToGroupMapperMapOutput ¶
func (o GroupMapperMapOutput) ToGroupMapperMapOutput() GroupMapperMapOutput
func (GroupMapperMapOutput) ToGroupMapperMapOutputWithContext ¶
func (o GroupMapperMapOutput) ToGroupMapperMapOutputWithContext(ctx context.Context) GroupMapperMapOutput
type GroupMapperOutput ¶
type GroupMapperOutput struct{ *pulumi.OutputState }
func (GroupMapperOutput) DropNonExistingGroupsDuringSync ¶ added in v4.11.0
func (o GroupMapperOutput) DropNonExistingGroupsDuringSync() pulumi.BoolPtrOutput
When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.
func (GroupMapperOutput) ElementType ¶
func (GroupMapperOutput) ElementType() reflect.Type
func (GroupMapperOutput) GroupNameLdapAttribute ¶ added in v4.11.0
func (o GroupMapperOutput) GroupNameLdapAttribute() pulumi.StringOutput
The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.
func (GroupMapperOutput) GroupObjectClasses ¶ added in v4.11.0
func (o GroupMapperOutput) GroupObjectClasses() pulumi.StringArrayOutput
List of strings representing the object classes for the group. Must contain at least one.
func (GroupMapperOutput) GroupsLdapFilter ¶ added in v4.11.0
func (o GroupMapperOutput) GroupsLdapFilter() pulumi.StringPtrOutput
When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.
func (GroupMapperOutput) GroupsPath ¶ added in v4.11.0
func (o GroupMapperOutput) GroupsPath() pulumi.StringOutput
Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.
func (GroupMapperOutput) IgnoreMissingGroups ¶ added in v4.11.0
func (o GroupMapperOutput) IgnoreMissingGroups() pulumi.BoolPtrOutput
When `true`, missing groups in the hierarchy will be ignored.
func (GroupMapperOutput) LdapGroupsDn ¶ added in v4.11.0
func (o GroupMapperOutput) LdapGroupsDn() pulumi.StringOutput
The LDAP DN where groups can be found.
func (GroupMapperOutput) LdapUserFederationId ¶ added in v4.11.0
func (o GroupMapperOutput) LdapUserFederationId() pulumi.StringOutput
The ID of the LDAP user federation provider to attach this mapper to.
func (GroupMapperOutput) MappedGroupAttributes ¶ added in v4.11.0
func (o GroupMapperOutput) MappedGroupAttributes() pulumi.StringArrayOutput
Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.
func (GroupMapperOutput) MemberofLdapAttribute ¶ added in v4.11.0
func (o GroupMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput
Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.
func (GroupMapperOutput) MembershipAttributeType ¶ added in v4.11.0
func (o GroupMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput
Can be one of `DN` or `UID`. Defaults to `DN`.
func (GroupMapperOutput) MembershipLdapAttribute ¶ added in v4.11.0
func (o GroupMapperOutput) MembershipLdapAttribute() pulumi.StringOutput
The name of the LDAP attribute that is used for membership mappings.
func (GroupMapperOutput) MembershipUserLdapAttribute ¶ added in v4.11.0
func (o GroupMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput
The name of the LDAP attribute on a user that is used for membership mappings.
func (GroupMapperOutput) Mode ¶ added in v4.11.0
func (o GroupMapperOutput) Mode() pulumi.StringPtrOutput
Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
func (GroupMapperOutput) Name ¶ added in v4.11.0
func (o GroupMapperOutput) Name() pulumi.StringOutput
Display name of this mapper when displayed in the console.
func (GroupMapperOutput) PreserveGroupInheritance ¶ added in v4.11.0
func (o GroupMapperOutput) PreserveGroupInheritance() pulumi.BoolPtrOutput
When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.
func (GroupMapperOutput) RealmId ¶ added in v4.11.0
func (o GroupMapperOutput) RealmId() pulumi.StringOutput
The realm that this LDAP mapper will exist in.
func (GroupMapperOutput) ToGroupMapperOutput ¶
func (o GroupMapperOutput) ToGroupMapperOutput() GroupMapperOutput
func (GroupMapperOutput) ToGroupMapperOutputWithContext ¶
func (o GroupMapperOutput) ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput
func (GroupMapperOutput) UserRolesRetrieveStrategy ¶ added in v4.11.0
func (o GroupMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput
Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.
type GroupMapperState ¶
type GroupMapperState struct { // When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. DropNonExistingGroupsDuringSync pulumi.BoolPtrInput // The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. GroupNameLdapAttribute pulumi.StringPtrInput // List of strings representing the object classes for the group. Must contain at least one. GroupObjectClasses pulumi.StringArrayInput // When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. GroupsLdapFilter pulumi.StringPtrInput // Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. GroupsPath pulumi.StringPtrInput // When `true`, missing groups in the hierarchy will be ignored. IgnoreMissingGroups pulumi.BoolPtrInput // The LDAP DN where groups can be found. LdapGroupsDn pulumi.StringPtrInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput // Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. MappedGroupAttributes pulumi.StringArrayInput // Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. MemberofLdapAttribute pulumi.StringPtrInput // Can be one of `DN` or `UID`. Defaults to `DN`. MembershipAttributeType pulumi.StringPtrInput // The name of the LDAP attribute that is used for membership mappings. MembershipLdapAttribute pulumi.StringPtrInput // The name of the LDAP attribute on a user that is used for membership mappings. MembershipUserLdapAttribute pulumi.StringPtrInput // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. Mode pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. PreserveGroupInheritance pulumi.BoolPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringPtrInput // Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. UserRolesRetrieveStrategy pulumi.StringPtrInput }
func (GroupMapperState) ElementType ¶
func (GroupMapperState) ElementType() reflect.Type
type HardcodedGroupMapper ¶
type HardcodedGroupMapper struct { pulumi.CustomResourceState // Group to grant to user. Group pulumi.StringOutput `pulumi:"group"` // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` // Display name of the mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // The realm in which the ldap user federation provider exists. RealmId pulumi.StringOutput `pulumi:"realmId"` }
func GetHardcodedGroupMapper ¶
func GetHardcodedGroupMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, state *HardcodedGroupMapperState, opts ...pulumi.ResourceOption) (*HardcodedGroupMapper, error)
GetHardcodedGroupMapper gets an existing HardcodedGroupMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewHardcodedGroupMapper ¶
func NewHardcodedGroupMapper(ctx *pulumi.Context, name string, args *HardcodedGroupMapperArgs, opts ...pulumi.ResourceOption) (*HardcodedGroupMapper, error)
NewHardcodedGroupMapper registers a new resource with the given unique name, arguments, and options.
func (*HardcodedGroupMapper) ElementType ¶
func (*HardcodedGroupMapper) ElementType() reflect.Type
func (*HardcodedGroupMapper) ToHardcodedGroupMapperOutput ¶
func (i *HardcodedGroupMapper) ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput
func (*HardcodedGroupMapper) ToHardcodedGroupMapperOutputWithContext ¶
func (i *HardcodedGroupMapper) ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput
type HardcodedGroupMapperArgs ¶
type HardcodedGroupMapperArgs struct { // Group to grant to user. Group pulumi.StringInput // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput // Display name of the mapper when displayed in the console. Name pulumi.StringPtrInput // The realm in which the ldap user federation provider exists. RealmId pulumi.StringInput }
The set of arguments for constructing a HardcodedGroupMapper resource.
func (HardcodedGroupMapperArgs) ElementType ¶
func (HardcodedGroupMapperArgs) ElementType() reflect.Type
type HardcodedGroupMapperArray ¶
type HardcodedGroupMapperArray []HardcodedGroupMapperInput
func (HardcodedGroupMapperArray) ElementType ¶
func (HardcodedGroupMapperArray) ElementType() reflect.Type
func (HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutput ¶
func (i HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput
func (HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutputWithContext ¶
func (i HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutputWithContext(ctx context.Context) HardcodedGroupMapperArrayOutput
type HardcodedGroupMapperArrayInput ¶
type HardcodedGroupMapperArrayInput interface { pulumi.Input ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput ToHardcodedGroupMapperArrayOutputWithContext(context.Context) HardcodedGroupMapperArrayOutput }
HardcodedGroupMapperArrayInput is an input type that accepts HardcodedGroupMapperArray and HardcodedGroupMapperArrayOutput values. You can construct a concrete instance of `HardcodedGroupMapperArrayInput` via:
HardcodedGroupMapperArray{ HardcodedGroupMapperArgs{...} }
type HardcodedGroupMapperArrayOutput ¶
type HardcodedGroupMapperArrayOutput struct{ *pulumi.OutputState }
func (HardcodedGroupMapperArrayOutput) ElementType ¶
func (HardcodedGroupMapperArrayOutput) ElementType() reflect.Type
func (HardcodedGroupMapperArrayOutput) Index ¶
func (o HardcodedGroupMapperArrayOutput) Index(i pulumi.IntInput) HardcodedGroupMapperOutput
func (HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutput ¶
func (o HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput
func (HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutputWithContext ¶
func (o HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutputWithContext(ctx context.Context) HardcodedGroupMapperArrayOutput
type HardcodedGroupMapperInput ¶
type HardcodedGroupMapperInput interface { pulumi.Input ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput }
type HardcodedGroupMapperMap ¶
type HardcodedGroupMapperMap map[string]HardcodedGroupMapperInput
func (HardcodedGroupMapperMap) ElementType ¶
func (HardcodedGroupMapperMap) ElementType() reflect.Type
func (HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutput ¶
func (i HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput
func (HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutputWithContext ¶
func (i HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutputWithContext(ctx context.Context) HardcodedGroupMapperMapOutput
type HardcodedGroupMapperMapInput ¶
type HardcodedGroupMapperMapInput interface { pulumi.Input ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput ToHardcodedGroupMapperMapOutputWithContext(context.Context) HardcodedGroupMapperMapOutput }
HardcodedGroupMapperMapInput is an input type that accepts HardcodedGroupMapperMap and HardcodedGroupMapperMapOutput values. You can construct a concrete instance of `HardcodedGroupMapperMapInput` via:
HardcodedGroupMapperMap{ "key": HardcodedGroupMapperArgs{...} }
type HardcodedGroupMapperMapOutput ¶
type HardcodedGroupMapperMapOutput struct{ *pulumi.OutputState }
func (HardcodedGroupMapperMapOutput) ElementType ¶
func (HardcodedGroupMapperMapOutput) ElementType() reflect.Type
func (HardcodedGroupMapperMapOutput) MapIndex ¶
func (o HardcodedGroupMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedGroupMapperOutput
func (HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutput ¶
func (o HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput
func (HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutputWithContext ¶
func (o HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutputWithContext(ctx context.Context) HardcodedGroupMapperMapOutput
type HardcodedGroupMapperOutput ¶
type HardcodedGroupMapperOutput struct{ *pulumi.OutputState }
func (HardcodedGroupMapperOutput) ElementType ¶
func (HardcodedGroupMapperOutput) ElementType() reflect.Type
func (HardcodedGroupMapperOutput) Group ¶ added in v4.11.0
func (o HardcodedGroupMapperOutput) Group() pulumi.StringOutput
Group to grant to user.
func (HardcodedGroupMapperOutput) LdapUserFederationId ¶ added in v4.11.0
func (o HardcodedGroupMapperOutput) LdapUserFederationId() pulumi.StringOutput
The ldap user federation provider to attach this mapper to.
func (HardcodedGroupMapperOutput) Name ¶ added in v4.11.0
func (o HardcodedGroupMapperOutput) Name() pulumi.StringOutput
Display name of the mapper when displayed in the console.
func (HardcodedGroupMapperOutput) RealmId ¶ added in v4.11.0
func (o HardcodedGroupMapperOutput) RealmId() pulumi.StringOutput
The realm in which the ldap user federation provider exists.
func (HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutput ¶
func (o HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput
func (HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutputWithContext ¶
func (o HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput
type HardcodedGroupMapperState ¶
type HardcodedGroupMapperState struct { // Group to grant to user. Group pulumi.StringPtrInput // The ldap user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput // Display name of the mapper when displayed in the console. Name pulumi.StringPtrInput // The realm in which the ldap user federation provider exists. RealmId pulumi.StringPtrInput }
func (HardcodedGroupMapperState) ElementType ¶
func (HardcodedGroupMapperState) ElementType() reflect.Type
type HardcodedRoleMapper ¶
type HardcodedRoleMapper struct { pulumi.CustomResourceState // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` // Display name of this mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // The realm that this LDAP mapper will exist in. RealmId pulumi.StringOutput `pulumi:"realmId"` // The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. Role pulumi.StringOutput `pulumi:"role"` }
Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP.
The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.
## Example Usage ### Realm Role)
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("entryDN"), UserObjectClasses: pulumi.StringArray{ pulumi.String("simpleSecurityObject"), pulumi.String("organizationalRole"), }, ConnectionUrl: pulumi.String("ldap://openldap"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), }) if err != nil { return err } realmAdminRole, err := keycloak.NewRole(ctx, "realmAdminRole", &keycloak.RoleArgs{ RealmId: realm.ID(), Description: pulumi.String("My Realm Role"), }) if err != nil { return err } _, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{ RealmId: realm.ID(), LdapUserFederationId: ldapUserFederation.ID(), Role: realmAdminRole.Name, }) if err != nil { return err } return nil }) }
``` ### Client Role)
```go package main
import (
"fmt" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/openid" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("entryDN"), UserObjectClasses: pulumi.StringArray{ pulumi.String("simpleSecurityObject"), pulumi.String("organizationalRole"), }, ConnectionUrl: pulumi.String("ldap://openldap"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), }) if err != nil { return err } realmManagement := openid.LookupClientOutput(ctx, openid.GetClientOutputArgs{ RealmId: realm.ID(), ClientId: pulumi.String("realm-management"), }, nil) _, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{ RealmId: realm.ID(), LdapUserFederationId: ldapUserFederation.ID(), Role: pulumi.All(realmManagement, createClient).ApplyT(func(_args []interface{}) (string, error) { realmManagement := _args[0].(openid.GetClientResult) createClient := _args[1].(GetRoleResult) return fmt.Sprintf("%v.%v", realmManagement.ClientId, createClient.Name), nil }).(pulumi.StringOutput), }) if err != nil { return err } return nil }) }
```
## Import
LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash
```sh
$ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
```
func GetHardcodedRoleMapper ¶
func GetHardcodedRoleMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, state *HardcodedRoleMapperState, opts ...pulumi.ResourceOption) (*HardcodedRoleMapper, error)
GetHardcodedRoleMapper gets an existing HardcodedRoleMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewHardcodedRoleMapper ¶
func NewHardcodedRoleMapper(ctx *pulumi.Context, name string, args *HardcodedRoleMapperArgs, opts ...pulumi.ResourceOption) (*HardcodedRoleMapper, error)
NewHardcodedRoleMapper registers a new resource with the given unique name, arguments, and options.
func (*HardcodedRoleMapper) ElementType ¶
func (*HardcodedRoleMapper) ElementType() reflect.Type
func (*HardcodedRoleMapper) ToHardcodedRoleMapperOutput ¶
func (i *HardcodedRoleMapper) ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput
func (*HardcodedRoleMapper) ToHardcodedRoleMapperOutputWithContext ¶
func (i *HardcodedRoleMapper) ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput
type HardcodedRoleMapperArgs ¶
type HardcodedRoleMapperArgs struct { // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringInput // The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. Role pulumi.StringInput }
The set of arguments for constructing a HardcodedRoleMapper resource.
func (HardcodedRoleMapperArgs) ElementType ¶
func (HardcodedRoleMapperArgs) ElementType() reflect.Type
type HardcodedRoleMapperArray ¶
type HardcodedRoleMapperArray []HardcodedRoleMapperInput
func (HardcodedRoleMapperArray) ElementType ¶
func (HardcodedRoleMapperArray) ElementType() reflect.Type
func (HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutput ¶
func (i HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput
func (HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutputWithContext ¶
func (i HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutputWithContext(ctx context.Context) HardcodedRoleMapperArrayOutput
type HardcodedRoleMapperArrayInput ¶
type HardcodedRoleMapperArrayInput interface { pulumi.Input ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput ToHardcodedRoleMapperArrayOutputWithContext(context.Context) HardcodedRoleMapperArrayOutput }
HardcodedRoleMapperArrayInput is an input type that accepts HardcodedRoleMapperArray and HardcodedRoleMapperArrayOutput values. You can construct a concrete instance of `HardcodedRoleMapperArrayInput` via:
HardcodedRoleMapperArray{ HardcodedRoleMapperArgs{...} }
type HardcodedRoleMapperArrayOutput ¶
type HardcodedRoleMapperArrayOutput struct{ *pulumi.OutputState }
func (HardcodedRoleMapperArrayOutput) ElementType ¶
func (HardcodedRoleMapperArrayOutput) ElementType() reflect.Type
func (HardcodedRoleMapperArrayOutput) Index ¶
func (o HardcodedRoleMapperArrayOutput) Index(i pulumi.IntInput) HardcodedRoleMapperOutput
func (HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutput ¶
func (o HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput
func (HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutputWithContext ¶
func (o HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutputWithContext(ctx context.Context) HardcodedRoleMapperArrayOutput
type HardcodedRoleMapperInput ¶
type HardcodedRoleMapperInput interface { pulumi.Input ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput }
type HardcodedRoleMapperMap ¶
type HardcodedRoleMapperMap map[string]HardcodedRoleMapperInput
func (HardcodedRoleMapperMap) ElementType ¶
func (HardcodedRoleMapperMap) ElementType() reflect.Type
func (HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutput ¶
func (i HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput
func (HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutputWithContext ¶
func (i HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutputWithContext(ctx context.Context) HardcodedRoleMapperMapOutput
type HardcodedRoleMapperMapInput ¶
type HardcodedRoleMapperMapInput interface { pulumi.Input ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput ToHardcodedRoleMapperMapOutputWithContext(context.Context) HardcodedRoleMapperMapOutput }
HardcodedRoleMapperMapInput is an input type that accepts HardcodedRoleMapperMap and HardcodedRoleMapperMapOutput values. You can construct a concrete instance of `HardcodedRoleMapperMapInput` via:
HardcodedRoleMapperMap{ "key": HardcodedRoleMapperArgs{...} }
type HardcodedRoleMapperMapOutput ¶
type HardcodedRoleMapperMapOutput struct{ *pulumi.OutputState }
func (HardcodedRoleMapperMapOutput) ElementType ¶
func (HardcodedRoleMapperMapOutput) ElementType() reflect.Type
func (HardcodedRoleMapperMapOutput) MapIndex ¶
func (o HardcodedRoleMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedRoleMapperOutput
func (HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutput ¶
func (o HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput
func (HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutputWithContext ¶
func (o HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutputWithContext(ctx context.Context) HardcodedRoleMapperMapOutput
type HardcodedRoleMapperOutput ¶
type HardcodedRoleMapperOutput struct{ *pulumi.OutputState }
func (HardcodedRoleMapperOutput) ElementType ¶
func (HardcodedRoleMapperOutput) ElementType() reflect.Type
func (HardcodedRoleMapperOutput) LdapUserFederationId ¶ added in v4.11.0
func (o HardcodedRoleMapperOutput) LdapUserFederationId() pulumi.StringOutput
The ID of the LDAP user federation provider to attach this mapper to.
func (HardcodedRoleMapperOutput) Name ¶ added in v4.11.0
func (o HardcodedRoleMapperOutput) Name() pulumi.StringOutput
Display name of this mapper when displayed in the console.
func (HardcodedRoleMapperOutput) RealmId ¶ added in v4.11.0
func (o HardcodedRoleMapperOutput) RealmId() pulumi.StringOutput
The realm that this LDAP mapper will exist in.
func (HardcodedRoleMapperOutput) Role ¶ added in v4.11.0
func (o HardcodedRoleMapperOutput) Role() pulumi.StringOutput
The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.
func (HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutput ¶
func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput
func (HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutputWithContext ¶
func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput
type HardcodedRoleMapperState ¶
type HardcodedRoleMapperState struct { // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringPtrInput // The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`. Role pulumi.StringPtrInput }
func (HardcodedRoleMapperState) ElementType ¶
func (HardcodedRoleMapperState) ElementType() reflect.Type
type MsadLdsUserAccountControlMapper ¶
type MsadLdsUserAccountControlMapper struct { pulumi.CustomResourceState // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` // Display name of this mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // The realm that this LDAP mapper will exist in. RealmId pulumi.StringOutput `pulumi:"realmId"` }
Allows for creating and managing MSAD-LDS user account control mappers for Keycloak users federated via LDAP.
The MSAD-LDS (Microsoft Active Directory Lightweight Directory Service) user account control mapper is specific to LDAP user federation providers that are pulling from AD-LDS, and it can propagate AD-LDS user state to Keycloak in order to enforce settings like expired passwords or disabled accounts.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("objectGUID"), UserObjectClasses: pulumi.StringArray{ pulumi.String("person"), pulumi.String("organizationalPerson"), pulumi.String("user"), }, ConnectionUrl: pulumi.String("ldap://my-ad-server"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), }) if err != nil { return err } _, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, "msadLdsUserAccountControlMapper", &ldap.MsadLdsUserAccountControlMapperArgs{ RealmId: realm.ID(), LdapUserFederationId: ldapUserFederation.ID(), }) if err != nil { return err } return nil }) }
```
## Import
LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash
```sh
$ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
```
func GetMsadLdsUserAccountControlMapper ¶
func GetMsadLdsUserAccountControlMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, state *MsadLdsUserAccountControlMapperState, opts ...pulumi.ResourceOption) (*MsadLdsUserAccountControlMapper, error)
GetMsadLdsUserAccountControlMapper gets an existing MsadLdsUserAccountControlMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewMsadLdsUserAccountControlMapper ¶
func NewMsadLdsUserAccountControlMapper(ctx *pulumi.Context, name string, args *MsadLdsUserAccountControlMapperArgs, opts ...pulumi.ResourceOption) (*MsadLdsUserAccountControlMapper, error)
NewMsadLdsUserAccountControlMapper registers a new resource with the given unique name, arguments, and options.
func (*MsadLdsUserAccountControlMapper) ElementType ¶
func (*MsadLdsUserAccountControlMapper) ElementType() reflect.Type
func (*MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutput ¶
func (i *MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput
func (*MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutputWithContext ¶
func (i *MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput
type MsadLdsUserAccountControlMapperArgs ¶
type MsadLdsUserAccountControlMapperArgs struct { // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringInput }
The set of arguments for constructing a MsadLdsUserAccountControlMapper resource.
func (MsadLdsUserAccountControlMapperArgs) ElementType ¶
func (MsadLdsUserAccountControlMapperArgs) ElementType() reflect.Type
type MsadLdsUserAccountControlMapperArray ¶
type MsadLdsUserAccountControlMapperArray []MsadLdsUserAccountControlMapperInput
func (MsadLdsUserAccountControlMapperArray) ElementType ¶
func (MsadLdsUserAccountControlMapperArray) ElementType() reflect.Type
func (MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutput ¶
func (i MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput
func (MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutputWithContext ¶
func (i MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperArrayOutput
type MsadLdsUserAccountControlMapperArrayInput ¶
type MsadLdsUserAccountControlMapperArrayInput interface { pulumi.Input ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput ToMsadLdsUserAccountControlMapperArrayOutputWithContext(context.Context) MsadLdsUserAccountControlMapperArrayOutput }
MsadLdsUserAccountControlMapperArrayInput is an input type that accepts MsadLdsUserAccountControlMapperArray and MsadLdsUserAccountControlMapperArrayOutput values. You can construct a concrete instance of `MsadLdsUserAccountControlMapperArrayInput` via:
MsadLdsUserAccountControlMapperArray{ MsadLdsUserAccountControlMapperArgs{...} }
type MsadLdsUserAccountControlMapperArrayOutput ¶
type MsadLdsUserAccountControlMapperArrayOutput struct{ *pulumi.OutputState }
func (MsadLdsUserAccountControlMapperArrayOutput) ElementType ¶
func (MsadLdsUserAccountControlMapperArrayOutput) ElementType() reflect.Type
func (MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutput ¶
func (o MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput
func (MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutputWithContext ¶
func (o MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperArrayOutput
type MsadLdsUserAccountControlMapperInput ¶
type MsadLdsUserAccountControlMapperInput interface { pulumi.Input ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput }
type MsadLdsUserAccountControlMapperMap ¶
type MsadLdsUserAccountControlMapperMap map[string]MsadLdsUserAccountControlMapperInput
func (MsadLdsUserAccountControlMapperMap) ElementType ¶
func (MsadLdsUserAccountControlMapperMap) ElementType() reflect.Type
func (MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutput ¶
func (i MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput
func (MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutputWithContext ¶
func (i MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperMapOutput
type MsadLdsUserAccountControlMapperMapInput ¶
type MsadLdsUserAccountControlMapperMapInput interface { pulumi.Input ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput ToMsadLdsUserAccountControlMapperMapOutputWithContext(context.Context) MsadLdsUserAccountControlMapperMapOutput }
MsadLdsUserAccountControlMapperMapInput is an input type that accepts MsadLdsUserAccountControlMapperMap and MsadLdsUserAccountControlMapperMapOutput values. You can construct a concrete instance of `MsadLdsUserAccountControlMapperMapInput` via:
MsadLdsUserAccountControlMapperMap{ "key": MsadLdsUserAccountControlMapperArgs{...} }
type MsadLdsUserAccountControlMapperMapOutput ¶
type MsadLdsUserAccountControlMapperMapOutput struct{ *pulumi.OutputState }
func (MsadLdsUserAccountControlMapperMapOutput) ElementType ¶
func (MsadLdsUserAccountControlMapperMapOutput) ElementType() reflect.Type
func (MsadLdsUserAccountControlMapperMapOutput) MapIndex ¶
func (o MsadLdsUserAccountControlMapperMapOutput) MapIndex(k pulumi.StringInput) MsadLdsUserAccountControlMapperOutput
func (MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutput ¶
func (o MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput
func (MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutputWithContext ¶
func (o MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperMapOutput
type MsadLdsUserAccountControlMapperOutput ¶
type MsadLdsUserAccountControlMapperOutput struct{ *pulumi.OutputState }
func (MsadLdsUserAccountControlMapperOutput) ElementType ¶
func (MsadLdsUserAccountControlMapperOutput) ElementType() reflect.Type
func (MsadLdsUserAccountControlMapperOutput) LdapUserFederationId ¶ added in v4.11.0
func (o MsadLdsUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput
The ID of the LDAP user federation provider to attach this mapper to.
func (MsadLdsUserAccountControlMapperOutput) Name ¶ added in v4.11.0
func (o MsadLdsUserAccountControlMapperOutput) Name() pulumi.StringOutput
Display name of this mapper when displayed in the console.
func (MsadLdsUserAccountControlMapperOutput) RealmId ¶ added in v4.11.0
func (o MsadLdsUserAccountControlMapperOutput) RealmId() pulumi.StringOutput
The realm that this LDAP mapper will exist in.
func (MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutput ¶
func (o MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput
func (MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutputWithContext ¶
func (o MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput
type MsadLdsUserAccountControlMapperState ¶
type MsadLdsUserAccountControlMapperState struct { // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringPtrInput }
func (MsadLdsUserAccountControlMapperState) ElementType ¶
func (MsadLdsUserAccountControlMapperState) ElementType() reflect.Type
type MsadUserAccountControlMapper ¶
type MsadUserAccountControlMapper struct { pulumi.CustomResourceState // When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. LdapPasswordPolicyHintsEnabled pulumi.BoolPtrOutput `pulumi:"ldapPasswordPolicyHintsEnabled"` // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` // Display name of this mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // The realm that this LDAP mapper will exist in. RealmId pulumi.StringOutput `pulumi:"realmId"` }
Allows for creating and managing MSAD user account control mappers for Keycloak users federated via LDAP.
The MSAD (Microsoft Active Directory) user account control mapper is specific to LDAP user federation providers that are pulling from AD, and it can propagate AD user state to Keycloak in order to enforce settings like expired passwords or disabled accounts.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("objectGUID"), UserObjectClasses: pulumi.StringArray{ pulumi.String("person"), pulumi.String("organizationalPerson"), pulumi.String("user"), }, ConnectionUrl: pulumi.String("ldap://my-ad-server"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), }) if err != nil { return err } _, err = ldap.NewMsadUserAccountControlMapper(ctx, "msadUserAccountControlMapper", &ldap.MsadUserAccountControlMapperArgs{ RealmId: realm.ID(), LdapUserFederationId: ldapUserFederation.ID(), }) if err != nil { return err } return nil }) }
```
## Import
LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash
```sh
$ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
```
func GetMsadUserAccountControlMapper ¶
func GetMsadUserAccountControlMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, state *MsadUserAccountControlMapperState, opts ...pulumi.ResourceOption) (*MsadUserAccountControlMapper, error)
GetMsadUserAccountControlMapper gets an existing MsadUserAccountControlMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewMsadUserAccountControlMapper ¶
func NewMsadUserAccountControlMapper(ctx *pulumi.Context, name string, args *MsadUserAccountControlMapperArgs, opts ...pulumi.ResourceOption) (*MsadUserAccountControlMapper, error)
NewMsadUserAccountControlMapper registers a new resource with the given unique name, arguments, and options.
func (*MsadUserAccountControlMapper) ElementType ¶
func (*MsadUserAccountControlMapper) ElementType() reflect.Type
func (*MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutput ¶
func (i *MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput
func (*MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutputWithContext ¶
func (i *MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput
type MsadUserAccountControlMapperArgs ¶
type MsadUserAccountControlMapperArgs struct { // When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. LdapPasswordPolicyHintsEnabled pulumi.BoolPtrInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringInput }
The set of arguments for constructing a MsadUserAccountControlMapper resource.
func (MsadUserAccountControlMapperArgs) ElementType ¶
func (MsadUserAccountControlMapperArgs) ElementType() reflect.Type
type MsadUserAccountControlMapperArray ¶
type MsadUserAccountControlMapperArray []MsadUserAccountControlMapperInput
func (MsadUserAccountControlMapperArray) ElementType ¶
func (MsadUserAccountControlMapperArray) ElementType() reflect.Type
func (MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutput ¶
func (i MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput
func (MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutputWithContext ¶
func (i MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadUserAccountControlMapperArrayOutput
type MsadUserAccountControlMapperArrayInput ¶
type MsadUserAccountControlMapperArrayInput interface { pulumi.Input ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput ToMsadUserAccountControlMapperArrayOutputWithContext(context.Context) MsadUserAccountControlMapperArrayOutput }
MsadUserAccountControlMapperArrayInput is an input type that accepts MsadUserAccountControlMapperArray and MsadUserAccountControlMapperArrayOutput values. You can construct a concrete instance of `MsadUserAccountControlMapperArrayInput` via:
MsadUserAccountControlMapperArray{ MsadUserAccountControlMapperArgs{...} }
type MsadUserAccountControlMapperArrayOutput ¶
type MsadUserAccountControlMapperArrayOutput struct{ *pulumi.OutputState }
func (MsadUserAccountControlMapperArrayOutput) ElementType ¶
func (MsadUserAccountControlMapperArrayOutput) ElementType() reflect.Type
func (MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutput ¶
func (o MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput
func (MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutputWithContext ¶
func (o MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadUserAccountControlMapperArrayOutput
type MsadUserAccountControlMapperInput ¶
type MsadUserAccountControlMapperInput interface { pulumi.Input ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput }
type MsadUserAccountControlMapperMap ¶
type MsadUserAccountControlMapperMap map[string]MsadUserAccountControlMapperInput
func (MsadUserAccountControlMapperMap) ElementType ¶
func (MsadUserAccountControlMapperMap) ElementType() reflect.Type
func (MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutput ¶
func (i MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput
func (MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutputWithContext ¶
func (i MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadUserAccountControlMapperMapOutput
type MsadUserAccountControlMapperMapInput ¶
type MsadUserAccountControlMapperMapInput interface { pulumi.Input ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput ToMsadUserAccountControlMapperMapOutputWithContext(context.Context) MsadUserAccountControlMapperMapOutput }
MsadUserAccountControlMapperMapInput is an input type that accepts MsadUserAccountControlMapperMap and MsadUserAccountControlMapperMapOutput values. You can construct a concrete instance of `MsadUserAccountControlMapperMapInput` via:
MsadUserAccountControlMapperMap{ "key": MsadUserAccountControlMapperArgs{...} }
type MsadUserAccountControlMapperMapOutput ¶
type MsadUserAccountControlMapperMapOutput struct{ *pulumi.OutputState }
func (MsadUserAccountControlMapperMapOutput) ElementType ¶
func (MsadUserAccountControlMapperMapOutput) ElementType() reflect.Type
func (MsadUserAccountControlMapperMapOutput) MapIndex ¶
func (o MsadUserAccountControlMapperMapOutput) MapIndex(k pulumi.StringInput) MsadUserAccountControlMapperOutput
func (MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutput ¶
func (o MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput
func (MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutputWithContext ¶
func (o MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadUserAccountControlMapperMapOutput
type MsadUserAccountControlMapperOutput ¶
type MsadUserAccountControlMapperOutput struct{ *pulumi.OutputState }
func (MsadUserAccountControlMapperOutput) ElementType ¶
func (MsadUserAccountControlMapperOutput) ElementType() reflect.Type
func (MsadUserAccountControlMapperOutput) LdapPasswordPolicyHintsEnabled ¶ added in v4.11.0
func (o MsadUserAccountControlMapperOutput) LdapPasswordPolicyHintsEnabled() pulumi.BoolPtrOutput
When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
func (MsadUserAccountControlMapperOutput) LdapUserFederationId ¶ added in v4.11.0
func (o MsadUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput
The ID of the LDAP user federation provider to attach this mapper to.
func (MsadUserAccountControlMapperOutput) Name ¶ added in v4.11.0
func (o MsadUserAccountControlMapperOutput) Name() pulumi.StringOutput
Display name of this mapper when displayed in the console.
func (MsadUserAccountControlMapperOutput) RealmId ¶ added in v4.11.0
func (o MsadUserAccountControlMapperOutput) RealmId() pulumi.StringOutput
The realm that this LDAP mapper will exist in.
func (MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutput ¶
func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput
func (MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutputWithContext ¶
func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput
type MsadUserAccountControlMapperState ¶
type MsadUserAccountControlMapperState struct { // When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`. LdapPasswordPolicyHintsEnabled pulumi.BoolPtrInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringPtrInput }
func (MsadUserAccountControlMapperState) ElementType ¶
func (MsadUserAccountControlMapperState) ElementType() reflect.Type
type RoleMapper ¶
type RoleMapper struct { pulumi.CustomResourceState // When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` // The LDAP DN where roles can be found. LdapRolesDn pulumi.StringOutput `pulumi:"ldapRolesDn"` // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` // Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when MemberofLdapAttribute pulumi.StringPtrOutput `pulumi:"memberofLdapAttribute"` // Can be one of `DN` or `UID`. Defaults to `DN`. MembershipAttributeType pulumi.StringPtrOutput `pulumi:"membershipAttributeType"` // The name of the LDAP attribute that is used for membership mappings. MembershipLdapAttribute pulumi.StringOutput `pulumi:"membershipLdapAttribute"` // The name of the LDAP attribute on a user that is used for membership mappings. MembershipUserLdapAttribute pulumi.StringOutput `pulumi:"membershipUserLdapAttribute"` // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. Mode pulumi.StringPtrOutput `pulumi:"mode"` // Display name of this mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // The realm that this LDAP mapper will exist in. RealmId pulumi.StringOutput `pulumi:"realmId"` // The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`. RoleNameLdapAttribute pulumi.StringOutput `pulumi:"roleNameLdapAttribute"` // List of strings representing the object classes for the role. Must contain at least one. RoleObjectClasses pulumi.StringArrayOutput `pulumi:"roleObjectClasses"` // When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. RolesLdapFilter pulumi.StringPtrOutput `pulumi:"rolesLdapFilter"` // When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. UseRealmRolesMapping pulumi.BoolPtrOutput `pulumi:"useRealmRolesMapping"` // Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`. UserRolesRetrieveStrategy pulumi.StringPtrOutput `pulumi:"userRolesRetrieveStrategy"` }
Allows for creating and managing role mappers for Keycloak users federated via LDAP.
The LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("entryDN"), UserObjectClasses: pulumi.StringArray{ pulumi.String("simpleSecurityObject"), pulumi.String("organizationalRole"), }, ConnectionUrl: pulumi.String("ldap://openldap"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), }) if err != nil { return err } _, err = ldap.NewRoleMapper(ctx, "ldapRoleMapper", &ldap.RoleMapperArgs{ RealmId: realm.ID(), LdapUserFederationId: ldapUserFederation.ID(), LdapRolesDn: pulumi.String("dc=example,dc=org"), RoleNameLdapAttribute: pulumi.String("cn"), RoleObjectClasses: pulumi.StringArray{ pulumi.String("groupOfNames"), }, MembershipAttributeType: pulumi.String("DN"), MembershipLdapAttribute: pulumi.String("member"), MembershipUserLdapAttribute: pulumi.String("cn"), UserRolesRetrieveStrategy: pulumi.String("GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE"), MemberofLdapAttribute: pulumi.String("memberOf"), }) if err != nil { return err } return nil }) }
```
## Import
LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash
```sh
$ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
```
func GetRoleMapper ¶
func GetRoleMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RoleMapperState, opts ...pulumi.ResourceOption) (*RoleMapper, error)
GetRoleMapper gets an existing RoleMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewRoleMapper ¶
func NewRoleMapper(ctx *pulumi.Context, name string, args *RoleMapperArgs, opts ...pulumi.ResourceOption) (*RoleMapper, error)
NewRoleMapper registers a new resource with the given unique name, arguments, and options.
func (*RoleMapper) ElementType ¶
func (*RoleMapper) ElementType() reflect.Type
func (*RoleMapper) ToRoleMapperOutput ¶
func (i *RoleMapper) ToRoleMapperOutput() RoleMapperOutput
func (*RoleMapper) ToRoleMapperOutputWithContext ¶
func (i *RoleMapper) ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput
type RoleMapperArgs ¶
type RoleMapperArgs struct { // When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`. ClientId pulumi.StringPtrInput // The LDAP DN where roles can be found. LdapRolesDn pulumi.StringInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput // Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when MemberofLdapAttribute pulumi.StringPtrInput // Can be one of `DN` or `UID`. Defaults to `DN`. MembershipAttributeType pulumi.StringPtrInput // The name of the LDAP attribute that is used for membership mappings. MembershipLdapAttribute pulumi.StringInput // The name of the LDAP attribute on a user that is used for membership mappings. MembershipUserLdapAttribute pulumi.StringInput // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. Mode pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringInput // The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`. RoleNameLdapAttribute pulumi.StringInput // List of strings representing the object classes for the role. Must contain at least one. RoleObjectClasses pulumi.StringArrayInput // When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. RolesLdapFilter pulumi.StringPtrInput // When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. UseRealmRolesMapping pulumi.BoolPtrInput // Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`. UserRolesRetrieveStrategy pulumi.StringPtrInput }
The set of arguments for constructing a RoleMapper resource.
func (RoleMapperArgs) ElementType ¶
func (RoleMapperArgs) ElementType() reflect.Type
type RoleMapperArray ¶
type RoleMapperArray []RoleMapperInput
func (RoleMapperArray) ElementType ¶
func (RoleMapperArray) ElementType() reflect.Type
func (RoleMapperArray) ToRoleMapperArrayOutput ¶
func (i RoleMapperArray) ToRoleMapperArrayOutput() RoleMapperArrayOutput
func (RoleMapperArray) ToRoleMapperArrayOutputWithContext ¶
func (i RoleMapperArray) ToRoleMapperArrayOutputWithContext(ctx context.Context) RoleMapperArrayOutput
type RoleMapperArrayInput ¶
type RoleMapperArrayInput interface { pulumi.Input ToRoleMapperArrayOutput() RoleMapperArrayOutput ToRoleMapperArrayOutputWithContext(context.Context) RoleMapperArrayOutput }
RoleMapperArrayInput is an input type that accepts RoleMapperArray and RoleMapperArrayOutput values. You can construct a concrete instance of `RoleMapperArrayInput` via:
RoleMapperArray{ RoleMapperArgs{...} }
type RoleMapperArrayOutput ¶
type RoleMapperArrayOutput struct{ *pulumi.OutputState }
func (RoleMapperArrayOutput) ElementType ¶
func (RoleMapperArrayOutput) ElementType() reflect.Type
func (RoleMapperArrayOutput) Index ¶
func (o RoleMapperArrayOutput) Index(i pulumi.IntInput) RoleMapperOutput
func (RoleMapperArrayOutput) ToRoleMapperArrayOutput ¶
func (o RoleMapperArrayOutput) ToRoleMapperArrayOutput() RoleMapperArrayOutput
func (RoleMapperArrayOutput) ToRoleMapperArrayOutputWithContext ¶
func (o RoleMapperArrayOutput) ToRoleMapperArrayOutputWithContext(ctx context.Context) RoleMapperArrayOutput
type RoleMapperInput ¶
type RoleMapperInput interface { pulumi.Input ToRoleMapperOutput() RoleMapperOutput ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput }
type RoleMapperMap ¶
type RoleMapperMap map[string]RoleMapperInput
func (RoleMapperMap) ElementType ¶
func (RoleMapperMap) ElementType() reflect.Type
func (RoleMapperMap) ToRoleMapperMapOutput ¶
func (i RoleMapperMap) ToRoleMapperMapOutput() RoleMapperMapOutput
func (RoleMapperMap) ToRoleMapperMapOutputWithContext ¶
func (i RoleMapperMap) ToRoleMapperMapOutputWithContext(ctx context.Context) RoleMapperMapOutput
type RoleMapperMapInput ¶
type RoleMapperMapInput interface { pulumi.Input ToRoleMapperMapOutput() RoleMapperMapOutput ToRoleMapperMapOutputWithContext(context.Context) RoleMapperMapOutput }
RoleMapperMapInput is an input type that accepts RoleMapperMap and RoleMapperMapOutput values. You can construct a concrete instance of `RoleMapperMapInput` via:
RoleMapperMap{ "key": RoleMapperArgs{...} }
type RoleMapperMapOutput ¶
type RoleMapperMapOutput struct{ *pulumi.OutputState }
func (RoleMapperMapOutput) ElementType ¶
func (RoleMapperMapOutput) ElementType() reflect.Type
func (RoleMapperMapOutput) MapIndex ¶
func (o RoleMapperMapOutput) MapIndex(k pulumi.StringInput) RoleMapperOutput
func (RoleMapperMapOutput) ToRoleMapperMapOutput ¶
func (o RoleMapperMapOutput) ToRoleMapperMapOutput() RoleMapperMapOutput
func (RoleMapperMapOutput) ToRoleMapperMapOutputWithContext ¶
func (o RoleMapperMapOutput) ToRoleMapperMapOutputWithContext(ctx context.Context) RoleMapperMapOutput
type RoleMapperOutput ¶
type RoleMapperOutput struct{ *pulumi.OutputState }
func (RoleMapperOutput) ClientId ¶ added in v4.11.0
func (o RoleMapperOutput) ClientId() pulumi.StringPtrOutput
When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.
func (RoleMapperOutput) ElementType ¶
func (RoleMapperOutput) ElementType() reflect.Type
func (RoleMapperOutput) LdapRolesDn ¶ added in v4.11.0
func (o RoleMapperOutput) LdapRolesDn() pulumi.StringOutput
The LDAP DN where roles can be found.
func (RoleMapperOutput) LdapUserFederationId ¶ added in v4.11.0
func (o RoleMapperOutput) LdapUserFederationId() pulumi.StringOutput
The ID of the LDAP user federation provider to attach this mapper to.
func (RoleMapperOutput) MemberofLdapAttribute ¶ added in v4.11.0
func (o RoleMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput
Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when
func (RoleMapperOutput) MembershipAttributeType ¶ added in v4.11.0
func (o RoleMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput
Can be one of `DN` or `UID`. Defaults to `DN`.
func (RoleMapperOutput) MembershipLdapAttribute ¶ added in v4.11.0
func (o RoleMapperOutput) MembershipLdapAttribute() pulumi.StringOutput
The name of the LDAP attribute that is used for membership mappings.
func (RoleMapperOutput) MembershipUserLdapAttribute ¶ added in v4.11.0
func (o RoleMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput
The name of the LDAP attribute on a user that is used for membership mappings.
func (RoleMapperOutput) Mode ¶ added in v4.11.0
func (o RoleMapperOutput) Mode() pulumi.StringPtrOutput
Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
func (RoleMapperOutput) Name ¶ added in v4.11.0
func (o RoleMapperOutput) Name() pulumi.StringOutput
Display name of this mapper when displayed in the console.
func (RoleMapperOutput) RealmId ¶ added in v4.11.0
func (o RoleMapperOutput) RealmId() pulumi.StringOutput
The realm that this LDAP mapper will exist in.
func (RoleMapperOutput) RoleNameLdapAttribute ¶ added in v4.11.0
func (o RoleMapperOutput) RoleNameLdapAttribute() pulumi.StringOutput
The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.
func (RoleMapperOutput) RoleObjectClasses ¶ added in v4.11.0
func (o RoleMapperOutput) RoleObjectClasses() pulumi.StringArrayOutput
List of strings representing the object classes for the role. Must contain at least one.
func (RoleMapperOutput) RolesLdapFilter ¶ added in v4.11.0
func (o RoleMapperOutput) RolesLdapFilter() pulumi.StringPtrOutput
When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.
func (RoleMapperOutput) ToRoleMapperOutput ¶
func (o RoleMapperOutput) ToRoleMapperOutput() RoleMapperOutput
func (RoleMapperOutput) ToRoleMapperOutputWithContext ¶
func (o RoleMapperOutput) ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput
func (RoleMapperOutput) UseRealmRolesMapping ¶ added in v4.11.0
func (o RoleMapperOutput) UseRealmRolesMapping() pulumi.BoolPtrOutput
When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.
func (RoleMapperOutput) UserRolesRetrieveStrategy ¶ added in v4.11.0
func (o RoleMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput
Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.
type RoleMapperState ¶
type RoleMapperState struct { // When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`. ClientId pulumi.StringPtrInput // The LDAP DN where roles can be found. LdapRolesDn pulumi.StringPtrInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput // Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when MemberofLdapAttribute pulumi.StringPtrInput // Can be one of `DN` or `UID`. Defaults to `DN`. MembershipAttributeType pulumi.StringPtrInput // The name of the LDAP attribute that is used for membership mappings. MembershipLdapAttribute pulumi.StringPtrInput // The name of the LDAP attribute on a user that is used for membership mappings. MembershipUserLdapAttribute pulumi.StringPtrInput // Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. Mode pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringPtrInput // The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`. RoleNameLdapAttribute pulumi.StringPtrInput // List of strings representing the object classes for the role. Must contain at least one. RoleObjectClasses pulumi.StringArrayInput // When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. RolesLdapFilter pulumi.StringPtrInput // When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`. UseRealmRolesMapping pulumi.BoolPtrInput // Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`. UserRolesRetrieveStrategy pulumi.StringPtrInput }
func (RoleMapperState) ElementType ¶
func (RoleMapperState) ElementType() reflect.Type
type UserAttributeMapper ¶
type UserAttributeMapper struct { pulumi.CustomResourceState // When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. AlwaysReadValueFromLdap pulumi.BoolPtrOutput `pulumi:"alwaysReadValueFromLdap"` // When `true`, this attribute must exist in LDAP. Defaults to `false`. IsMandatoryInLdap pulumi.BoolPtrOutput `pulumi:"isMandatoryInLdap"` // Name of the mapped attribute on the LDAP object. LdapAttribute pulumi.StringOutput `pulumi:"ldapAttribute"` // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"` // Display name of this mapper when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` // The realm that this LDAP mapper will exist in. RealmId pulumi.StringOutput `pulumi:"realmId"` // Name of the user property or attribute you want to map the LDAP attribute into. UserModelAttribute pulumi.StringOutput `pulumi:"userModelAttribute"` }
Allows for creating and managing user attribute mappers for Keycloak users federated via LDAP.
The LDAP user attribute mapper can be used to map a single LDAP attribute to an attribute on the Keycloak user model.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("entryDN"), UserObjectClasses: pulumi.StringArray{ pulumi.String("simpleSecurityObject"), pulumi.String("organizationalRole"), }, ConnectionUrl: pulumi.String("ldap://openldap"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), }) if err != nil { return err } _, err = ldap.NewUserAttributeMapper(ctx, "ldapUserAttributeMapper", &ldap.UserAttributeMapperArgs{ RealmId: realm.ID(), LdapUserFederationId: ldapUserFederation.ID(), UserModelAttribute: pulumi.String("foo"), LdapAttribute: pulumi.String("bar"), }) if err != nil { return err } return nil }) }
```
## Import
LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash
```sh
$ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
```
func GetUserAttributeMapper ¶
func GetUserAttributeMapper(ctx *pulumi.Context, name string, id pulumi.IDInput, state *UserAttributeMapperState, opts ...pulumi.ResourceOption) (*UserAttributeMapper, error)
GetUserAttributeMapper gets an existing UserAttributeMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewUserAttributeMapper ¶
func NewUserAttributeMapper(ctx *pulumi.Context, name string, args *UserAttributeMapperArgs, opts ...pulumi.ResourceOption) (*UserAttributeMapper, error)
NewUserAttributeMapper registers a new resource with the given unique name, arguments, and options.
func (*UserAttributeMapper) ElementType ¶
func (*UserAttributeMapper) ElementType() reflect.Type
func (*UserAttributeMapper) ToUserAttributeMapperOutput ¶
func (i *UserAttributeMapper) ToUserAttributeMapperOutput() UserAttributeMapperOutput
func (*UserAttributeMapper) ToUserAttributeMapperOutputWithContext ¶
func (i *UserAttributeMapper) ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput
type UserAttributeMapperArgs ¶
type UserAttributeMapperArgs struct { // When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. AlwaysReadValueFromLdap pulumi.BoolPtrInput // When `true`, this attribute must exist in LDAP. Defaults to `false`. IsMandatoryInLdap pulumi.BoolPtrInput // Name of the mapped attribute on the LDAP object. LdapAttribute pulumi.StringInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. ReadOnly pulumi.BoolPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringInput // Name of the user property or attribute you want to map the LDAP attribute into. UserModelAttribute pulumi.StringInput }
The set of arguments for constructing a UserAttributeMapper resource.
func (UserAttributeMapperArgs) ElementType ¶
func (UserAttributeMapperArgs) ElementType() reflect.Type
type UserAttributeMapperArray ¶
type UserAttributeMapperArray []UserAttributeMapperInput
func (UserAttributeMapperArray) ElementType ¶
func (UserAttributeMapperArray) ElementType() reflect.Type
func (UserAttributeMapperArray) ToUserAttributeMapperArrayOutput ¶
func (i UserAttributeMapperArray) ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput
func (UserAttributeMapperArray) ToUserAttributeMapperArrayOutputWithContext ¶
func (i UserAttributeMapperArray) ToUserAttributeMapperArrayOutputWithContext(ctx context.Context) UserAttributeMapperArrayOutput
type UserAttributeMapperArrayInput ¶
type UserAttributeMapperArrayInput interface { pulumi.Input ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput ToUserAttributeMapperArrayOutputWithContext(context.Context) UserAttributeMapperArrayOutput }
UserAttributeMapperArrayInput is an input type that accepts UserAttributeMapperArray and UserAttributeMapperArrayOutput values. You can construct a concrete instance of `UserAttributeMapperArrayInput` via:
UserAttributeMapperArray{ UserAttributeMapperArgs{...} }
type UserAttributeMapperArrayOutput ¶
type UserAttributeMapperArrayOutput struct{ *pulumi.OutputState }
func (UserAttributeMapperArrayOutput) ElementType ¶
func (UserAttributeMapperArrayOutput) ElementType() reflect.Type
func (UserAttributeMapperArrayOutput) Index ¶
func (o UserAttributeMapperArrayOutput) Index(i pulumi.IntInput) UserAttributeMapperOutput
func (UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutput ¶
func (o UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput
func (UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutputWithContext ¶
func (o UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutputWithContext(ctx context.Context) UserAttributeMapperArrayOutput
type UserAttributeMapperInput ¶
type UserAttributeMapperInput interface { pulumi.Input ToUserAttributeMapperOutput() UserAttributeMapperOutput ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput }
type UserAttributeMapperMap ¶
type UserAttributeMapperMap map[string]UserAttributeMapperInput
func (UserAttributeMapperMap) ElementType ¶
func (UserAttributeMapperMap) ElementType() reflect.Type
func (UserAttributeMapperMap) ToUserAttributeMapperMapOutput ¶
func (i UserAttributeMapperMap) ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput
func (UserAttributeMapperMap) ToUserAttributeMapperMapOutputWithContext ¶
func (i UserAttributeMapperMap) ToUserAttributeMapperMapOutputWithContext(ctx context.Context) UserAttributeMapperMapOutput
type UserAttributeMapperMapInput ¶
type UserAttributeMapperMapInput interface { pulumi.Input ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput ToUserAttributeMapperMapOutputWithContext(context.Context) UserAttributeMapperMapOutput }
UserAttributeMapperMapInput is an input type that accepts UserAttributeMapperMap and UserAttributeMapperMapOutput values. You can construct a concrete instance of `UserAttributeMapperMapInput` via:
UserAttributeMapperMap{ "key": UserAttributeMapperArgs{...} }
type UserAttributeMapperMapOutput ¶
type UserAttributeMapperMapOutput struct{ *pulumi.OutputState }
func (UserAttributeMapperMapOutput) ElementType ¶
func (UserAttributeMapperMapOutput) ElementType() reflect.Type
func (UserAttributeMapperMapOutput) MapIndex ¶
func (o UserAttributeMapperMapOutput) MapIndex(k pulumi.StringInput) UserAttributeMapperOutput
func (UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutput ¶
func (o UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput
func (UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutputWithContext ¶
func (o UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutputWithContext(ctx context.Context) UserAttributeMapperMapOutput
type UserAttributeMapperOutput ¶
type UserAttributeMapperOutput struct{ *pulumi.OutputState }
func (UserAttributeMapperOutput) AlwaysReadValueFromLdap ¶ added in v4.11.0
func (o UserAttributeMapperOutput) AlwaysReadValueFromLdap() pulumi.BoolPtrOutput
When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.
func (UserAttributeMapperOutput) ElementType ¶
func (UserAttributeMapperOutput) ElementType() reflect.Type
func (UserAttributeMapperOutput) IsMandatoryInLdap ¶ added in v4.11.0
func (o UserAttributeMapperOutput) IsMandatoryInLdap() pulumi.BoolPtrOutput
When `true`, this attribute must exist in LDAP. Defaults to `false`.
func (UserAttributeMapperOutput) LdapAttribute ¶ added in v4.11.0
func (o UserAttributeMapperOutput) LdapAttribute() pulumi.StringOutput
Name of the mapped attribute on the LDAP object.
func (UserAttributeMapperOutput) LdapUserFederationId ¶ added in v4.11.0
func (o UserAttributeMapperOutput) LdapUserFederationId() pulumi.StringOutput
The ID of the LDAP user federation provider to attach this mapper to.
func (UserAttributeMapperOutput) Name ¶ added in v4.11.0
func (o UserAttributeMapperOutput) Name() pulumi.StringOutput
Display name of this mapper when displayed in the console.
func (UserAttributeMapperOutput) ReadOnly ¶ added in v4.11.0
func (o UserAttributeMapperOutput) ReadOnly() pulumi.BoolPtrOutput
When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.
func (UserAttributeMapperOutput) RealmId ¶ added in v4.11.0
func (o UserAttributeMapperOutput) RealmId() pulumi.StringOutput
The realm that this LDAP mapper will exist in.
func (UserAttributeMapperOutput) ToUserAttributeMapperOutput ¶
func (o UserAttributeMapperOutput) ToUserAttributeMapperOutput() UserAttributeMapperOutput
func (UserAttributeMapperOutput) ToUserAttributeMapperOutputWithContext ¶
func (o UserAttributeMapperOutput) ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput
func (UserAttributeMapperOutput) UserModelAttribute ¶ added in v4.11.0
func (o UserAttributeMapperOutput) UserModelAttribute() pulumi.StringOutput
Name of the user property or attribute you want to map the LDAP attribute into.
type UserAttributeMapperState ¶
type UserAttributeMapperState struct { // When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. AlwaysReadValueFromLdap pulumi.BoolPtrInput // When `true`, this attribute must exist in LDAP. Defaults to `false`. IsMandatoryInLdap pulumi.BoolPtrInput // Name of the mapped attribute on the LDAP object. LdapAttribute pulumi.StringPtrInput // The ID of the LDAP user federation provider to attach this mapper to. LdapUserFederationId pulumi.StringPtrInput // Display name of this mapper when displayed in the console. Name pulumi.StringPtrInput // When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. ReadOnly pulumi.BoolPtrInput // The realm that this LDAP mapper will exist in. RealmId pulumi.StringPtrInput // Name of the user property or attribute you want to map the LDAP attribute into. UserModelAttribute pulumi.StringPtrInput }
func (UserAttributeMapperState) ElementType ¶
func (UserAttributeMapperState) ElementType() reflect.Type
type UserFederation ¶
type UserFederation struct { pulumi.CustomResourceState // The number of users to sync within a single transaction. Defaults to `1000`. BatchSizeForSync pulumi.IntPtrOutput `pulumi:"batchSizeForSync"` // Password of LDAP admin. This attribute must be set if `bindDn` is set. BindCredential pulumi.StringPtrOutput `pulumi:"bindCredential"` // DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. BindDn pulumi.StringPtrOutput `pulumi:"bindDn"` // A block containing the cache settings. Cache UserFederationCachePtrOutput `pulumi:"cache"` // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. ChangedSyncPeriod pulumi.IntPtrOutput `pulumi:"changedSyncPeriod"` // LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). ConnectionTimeout pulumi.StringPtrOutput `pulumi:"connectionTimeout"` // Connection URL to the LDAP server. ConnectionUrl pulumi.StringOutput `pulumi:"connectionUrl"` // Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. CustomUserSearchFilter pulumi.StringPtrOutput `pulumi:"customUserSearchFilter"` // Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. EditMode pulumi.StringPtrOutput `pulumi:"editMode"` // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` // How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrOutput `pulumi:"fullSyncPeriod"` // When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. ImportEnabled pulumi.BoolPtrOutput `pulumi:"importEnabled"` // A block containing the kerberos settings. Kerberos UserFederationKerberosPtrOutput `pulumi:"kerberos"` // Display name of the provider when displayed in the console. Name pulumi.StringOutput `pulumi:"name"` // When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. Pagination pulumi.BoolPtrOutput `pulumi:"pagination"` // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. Priority pulumi.IntPtrOutput `pulumi:"priority"` // Name of the LDAP attribute to use as the relative distinguished name. RdnLdapAttribute pulumi.StringOutput `pulumi:"rdnLdapAttribute"` // LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). ReadTimeout pulumi.StringPtrOutput `pulumi:"readTimeout"` // The realm that this provider will provide user federation for. RealmId pulumi.StringOutput `pulumi:"realmId"` // Can be one of `ONE_LEVEL` or `SUBTREE`: // - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`. // - `SUBTREE`: Search entire LDAP subtree. SearchScope pulumi.StringPtrOutput `pulumi:"searchScope"` // When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. StartTls pulumi.BoolPtrOutput `pulumi:"startTls"` // When `true`, newly created users will be synced back to LDAP. Defaults to `false`. SyncRegistrations pulumi.BoolPtrOutput `pulumi:"syncRegistrations"` // If enabled, email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"` // When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). UsePasswordModifyExtendedOp pulumi.BoolPtrOutput `pulumi:"usePasswordModifyExtendedOp"` // Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: UseTruststoreSpi pulumi.StringPtrOutput `pulumi:"useTruststoreSpi"` // Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. UserObjectClasses pulumi.StringArrayOutput `pulumi:"userObjectClasses"` // Name of the LDAP attribute to use as the Keycloak username. UsernameLdapAttribute pulumi.StringOutput `pulumi:"usernameLdapAttribute"` // Full DN of LDAP tree where your users are. UsersDn pulumi.StringOutput `pulumi:"usersDn"` // Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. UuidLdapAttribute pulumi.StringOutput `pulumi:"uuidLdapAttribute"` // When `true`, Keycloak will validate passwords using the realm policy before updating it. ValidatePasswordPolicy pulumi.BoolPtrOutput `pulumi:"validatePasswordPolicy"` // Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. Vendor pulumi.StringPtrOutput `pulumi:"vendor"` }
Allows for creating and managing LDAP user federation providers within Keycloak.
Keycloak can use an LDAP user federation provider to federate users to Keycloak from a directory system such as LDAP or Active Directory. Federated users will exist within the realm and will be able to log in to clients. Federated users can have their attributes defined using mappers.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } _, err = ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ RealmId: realm.ID(), Enabled: pulumi.Bool(true), UsernameLdapAttribute: pulumi.String("cn"), RdnLdapAttribute: pulumi.String("cn"), UuidLdapAttribute: pulumi.String("entryDN"), UserObjectClasses: pulumi.StringArray{ pulumi.String("simpleSecurityObject"), pulumi.String("organizationalRole"), }, ConnectionUrl: pulumi.String("ldap://openldap"), UsersDn: pulumi.String("dc=example,dc=org"), BindDn: pulumi.String("cn=admin,dc=example,dc=org"), BindCredential: pulumi.String("admin"), ConnectionTimeout: pulumi.String("5s"), ReadTimeout: pulumi.String("10s"), Kerberos: &ldap.UserFederationKerberosArgs{ KerberosRealm: pulumi.String("FOO.LOCAL"), ServerPrincipal: pulumi.String("HTTP/host.foo.com@FOO.LOCAL"), KeyTab: pulumi.String("/etc/host.keytab"), }, }) if err != nil { return err } return nil }) }
```
## Import
LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUIDbash
```sh
$ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860
```
func GetUserFederation ¶
func GetUserFederation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *UserFederationState, opts ...pulumi.ResourceOption) (*UserFederation, error)
GetUserFederation gets an existing UserFederation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewUserFederation ¶
func NewUserFederation(ctx *pulumi.Context, name string, args *UserFederationArgs, opts ...pulumi.ResourceOption) (*UserFederation, error)
NewUserFederation registers a new resource with the given unique name, arguments, and options.
func (*UserFederation) ElementType ¶
func (*UserFederation) ElementType() reflect.Type
func (*UserFederation) ToUserFederationOutput ¶
func (i *UserFederation) ToUserFederationOutput() UserFederationOutput
func (*UserFederation) ToUserFederationOutputWithContext ¶
func (i *UserFederation) ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput
type UserFederationArgs ¶
type UserFederationArgs struct { // The number of users to sync within a single transaction. Defaults to `1000`. BatchSizeForSync pulumi.IntPtrInput // Password of LDAP admin. This attribute must be set if `bindDn` is set. BindCredential pulumi.StringPtrInput // DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. BindDn pulumi.StringPtrInput // A block containing the cache settings. Cache UserFederationCachePtrInput // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. ChangedSyncPeriod pulumi.IntPtrInput // LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). ConnectionTimeout pulumi.StringPtrInput // Connection URL to the LDAP server. ConnectionUrl pulumi.StringInput // Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. CustomUserSearchFilter pulumi.StringPtrInput // Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. EditMode pulumi.StringPtrInput // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. Enabled pulumi.BoolPtrInput // How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrInput // When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. ImportEnabled pulumi.BoolPtrInput // A block containing the kerberos settings. Kerberos UserFederationKerberosPtrInput // Display name of the provider when displayed in the console. Name pulumi.StringPtrInput // When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. Pagination pulumi.BoolPtrInput // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. Priority pulumi.IntPtrInput // Name of the LDAP attribute to use as the relative distinguished name. RdnLdapAttribute pulumi.StringInput // LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). ReadTimeout pulumi.StringPtrInput // The realm that this provider will provide user federation for. RealmId pulumi.StringInput // Can be one of `ONE_LEVEL` or `SUBTREE`: // - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`. // - `SUBTREE`: Search entire LDAP subtree. SearchScope pulumi.StringPtrInput // When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. StartTls pulumi.BoolPtrInput // When `true`, newly created users will be synced back to LDAP. Defaults to `false`. SyncRegistrations pulumi.BoolPtrInput // If enabled, email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrInput // When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). UsePasswordModifyExtendedOp pulumi.BoolPtrInput // Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: UseTruststoreSpi pulumi.StringPtrInput // Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. UserObjectClasses pulumi.StringArrayInput // Name of the LDAP attribute to use as the Keycloak username. UsernameLdapAttribute pulumi.StringInput // Full DN of LDAP tree where your users are. UsersDn pulumi.StringInput // Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. UuidLdapAttribute pulumi.StringInput // When `true`, Keycloak will validate passwords using the realm policy before updating it. ValidatePasswordPolicy pulumi.BoolPtrInput // Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. Vendor pulumi.StringPtrInput }
The set of arguments for constructing a UserFederation resource.
func (UserFederationArgs) ElementType ¶
func (UserFederationArgs) ElementType() reflect.Type
type UserFederationArray ¶
type UserFederationArray []UserFederationInput
func (UserFederationArray) ElementType ¶
func (UserFederationArray) ElementType() reflect.Type
func (UserFederationArray) ToUserFederationArrayOutput ¶
func (i UserFederationArray) ToUserFederationArrayOutput() UserFederationArrayOutput
func (UserFederationArray) ToUserFederationArrayOutputWithContext ¶
func (i UserFederationArray) ToUserFederationArrayOutputWithContext(ctx context.Context) UserFederationArrayOutput
type UserFederationArrayInput ¶
type UserFederationArrayInput interface { pulumi.Input ToUserFederationArrayOutput() UserFederationArrayOutput ToUserFederationArrayOutputWithContext(context.Context) UserFederationArrayOutput }
UserFederationArrayInput is an input type that accepts UserFederationArray and UserFederationArrayOutput values. You can construct a concrete instance of `UserFederationArrayInput` via:
UserFederationArray{ UserFederationArgs{...} }
type UserFederationArrayOutput ¶
type UserFederationArrayOutput struct{ *pulumi.OutputState }
func (UserFederationArrayOutput) ElementType ¶
func (UserFederationArrayOutput) ElementType() reflect.Type
func (UserFederationArrayOutput) Index ¶
func (o UserFederationArrayOutput) Index(i pulumi.IntInput) UserFederationOutput
func (UserFederationArrayOutput) ToUserFederationArrayOutput ¶
func (o UserFederationArrayOutput) ToUserFederationArrayOutput() UserFederationArrayOutput
func (UserFederationArrayOutput) ToUserFederationArrayOutputWithContext ¶
func (o UserFederationArrayOutput) ToUserFederationArrayOutputWithContext(ctx context.Context) UserFederationArrayOutput
type UserFederationCache ¶
type UserFederationCache struct { // Day of the week the entry will become invalid on EvictionDay *int `pulumi:"evictionDay"` // Hour of day the entry will become invalid on. EvictionHour *int `pulumi:"evictionHour"` // Minute of day the entry will become invalid on. EvictionMinute *int `pulumi:"evictionMinute"` // Max lifespan of cache entry (duration string). MaxLifespan *string `pulumi:"maxLifespan"` // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. Policy *string `pulumi:"policy"` }
type UserFederationCacheArgs ¶
type UserFederationCacheArgs struct { // Day of the week the entry will become invalid on EvictionDay pulumi.IntPtrInput `pulumi:"evictionDay"` // Hour of day the entry will become invalid on. EvictionHour pulumi.IntPtrInput `pulumi:"evictionHour"` // Minute of day the entry will become invalid on. EvictionMinute pulumi.IntPtrInput `pulumi:"evictionMinute"` // Max lifespan of cache entry (duration string). MaxLifespan pulumi.StringPtrInput `pulumi:"maxLifespan"` // Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`. Policy pulumi.StringPtrInput `pulumi:"policy"` }
func (UserFederationCacheArgs) ElementType ¶
func (UserFederationCacheArgs) ElementType() reflect.Type
func (UserFederationCacheArgs) ToUserFederationCacheOutput ¶
func (i UserFederationCacheArgs) ToUserFederationCacheOutput() UserFederationCacheOutput
func (UserFederationCacheArgs) ToUserFederationCacheOutputWithContext ¶
func (i UserFederationCacheArgs) ToUserFederationCacheOutputWithContext(ctx context.Context) UserFederationCacheOutput
func (UserFederationCacheArgs) ToUserFederationCachePtrOutput ¶
func (i UserFederationCacheArgs) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput
func (UserFederationCacheArgs) ToUserFederationCachePtrOutputWithContext ¶
func (i UserFederationCacheArgs) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput
type UserFederationCacheInput ¶
type UserFederationCacheInput interface { pulumi.Input ToUserFederationCacheOutput() UserFederationCacheOutput ToUserFederationCacheOutputWithContext(context.Context) UserFederationCacheOutput }
UserFederationCacheInput is an input type that accepts UserFederationCacheArgs and UserFederationCacheOutput values. You can construct a concrete instance of `UserFederationCacheInput` via:
UserFederationCacheArgs{...}
type UserFederationCacheOutput ¶
type UserFederationCacheOutput struct{ *pulumi.OutputState }
func (UserFederationCacheOutput) ElementType ¶
func (UserFederationCacheOutput) ElementType() reflect.Type
func (UserFederationCacheOutput) EvictionDay ¶
func (o UserFederationCacheOutput) EvictionDay() pulumi.IntPtrOutput
Day of the week the entry will become invalid on
func (UserFederationCacheOutput) EvictionHour ¶
func (o UserFederationCacheOutput) EvictionHour() pulumi.IntPtrOutput
Hour of day the entry will become invalid on.
func (UserFederationCacheOutput) EvictionMinute ¶
func (o UserFederationCacheOutput) EvictionMinute() pulumi.IntPtrOutput
Minute of day the entry will become invalid on.
func (UserFederationCacheOutput) MaxLifespan ¶
func (o UserFederationCacheOutput) MaxLifespan() pulumi.StringPtrOutput
Max lifespan of cache entry (duration string).
func (UserFederationCacheOutput) Policy ¶
func (o UserFederationCacheOutput) Policy() pulumi.StringPtrOutput
Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.
func (UserFederationCacheOutput) ToUserFederationCacheOutput ¶
func (o UserFederationCacheOutput) ToUserFederationCacheOutput() UserFederationCacheOutput
func (UserFederationCacheOutput) ToUserFederationCacheOutputWithContext ¶
func (o UserFederationCacheOutput) ToUserFederationCacheOutputWithContext(ctx context.Context) UserFederationCacheOutput
func (UserFederationCacheOutput) ToUserFederationCachePtrOutput ¶
func (o UserFederationCacheOutput) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput
func (UserFederationCacheOutput) ToUserFederationCachePtrOutputWithContext ¶
func (o UserFederationCacheOutput) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput
type UserFederationCachePtrInput ¶
type UserFederationCachePtrInput interface { pulumi.Input ToUserFederationCachePtrOutput() UserFederationCachePtrOutput ToUserFederationCachePtrOutputWithContext(context.Context) UserFederationCachePtrOutput }
UserFederationCachePtrInput is an input type that accepts UserFederationCacheArgs, UserFederationCachePtr and UserFederationCachePtrOutput values. You can construct a concrete instance of `UserFederationCachePtrInput` via:
UserFederationCacheArgs{...} or: nil
func UserFederationCachePtr ¶
func UserFederationCachePtr(v *UserFederationCacheArgs) UserFederationCachePtrInput
type UserFederationCachePtrOutput ¶
type UserFederationCachePtrOutput struct{ *pulumi.OutputState }
func (UserFederationCachePtrOutput) Elem ¶
func (o UserFederationCachePtrOutput) Elem() UserFederationCacheOutput
func (UserFederationCachePtrOutput) ElementType ¶
func (UserFederationCachePtrOutput) ElementType() reflect.Type
func (UserFederationCachePtrOutput) EvictionDay ¶
func (o UserFederationCachePtrOutput) EvictionDay() pulumi.IntPtrOutput
Day of the week the entry will become invalid on
func (UserFederationCachePtrOutput) EvictionHour ¶
func (o UserFederationCachePtrOutput) EvictionHour() pulumi.IntPtrOutput
Hour of day the entry will become invalid on.
func (UserFederationCachePtrOutput) EvictionMinute ¶
func (o UserFederationCachePtrOutput) EvictionMinute() pulumi.IntPtrOutput
Minute of day the entry will become invalid on.
func (UserFederationCachePtrOutput) MaxLifespan ¶
func (o UserFederationCachePtrOutput) MaxLifespan() pulumi.StringPtrOutput
Max lifespan of cache entry (duration string).
func (UserFederationCachePtrOutput) Policy ¶
func (o UserFederationCachePtrOutput) Policy() pulumi.StringPtrOutput
Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.
func (UserFederationCachePtrOutput) ToUserFederationCachePtrOutput ¶
func (o UserFederationCachePtrOutput) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput
func (UserFederationCachePtrOutput) ToUserFederationCachePtrOutputWithContext ¶
func (o UserFederationCachePtrOutput) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput
type UserFederationInput ¶
type UserFederationInput interface { pulumi.Input ToUserFederationOutput() UserFederationOutput ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput }
type UserFederationKerberos ¶
type UserFederationKerberos struct { // The name of the kerberos realm, e.g. FOO.LOCAL. KerberosRealm string `pulumi:"kerberosRealm"` // Path to the kerberos keytab file on the server with credentials of the service principal. KeyTab string `pulumi:"keyTab"` // The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'. ServerPrincipal string `pulumi:"serverPrincipal"` // Use kerberos login module instead of ldap service api. Defaults to `false`. UseKerberosForPasswordAuthentication *bool `pulumi:"useKerberosForPasswordAuthentication"` }
type UserFederationKerberosArgs ¶
type UserFederationKerberosArgs struct { // The name of the kerberos realm, e.g. FOO.LOCAL. KerberosRealm pulumi.StringInput `pulumi:"kerberosRealm"` // Path to the kerberos keytab file on the server with credentials of the service principal. KeyTab pulumi.StringInput `pulumi:"keyTab"` // The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'. ServerPrincipal pulumi.StringInput `pulumi:"serverPrincipal"` // Use kerberos login module instead of ldap service api. Defaults to `false`. UseKerberosForPasswordAuthentication pulumi.BoolPtrInput `pulumi:"useKerberosForPasswordAuthentication"` }
func (UserFederationKerberosArgs) ElementType ¶
func (UserFederationKerberosArgs) ElementType() reflect.Type
func (UserFederationKerberosArgs) ToUserFederationKerberosOutput ¶
func (i UserFederationKerberosArgs) ToUserFederationKerberosOutput() UserFederationKerberosOutput
func (UserFederationKerberosArgs) ToUserFederationKerberosOutputWithContext ¶
func (i UserFederationKerberosArgs) ToUserFederationKerberosOutputWithContext(ctx context.Context) UserFederationKerberosOutput
func (UserFederationKerberosArgs) ToUserFederationKerberosPtrOutput ¶
func (i UserFederationKerberosArgs) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput
func (UserFederationKerberosArgs) ToUserFederationKerberosPtrOutputWithContext ¶
func (i UserFederationKerberosArgs) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput
type UserFederationKerberosInput ¶
type UserFederationKerberosInput interface { pulumi.Input ToUserFederationKerberosOutput() UserFederationKerberosOutput ToUserFederationKerberosOutputWithContext(context.Context) UserFederationKerberosOutput }
UserFederationKerberosInput is an input type that accepts UserFederationKerberosArgs and UserFederationKerberosOutput values. You can construct a concrete instance of `UserFederationKerberosInput` via:
UserFederationKerberosArgs{...}
type UserFederationKerberosOutput ¶
type UserFederationKerberosOutput struct{ *pulumi.OutputState }
func (UserFederationKerberosOutput) ElementType ¶
func (UserFederationKerberosOutput) ElementType() reflect.Type
func (UserFederationKerberosOutput) KerberosRealm ¶
func (o UserFederationKerberosOutput) KerberosRealm() pulumi.StringOutput
The name of the kerberos realm, e.g. FOO.LOCAL.
func (UserFederationKerberosOutput) KeyTab ¶
func (o UserFederationKerberosOutput) KeyTab() pulumi.StringOutput
Path to the kerberos keytab file on the server with credentials of the service principal.
func (UserFederationKerberosOutput) ServerPrincipal ¶
func (o UserFederationKerberosOutput) ServerPrincipal() pulumi.StringOutput
The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.
func (UserFederationKerberosOutput) ToUserFederationKerberosOutput ¶
func (o UserFederationKerberosOutput) ToUserFederationKerberosOutput() UserFederationKerberosOutput
func (UserFederationKerberosOutput) ToUserFederationKerberosOutputWithContext ¶
func (o UserFederationKerberosOutput) ToUserFederationKerberosOutputWithContext(ctx context.Context) UserFederationKerberosOutput
func (UserFederationKerberosOutput) ToUserFederationKerberosPtrOutput ¶
func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput
func (UserFederationKerberosOutput) ToUserFederationKerberosPtrOutputWithContext ¶
func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput
func (UserFederationKerberosOutput) UseKerberosForPasswordAuthentication ¶
func (o UserFederationKerberosOutput) UseKerberosForPasswordAuthentication() pulumi.BoolPtrOutput
Use kerberos login module instead of ldap service api. Defaults to `false`.
type UserFederationKerberosPtrInput ¶
type UserFederationKerberosPtrInput interface { pulumi.Input ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput ToUserFederationKerberosPtrOutputWithContext(context.Context) UserFederationKerberosPtrOutput }
UserFederationKerberosPtrInput is an input type that accepts UserFederationKerberosArgs, UserFederationKerberosPtr and UserFederationKerberosPtrOutput values. You can construct a concrete instance of `UserFederationKerberosPtrInput` via:
UserFederationKerberosArgs{...} or: nil
func UserFederationKerberosPtr ¶
func UserFederationKerberosPtr(v *UserFederationKerberosArgs) UserFederationKerberosPtrInput
type UserFederationKerberosPtrOutput ¶
type UserFederationKerberosPtrOutput struct{ *pulumi.OutputState }
func (UserFederationKerberosPtrOutput) Elem ¶
func (o UserFederationKerberosPtrOutput) Elem() UserFederationKerberosOutput
func (UserFederationKerberosPtrOutput) ElementType ¶
func (UserFederationKerberosPtrOutput) ElementType() reflect.Type
func (UserFederationKerberosPtrOutput) KerberosRealm ¶
func (o UserFederationKerberosPtrOutput) KerberosRealm() pulumi.StringPtrOutput
The name of the kerberos realm, e.g. FOO.LOCAL.
func (UserFederationKerberosPtrOutput) KeyTab ¶
func (o UserFederationKerberosPtrOutput) KeyTab() pulumi.StringPtrOutput
Path to the kerberos keytab file on the server with credentials of the service principal.
func (UserFederationKerberosPtrOutput) ServerPrincipal ¶
func (o UserFederationKerberosPtrOutput) ServerPrincipal() pulumi.StringPtrOutput
The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.
func (UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutput ¶
func (o UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput
func (UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutputWithContext ¶
func (o UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput
func (UserFederationKerberosPtrOutput) UseKerberosForPasswordAuthentication ¶
func (o UserFederationKerberosPtrOutput) UseKerberosForPasswordAuthentication() pulumi.BoolPtrOutput
Use kerberos login module instead of ldap service api. Defaults to `false`.
type UserFederationMap ¶
type UserFederationMap map[string]UserFederationInput
func (UserFederationMap) ElementType ¶
func (UserFederationMap) ElementType() reflect.Type
func (UserFederationMap) ToUserFederationMapOutput ¶
func (i UserFederationMap) ToUserFederationMapOutput() UserFederationMapOutput
func (UserFederationMap) ToUserFederationMapOutputWithContext ¶
func (i UserFederationMap) ToUserFederationMapOutputWithContext(ctx context.Context) UserFederationMapOutput
type UserFederationMapInput ¶
type UserFederationMapInput interface { pulumi.Input ToUserFederationMapOutput() UserFederationMapOutput ToUserFederationMapOutputWithContext(context.Context) UserFederationMapOutput }
UserFederationMapInput is an input type that accepts UserFederationMap and UserFederationMapOutput values. You can construct a concrete instance of `UserFederationMapInput` via:
UserFederationMap{ "key": UserFederationArgs{...} }
type UserFederationMapOutput ¶
type UserFederationMapOutput struct{ *pulumi.OutputState }
func (UserFederationMapOutput) ElementType ¶
func (UserFederationMapOutput) ElementType() reflect.Type
func (UserFederationMapOutput) MapIndex ¶
func (o UserFederationMapOutput) MapIndex(k pulumi.StringInput) UserFederationOutput
func (UserFederationMapOutput) ToUserFederationMapOutput ¶
func (o UserFederationMapOutput) ToUserFederationMapOutput() UserFederationMapOutput
func (UserFederationMapOutput) ToUserFederationMapOutputWithContext ¶
func (o UserFederationMapOutput) ToUserFederationMapOutputWithContext(ctx context.Context) UserFederationMapOutput
type UserFederationOutput ¶
type UserFederationOutput struct{ *pulumi.OutputState }
func (UserFederationOutput) BatchSizeForSync ¶ added in v4.11.0
func (o UserFederationOutput) BatchSizeForSync() pulumi.IntPtrOutput
The number of users to sync within a single transaction. Defaults to `1000`.
func (UserFederationOutput) BindCredential ¶ added in v4.11.0
func (o UserFederationOutput) BindCredential() pulumi.StringPtrOutput
Password of LDAP admin. This attribute must be set if `bindDn` is set.
func (UserFederationOutput) BindDn ¶ added in v4.11.0
func (o UserFederationOutput) BindDn() pulumi.StringPtrOutput
DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set.
func (UserFederationOutput) Cache ¶ added in v4.11.0
func (o UserFederationOutput) Cache() UserFederationCachePtrOutput
A block containing the cache settings.
func (UserFederationOutput) ChangedSyncPeriod ¶ added in v4.11.0
func (o UserFederationOutput) ChangedSyncPeriod() pulumi.IntPtrOutput
How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.
func (UserFederationOutput) ConnectionTimeout ¶ added in v4.11.0
func (o UserFederationOutput) ConnectionTimeout() pulumi.StringPtrOutput
LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
func (UserFederationOutput) ConnectionUrl ¶ added in v4.11.0
func (o UserFederationOutput) ConnectionUrl() pulumi.StringOutput
Connection URL to the LDAP server.
func (UserFederationOutput) CustomUserSearchFilter ¶ added in v4.11.0
func (o UserFederationOutput) CustomUserSearchFilter() pulumi.StringPtrOutput
Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.
func (UserFederationOutput) EditMode ¶ added in v4.11.0
func (o UserFederationOutput) EditMode() pulumi.StringPtrOutput
Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.
func (UserFederationOutput) ElementType ¶
func (UserFederationOutput) ElementType() reflect.Type
func (UserFederationOutput) Enabled ¶ added in v4.11.0
func (o UserFederationOutput) Enabled() pulumi.BoolPtrOutput
When `false`, this provider will not be used when performing queries for users. Defaults to `true`.
func (UserFederationOutput) FullSyncPeriod ¶ added in v4.11.0
func (o UserFederationOutput) FullSyncPeriod() pulumi.IntPtrOutput
How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
func (UserFederationOutput) ImportEnabled ¶ added in v4.11.0
func (o UserFederationOutput) ImportEnabled() pulumi.BoolPtrOutput
When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.
func (UserFederationOutput) Kerberos ¶ added in v4.11.0
func (o UserFederationOutput) Kerberos() UserFederationKerberosPtrOutput
A block containing the kerberos settings.
func (UserFederationOutput) Name ¶ added in v4.11.0
func (o UserFederationOutput) Name() pulumi.StringOutput
Display name of the provider when displayed in the console.
func (UserFederationOutput) Pagination ¶ added in v4.11.0
func (o UserFederationOutput) Pagination() pulumi.BoolPtrOutput
When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.
func (UserFederationOutput) Priority ¶ added in v4.11.0
func (o UserFederationOutput) Priority() pulumi.IntPtrOutput
Priority of this provider when looking up users. Lower values are first. Defaults to `0`.
func (UserFederationOutput) RdnLdapAttribute ¶ added in v4.11.0
func (o UserFederationOutput) RdnLdapAttribute() pulumi.StringOutput
Name of the LDAP attribute to use as the relative distinguished name.
func (UserFederationOutput) ReadTimeout ¶ added in v4.11.0
func (o UserFederationOutput) ReadTimeout() pulumi.StringPtrOutput
LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
func (UserFederationOutput) RealmId ¶ added in v4.11.0
func (o UserFederationOutput) RealmId() pulumi.StringOutput
The realm that this provider will provide user federation for.
func (UserFederationOutput) SearchScope ¶ added in v4.11.0
func (o UserFederationOutput) SearchScope() pulumi.StringPtrOutput
Can be one of `ONE_LEVEL` or `SUBTREE`: - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`. - `SUBTREE`: Search entire LDAP subtree.
func (UserFederationOutput) StartTls ¶ added in v4.11.0
func (o UserFederationOutput) StartTls() pulumi.BoolPtrOutput
When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
func (UserFederationOutput) SyncRegistrations ¶ added in v4.11.0
func (o UserFederationOutput) SyncRegistrations() pulumi.BoolPtrOutput
When `true`, newly created users will be synced back to LDAP. Defaults to `false`.
func (UserFederationOutput) ToUserFederationOutput ¶
func (o UserFederationOutput) ToUserFederationOutput() UserFederationOutput
func (UserFederationOutput) ToUserFederationOutputWithContext ¶
func (o UserFederationOutput) ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput
func (UserFederationOutput) TrustEmail ¶ added in v4.11.0
func (o UserFederationOutput) TrustEmail() pulumi.BoolPtrOutput
If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
func (UserFederationOutput) UsePasswordModifyExtendedOp ¶ added in v4.11.0
func (o UserFederationOutput) UsePasswordModifyExtendedOp() pulumi.BoolPtrOutput
When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
func (UserFederationOutput) UseTruststoreSpi ¶ added in v4.11.0
func (o UserFederationOutput) UseTruststoreSpi() pulumi.StringPtrOutput
Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:
func (UserFederationOutput) UserObjectClasses ¶ added in v4.11.0
func (o UserFederationOutput) UserObjectClasses() pulumi.StringArrayOutput
Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
func (UserFederationOutput) UsernameLdapAttribute ¶ added in v4.11.0
func (o UserFederationOutput) UsernameLdapAttribute() pulumi.StringOutput
Name of the LDAP attribute to use as the Keycloak username.
func (UserFederationOutput) UsersDn ¶ added in v4.11.0
func (o UserFederationOutput) UsersDn() pulumi.StringOutput
Full DN of LDAP tree where your users are.
func (UserFederationOutput) UuidLdapAttribute ¶ added in v4.11.0
func (o UserFederationOutput) UuidLdapAttribute() pulumi.StringOutput
Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
func (UserFederationOutput) ValidatePasswordPolicy ¶ added in v4.11.0
func (o UserFederationOutput) ValidatePasswordPolicy() pulumi.BoolPtrOutput
When `true`, Keycloak will validate passwords using the realm policy before updating it.
func (UserFederationOutput) Vendor ¶ added in v4.11.0
func (o UserFederationOutput) Vendor() pulumi.StringPtrOutput
Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.
type UserFederationState ¶
type UserFederationState struct { // The number of users to sync within a single transaction. Defaults to `1000`. BatchSizeForSync pulumi.IntPtrInput // Password of LDAP admin. This attribute must be set if `bindDn` is set. BindCredential pulumi.StringPtrInput // DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. BindDn pulumi.StringPtrInput // A block containing the cache settings. Cache UserFederationCachePtrInput // How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. ChangedSyncPeriod pulumi.IntPtrInput // LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). ConnectionTimeout pulumi.StringPtrInput // Connection URL to the LDAP server. ConnectionUrl pulumi.StringPtrInput // Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. CustomUserSearchFilter pulumi.StringPtrInput // Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. EditMode pulumi.StringPtrInput // When `false`, this provider will not be used when performing queries for users. Defaults to `true`. Enabled pulumi.BoolPtrInput // How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. FullSyncPeriod pulumi.IntPtrInput // When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. ImportEnabled pulumi.BoolPtrInput // A block containing the kerberos settings. Kerberos UserFederationKerberosPtrInput // Display name of the provider when displayed in the console. Name pulumi.StringPtrInput // When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. Pagination pulumi.BoolPtrInput // Priority of this provider when looking up users. Lower values are first. Defaults to `0`. Priority pulumi.IntPtrInput // Name of the LDAP attribute to use as the relative distinguished name. RdnLdapAttribute pulumi.StringPtrInput // LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). ReadTimeout pulumi.StringPtrInput // The realm that this provider will provide user federation for. RealmId pulumi.StringPtrInput // Can be one of `ONE_LEVEL` or `SUBTREE`: // - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`. // - `SUBTREE`: Search entire LDAP subtree. SearchScope pulumi.StringPtrInput // When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling. StartTls pulumi.BoolPtrInput // When `true`, newly created users will be synced back to LDAP. Defaults to `false`. SyncRegistrations pulumi.BoolPtrInput // If enabled, email provided by this provider is not verified even if verification is enabled for the realm. TrustEmail pulumi.BoolPtrInput // When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062). UsePasswordModifyExtendedOp pulumi.BoolPtrInput // Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`: UseTruststoreSpi pulumi.StringPtrInput // Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. UserObjectClasses pulumi.StringArrayInput // Name of the LDAP attribute to use as the Keycloak username. UsernameLdapAttribute pulumi.StringPtrInput // Full DN of LDAP tree where your users are. UsersDn pulumi.StringPtrInput // Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. UuidLdapAttribute pulumi.StringPtrInput // When `true`, Keycloak will validate passwords using the realm policy before updating it. ValidatePasswordPolicy pulumi.BoolPtrInput // Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`. Vendor pulumi.StringPtrInput }
func (UserFederationState) ElementType ¶
func (UserFederationState) ElementType() reflect.Type